Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Gold Disk
Release Notes
Content Updates
Version 2.0
October 2010
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency
Trademark
ReleaseInformation
Notes
Trademark Information
Gold Disk V2 October 2010 Release
In addition to Symantec EndPoint Protection signature updates, added automatic detection of Symantec
AntiVirus Corporate Edition signature updates when installed on Windows Vista systems
Added prescan detection for Office 2007 SP2
Removed automation for V0001135-Printer Share Permissions until further notice due to false positive.
Automated V0004107-Unsupported OS for Windows 2000 systems
Modified automation for V0001077-Incorrect ACLs for Event Logs due to false positive on Windows
Server 2008 systems
Updated previously automated IAVMs
o 2007-A-0020 (V0013883)
o 2007-A-0031 (V0014220)
o 2008-A-0005 (V0015742)
o 2008-A-0064 (V0017342)
o 2008-A-0087 (V0017909)
o 2008-A-0086 (V0017910)
o 2009-A-0019 (V0018549)
o 2009-A-0071 (V0019884)
o 2009-A-0074 (V0019914)
o 2009-A-0097 (V0021756)
Automated the following IAVMs
o 2010-A-0100 (V0025027)
o 2010-A-0112 (V0025059)
o 2010-A-0107 (V0025061)
o 2010-A-0104 (V0025066)
o 2010-A-0103 (V0025067)
o 2010-A-0111 (V0025068)
o 2010-A-0110 (V0025069)
o 2010-A-0106 (V0025071)
o 2010-A-0108 (V0025073)
o 2010-A-0109 (V0025076)
o 2010-A-0113 (V0025081)
o 2010-A-0120 (V0025353)
o 2010-A-0121 (V0025357)
o 2010-A-0122 (V0025359)
o 2010-A-0123 (V0025360)
o 2010-A-0125 (V0025361)
o 2010-A-0124 (V0025362)
o 2010-B-0063 (V0025072)
o 2010-B-0064 (V0025074)
o 2010-B-0062 (V0025075)
o 2010-B-0076 (V0025344)
o 2010-B-0077 (V0025345)
o 2010-B-0078 (V0025347)
Automated for Applicability based on Prescan
o 2010-A-0101 (V0025058)
o 2010-A-0116 (V0025175)
o 2010-A-0119 (V0025193)
o 2010-B-0072 (V0025180)
1
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency
o 2010-B-0074 (V0025183)
2
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency
3
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency
4
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency
o 2010-A-0014 (V0022522)
o 2009-B-0054 (V0021747)
o 2009-B-0064 (V0022096)
Automated for Applicability based on Prescan
o 2009-A-0123 (V0022059)
o 2009-A-0124 (V0022060)
o 2009-A-0130 (V0022094)
o 2009-A-0134 (V0022103)
o 2010-A-0006 (V0022237)
o 2010-A-0005 (V0022239)
o 2010-A-0007 (V0022241)
o 2010-A-0004 (V0022243)
o 2010-A-0010 (V0022245)
o 2010-A-0011 (V0022380)
o 2009-B-0062 (V0022064)
o 2009-B-0065 (V0022105)
o 2009-B-0066 (V0022106)
o 2010-B-0007 (V0022644)
5
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency
o 2009-A-0092 (V0021743)
o 2009-A-0091 (V0021744)
o 2009-A-0090 (V0021749)
o 2009-A-0094 (V0021752)
o 2009-A-0096 (V0021754)
o 2009-A-0097 (V0021756)
o 2009-A-0095 (V0021760)
o 2009-A-0120 (V0021933)
o 2009-A-0118 (V0021934)
o 2009-A-0119 (V0021935)
o 2009-A-0117 (V0021936)
o 2009-A-0116 (V0021937)
o 2009-A-0115 (V0021938)
o 2008-B-0081 (V0017914)
o 2009-B-0052 (V0021742)
o 2009-B-0054 (V0021747)
o 2009-B-0053 (V0021750)
Automated for Applicability based on Prescan
o 2009-A-0100 (V0021741)
o 2009-A-0101 (V0021863)
o 2009-A-0102 (V0021864)
o 2009-A-0103 (V0021865)
o 2009-A-0104 (V0021866)
o 2009-A-0105 (V0021867)
o 2009-A-0106 (V0021883)
o 2009-A-0109 (V0021885)
o 2009-A-0110 (V0021888)
o 2009-A-0108 (V0021889)
o 2009-A-0112 (V0021926)
o 2009-A-0111 (V0021927)
o 2008-B-0061 (V0017346)
o 2009-B-0015 (V0018638)
o 2009-B-0016 (V0018766)
o 2009-B-0021 (V0019297)
o 2009-B-0048 (V0021682)
o 2009-B-0055 (V0021886)
o 2009-B-0056 (V0021890)
o 2009-B-0059 (V0021981)
o 2009-T-0005 (V0018124)
o 2009-T-0019 (V0018637)
o 2009-T-0031 (V0019298)
6
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency
Removed automated fixing via Gold Disk for all STIG vulnerabilities where the configuration lies within
the HKCU registry hive. Making configuration changes within the HKCU registry hive via Gold Disk only
fixes the vulnerability for the individual user account running the Gold Disk application.
