Anda di halaman 1dari 26

UNCLASSIFIED

Gold Disk
Release Notes
Content Updates
Version 2.0

October 2010

DISA Field Security Operations

UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency

This page is intentionally left blank

UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency
Trademark
ReleaseInformation
Notes
Trademark Information
Gold Disk V2 October 2010 Release
• In addition to Symantec EndPoint Protection signature updates, added automatic detection of Symantec
AntiVirus Corporate Edition signature updates when installed on Windows Vista systems
• Added prescan detection for Office 2007 SP2
• Removed automation for V0001135-Printer Share Permissions until further notice due to false positive.
• Automated V0004107-Unsupported OS for Windows 2000 systems
• Modified automation for V0001077-Incorrect ACLs for Event Logs due to false positive on Windows
Server 2008 systems
• Updated previously automated IAVMs
o 2007-A-0020 (V0013883)
o 2007-A-0031 (V0014220)
o 2008-A-0005 (V0015742)
o 2008-A-0064 (V0017342)
o 2008-A-0087 (V0017909)
o 2008-A-0086 (V0017910)
o 2009-A-0019 (V0018549)
o 2009-A-0071 (V0019884)
o 2009-A-0074 (V0019914)
o 2009-A-0097 (V0021756)
• Automated the following IAVMs
o 2010-A-0100 (V0025027)
o 2010-A-0112 (V0025059)
o 2010-A-0107 (V0025061)
o 2010-A-0104 (V0025066)
o 2010-A-0103 (V0025067)
o 2010-A-0111 (V0025068)
o 2010-A-0110 (V0025069)
o 2010-A-0106 (V0025071)
o 2010-A-0108 (V0025073)
o 2010-A-0109 (V0025076)
o 2010-A-0113 (V0025081)
o 2010-A-0120 (V0025353)
o 2010-A-0121 (V0025357)
o 2010-A-0122 (V0025359)
o 2010-A-0123 (V0025360)
o 2010-A-0125 (V0025361)
o 2010-A-0124 (V0025362)
o 2010-B-0063 (V0025072)
o 2010-B-0064 (V0025074)
o 2010-B-0062 (V0025075)
o 2010-B-0076 (V0025344)
o 2010-B-0077 (V0025345)
o 2010-B-0078 (V0025347)
• Automated for Applicability based on Prescan
o 2010-A-0101 (V0025058)
o 2010-A-0116 (V0025175)
o 2010-A-0119 (V0025193)
o 2010-B-0072 (V0025180)

1
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency

o 2010-B-0074 (V0025183)

Gold Disk V2 August 2010 Release


• Added automated checking for IPv6 Transition Technologies (V0014262) on Windows XP and Windows
Server 2003. Updated automated checking and fix for Windows Vista and Windows Server 2008
• Added automated checking for Internet Information System (V0003347) on Windows XP and Windows
Vista
• Added automated checking for Bad Logon Counter Reset (V0001098) on Windows Server 2003
• Added automated checking for Display Shutdown Button (V0001075) on Windows Vista
• Added automated checking for Clear System Pagefile (V0001084) on Windows Vista
• Added automated checking for Unencrypted Pwd sent to SMB Svr (V0001141) on Windows Server 2008
• Added automated checking for Smart Card Removal Option (V0001098) on Windows Server 2008
• Updated IAVM 2010-B-0013 ensuring applicability only to domain controllers
• Updated previously automated IAVMs
o 2007-A-0030 (V0014219)
o 2008-A-0014 (V0015761)
o 2008-A-0041 (V0016040)
o 2008-A-0056 (V0016740)
o 2008-A-0061 (V0016738)
o 2008-A-0077 (V0017780)
o 2008-A-0081 (V0017870)
o 2009-A-0039 (V0019159)
o 2009-A-0044 (V0019398)
o 2009-A-0046 (V0019399)
o 2009-A-0120 (V0021933)
o 2007-B-0005 (V0013604)
• Automated the following IAVMs
o 2010-A-0074 (V0024369)
o 2010-A-0075 (V0024370)
o 2010-A-0078 (V0024371)
o 2010-A-0076 (V0024372)
o 2010-A-0077 (V0024374)
o 2010-A-0079 (V0024377)
o 2010-A-0095 (V0024848)
o 2010-A-0094 (V0024850)
o 2010-A-0093 (V0024852)
o 2010-B-0045 (V0024366)
o 2010-B-0046 (V0024367)
o 2010-B-0047 (V0024368)
• Automated for Applicability based on Prescan
o 2010-A-0082 (V0024385)
o 2010-A-0092 (V0024849)
o 2010-A-0089 (V0024851)
o 2010-A-0090 (V0024853)
o 2010-A-0091 (V0024855)
o 2010-A-0098 (V0024857)
o 2010-A-0096 (V0024859)
o 2010-B-0048 (V0024388)
o 2010-B-0054 (V0024858)

2
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency

Gold Disk V2 June 2010 Release


• Added prescan detection for Email Server roles to resolve issue importing VMS6.x reports for systems
running Exchange Server 2003 and Exchange Server 2008.
• Updated automated checks for V0001148 to ensure applicability only for workstations that are part of a
domain.
• Updated automated checking for User Rights (V0001103) on Windows Server 2003 Member Server
• Updated automated checking for IPv6 Transition Technologies (V0014262) on Windows Vista and
Windows Server 2008
• Updated previously automated IAVMs
o 2008-A-0058 (V0016741)
o 2008-A-0090 (V0017935)
o 2009-A-0032 (V0018752)
o 2009-A-0034 (V0018756)
o 2009-A-0078 (V0019913)
o 2009-A-0077 (V0019917)
o 2009-A-0090 (V0021749)
o 2009-A-0095 (V0021760)
o 2009-A-0117 (V0021936)
• Automated the following IAVMs
o 2010-A-0056 (V0023959)
o 2010-A-0054 (V0023963)
o 2010-A-0058 (V0023995)
o 2010-A-0053 (V0023999)
o 2010-A-0052 (V0024002)
o 2010-A-0057 (V0024003)
o 2010-A-0055 (V0024004)
o 2010-A-0068 (V0024076)
o 2010-A-0070 (V0024160)
o 2010-A-0080 (V0024375)
o 2010-B-0029 (V0023955)
o 2010-B-0030 (V0023956)
o 2010-B-0031 (V0023957)
o 2010-B-0039 (V0024168)
• Automated for Applicability based on Prescan
o 2010-A-0047 (V0023856)
o 2010-A-0065 (V0023996)
o 2010-A-0066 (V0023997)
o 2010-A-0069 (V0024159)
o 2010-B-0024 (V0023821)
o 2010-B-0032 (V0023954)
o 2010-B-0033 (V0024010)
o 2010-B-0037 (V0024163)
o 2010-B-0038 (V0024166)
o 2010-B-0041 (V0024206)
o 2010-B-0044 (V0024322)

