Qualys Security On-Demand: Security Advisory


	Qualys Security Advisory \ July 30, 2004 Critical Microsoft Bulletin: Cumulative Security Update for Internet Explorer (MS04-025) Advisory Overview July 30, 2004 – Qualys™ Vulnerability R&D Lab has released a new vulnerability signature in the QualysGuard® Service to protect organizations against the new Microsoft® vulnerability that was announced earlier today. Customers can immediately audit their networks for this and other new vulnerabilities by accessing their QualysGuard subscription. Vulnerability Details Microsoft released a critical cumulative patch today which fixes a series of flaws in their Internet Explorer Web browser. All versions of Internet Explorer from IE 5.01 SP2 through IE 6 SP1 running on all versions of Microsoft Windows are vulnerable to these exposures. Exploitation of these vulnerabilities could result in complete compromise of the host and remote code execution. More information can be found on Microsoft's website: http://www.microsoft.com/technet/security/bulletin/ms04-025.mspx How To Protect Your Network Audits for the new Microsoft Critical Security vulnerability are already available in the QualysGuard vulnerability management platform. A default scan using authentication will detect these issues and is the recommended detection method. In addition QualysGuard users can perform a selective scan for these specific vulnerabilities using the following settings: Enable scanning of TCP ports 135-139 Enable Microsoft Internet Explorer Multiple Vulnerabilities (MS04-025) Qualys ID: 100008 Windows login required Additionally, enable the "Windows Host Name" signature with Qualys ID 82044 if you want to report on vulnerable hosts by Windows (NetBIOS) machine name. Technical Support For more information, customers may contact Qualys Technical Support directly at support@qualys.com or by telephone toll free at: US: 1 866.801.6161 \| EMEA: 33 1 44.17.00.41 \| UK: +44 1753 872102 About QualysGuard QualysGuard is an on-demand security audit service delivered over the web that enables organizations to effectively manage their vulnerabilities and maintain control over their network security with centralized reports, verified remedies, and full remediation workflow capabilities with trouble tickets. QualysGuard provides comprehensive reports on vulnerabilities including severity levels, time to fix estimates and impact on business, plus trend analysis on security issues. By continuously and proactively monitoring all network access points, QualysGuard dramatically reduces security managers' time researching, scanning and fixing network exposures and enables companies to eliminate network vulnerabilities before they can be exploited. Access for QualysGuard customers: https://qualysguard.qualys.com Free trial of QualysGuard service: http://www.qualys.com/forms/trials/qualysguard_trial/
	© Qualys, Inc. All Rights Reserved