Microsoft Security Bulletin: Multiple Security Vulnerabilities

Qualys' Vulnerability R&D Lab has released 3 new vulnerability checks in QualysGuard® to protect organizations against the new vulnerabilities present in several Microsoft technologies that were announced today. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their QualysGuard subscription.

Microsoft has released 3 security patches to fix newly discovered flaws in several Microsoft technologies.

Qualys has released the following checks for these new vulnerabilities:

Microsoft Word Vulnerability Could Allow Remote Code Execution (MS05-035)
SEVERITY: Urgent  5
QUALYS ID: 110032
VENDOR REFERENCE: MS05-035, 903672
CVE REFERENCE: CAN-2005-0564
THREAT: Microsoft Word, which is installed on the host, is missing the patch described in Security Bulletin MS05-035. If a user is logged on with administrative user rights, an attacker who successfully exploits this vulnerability could take complete control of an affected system. The attacker could install programs; view, change, and delete data; and create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Microsoft has rated this advisory as "Critical" for Word 2000 and "Important" for Word 2002.
IMPACT: Successful exploitation of this issue can result in arbitrary code execution.
SOLUTION: The vendor has released a patch to address this issue. Refer to Microsoft Security Bulletin MS05-035 for more details and instructions on installing the patch.

Color Management Module Remote Code Execution (MS05-036)
SEVERITY: Urgent  5
QUALYS ID: 90262
VENDOR REFERENCE: MS05-036, 901214
CVE REFERENCE: CAN-2005-1219
THREAT: The Microsoft Color Management Module allows the operating system to provide consistent color mappings between different devices and applications. In addition, this module is used to transform colors from one color space to another (for example, RGB to CMYK). The host has been identified as vulnerable to the Windows Color Management Module Remote Code Execution Vulnerability (MS05-036). The remote code execution issue is exposed due to lack of sanitization checks on internal buffers in the Microsoft Color Management Module. Microsoft has rated this advisory as "Critical".
IMPACT: If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
SOLUTION: Refer to Microsoft Security Bulletin MS05-036 for more details and instructions on downloading and installing the update.

Microsoft JView Profiler Remote Code Execution (MS05-037)
SEVERITY: Critical  4
QUALYS ID: 100028
VENDOR REFERENCE: MS05-037, 903235
CVE REFERENCE: CAN-2005-2087
THREAT: The Microsoft JView Profiler (Javaprxy.dll), a COM object, when instantiated in Microsoft's Internet Explorer, contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system. Microsoft has rated this advisory as "Critical".
IMPACT: If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
SOLUTION: The vendor has released patches to address this issue. Read Microsoft Security Bulletin MS05-037 for more details and instructions on downloading the patches.

These new vulnerability checks are included in Qualys vulnerability signatures v.1.11.74-5. Each QualysGuard account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the QualysGuard HOME menu, select the Account Info tab.

SELECTIVE SCAN INSTRUCTIONS USING QUALYSGUARD:
To perform a selective vulnerability scan, configure a scan profile use the following options:

1. Enable scanning of TCP ports 135 and 139
2. Enable Windows Authentication (specify Authentication records)
3. Enable the following Qualys IDs:
   • 90262
   • 100028
   • 110032
4. If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
5. If you would like to be notified if Authentication is unable to logon to a host, also include QID 105015

In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Matrix Report, available from the QualysGuard HOME page.

For more information, customers may contact Qualys Technical Support directly at support@qualys.com or by telephone toll free at:
US: 1 866.801.6161 | EMEA: 33 1 44.17.00.41 | UK: +44 1753 872102

QualysGuard is an on-demand security audit service delivered over the web that enables organizations to effectively manage their vulnerabilities and maintain control over their network security with centralized reports, verified remedies, and full remediation workflow capabilities with trouble tickets. QualysGuard provides comprehensive reports on vulnerabilities including severity levels, time to fix estimates and impact on business, plus trend analysis on security issues. By continuously and proactively monitoring all network access points, QualysGuard dramatically reduces security managers' time researching, scanning and fixing network exposures and enables companies to eliminate network vulnerabilities before they can be exploited.

Access for QualysGuard customers: https://qualysguard.qualys.com

Free trial of QualysGuard service: http://www.qualys.com/forms/trials/qualysguard_trial/