Gold Disk V2 April 2010 Release

3
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency

• Added prescan detection and support for IIS 7.0 Installation to resolve issue importing VMS6.x reports for
Windows Vista or Server 2008 systems running IIS 7.0.
• Updated automated checks for V0006318 to include installation of the DOD Root Certificates by means
other than the InstallRoot application as an accepted solution.
• Updated automated checking for WA000-WI6082 (V0013715) to correct required value
• Updated automated checking for Recycle Bin (V0001126) on Windows Server 2008
• Updated automated checking for UAC - User Elevation Prompt (V0014236) on Windows Server 2008
• Updated previously automated IAVMs
o 2009-A-0115 (V0021938)
o 2010-A-0014 (V0022522)
• Automated the following IAVMs
o 2010-A-0014 (V0022522)
o 2010-A-0023 (V0022677)
o 2010-A-0024 (V0022678)
o 2010-A-0025 (V0022679)
o 2010-A-0026 (V0022680)
o 2010-A-0027 (V0022681)
o 2010-A-0028 (V0022682)
o 2010-A-0029 (V0022683)
o 2010-A-0030 (V0022684)
o 2010-A-0031 (V0022685)
o 2010-A-0032 (V0022686)
o 2010-A-0038 (V0023711)
o 2010-B-0014 (V0022674)
o 2010-B-0013 (V0022675)
o 2010-B-0012 (V0022676)
o 2010-B-0020 (V0023719)
• Automated for Applicability based on Prescan
o 2010-A-0018 (V0022666)
o 2010-A-0019 (V0022667)
o 2010-A-0035 (V0022695)
o 2010-B-0010 (V0022672)
o 2010-B-0011 (V0022673)
o 2010-B-0015 (V0022698)

Gold Disk V2 February 2010 Release


• Added prescan detection and support for Windows Server 2008 x86 and x64. The release includes Server
2008 automation for all relative STIG checks and for the latest applicable IAVMs published during this
release cycle. Automation for the remaining IAVMs will be included in subsequent releases. Windows
Server 2008 R2 is not supported by Gold Disk at this time.
• Updated automated checking and remediation for V0001073 to reflect required service pack level for
Windows Vista and Windows Server 2008.
• Updated automated checking for V0001074 to reflect change in required minimum antivirus signature
update
• Added automated checking and remediation for Internet Explorer 7 check DTBI300 (V0021887)
• Updated previously automated IAVMs
o 2008-A-0044 (V0016147)
o 2009-A-0018 (V0018553)
• Automated the following IAVMs
o 2009-A-0128 (V0021551)

4
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency

o 2009-A-0098 (V0021755)
o 2009-A-0129 (V0022099)
o 2009-A-0125 (V0022100)
o 2009-A-0126 (V0022101)
o 2010-A-0003 (V0022244)
o 2010-A-0014 (V0022522)
o 2009-B-0054 (V0021747)
o 2009-B-0064 (V0022096)
• Automated for Applicability based on Prescan
o 2009-A-0123 (V0022059)
o 2009-A-0124 (V0022060)
o 2009-A-0130 (V0022094)
o 2009-A-0134 (V0022103)
o 2010-A-0006 (V0022237)
o 2010-A-0005 (V0022239)
o 2010-A-0007 (V0022241)
o 2010-A-0004 (V0022243)
o 2010-A-0010 (V0022245)
o 2010-A-0011 (V0022380)
o 2009-B-0062 (V0022064)
o 2009-B-0065 (V0022105)
o 2009-B-0066 (V0022106)
o 2010-B-0007 (V0022644)

Gold Disk V2 December 2009 Release


• Updated 34 Microsoft Office 2007 STIG vulnerabilities to ensure the vulnerabilities would only be found
under the Office 2007 System tree within Gold Disk. In addition to the Office 2007 System tree, the
vulnerabilities could previously be found under the tree of individual Office 2007 components (Excel 207,
Outlook 2007, etc.).
• Updated automated checking for V0017521-DTOO139 to include additional accepted values.
• Updated Office 2007 STIG checks to include automated fixes
o DTOO104 (V0017173)
o DTOO111 (V0017174)
o DTOO117 (V0017175)
o DTOO123 (V0017183)
o DTOO129 (V0017184)
• Added Prescan NA detection for the following:
o Cisco VPN Client
o Websense Products
o VMware Products
o IBM DB2
o Adobe Shockwave
• Updated previously automated IAVMs
o 2007-A-0029 (V0014218)
o 2007-A-0047 (V0015303)
o 2008-A-0028 (V0016015)
o 2008-A-0085 (V0017908)
o 2008-A-0086 (V0017910)
o 2008-A-0089 (V0017912)
o 2009-A-0002 (V0017997)

