Quantcast

Windows 2008 R2 content

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Windows 2008 R2 content

gauravphoenix
Hi all, 
I noticed that there is very less content in Windows Server 2008 R2 file microsoft.windows.server.2008.r2.xml. After looking at couple of definitions in  microsoft.windows.server.2008.xml  (non R2) file I found that while description states that the vulnerability impacts R2 edition also but platforms impacted section doesn't refer to it. 

Here are few examples- 


As such, I think these (and many other) definitions do not make it to r2 definitions file. 
2008 R2 file is 1.598 MB while 2008 (non R2) file is 15.415 MB as of today

Would it make sense to review all of the 2008 definitions?

--
Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:(425)686-9695 

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties, write to [hidden email].
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Windows 2008 R2 content

Hansbury, Matt
Hi Guarav,

I took a look at the Definitions you specified here and you are correct, they would not be in the Windows Server 2008 R2 package.  I think the only change that is required to fix this would be to add 'Microsoft Windows Server 2008 R2" to the platforms element for each Definition, as appropriate.  That said, the Server 2008 platform lists 2388 Definitions while the Server 2008 R2 platform has only 199.  That implies that we would need/want to look at nearly 2100 Definitions to really fix this issue, which is a lot, since you'd really have to review all of them to ensure that each Definition should or should not also apply to Server 2008 R2.  

I can say with certainty that kind of review is not something we (the MITRE team) can quickly accomplish, though we have added a tracker to track this issue with the hope that we are able to attack it in pieces over time.  

Additionally, if anyone else out there that would have time to work on this type of reviews (likely in batches), that would additionally be great to get these updated.

Thanks
Matt


From: Gaurav Kumar [mailto:[hidden email]]
Sent: Thursday, February 23, 2012 6:11 PM
To: oval-discussion-list OVAL Discussion List/Closed Public Discussi
Subject: [OVAL-DISCUSSION-LIST] Windows 2008 R2 content

Hi all, 
I noticed that there is very less content in Windows Server 2008 R2 file microsoft.windows.server.2008.r2.xml. After looking at couple of definitions in  microsoft.windows.server.2008.xml  (non R2) file I found that while description states that the vulnerability impacts R2 edition also but platforms impacted section doesn't refer to it. 

Here are few examples- 

http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11593 
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12725 
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11902 

As such, I think these (and many other) definitions do not make it to r2 definitions file. 
2008 R2 file is 1.598 MB while 2008 (non R2) file is 15.415 MB as of today

Would it make sense to review all of the 2008 definitions?

--

Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:(425)686-9695

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DISCUSSION-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Windows 2008 R2 content

Dragos Prisaca-3
Hi,

Here is the first batch of updated definitions with Windows Server 2008 R2 platform.
I've downloaded all the definition (285 definitions) that references oval:org.mitre.oval:def:6438 (Microsoft Windows Server 2008 R2 x64 Edition is installed) and added the platform for Windows 2008 R2.
The next step would be to update the definitions that references "Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed" and " Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed".

Regards,
_Dragos.


-----Original Message-----
From: Hansbury, Matt [mailto:[hidden email]]
Sent: Friday, February 24, 2012 10:12 AM
To: [hidden email]
Subject: Re: [OVAL-DISCUSSION-LIST] Windows 2008 R2 content

Hi Guarav,

I took a look at the Definitions you specified here and you are correct, they would not be in the Windows Server 2008 R2 package.  I think the only change that is required to fix this would be to add 'Microsoft Windows Server 2008 R2" to the platforms element for each Definition, as appropriate.  That said, the Server 2008 platform lists 2388 Definitions while the Server 2008 R2 platform has only 199.  That implies that we would need/want to look at nearly 2100 Definitions to really fix this issue, which is a lot, since you'd really have to review all of them to ensure that each Definition should or should not also apply to Server 2008 R2.  

I can say with certainty that kind of review is not something we (the MITRE team) can quickly accomplish, though we have added a tracker to track this issue with the hope that we are able to attack it in pieces over time.  

Additionally, if anyone else out there that would have time to work on this type of reviews (likely in batches), that would additionally be great to get these updated.

