October 12, 2004
Microsoft Security Bulletin: Multiple Critical Microsoft Security Vulnerabilities
Advisory Overview
Qualys™ Vulnerability R&D Lab has released new vulnerability checks in QualysGuard® to protect organizations against the new critical Microsoft® vulnerabilities that were announced earlier today. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their QualysGuard subscription.
Vulnerability Details
Microsoft has released ten (10) patches as part of their monthly security fixes. These patches address vulnerabilities found in Microsoft Windows, Microsoft Exchange Server, and Microsoft Office products. Specific releases and versions impacted are available from Microsoft by clicking
here).
Qualys has released checks for these new vulnerabilities:
| Microsoft RPC Runtime Library Denial of Service |
|---|
SEVERITY: Critical  4 |
| QUALYS ID: 90190 |
| VENDOR REFERENCE: MS04-029 | 873350 |
| CVE REFERENCE: CAN-2004-0569 |
| THREAT: An information disclosure and denial of service vulnerability exists when the Microsoft RPC Runtime Library processes specially crafted messages. |
| IMPACT: An attacker who successfully exploited this vulnerability could potentially read portions of active memory or cause the affected system to stop responding. |
| SOLUTION: Microsoft has released a patch for this vulnerability. Check Microsoft Security Bulletin MS04-029 for details. |
| WebDAV XML Message Handler Denial of Service |
|---|
| SEVERITY: Critical 4 |
| QUALYS ID: 90188 |
| VENDOR REFERENCE: MS04-030 | 824151 |
| CVE REFERENCE: CAN-2004-0718 |
| THREAT: A denial of service (DoS) vulnerability exists that could allow an attacker to send a specially crafted WebDAV request to a server that is running IIS and WebDAV. An attacker could cause WebDAV to consume all available memory and CPU time on an affected server. The IIS service would have to be restarted to restore functionality. |
| IMPACT: The vulnerability can only be exploited remotely if an attacker can establish a Web session with an affected server. |
| SOLUTION: Microsoft has released a patch for this vulnerability. Check Microsoft Security Bulletin MS04-030 for details. |
| Vulnerability in NetDDE Could Allow Remote Code Execution |
|---|
SEVERITY: Urgent  5 |
| QUALYS ID: 90184 |
| VENDOR REFERENCE: MS04-031 | 841533 |
| CVE REFERENCE: CAN-2004-0206 |
| THREAT: Microsoft Windows NetDDE is affected by a remote buffer overflow vulnerability. This issue is due to a failure of the application to properly verify the lengths of strings contained within unspecified network messages prior to copying them into finite buffers. |
| IMPACT: A remote attacker can exploit this vulnerability to achieve denial of service. |
| SOLUTION: Microsoft has released a patch for this vulnerability. Check Microsoft Security Bulletin MS04-031 for details. By default, the NetDDE service is not started on Windows 2003 and XP. Windows 2000 hardening guide recommends disabling NetDDE. |
| Microsoft Windows Multiple Vulnerabilities |
|---|
| SEVERITY: Urgent 5 |
| QUALYS ID: 90186 |
| VENDOR REFERENCE: MS04-032 | 840987 |
| CVE REFERENCE: CAN-2004-0207 | CAN-2004-0208 | CAN-2004-0209 | CAN-2004-0211 |
| THREAT: Microsoft released Microsoft Security Bulletin MS04-032 which addresses multiple Microsoft Windows vulnerabilities. |
| IMPACT: These vulnerabilities can be exploited to cause remote code execution, denial of service, and/or privilege escalation. |
| SOLUTION: Microsoft has released a patch for this vulnerability. Check Microsoft Security Bulletin MS04-032 for details. |
| Microsoft Excel Remote Code Execution |
|---|
| SEVERITY: Urgent 5 |
| QUALYS ID: 90187 |
| VENDOR REFERENCE: MS04-033 | 886836 |
| CVE REFERENCE: CAN-2004-0846 |
| THREAT: A remote code execution vulnerability exists in Microsoft Excel. This issue occurs because the application fails to validate certain parameters while opening Excel files. |
| IMPACT: If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of the affected system. |
| SOLUTION: Microsoft has released a patch for this vulnerability. Check Microsoft Security Bulletin MS04-033 for details. |
| Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution |
|---|
| SEVERITY: Urgent 5 |
| QUALYS ID: 90183 |
| VENDOR REFERENCE: MS04-034 | 873376 |
| CVE REFERENCE: CAN-2004-0575 |
| THREAT: A buffer overflow vulnerability has been reported in the Windows Compressed (zipped) Folders feature. If the Compressed (zipped) Folder feature processes a malformed compressed file, an internal buffer will be overrun allowing attacker-supplied code to be executed on the system in the security context of the current user. |
| IMPACT: If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system. |
| SOLUTION: Microsoft has released a patch for this vulnerability. Check Microsoft Security Bulletin MS04-034 for details. |
| Microsoft Exchange 2003 Remote Code Execution |
|---|
| SEVERITY: Critical 4 |
| QUALYS ID: 74167 |
| VENDOR REFERENCE: MS04-035 | 885881 |
| CVE REFERENCE: CAN-2004-0840 |
| THREAT: A remote code execution vulnerability exists in the Windows Server 2003 SMTP component because of the way that it handles Domain Name System (DNS) lookups.
