locked
PCI Compliance Azure Websites (CVE-2014-6321) RRS feed

  • Question

  • Trying to gain PCI compliance of an azure website. Trustwave scan came back as a pass apart from the following:-

    Vulnerability in Security Channel Could Allow Remote Code Execution (MS14-066)/CVE-2014-6321

    Anything I can do? It's post 443 - we have a EV SSL certificate in IP Based SSL.


    Friday, February 6, 2015 2:17 PM

Answers

  • I just had a conversation with Trustwave and they are going to disable this check while they figure out a detection without this false positive, so your scans should be fine now. Thank you Trustwave for such a quick response and turn around!
    • Marked as answer by SteveWinn Monday, February 9, 2015 8:38 AM
    Friday, February 6, 2015 9:39 PM

All replies

  • What scanner are you using? I just checked and we do have our front ends patched for the SChannel vulnerability (KB 2992611) already, so I am not sure how it is detecting this.
    Friday, February 6, 2015 5:27 PM
  • Ignore, the scanner question ... I see it is Trustwave. I am getting in touch with them to see how they are detecting this and will post on this thread when I hear from them.
    Friday, February 6, 2015 5:33 PM
  • I just had a conversation with Trustwave and they are going to disable this check while they figure out a detection without this false positive, so your scans should be fine now. Thank you Trustwave for such a quick response and turn around!
    • Marked as answer by SteveWinn Monday, February 9, 2015 8:38 AM
    Friday, February 6, 2015 9:39 PM
  • Thanks Nazim - I'll re-run the scan now. S
    Monday, February 9, 2015 8:08 AM
  • Yes, that worked. Thanks
    Monday, February 9, 2015 8:38 AM