5
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency

o 2009-A-0013 (V0018388)
o 2009-A-0044 (V0019398)
o 2009-A-0046 (V0019399)
• Automated the following IAVMs
o 2008-A-0077 (V0017780)
o 2009-A-0071 (V0019884)
o 2009-A-0092 (V0021743)
o 2009-A-0091 (V0021744)
o 2009-A-0090 (V0021749)
o 2009-A-0094 (V0021752)
o 2009-A-0096 (V0021754)
o 2009-A-0097 (V0021756)
o 2009-A-0095 (V0021760)
o 2009-A-0120 (V0021933)
o 2009-A-0118 (V0021934)
o 2009-A-0119 (V0021935)
o 2009-A-0117 (V0021936)
o 2009-A-0116 (V0021937)
o 2009-A-0115 (V0021938)
o 2008-B-0081 (V0017914)
o 2009-B-0052 (V0021742)
o 2009-B-0054 (V0021747)
o 2009-B-0053 (V0021750)
• Automated for Applicability based on Prescan
o 2009-A-0100 (V0021741)
o 2009-A-0101 (V0021863)
o 2009-A-0102 (V0021864)
o 2009-A-0103 (V0021865)
o 2009-A-0104 (V0021866)
o 2009-A-0105 (V0021867)
o 2009-A-0106 (V0021883)
o 2009-A-0109 (V0021885)
o 2009-A-0110 (V0021888)
o 2009-A-0108 (V0021889)
o 2009-A-0112 (V0021926)
o 2009-A-0111 (V0021927)
o 2008-B-0061 (V0017346)
o 2009-B-0015 (V0018638)
o 2009-B-0016 (V0018766)
o 2009-B-0021 (V0019297)
o 2009-B-0048 (V0021682)
o 2009-B-0055 (V0021886)
o 2009-B-0056 (V0021890)
o 2009-B-0059 (V0021981)
o 2009-T-0005 (V0018124)
o 2009-T-0019 (V0018637)
o 2009-T-0031 (V0019298)

Gold Disk V2 October 2009 Release

6
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency

• Updated manual prescan question prompting to include “3 rd Party Firewalls”. If “3rd Party Firewalls” is
selected for prescan, all Windows Firewall vulnerabilities targeting Windows XP and Windows Vista are
automatically marked as NA.
• Modified antivirus fix to install Symantec EndPoint Protection in lieu of Symantec Corporate Edition when
Symantec is selected as the preferred antivirus solution. NOTE: The 64-bit version of Symantec still
requires a manual install at this time.
• Removed automated fixing via Gold Disk for all STIG vulnerabilities where the configuration lies within
the HKCU registry hive. Making configuration changes within the HKCU registry hive via Gold Disk only
fixes the vulnerability for the individual user account running the Gold Disk application.
• Updated checking for V0002371 to include automated detection on Windows Vista.
• Updated checking for 2008-A-0044 (V0016147) to ensure the vulnerability is only applicable when DNS is
installed
• Updated previously automated IAVMs
o 2009-A-0018 (V0018549)
o 2009-A-0020 (V0018554)
o 2009-A-0032 (V0018752)
o 2009-A-0034 (V0018756)
• Automated the following IAVMs
o 2009-B-0036 (V0019878)
o 2009-A-0067 (V0019882)
o 2009-A-0068 (V0019881)
o 2009-A-0070 (V0019883)
o 2009-B-0035 (V0019880)
o 2009-B-0037 (V0019879)
o 2009-A-0074 (V0019914)
o 2009-A-0075 (V0019915)
o 2009-A-0076 (V0019916)
o 2009-A-0077 (V0019917)
o 2009-A-0078 (V0019913)
• Automated for Applicability based on Prescan
o 2008-A-0045 (V0016170)
o 2009-A-0003 (V0017999)
o 2009-A-0009 (V0018005)
o 2009-A-0016 (V0018403)
o 2009-T-0023 (V0018849)
o 2009-B-0019 (V0019154)
o 2009-A-0041 (V0019229)
o 2009-A-0060 (V0019802)
o 2009-A-0062 (V0019827)
o 2009-A-0061 (V0019825)
o 2009-A-0081 (V0021499)
o 2009-B-0044 (V0021502)
o 2009-T-0050 (V0021503)
o 2008-B-0073 (V0017742)
o 2009-A-0041 (V0019229)
• Automated the following Miscellaneous Security Updates.
o MS09-025
o MS09-040

Gold Disk V2 August 2009 Release

7
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency

• Added DVD3 to incorporate Windows Vista patches


• Enhanced Gold Disk 2.0 engine to include the capability of running file patches other than “.exe” files.
The engine can now execute “.msu” files used to patch Windows Vista.
• The launcher.exe file has been removed. PGD.exe should be used instead. Prior to the June 2009 release,
the Gold Disk 2.0 engine had been modified to allow the 32-bit version (PGD.exe) to automatically launch
the 64-bit version (PGD64.exe) on a 64-bit system.
• Added prescan detection for:
o Windows Vista Service Pack 2
o Internet Explorer 8
o Windows Internet Name Service (WINS)
• Automated checks and fixing for (applicable to IE7 on Windows Vista only):
o DTBI485 (V0015527)
o DTBI490 (V0015528)
• Updated checking
o DTOO212 (V0017581)
o DTOO267 (V0017778)
• Updated checking for V0003383 to check correctly on Windows Vista
• Updated checking for V0003472 (Windows Time Service). The vulnerability will be closed if the value is
blank or does not exist. The value will be open if the value is not blank. The value can be closed manually
if the value is an authorized server.
• Updated checking for 2008-B-0075 (V0017793)
• Updated checking and patching for 2009-A-0018 (V0018553)
• Automated the following IAVMs
o 2009-A-0043 (V0019405)
o 2009-A-0046 (V0019399)
o 2009-A-0049 (V0019589)
o 2009-A-0050 (V0019756)
o 2009-A-0051 (V0019757)
o 2009-A-0052 (V0019758)
o 2009-A-0059 (V0019796)
o 2009-B-0022 (V0019400)
o 2009-B-0023 (V0019403)
o 2009-B-0024 (V0019401)
o 2009-B-0031 (V0019760)
o 2009-B-0032 (V0019759)
o 2009-T-0032 (V0019397)
• Automated for Applicability based on Prescan
o 2009-A-0042 (V0019404)
o 2009-A-0053 (V0019762)
o 2009-A-0054 (V0019761)
o 2009-A-0055 (V0019763)
o 2009-A-0056 (V0019764)
o 2009-A-0057 (V0019765)
o 2009-A-0058 (V0019768)
o 2009-B-0020 (V0019296)
o 2009-B-0028 (V0019437)
o 2009-T-0034 (V0019481)
o 2009-T-0038 (V0019458)

