December 14, 2004
Qualys has released a check for these new vulnerabilities:
This new vulnerability check is included in Qualys vulnerability signatures v1.9.114-3. Each QualysGuard account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the QualysGuard HOME menu, select the Account Info tab.
SELECTIVE SCAN INSTRUCTIONS USING QUALYSGUARD:
To perform a selective vulnerability scan, configure a scan profile use the following options:
US: 1 866.801.6161 | EMEA: 33 1 44.17.00.41 | UK: +44 1753 872102
Access for QualysGuard customers: https://qualysguard.qualys.com
Free trial of QualysGuard service: http://www.qualys.com/forms/trials/qualysguard_trial/
Microsoft Security Bulletin: Multiple Security Vulnerabilities
Advisory Overview
Qualys™ Vulnerability R&D Lab has released new vulnerability checks in QualysGuard® to protect organizations against the new Microsoft® vulnerabilities that was announced earlier today. Customers can immediately audit their networks for this and other new vulnerabilities by accessing their QualysGuard subscription.
Vulnerability Details
Microsoft has released 5 security patches to fix newly discovered flaws in several Microsoft technologies.Qualys has released a check for these new vulnerabilities:
| Microsoft WordPad Remote Code Execution (MS04-041) |
|---|
SEVERITY: Urgent  5 |
| QUALYS ID: 90202 |
| VENDOR REFERENCE: MS04-041 | 885836 |
| CVE REFERENCE: CAN-2004-0571 | CAN-2004-0901 |
| THREAT: A remote code execution vulnerability exists in the Microsoft Word for Windows 6.0 Converter. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of the affected system. However, user interaction is required to exploit this vulnerability. |
| IMPACT: If this vulnerability is successfully exploited, an attacker may take control of the system. |
| SOLUTION: Microsoft has released a patch for this vulnerability. Check Microsoft Security Bulletin MS04-041 for details. |
| Microsoft DHCP Remote Code Execution and Denial of Service (MS04-042) |
|---|
| SEVERITY: Urgent 5 |
| QUALYS ID: 90203 |
| VENDOR REFERENCE: MS04-042 | 885249 |
| CVE REFERENCE: CAN-2004-0899 | CAN-2004-0900 |
| THREAT: A denial of service vulnerability exists that could allow an attacker to send a specially crafted DHCP message to a DHCP server. An attacker could cause the DHCP Server service to stop responding. A remote code execution vulnerability exists that could allow an attacker to send a specially crafted DHCP message to a DHCP server. However, attempts to exploit this vulnerability would most likely result in a denial of service of the DHCP Server service. |
| IMPACT: If this vulnerability is successfully exploited, an attacker may take control of the system. |
| SOLUTION: Microsoft has released a patch for this vulnerability. Check Microsoft Security Bulletin MS04-042 for details. |
| Microsoft HyperTerminal Remote Code Execution (MS04-043) |
|---|
SEVERITY: Critical  4 |
| QUALYS ID: 115036 |
| VENDOR REFERENCE: MS04-043 | 873339 |
| CVE REFERENCE: CAN-2004-0568 |
| THREAT: A remote code execution vulnerability exists in HyperTerminal because of a buffer overrun. An attacker could exploit the vulnerability by constructing a malicious HyperTerminal session file that could potentially allow remote code execution. An attacker could then persuade a user to open this file. This vulnerability could attempt to be exploited through a malicious Telnet URL if HyperTerminal has been set as the default Telnet client. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, user interaction is required to exploit this vulnerability. |
| IMPACT: If this vulnerability is successfully exploited, an attacker could take complete control of the affected system. |
| SOLUTION: Microsoft has released a patch for this vulnerability. Check Microsoft Security Bulletin MS04-043 for details. |
| Microsoft Windows Local Privilege Escalation (MS04-044) |
|---|
| SEVERITY: Critical 4 |
| QUALYS ID: 90201 |
| VENDOR REFERENCE: MS04-044 | 885835 |
| CVE REFERENCE: CAN-2004-0893 | CAN-2004-0894 |
| THREAT: Two local privilege escalation vulnerabilities were reported for Microsoft Windows. These include a Windows kernel bug that involves an unchecked LPC buffer, and another in LSASS that involves insufficient logon-credentials validation. Please check the Microsoft bulletin MS04-044 for details of these vulnerabilities. |
| IMPACT: If this vulnerability is successfully exploited, local authenticated users could gain elevated privilege and take control of the system. |
| SOLUTION: Microsoft has released a patch for this vulnerability. Check Microsoft Security Bulletin MS04-044 for details. |
| Microsoft Windows WINS Replication Buffer Overflow Vulnerability (MS04-045) |
|---|
| SEVERITY: Critical 4 |
| QUALYS ID: 90199 |
| VENDOR REFERENCE: MS04-045 | 870763 |
| CVE REFERENCE: CAN-2004-0567 | CAN-2004-1080 |
| THREAT: Microsoft Windows Internet Name Service (WINS) allows the mapping of NetBIOS names to IP addresses and vice versa. WINS servers allow users to browse for local resources on the network using computer names. A remote code execution vulnerability exists in WINS because of the way that it handles computer name validation due to an unchecked buffer in the method that WINS uses to validate the Name value in a specially-crafted packet. The second remote code execution vulnerability exists due to the method used by WINS to validate association context data. Note that WINS is not installed by default. |
| IMPACT: This issue could potentially be exploited remotely by a WINS client to execute arbitrary code with SYSTEM level privileges on a target WINS server. |
| SOLUTION: Microsoft has released a patch for this vulnerability. Check Microsoft Security Bulletin MS04-045 for details. |
This new vulnerability check is included in Qualys vulnerability signatures v1.9.114-3. Each QualysGuard account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the QualysGuard HOME menu, select the Account Info tab.
SELECTIVE SCAN INSTRUCTIONS USING QUALYSGUARD:
To perform a selective vulnerability scan, configure a scan profile use the following options:
- Enable scanning of TCP ports 135 and 139
- Enable the following Qualys IDs:
- 90199
- 90201
- 90202
- 90203
- 115036
- If you would like the scan to return the Windows Hostname, also include QID 82044 and enable scanning of UDP port 137
Technical Support
For more information, customers may contact Qualys Technical Support directly at support@qualys.com or by telephone toll free at:US: 1 866.801.6161 | EMEA: 33 1 44.17.00.41 | UK: +44 1753 872102
About QualysGuard
QualysGuard is an on-demand security audit service delivered over the web that enables organizations to effectively manage their vulnerabilities and maintain control over their network security with centralized reports, verified remedies, and full remediation workflow capabilities with trouble tickets. QualysGuard provides comprehensive reports on vulnerabilities including severity levels, time to fix estimates and impact on business, plus trend analysis on security issues. By continuously and proactively monitoring all network access points, QualysGuard dramatically reduces security managers' time researching, scanning and fixing network exposures and enables companies to eliminate network vulnerabilities before they can be exploited.Access for QualysGuard customers: https://qualysguard.qualys.com
Free trial of QualysGuard service: http://www.qualys.com/forms/trials/qualysguard_trial/