An attacker could exploit the vulnerability by causing the server to process a particular DNS response that could potentially allow remote code execution.
|
| IMPACT: An attacker who successfully exploited this vulnerability could take complete control of an affected system. |
| SOLUTION: Microsoft has released a patch for this vulnerability. Check Microsoft Security Bulletin MS04-035 for details. |
| Microsoft NNTP Remote Code Execution Vulnerability |
|---|
| SEVERITY: Urgent 5 |
| QUALYS ID: 90185 |
| VENDOR REFERENCE: MS04-036 | 883935 |
| CVE REFERENCE: CAN-2004-0574 |
| THREAT: A remote code execution vulnerability exists within the Network News Transfer Protocol (NNTP) component of the affected operating systems. |
| IMPACT: An attacker who successfully exploited this vulnerability could take complete control of an affected system. |
| SOLUTION: Microsoft has released a patch for this vulnerability. Check Microsoft Security Bulletin MS04-036 for details. |
| Windows Shell Remote Code Execution |
|---|
| SEVERITY: Urgent 5 |
| QUALYS ID: 90189 |
| VENDOR REFERENCE: MS04-037 | 841356 |
| CVE REFERENCE: CAN-2004-0214 | CAN-2004-0572 |
| THREAT: Attacker may get the remote shell with the administrator privileges. |
| SOLUTION: Microsoft has released a patch for this vulnerability. Check Microsoft Security Bulletin MS04-037 for details. |
| Microsoft Internet Explorer Multiple Vulnerabilities |
|---|
| SEVERITY: Urgent 5 |
| QUALYS ID: 100018 |
| VENDOR REFERENCE: MS04-038 | 834707 |
| CVE REFERENCE: CAN-2004-0842 | CAN-2004-0727 | CAN-2004-0216 | CAN-2004-0839 | CAN-2004-0844 | CAN-2004-0843 | CAN-2004-0841 | CAN-2004-0845 |
| THREAT: There are seven new vulnerabilities reported in Microsoft Internet Explorer. |
| IMPACT: The consequences of these issues vary from information disclosure to remote code execution. |
| SOLUTION: Microsoft has released a patch for this vulnerability. Check Microsoft Security Bulletin MS04-038 for details. |
SELECTIVE SCAN INSTRUCTIONS USING QUALYSGUARD: To perform a selective vulnerability scan, configure a scan profile use the following options:
- Enable scanning of TCP ports 135 and 139
- Enable the following Qualys IDs:
- 74167
- 90183
- 90184
- 90185
- 90186
- 90187
- 90188
- 90189
- 90190
- 100018
- 82044
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Matrix Report, available from the QualysGuard HOME page.
|
These new vulnerability checks are included in Qualys vulnerability signatures v1.9.52-5. Each QualysGuard account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the
QualysGuard HOME menu, select the
Account Info tab.
Technical Support
For more information, customers may contact Qualys Technical Support directly at
support@qualys.com or by telephone toll free at:
US: 1 866.801.6161 | EMEA: 33 1 44.17.00.41 | UK: +44 1753 872102
About QualysGuard
QualysGuard is an on-demand security audit service delivered over the web that enables organizations to effectively manage their vulnerabilities and maintain control over their network security with centralized reports, verified remedies, and full remediation workflow capabilities with trouble tickets. QualysGuard provides comprehensive reports on vulnerabilities including severity levels, time to fix estimates and impact on business, plus trend analysis on security issues. By continuously and proactively monitoring all network access points, QualysGuard dramatically reduces security managers' time researching, scanning and fixing network exposures and enables companies to eliminate network vulnerabilities before they can be exploited.
Access for QualysGuard customers:
https://qualysguard.qualys.comFree trial of QualysGuard service:
http://www.qualys.com/forms/trials/qualysguard_trial/