8
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency

o 2009-T-0043 (V0019770)
• Automated checking for the following on Windows Vista:
o V0014 o V0015 o V0015 o V0015
234 700 713 725
o V0014 o V0015 o V0015 o V0015
235 701 714 726
o V0014 o V0015 o V0015 o V0015
236 702 715 727
o V0014 o V0015 o V0015 o V0016
237 703 716 020
o V0014 o V0015 o V0015 o V0016
239 704 717 021
o V0014 o V0015 o V0015 o V0016
240 705 718 048
o V0014 o V0015 o V0015 o V0014
241 706 719 262
o V0014 o V0015 o V0015 o V0015
242 708 720 696
o V0017 o V0015 o V0015 o V0015
374 709 721 697
o V0014 o V0015 o V0015 o V0015
230 710 722 698
o V0014 o V0015 o V0015 o V0015
243 711 723 699
o V0014 o V0015 o V0015 o V0014
250 712 724 231
o V0014 o V0017 o V0017 o V0017
232 420 430 440
o V0016 o V0017 o V0017 o V0017
047 421 431 441
o V0014 o V0017 o V0017 o V0017
248 422 432 442
o V0014 o V0017 o V0017 o V0017
249 423 433 443
o V0015 o V0017 o V0017 o V0017
707 424 434 444
o V0017 o V0017 o V0017 o V0017
415 425 435 445
o V0017 o V0017 o V0017 o V0017
416 426 436 446
o V0017 o V0017 o V0017 o V0017
417 427 437 447
o V0017 o V0017 o V0017
418 428 438
o V0017 o V0017 o V0017
419 429 439

 Automated patching for V0001073 on Windows Vista

Gold Disk V2 June 2009 Release


• Enhanced Gold Disk 2.0 engine to include the capability of running on Windows Vista x86 and Windows
Vista x64. NOTE: Will detect and patch several STIG vulnerabilities. Subsequent Gold Disk V2 releases
will include IAVM and additional STIG automation

9
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency

• Modified the Gold Disk 2.0 engine to use the manifest file in order for the application to automatically
escalate privileges to administrator on Vista when these privileges are present in the login. This will
eliminate the user having to start Gold Disk by the right click option ‘Run as Administrator’
• Modified the Gold Disk 2.0 engine to allow the 32-bit version (PGD.exe) to automatically launch the 64-bit
version (PGD64.exe) on a 64-bit system. The launcher.exe file is now optional and will be removed in a
future release
• Modified the Gold Disk 2.0 engine to accurately display the findings for V0001103 and other User Rights
STIG vulnerabilities
• DVD2/CD9 now includes the 32-bit and 64-bit client installation files for Symantec Endpoint Protection.
The Symantec AntiVirus Corporate Edition client install is still the default Symantec application when
remediating V0001074-Approved DOD Virus Scan Program. To install Symantec Endpoint Protection, it
would have to be installed manually. NOTE: Symantec AntiVirus Corporate Edition will not install on
Windows Vista.
• Updated manual prescan question prompting to include IBM Websphere
• Modified checking for RSS Attachment Downloads (V0015682) to check on all service pack levels of
Windows XP
• Modified checking to match updated checklist requirements for Password Protected Screen Savers
(V0001122)
• Automated checks and fixing for DTBI705 (V0015577)
• Updated checking
o DTOO212 (V0017581)
o DTOO267 (V0017778)
• Updated checking and fixing of 2009-A-0002 (V0017997) to ensure checking patching for all applicable
service packs
• Automated the following IAVMs
o 2009-A-0032 (V0018752)
o 2009-A-0033 (V0018755)
o 2009-A-0034 (V0018756)
o 2009-T-0021 (V0018776)
o 2009-T-0022 (V0018781)
o 2009-A-0039 (V0019159)
• Automated for Applicability based on Prescan
o 2009-T-0018 (V0018612)
o 2009-T-0029 (V0019231)
o 2009-A-0027 (V0018785)
o 2009-A-0028 (V0018793)
o 2009-A-0029 (V0018797)
o 2009-A-0030 (V0018798)
o 2009-A-0036 (V0018848)
o 2009-B-0018 (V0018969)
o 2009-T-0027 (V0019160)
• Automated the following Miscellaneous Security Updates.
o MS09-012

Gold Disk V2 April 2009 Release


• Updated manual prescan question prompting
• Added vulnerability for Windows DNS and BIND (manual review at this time)
• Updated V0001073 Service Pack check for Windows 2003 to make SP1 or less a CAT I per the checklist
• Modified Local Users Exist on a workstation (V0001148) to report all user accounts that are found.
Manual review will be needed to validate any accounts found are authorized

10
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency

• Modified checking and fixing to match updated checklist requirements


o DTBI355 (V0015500)
o DTBI675 (V0015563)
o DTBI010 - (V0017296)
• Updated checking and fixing of Disable Media Autoplay (V0002374) to ensure that a prerequisite patch is
applied
• New prescan for Microsoft Expression Web
• New prescan for McAfee 8.7i. Additionally the GD will install this version if remediating V0001074 and
the user chooses McAfee
• New prescan for .Net 3.0 and .Net 3.5. Note that for vulnerability concerns, .Net 2.0, 3.0, and 3.5 are
mutually exclusive and will only display the latest version found in prescan and for vulnerabilities
• Moved 34 Office 2007 vulnerabilities to a new target of Microsoft Office System 2007
• Removed automation for IAVM 2008-A-0088
• Automated the following IAVMs
o 2008-B-0058 (V0017345)
o 2009-A-0013 (V0018388)
o 2009-B-0008 (V0018390)
o 2009-B-0009 (V0018406)
o 2009-A-0020 (V000000)
o 2009-A-0019 (V0018549)
o 2009-A-0018 (V0018553)
• Automated for Applicability based on Prescan
o 2008-T-0059
o 2009-B-0002
o 2009-B-0003
o 2009-B-0004
o 2009-T-0011
o 2009-B-0010
o 2009-A-0017
o 2009-T-0014
o 2009-A-0021
o 2009-B-0013
• Corrected check and fix for the following security patches.
o MS04-014
o MS03-034

