This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

PCI Compliance Azure Websites (CVE-2014-6321)

Question
0

Sign in to vote

Trying to gain PCI compliance of an azure website. Trustwave scan came back as a pass apart from the following:-

Vulnerability in Security Channel Could Allow Remote Code Execution (MS14-066)/CVE-2014-6321

Anything I can do? It's post 443 - we have a EV SSL certificate in IP Based SSL.

Friday, February 6, 2015 2:17 PM

Answers

0

Sign in to vote
I just had a conversation with Trustwave and they are going to disable this check while they figure out a detection without this false positive, so your scans should be fine now. Thank you Trustwave for such a quick response and turn around!
- Marked as answer by SteveWinn Monday, February 9, 2015 8:38 AM
Friday, February 6, 2015 9:39 PM

All replies

0

Sign in to vote

What scanner are you using? I just checked and we do have our front ends patched for the SChannel vulnerability (KB 2992611) already, so I am not sure how it is detecting this.

Friday, February 6, 2015 5:27 PM
0

Sign in to vote

Ignore, the scanner question ... I see it is Trustwave. I am getting in touch with them to see how they are detecting this and will post on this thread when I hear from them.

Friday, February 6, 2015 5:33 PM
0

Sign in to vote
I just had a conversation with Trustwave and they are going to disable this check while they figure out a detection without this false positive, so your scans should be fine now. Thank you Trustwave for such a quick response and turn around!
- Marked as answer by SteveWinn Monday, February 9, 2015 8:38 AM
Friday, February 6, 2015 9:39 PM
0

Sign in to vote

Thanks Nazim - I'll re-run the scan now. S

Monday, February 9, 2015 8:08 AM
0

Sign in to vote

Yes, that worked. Thanks

Monday, February 9, 2015 8:38 AM