We have been found vulnerability on all windows servers QID 70078, to block 139 and 445 port from firewall. And this is more and critical if we block this port for SMB shared servers.
Any one else please help with the solution.
There was a technical issue with QID 70078 being flagged on Vulnerability Management scans. This was fixed in ML 9.5, which was released in the past week.
Going forward, QID 70078 should only be flagged on a specific set testbed IPs on PCI scans. If ryou are on ML 9.5 and you seeing it elsewhere non-PCI scans, please reach out to the Technical Support team for further investigation.
We've noticed this at our company as well. Trying find out why it's appeared all of a sudden. Maybe Microsoft Patches?
There is no any related patches for this QID. Solution given only to block the ports from internal firewall.
I've been told by support that this QID is not being applied appropriately and that a revision is coming by the end of July. I'm holding off on taking any action on these until this QID is revised.
Is there a ticket or release # like a VULN SIG update #
This is a large detection in our environment too and trying to explain this as a false positive or bad detection to leadership without some kind of evidence/documentation is fruitless.
I don't have a future VULN SIG update that we can expect this to be included. All I received was an "end of the month" statement.
I'm asking Support to reply with more details.
Retrieving data ...