Gold Disk V2 February 2009 Release


• Automated DCOM Object Registry Permissions (V0006826)
• Automated the following IAVMs
o 2008-T-0040 MS08-050 (V0016746)
o 2008-A-0088 MS08-070 (V0017907)
o 2008-A-0086 MS08-071 (V0017910)
o 2008-A-0089 MS08-072 (V0017912)
o 2008-A-0085 MS08-074 (V0017908)
o 2008-A-0090 MS08-078 (V0017935)
o 2009-A-0002 MS09-001 (V0017997)
o 2009-A-0014 MS09-002 (V0018389)
o 2008-B-0077 (V0017873)
• Automated for Applicability based on Prescan
o 2008-B-0086
o 2009-A-0004

11
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency

o 2009-A-0005
o 2009-A-0006
o 2009-A-0007
o 2009-A-0008
o 2008-A-0083
o 2009-B-0005
• Automated the remaining Office 2007 vulnerabilities that were not done in the Dec. release.
• Automated new vulnerability (V0018010) User Right Debug programs
• Updated the following checks to match new target (Internet Explorer) and or requirements
o DTBI137 V0003433
o DTBI367 (V0003430)
o DTBI697 (V0014245)
o DTBI076 (V0006276)
o DTBI685 (V0015573)
o DTBI036 (V0006253)

Gold Disk V2 December 2008 Release


• Added specific versioning to the XML version displayed by the Gold Disk – details can be found in About
Gold Disk Version 2.0.
• Updated all McAfee checks to be version specific. Previous Gold Disk releases checked and configured
McAfee the same regardless of the version installed. Changes made are to apply specific checks and fixes
for 8.0i and 8.5i depending on the version installed. See note in known issues “item 10” regarding the
Detection and Remediation tabs. Automated checking and fixing is correct for McAfee 8.0i and 8.5i
• Added the following for XP FDCC requirements
o V0001091 [A] Halt on Audit Failure XP FDCC
o V0001085 [A] Secure Removable Media XP FDCC
o V0003375 [A] Domain Controller Auth. XP FDCC
o V0001075 [A] Display Shutdown Button XP FDCC
o V0001084 [A] Clear System Page File XP FDCC
o V0017373 [A] Secure Removable Media XP FDCC
o V0016007 8dot3 Name Creation XP FDCC
o V0015672 Event Viewer Events.asp Links XP FDCC
o V0001130 [A] System File ACLs XP FDCC
o V0017410 XP Firewall Domain Profile – Enable Firewall
o V0017390 [A] XP Firewall Domain Profile – File and Printer Sharing
o V0017391 [A] XP Firewall Domain Profile – ICMP Exceptions
o V0017392 [A] XP Firewall Domain Profile – Local Port Exceptions
o V0017393 [A] XP Firewall Domain Profile – Local Program Exceptions
o V0017394 [A] XP Firewall Domain Profile – Logging
o V0017397 [A] XP Firewall Domain Profile – Plug and Play
o V0017398 [A] XP Firewall Domain Profile – Display Notifications
o V0017399 [A] XP Firewall Domain Profile – Unicast Response
o V0017411 [A] XP Firewall Standard Profile – Enable Firewall
o V0017400 [A] XP Firewall Standard Profile – File and Printer Sharing
o V0017401 [A] XP Firewall Standard Profile – ICMP Requests
o V0017402 [A] XP Firewall Standard Profile – Local Port Exceptions
o V0017403 [A] XP Firewall Standard Profile – Local Program Exceptions
o V0017404 [A] XP Firewall Standard Profile – Remote Administration
o V0017405 [A] XP Firewall Standard Profile – Remote Desktop
o V0017406 [A] XP Firewall Standard Profile – Plug and Play
o V0017407 [A] XP Firewall Standard Profile – No Exceptions

12
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency

o V0017408 [A] XP Firewall Standard Profile – Display Notifications


o V0017409 [A] XP Firewall Standard Profile – Unicast Response
• Updated the following per XP FDCC requirements
o Built-in Admin account enabled XP FDCC (V0016047)
o FDCC XP user rights (V0001103)
o Updated Screen Saver Grace Period (V0004442) to check registry value is reg_sz instead of
reg_dword
• Added V0017900 New Autorun.inf Check
• Added Office 2007 vulnerabilities. Due to time only the following could be automated for December. The
remaining are planned for February 2009
o DTOO171
o DTOO172
o DTOO173
o DTOO174
o DTOO175
o DTOO176
o DTOO177
o DTOO178
o DTOO179
o DTOO180
o DTOO181
o DTOO182
o DTOO183
o DTOO184
o DTOO185
• Automated the following IAVMs or Microsoft patches
o 2008-A-0064
o 2008-B-0057
o 2008-T-0055
o 2008-A-0078
o 2008-B-0075
o 2008-B-0076
o 2008-T-0056
o 2008-A-0081
o 2008-T-0058
o 2008-B-0079
o 2008-A-0087
• Automated for Applicability based on Prescan
o 2008-T-0047
o 2008-T-0037
o 2008-B-0065
o 2008-B-0080
o 2008-A-0075
o 2008-A-0074
o 2008-A-0073
o 2008-B-0072