Thanks
Matt


From: Gaurav Kumar [mailto:[hidden email]]
Sent: Thursday, February 23, 2012 6:11 PM
To: oval-discussion-list OVAL Discussion List/Closed Public Discussi
Subject: [OVAL-DISCUSSION-LIST] Windows 2008 R2 content

Hi all, 
I noticed that there is very less content in Windows Server 2008 R2 file microsoft.windows.server.2008.r2.xml. After looking at couple of definitions in  microsoft.windows.server.2008.xml  (non R2) file I found that while description states that the vulnerability impacts R2 edition also but platforms impacted section doesn't refer to it. 

Here are few examples- 

http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11593 
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12725 
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11902 

As such, I think these (and many other) definitions do not make it to r2 definitions file. 
2008 R2 file is 1.598 MB while 2008 (non R2) file is 15.415 MB as of today

Would it make sense to review all of the 2008 definitions?

--

Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:(425)686-9695

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DISCUSSION-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DISCUSSION-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].

oval-def-with-2008-R2.7z (193K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Windows 2008 R2 content

Hansbury, Matt
Hi Dragos,

I have processed this submission and the updates are now available in the OVAL Repository.  

Thanks
Matt

-----Original Message-----
From: Dragos Prisaca [mailto:[hidden email]]
Sent: Friday, February 24, 2012 12:37 PM
To: oval-discussion-list OVAL Discussion List/Closed Public Discussi
Subject: Re: [OVAL-DISCUSSION-LIST] Windows 2008 R2 content

Hi,

Here is the first batch of updated definitions with Windows Server 2008 R2 platform.
I've downloaded all the definition (285 definitions) that references oval:org.mitre.oval:def:6438 (Microsoft Windows Server 2008 R2 x64 Edition is installed) and added the platform for Windows 2008 R2.
The next step would be to update the definitions that references "Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed" and " Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed".

Regards,
_Dragos.


-----Original Message-----
From: Hansbury, Matt [mailto:[hidden email]]
Sent: Friday, February 24, 2012 10:12 AM
To: [hidden email]
Subject: Re: [OVAL-DISCUSSION-LIST] Windows 2008 R2 content

Hi Guarav,

I took a look at the Definitions you specified here and you are correct, they would not be in the Windows Server 2008 R2 package.  I think the only change that is required to fix this would be to add 'Microsoft Windows Server 2008 R2" to the platforms element for each Definition, as appropriate.  That said, the Server 2008 platform lists 2388 Definitions while the Server 2008 R2 platform has only 199.  That implies that we would need/want to look at nearly 2100 Definitions to really fix this issue, which is a lot, since you'd really have to review all of them to ensure that each Definition should or should not also apply to Server 2008 R2.  

I can say with certainty that kind of review is not something we (the MITRE team) can quickly accomplish, though we have added a tracker to track this issue with the hope that we are able to attack it in pieces over time.  

Additionally, if anyone else out there that would have time to work on this type of reviews (likely in batches), that would additionally be great to get these updated.

Thanks
Matt


From: Gaurav Kumar [mailto:[hidden email]]
Sent: Thursday, February 23, 2012 6:11 PM
To: oval-discussion-list OVAL Discussion List/Closed Public Discussi
Subject: [OVAL-DISCUSSION-LIST] Windows 2008 R2 content

Hi all, 
I noticed that there is very less content in Windows Server 2008 R2 file microsoft.windows.server.2008.r2.xml. After looking at couple of definitions in  microsoft.windows.server.2008.xml  (non R2) file I found that while description states that the vulnerability impacts R2 edition also but platforms impacted section doesn't refer to it. 

Here are few examples- 

http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11593 
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12725 
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11902 

As such, I think these (and many other) definitions do not make it to r2 definitions file. 
2008 R2 file is 1.598 MB while 2008 (non R2) file is 15.415 MB as of today

Would it make sense to review all of the 2008 definitions?

--

Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:(425)686-9695

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DISCUSSION-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DISCUSSION-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DISCUSSION-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].
Loading...