Updated checking for V0002371 to include automated detection on Windows Vista.
Updated checking for 2008-A-0044 (V0016147) to ensure the vulnerability is only applicable when DNS is
installed
Updated previously automated IAVMs
o 2009-A-0018 (V0018549)
o 2009-A-0020 (V0018554)
o 2009-A-0032 (V0018752)
o 2009-A-0034 (V0018756)
Automated the following IAVMs
o 2009-B-0036 (V0019878)
o 2009-A-0067 (V0019882)
o 2009-A-0068 (V0019881)
o 2009-A-0070 (V0019883)
o 2009-B-0035 (V0019880)
o 2009-B-0037 (V0019879)
o 2009-A-0074 (V0019914)
o 2009-A-0075 (V0019915)
o 2009-A-0076 (V0019916)
o 2009-A-0077 (V0019917)
o 2009-A-0078 (V0019913)
Automated for Applicability based on Prescan
o 2008-A-0045 (V0016170)
o 2009-A-0003 (V0017999)
o 2009-A-0009 (V0018005)
o 2009-A-0016 (V0018403)
o 2009-T-0023 (V0018849)
o 2009-B-0019 (V0019154)
o 2009-A-0041 (V0019229)
o 2009-A-0060 (V0019802)
o 2009-A-0062 (V0019827)
o 2009-A-0061 (V0019825)
o 2009-A-0081 (V0021499)
o 2009-B-0044 (V0021502)
o 2009-T-0050 (V0021503)
o 2008-B-0073 (V0017742)
o 2009-A-0041 (V0019229)
Automated the following Miscellaneous Security Updates.
o MS09-025
o MS09-040
7
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency
8
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency
9
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency
o 2009-T-0022 (V0018781)
o 2009-A-0039 (V0019159)
Automated for Applicability based on Prescan
o 2009-T-0018 (V0018612)
o 2009-T-0029 (V0019231)
o 2009-A-0027 (V0018785)
o 2009-A-0028 (V0018793)
o 2009-A-0029 (V0018797)
o 2009-A-0030 (V0018798)
o 2009-A-0036 (V0018848)
o 2009-B-0018 (V0018969)
o 2009-T-0027 (V0019160)
Automated the following Miscellaneous Security Updates.
o MS09-012
10
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency
o 2009-A-0021
o 2009-B-0013
Corrected check and fix for the following security patches.
o MS04-014
o MS03-034
11
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency
12
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency
o 2008-A-0078
o 2008-B-0075
o 2008-B-0076
o 2008-T-0056
o 2008-A-0081
o 2008-T-0058
o 2008-B-0079
o 2008-A-0087
Automated for Applicability based on Prescan
o 2008-T-0047
o 2008-T-0037
o 2008-B-0065
o 2008-B-0080
o 2008-A-0075
o 2008-A-0074
o 2008-A-0073
o 2008-B-0072
13
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency
o DTBI061 (V0006267)
o DTBI091 (V0006281)
o DTBI036 (V0006253)
o DTBI025 (V0016879)
Enhanced prescan to detect Oracle installations on 2003 64 bit systems
14
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency
o 2008-A-0015
o 2008-A-0014
o 2008-A-0012
o 2008-A-0013
o 2008-T-0008
o 2008-B-0037
o 2008-B-0035
o 2008-B-0033
o 2008-T-0012
o 2008-B-0034
o 2008-A-0018
o 2008-A-0017
o 2008-T-0011 NA based on Pre Scan only
o 2008-T-0010 NA based on Pre Scan only
o MS08-025
Updated prescan for Microsoft Visual Studio on x32 and x64
Updated the following checks per new checklist requirements
o Password Uniqueness (V0001107)
o Software Certificate Installation Files (V0015823)
o Windows Installer – IE Security Prompt (V0015684)
o DTBI590 (V0015548)
o DTBI595 (V0015549)
o DTBI600 (V0015550)
o DTBI605 (V0015551)
o DTBI610 (V0015552)
o DTBI615 (V0015553)
o DTBI620 (V0015554)
o DTBI625 (V0015555)
o DTBI630 (V0015556)
o DTBI635 (V0015557)
o DTBI640 (V0015558)
o DTBI645 (V0015559)
o DTBI592 (V0015565)
o DTBI594 (V0015566)
o DTBI599 (V0015568)
o DTBI612 (V0015569)
o DTBI614 (V0015570)
o DTBI647 (V0015571)
o DTBI649 (V0015572)
o DTBI596 (V0015603)
15
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency
o DTBI680 (V0015564)
o DTBI685 (V0015573)
o DTBI690 (V0015574)
o DTBI720 (V0015580)
o DTBI024 (V0006245)
o DTBI128 (V0006303)
o DTBI040 (V0006257)
o DTBI495 (V0015529)
o DTBI592 (V0015565)
o DTBI614 (V0015570)
o DTBI612 (V0015569)
o DTBI605 (V0015551)
o DTBI594 (V0015566)
o DTBI375 (V0015504)
o DTBI596 (V0015603)
o DTBI597 (V0015604)
o DTBI725 (V0015581)
o DTBI625 (V0015555)
Updated many IE6 checks to match new checklist requirements
Updated the following windows checks to add and automate for XP or to match new checklist requirements