Gold Disk V2 September 2008 Release


• Automated the following IAVMs or Microsoft patches
o 2008-A-0044
o 2008-T-0033

13
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency

o 2008-T-0035
o 2008-B-0053
o 2008-A-0056
o 2008-A-0062
o 2008-A-0060
o 2008-A-0058
o 2008-A-0059
o 2008-B-0056
o 2008-T-0039
o 2008-A-0061
o 2007-B-0031
o 2007-A-0003 – Updated automation
o 2007-A-0037 – Corrected false positive
o Oracle – NA based on prescan detection only
 2008-A-0049
 2008-A-0047
 2008-A-0046
 2008-A-0050
 2008-A-0052
• File ACL V0001130 – Corrected a possible false positive on some systems
• Modified checking to match updated checklist requirements for the following vulnerabilities in the desktop
checklist
o DTAM110 (V0014630)
o DTAM111 (V0014631)
o DTAM131 (V0014658)
o DTAM132 (V0014659)
o DTAM133 (V0014660)
o DTAM134 (V0014661)
o DTAM130 (V0014657)
o DTBI061 (V0006267)
o DTBI091 (V0006281)
o DTBI036 (V0006253)
o DTBI025 (V0016879)
• Enhanced prescan to detect Oracle installations on 2003 64 bit systems

Gold Disk V2 July 2008 Release


• Automated the following IAVMs or Microsoft patches
o 2007-A-0037
o 2008-A-0028
o 2008-A-0029
o 2008-A-0030
o 2008-A-0037
o 2008-A-0039
o 2008-A-0040
o 2008-A-0041
o 2008-B-0043
o 2008-T-0024
o 2008-T-0025
o MS08-034
o 2008-A-0019
o 2008-A-0020

14
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency

o 2008-A-0021
o 2008-A-0022
o 2008-A-0023
o 2008-B-0040
o 2008-A-0027
• Updated checks for the following vulnerabilities to match new platinum/gold policy requirements
o OS/2 Subsystem Installed (V0001078)
o Posix Files (V0001079)
o Posix registry entry (V0001083)
o LanMan Authentication Level (V0001153)
o OS/2 Registry Keys (V0001082)
o Clear System Pagefile (V0001084)
• Modified checking and remediation (where applicable) to match updated requirements.
o Screen Saver Grace Period (V004442)
o IE - Make Proxy Settings Per Machine (V0003430) – removed from XP
o Lockout Duration (V0001099)
o DTBI026 (V0006246)
• Automated the following
o Anonymous Access to Named Pipes and Shares (V0006834)
o Audit Access to Global System Objects (V0014228)
o WA000-WI035 (V0013698) – added the built-in administrator account as acceptable to have
permissions per requirements.
• Updated prescan to detect Symantec Endpoint Protection on 32 and 64 bit systems
• Modified checking for V0001074 “Approved DOD Virus Scan Program” to allow for Symantec Endpoint
Protection and to improve checking efficiency on other systems.

Gold Disk V2 May 2008 Release


• Automated the following IAVMs or Microsoft patches
o 2002-A-0002
o 2008-A-0015
o 2008-A-0014
o 2008-A-0012
o 2008-A-0013
o 2008-T-0008
o 2008-B-0037
o 2008-B-0035
o 2008-B-0033
o 2008-T-0012
o 2008-B-0034
o 2008-A-0018
o 2008-A-0017
o 2008-T-0011 NA based on Pre Scan only
o 2008-T-0010 NA based on Pre Scan only
o MS08-025
• Updated prescan for Microsoft Visual Studio on x32 and x64
• Updated the following checks per new checklist requirements
o Password Uniqueness (V0001107)
o Software Certificate Installation Files (V0015823)
o Windows Installer – IE Security Prompt (V0015684)
o DTBI590 (V0015548)

15
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency

o DTBI595 (V0015549)
o DTBI600 (V0015550)
o DTBI605 (V0015551)
o DTBI610 (V0015552)
o DTBI615 (V0015553)
o DTBI620 (V0015554)
o DTBI625 (V0015555)
o DTBI630 (V0015556)
o DTBI635 (V0015557)
o DTBI640 (V0015558)
o DTBI645 (V0015559)
o DTBI592 (V0015565)
o DTBI594 (V0015566)
o DTBI599 (V0015568)
o DTBI612 (V0015569)
o DTBI614 (V0015570)
o DTBI647 (V0015571)
o DTBI649 (V0015572)
o DTBI596 (V0015603)

Gold Disk V2 March 2008 Release


• Updated IIS Metabase checking to correct several errors that could occur on some systems
o IIS Explorer lockout when Gold Disk is running
o Gold Disk crashing on some systems
• Corrected the following IE 7 checks to match checklist requirements
o DTBI645 (V0015559)
o DTBI647 (V0015571)
o DTBI649 (V0015572)
o DTBI640 (V0015558)
o DTBI680 (V0015564)
o DTBI685 (V0015573)
o DTBI690 (V0015574)
o DTBI720 (V0015580)
o DTBI024 (V0006245)
o DTBI128 (V0006303)
o DTBI040 (V0006257)
o DTBI495 (V0015529)
o DTBI592 (V0015565)
o DTBI614 (V0015570)
o DTBI612 (V0015569)
o DTBI605 (V0015551)
o DTBI594 (V0015566)
o DTBI375 (V0015504)
o DTBI596 (V0015603)
o DTBI597 (V0015604)
o DTBI725 (V0015581)
o DTBI625 (V0015555)
• Updated many IE6 checks to match new checklist requirements
• Updated the following windows checks to add and automate for XP or to match new checklist requirements
o V0002371 [M] Service Object Permissions
o V0001122 [A] Password Protected Screen Savers

