How to fix vulnerabilites which are found in OpenVAS results

Hi Team,

Recently we had ran OpenVAS test on our azure cloud application server(Windows virtual machine scale set) and found attached results. Please check and help us how to resolve these Vulnerabilities.

Issue1:
Medium (CVSS: 5.0) NVT: DCE/RPC and MSRPC Services Enumeration Reporting
Summary Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.Vulnerability Detection Result Here is the list of DCE/RPC or MSRPC services running on this host via the TCP Protocol: Port: 49664/tcp -49668 and 49753

And also we have observed below points in our report. Could you please explain what does it mean?

Vendor security updates are not trusted.
Overrides are on. When a result has an override, this report uses the threat of the override.
Information on overrides is included in the report.
Notes are included in the report.
This report might not show details of all issues that were found. It only lists hosts that produced issues.
Issues with the threat level “Log” are not shown.
Issues with the threat level “Debug” are not shown.
Issues with the threat level “False Positive” are not shown. Only results with a minimum QoD of 70 are shown.

In general, when finding security issues with the scanner, it is recommended to bring this to the attention
of the people responsible for the respective service. All information for a system administrator is included in the scan report, including links for further reading.

In case the people in your organization do not have capacity for the remediation of vulnerabilities,
contracting for external security or administration capacities makes sense.

The items you cite from the report are a textual description of the power-filter you applied:

https://docs.greenbone.net/GSM-Manual/gos-4/en/gui_introduction.html#powerfilter

1 Like