I have opened a ticket with McAfee (SR#3-2666770219) but would like to check with other users on their experiences, and also see this implemented in a future version.
I use vuln sets, which contains the rule "Patch Availability equals Patch Available".
What I want is:
"Patch Availability equals Patch Available" OR "Workaround Exists"
Take the case of FID 10588 (one example of many), which is listed as "no patch available".
10558 Microsoft Windows Environment Variable Expansion Library Loading Vulnerability A logic error is present in some versions of Microsoft Windows. Medium "Microsoft Windows is an industry standard operating system.
A logic error is present in some versions of Microsoft Windows. The vulnerability is due to Windows not properly expanding some of the values in the PATH environment variable which can result in unexpanded PATH value being used when loading resources. Successful exploitation could allow an attacker to execute arbitrary code by tricking a user to open files located on remote WebDAV or SMB share.
" CVE-2007-6753 "The vendor has released an advisory describing a workaround that can be used to mitigate this issue.
More information can be found at:
Currently, in vuln sets, I can only choose:
No Patch Available
I want to be able to include in my reports vulns for which there are workarounds, such as 10588. After all, I am interested in securing my environment as much as possible - patch avilable or not.
To me, the solution would be to add a code "4" in the "patched" field of the "content.vuln" table to indicate that there is a workaround available, and a corresponding condition in the vuln sets to query on this.
The repsonse to my ticket was clarification that a patch is a "binary" however that is not my concern. I'm not interested in the semantics of patch vs workaround.
I would like to see the above implemented. The work required by McAfee would be negligible and would help customers be able to identify possible "workarounds" to increase security.