16
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency

o V0001103 – [A] User Rights Assignments


o Unnecessary Services (V0003487) LanMan Authentication Level (V0001153)
o Minimum Password Length (V0006836)
o V0014228 Audit Access to Global System Objects
o V0014229 Audit Backup and Restore Privileges
o V0014247 Terminal Services – Prevent Password Sa
o V0014268 Attachment Manager –Preserve Zone Infor
o V0014269 Attachment Manager – Hide Mechanisms to
o V0014270 Attachment Manager – Scan with Antiviru
o V0014252 Logon – Run Once List
o V0014267 Power Management – Require Password on
o V0014253 RPC – Unauthenticated RPC Clients
o V0014254 RPC – Endpoint Mapper Authentication
o V0014260 HTTP - Printer Drivers
o V0014256 Internet Download / Online Ordering
o V0014259 Printing Over HTTP
o V0014258 Search Companion Content File Updates
o V0014255 Publish to Web
o V0014257 Windows Messenger Customer Experience I
o V0014261 Windows Update Device Driver Searching
o V0014246 IE – Turn Off Crash Detection
o V0015666 [A] Windows Peer to Peer Networking
o V0015667 [A] Prohibit Network Bridge
o V0015669 [A] Prohibit Internet Connection Sharing
o V0015670 [A] Error Reporting - Display Error Notif
o V0015671 [A] Root Certificates Update
o V0015673 [A] Internet Connection Wizard ISP Downlo
o V0015674 [A] Internet File Association Service
o V0015675 [A] Windows Registration Wizard
o V0015676 [A] Order Prints Online
o V0015677 [A] Windows Movie Maker Codec Downloads
o V0015678 [A] Windows Movie Maker Web Links
o V0015679 [A] Windows Movie Maker Online Hosting
o V0015680 [A] Classic Logon
o V0015681 [A] Prevent Internet Information System
o V0015682 [A] RSS Attachment Downloads
o V0015683 [A] Windows Explorer – Shell Protocol Pro
o V0015684 [A] Windows Installer – IE Security Promp
o V0015685 [A] Windows Installer – User Control
o V0015686 [A] Windows Installer – Vendor Signed Upd
o V0015687 [A] Media Player – First Use Dialog Boxes
• Automated the following IAVMs or Microsoft patches
o 2008-B-0016 (V0015739)
o 2008-A-0005 (V0015742)
o 2008-A-0006 (V0015744)
o 2008-A-0007 (V0015741)
o 2008-A-0008 (V0015738)
o 2008-A-0009 (V0015743)
o 2008-A-0010 (V0015745)
o 2008-B-0003 (V0015663)
o 2007-T-0051 (V0015593)

17
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency

o 2008-B-0001 (V0015600)
o MS08-002

Gold Disk V2 January 2008 Release


• Updated the Gold Disk to run fixes in CD order where possible. This significantly reduces the number of
times users are prompted to change CDs during the remediation process
• DVD/share drive support. See Appendix J
• Microsoft Office 2000, XP, 2003 prescan detection on Windows 2003 64 bit
• Microsoft Office 2007 detection on all Gold Disk supported OSs
• Added check and fix automation for the following IAVMs:
o 2007-A-0053
o 2007-A-0054
o 2005-T-0022
o 2007-A-0056
o 2007-T-0050
o 2007-A-0055
• Added IA control information to the Misc. tab
• Automated IE 7 vulnerabilities on all Gold Disk supported OSs
• Automated several vulnerabilities associated with McAfee
• Updated ACL checking to stay in sync with checklist requirement changes

Gold Disk V2 November 2007 Release


• Please note that the Gold Disk Pre-Scan is not currently detecting many software products to include
Microsoft Office when installed on 2003 64 bit. Undetected products should be manually added to the
asset posture and the associated vulnerabilities addressed in VMS. Pre-Scan detection for Microsoft Office
is currently working on 32 bit Operating Systems.
• Added check and fix automation for the following IAVMs:
o 2007-B-0027
o 2007-T-0038
o 2006-A-0027
o 2006-A-0056
o 2007-T-0040
o 2007-A-0047
• Corrected checking for the following IAVM on Windows 2000 when Jscript 5.1 is installed:
o 2006-B-0009
• Added check and fix automation for the following IAVMs on 2003 64 bit:
o 2006-B-0002
o 2006-T-0018
• Added the following IAVMs to the Oracle Prescan NA checks:
o 2007-A-0052
o 2007-A-0051
o 2007-A-0050
o 2007-A-0049
o 2007-A-0048
• Added Prescan NA (additional information questions) for the following IAVMs:
o 2007-T-0008
o 2001-A-0001
o 2007-A-0039
o 2007-T-0043
o 2007-T-0044

18
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency

o 2007-B-0033
o 2007-T-0013
o 2007-T-0035
• Added check and fix automation for the following NON-IAVM patch:
o MS07-053
o MS07-054
• Changed the confidentiality level in the Non-Interactive.xml control file to match the default of Sensitive
that is used when running the Gold Disk interactively
• Modified the Gold Disk executable to split out Systems and Enclaves in the edit asset information window.
• Updated the Gold Disk to include .Net and Antispyware vulnerabilities
• Automated the following checks for IIS, and Symantec:
o WA000-WI035
o WA000-WI110
o WA000-WI080
o WA000-WI100
o WA000-WI6080
o WA000-WI6082
o WA000-WI6084
o WA000-WI6086
o WA000-WI6088
o WA000-WI6090
o WA000-WI6092
o WA000-WI6094
o WA000-WI6096
o DTAS060
o DTAS061
o DTAS062
o DTAS063
o DTAS064
o DTAS065
o DTAS066
o DTAS067
o DTAS068
o DTAS069

Gold Disk V2 September 2007 Release


• Added check and fix automation for the following IAVMs released between July and August:
o 2007-B-0013
o 2007-A-0036
o 2007-A-0037
o 2007-T-0028
o 2007-A-0042
o 2007-A-0043
o 2007-B-0024
o 2007-A-0044
o 2007-B-0025
o 2007-B-0026
o 2007-A-0045
• Added check and fix automation for the following IAVMs on 2003 64 bit:
o 2007-A-0020
o 2007-A-0014

19
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency

o 2007-B-0009
o 2007-B-0005
o 2007-B-0004
o 2007-B-0003
o 2006-B-0010
o 2006-A-0036
o 2006-B-0011
o 2006-A-0038
o 2006-B-0014
o 2006-T-0026
o 2006-T-0033
o 2006-T-0034
o 2006-B-0020
o 2006-T-0039
• Updated Registry Policy Processing (V0004448) due to a checklist change to look for
“NoGPOListChanges” in the registry
• Updated Secure Channel Data (V0001163 & V0001164) to be closed when Domain Member: Digitally
encrypt or sign secure channel data (always) is set correctly to Enabled
• Updated User Rights (V0001103) to remove checking for the following checks due to a checklist change as
they are separate vulnerabilities. Additionally made changes due to problems found during regression
testing to correctly check and remediate per the checklist for the user rights below:
o Act as part of the operating system
o Deny access to this computer from the network
• Updated the Service Pack check to require SP2 on Windows 2003 per the checklist
• Corrected known problem with the Gold Disk not saving and restoring sessions properly after the first save
and restore
• Improved performance with loading XML and prescan and when running on systems with IIS installed
• Corrected detection for 2005-T-0005. The Gold Disk originally may have given false negatives
• Corrected findings details for auditing settings (V0001080) to more accurately display incorrect audit
settings rather than incorrect permissions