o V0002371 [M] Service Object Permissions
o V0001122 [A] Password Protected Screen Savers
o V0001103 – [A] User Rights Assignments
o Unnecessary Services (V0003487) LanMan Authentication Level (V0001153)
o Minimum Password Length (V0006836)
o V0014228 Audit Access to Global System Objects
o V0014229 Audit Backup and Restore Privileges
o V0014247 Terminal Services – Prevent Password Sa
o V0014268 Attachment Manager –Preserve Zone Infor
o V0014269 Attachment Manager – Hide Mechanisms to
o V0014270 Attachment Manager – Scan with Antiviru
o V0014252 Logon – Run Once List
o V0014267 Power Management – Require Password on
o V0014253 RPC – Unauthenticated RPC Clients
o V0014254 RPC – Endpoint Mapper Authentication
o V0014260 HTTP - Printer Drivers
o V0014256 Internet Download / Online Ordering
o V0014259 Printing Over HTTP
o V0014258 Search Companion Content File Updates
o V0014255 Publish to Web
o V0014257 Windows Messenger Customer Experience I
o V0014261 Windows Update Device Driver Searching
o V0014246 IE – Turn Off Crash Detection
o V0015666 [A] Windows Peer to Peer Networking
o V0015667 [A] Prohibit Network Bridge
o V0015669 [A] Prohibit Internet Connection Sharing
o V0015670 [A] Error Reporting - Display Error Notif
o V0015671 [A] Root Certificates Update
o V0015673 [A] Internet Connection Wizard ISP Downlo
o V0015674 [A] Internet File Association Service
16
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency
17
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency
o 2007-T-0038
o 2006-A-0027
o 2006-A-0056
o 2007-T-0040
o 2007-A-0047
Corrected checking for the following IAVM on Windows 2000 when Jscript 5.1 is installed:
o 2006-B-0009
Added check and fix automation for the following IAVMs on 2003 64 bit:
o 2006-B-0002
o 2006-T-0018
Added the following IAVMs to the Oracle Prescan NA checks:
o 2007-A-0052
o 2007-A-0051
o 2007-A-0050
o 2007-A-0049
o 2007-A-0048
Added Prescan NA (additional information questions) for the following IAVMs:
o 2007-T-0008
o 2001-A-0001
o 2007-A-0039
o 2007-T-0043
o 2007-T-0044
o 2007-B-0033
o 2007-T-0013
o 2007-T-0035
Added check and fix automation for the following NON-IAVM patch:
o MS07-053
o MS07-054
Changed the confidentiality level in the Non-Interactive.xml control file to match the default of Sensitive
that is used when running the Gold Disk interactively
Modified the Gold Disk executable to split out Systems and Enclaves in the edit asset information window.
Updated the Gold Disk to include .Net and Antispyware vulnerabilities
Automated the following checks for IIS, and Symantec:
o WA000-WI035
o WA000-WI110
o WA000-WI080
o WA000-WI100
o WA000-WI6080
o WA000-WI6082
o WA000-WI6084
o WA000-WI6086
o WA000-WI6088
o WA000-WI6090
o WA000-WI6092
o WA000-WI6094
o WA000-WI6096
o DTAS060
o DTAS061
o DTAS062
o DTAS063
18
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency
o DTAS064
o DTAS065
o DTAS066
o DTAS067
o DTAS068
o DTAS069
19
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency
Corrected findings details for auditing settings (V0001080) to more accurately display incorrect audit
settings rather than incorrect permissions
20
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency
o 2004-A-0019
o 2005-A-0001
o 2005-A-0017
o 2005-A-0018
o 2005-A-0025
o 2005-A-0029
o 2005-A-0030
o 2006-A-0002
o 2006-A-0015
o 2006-A-0036
o 2006-A-0038
o 2006-A-0051
o 2007-A-0005
o 2007-A-0014
o 2003-B-0004
o 2003-B-0006
o 2004-B-0016
o 2006-B-0007
o 2006-B-0009
o 2006-B-0010
o 2006-B-0011
o 2006-B-0014
o 2006-B-0020
o 2006-B-0021
o 2007-B-0003
o 2007-B-0004
o 2004-T-0031
o 2004-T-0035
o 2004-T-0040
o 2005-T-0001
o 2005-T-0003
o 2005-T-0004
o 2005-T-0019
o 2005-T-0026
o 2005-T-0029
o 2005-T-0041
o 2005-T-0042
o 2006-T-0003
o 2006-T-0015
o 2006-T-0026
o 2006-T-0033
o 2006-T-0034
o 2006-T-0039
21
UNCLASSIFIED
UNCLASSIFIED
Gold Disk Release Notes Field Security Operations
October 2010 DISA Information Systems Agency
22
UNCLASSIFIED
This page is intentionally left blank
UNCLASSIFIED