Gold Disk V2 July 2007 Release


• Added check and fix automation for the following IAVMs released between May and June:
o 2007-B-0010
o 2007-A-0029
o 2007-A-0030
o 2007-A-0031
o 2007-A-0028
o 2007-A-0033
o 2007-A-0034
o 2007-B-0011
o 2007-A-0035
o 2007-T-0024
o 2007-A-0022
o 2007-A-0023
o 2007-A-0024
o 2007-A-0025
o 2007-A-0026
• Updated the fix for 2006-A-0052 to work with all versions of windows installer.

20
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency

• Corrected to include all IE vulnerabilities when IE7 is installed. Previous versions of the Gold Disk did not
list any vulnerabilities when IE7 is installed. These vulnerabilities will be manual review until analysis can
be done to determine how to automate checking on IE7.
• Added XML versioning. If a user changes an XML control file, they will be prompted concerning the
detected change when running the Gold Disk. The user can either run the Gold Disk with the change or not
run at that time. If they choose to run with the change, “Modified” appears on the Gold Disk information
bar to indicate that they are not using the released XML.
• 2007-T-0016 added to Bind Manual prescan NA.
• 2007-T-0021 added to Firefox manual prescan NA.
• 2006-B-0009 Corrected possible false positive that could occur on some Windows 2000 systems.
• Engine fixes to accommodate McAfee AV signature date format inconsistencies that caused the Gold Disk
to crash on some systems. Additionally modified the engine to accommodate a change in where McAfee
anti-virus stores the signature file date.
• Updated automation for the following IAVMs:
o 2007-A-0033
o 2007-A-0034
o 2007-B-0011
o 2007-A-0035
• Updates to the following vulnerabilities to keep in sync with checklist guidance for the release:
o DTBI006 IE – Local Zone - Includes
o DTBI040 IE – Zone Settings
o DTAS017 Antivirus AutoProtect – Check Floppy at Shutdown
o Anonymous Access to Named Pipes and Shares
o Corrected fix for user right: Deny logon through Terminal Service
o Corrected fix for user right: Create Pagefile
• Updated checking for the following IAVMs:
o 2003-A-0017
o 2004-A-0006
o 2004-A-0017
o 2004-A-0018
o 2004-A-0019
o 2005-A-0001
o 2005-A-0017
o 2005-A-0018
o 2005-A-0025
o 2005-A-0029
o 2005-A-0030
o 2006-A-0002
o 2006-A-0015
o 2006-A-0036
o 2006-A-0038
o 2006-A-0051
o 2007-A-0005
o 2007-A-0014

o 2003-B-0004
o 2003-B-0006
o 2004-B-0016
o 2006-B-0007
o 2006-B-0009
o 2006-B-0010

21
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency

o 2006-B-0011
o 2006-B-0014
o 2006-B-0020
o 2006-B-0021
o 2007-B-0003
o 2007-B-0004

o 2004-T-0031
o 2004-T-0035
o 2004-T-0040
o 2005-T-0001
o 2005-T-0003
o 2005-T-0004
o 2005-T-0019
o 2005-T-0026
o 2005-T-0029
o 2005-T-0041
o 2005-T-0042
o 2006-T-0003
o 2006-T-0015
o 2006-T-0026
o 2006-T-0033
o 2006-T-0034
o 2006-T-0039

Gold Disk V2 May 2007 Release


• Browse for executable screen during remediation now displays the Disk Label of the needed CD.
• Anti-virus disk prompting now displays the Disk Label of the needed CD.
• Icon indicators on the Remediation warning screen.
• Enumeration for websites now enumerates more accurately.
• Added automation (where possible) for IAVMs released between March and April.
• Content Management Progress for May 2007 release.
• 21 new interactive pre-scan questions covering 33 IAVMs.

Gold Disk V2 March 2007 Release


• Resizable tree-view within the Gold Disk GUI.
• Allow for editing of the IP Address/MAC Address information.
• Display totals for all severities.
• Added automation (where possible) for IAVMs released between January and February.
• Performance improvements reduce processing time by approximately 60 to 80 percent.
• Ability to do an “interview-based” pre-scan for products which are not directly available to do
signature assessments.

Gold Disk V2 Jan 2007 Release


• Save Session capability

22
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency

o Allows the Gold Disk user to save the current state of the review session to a file. This
session file can later be reloaded to complete the analysis of the system under review.
• Vulnerability Status report.
o Rich-text format that can be saved to disk or printed. User parameters allow selection of
affected software components, vulnerability status and selection of fields to include in the
report.
• File ACL content is now generated out of the database. This was previously post-processed and
added after automated XML generation was completed.
• Added automation (where possible) for IAVMs released between November and December.
• Internet Explorer 7.0 Pre-scan detection.
• Pre-scan Not Applicable Expansion:
o Ability to detect Symantec and Microsoft Exchange Server products. IAVMs affecting these
products set to NA if the product is not found on the system during pre-scan.

Gold Disk V2 Nov 2006 Release


• Corrected checking and fixing for Bad Logon Counter Reset.
• Corrected checking and fixing for Password Expiration.
• Updated 2005-A-0001 to use an updated Microsoft patch.
• Corrected checking and fixing for 2006-A-0028.
• Added automation (where possible) for IAVMs released between September and October.
• Added automated prescan for the following software:
o Oracle
o Adobe Reader and Flash Player
o Winzip

23
UNCLASSIFIED
This page is intentionally left blank

UNCLASSIFIED