February 14, 2006
Qualys has released the following checks for these new vulnerabilities:
US: 1 866.801.6161 | EMEA: 33 1 44.17.00.41 | UK: +44 1753 872102
Access for QualysGuard customers: https://qualysguard.qualys.com
Free trial of QualysGuard service: http://www.qualys.com/forms/trials/qualysguard_trial/
Microsoft Security Bulletin: February 2006 Security Bulletin
Advisory Overview
February 14, 2006 – Qualys® Vulnerability R&D Lab has released new vulnerability checks in QualysGuard® to protect organizations against the 7 new vulnerabilities present in Microsoft Windows that were announced today. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their QualysGuard subscription.
Vulnerability Details
Microsoft has released 7 security patches to fix 7 newly discovered flaws in Microsoft Windows, Microsoft Office, and Microsoft Media Player.Qualys has released the following checks for these new vulnerabilities:
| Microsoft Internet Explorer Cumulative Update Missing (MS06-004) |
|---|
SEVERITY: Critical  4 |
| QUALYS ID: 100033 |
| VENDOR REFERENCE: MS06-004 | 910620 |
| CVE REFERENCE: CVE-2006-0020 |
| CVSS SCORES: Base: 8 / Temporal: 7.2 |
| THREAT: Internet Explorer Version 5.01 is vulnerable to a remote code execution issue which could be exploited through a malformed WMF image served through a malicious Web site or email attachment. Microsoft has released a cumulative patch to resolve this issue. |
| IMPACT: A remote attacker could execute arbitrary code on a vulnerable system. |
| SOLUTION: Microsoft has released a cumulative patch to resolve this issue.
Refer to Microsoft security bulletin MS06-004 for more details and possible workarounds. |
| Windows Media Player Remote Code Execution (MS06-005) |
|---|
| SEVERITY: Critical 4 |
| QUALYS ID: 90297 |
| VENDOR REFERENCE: MS06-005 | 911565 |
| CVE REFERENCE: CVE-2006-0006 |
| CVSS SCORES: Base: 10 / Temporal: 7.8 |
| THREAT: A remote code execution vulnerability exists in Windows Media Player because of the way that it handles processing bitmap files.
An attacker could exploit the vulnerability by constructing a malicious bitmap file (.bmp) which could potentially allow remote code execution if a user visits a malicious Web site or views a malicious e-mail message. |
| IMPACT: If a user is logged on with administrative user rights, an attacker who successfully exploits this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights. |
| SOLUTION: Microsoft has released an update to resolve this issue. Read Microsoft Security Bulletin MS06-005 for more details.
Microsoft has rated this vulnerability as Critical. |
| Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (MS06-006) |
|---|
| SEVERITY: Critical 4 |
| QUALYS ID: 90296 |
| VENDOR REFERENCE: MS06-006 | 911564 |
| CVE REFERENCE: CVE-2006-0005 |
| CVSS SCORES: Base: 8 / Temporal: 5.9 |
| THREAT: A remote code execution vulnerability exists in the Windows Media Player plug-in for non-Microsoft Internet browsers because of the way Windows Media Player plug-in handles a malformed EMBED element. An attacker could exploit this vulnerability by constructing a malicious EMBED element that could potentially allow remote code execution if a user visits a malicious Web site. |
| IMPACT: If this vulnerability is successfully exploited, the attacker may take complete control of the affected system. |
| SOLUTION: Read Microsoft Security Bulletin MS06-006 for complete vulnerability details and security update information. |
| Vulnerability in Microsoft Windows TCP/IP Could Allow Denial of Service (MS06-007) |
|---|
SEVERITY: Serious  3 |
| QUALYS ID: 90300 |
| VENDOR REFERENCE: MS06-007 | 913446 |
| CVE REFERENCE: CAN-2006-0021 |
| CVSS SCORES: Base: 2.7 / Temporal: 2 |
| THREAT: A denial of service vulnerability exists in the Microsoft TCP/IP stack that could allow an attacker to send a specially crafted IGMP packet to an affected system to make it unresponsive to further requests. |
| IMPACT: A remote attacker could exploit this issue to make a system not respond to further requests. |
| SOLUTION: Microsoft has released an update to resolve this issue. Read Microsoft Security Bulletin MS06-007 for more details.
Microsoft has rated this vulnerability as Important. |
| Windows Web Client Service Remote Code Execution (MS06-008) |
|---|
| SEVERITY: Critical 4 |
| QUALYS ID: 90301 |
| VENDOR REFERENCE: MS06-008 | 911927 |
| CVE REFERENCE: CVE-2006-0013 |
| CVSS SCORES: Base: 4.8 / Temporal: 3.8 |
| THREAT: A remote code execution vulnerability exists in the way that Windows processes Web Client requests that could allow an attacker who successfully exploited this vulnerable to take complete control of the affected system. |
| IMPACT: An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
| SOLUTION: Microsoft has released an update to resolve this issue. Read Microsoft Security Bulletin MS06-008 for more details.
Microsoft has rated this vulnerability as Important. |
| Microsoft Windows Privilege Escalation Vulnerability in Korean Input Method Editor (MS06-009) |
|---|
| SEVERITY: Serious 3 |
| QUALYS ID: 90299 |
| VENDOR REFERENCE: MS006-009 | 901190 |
| CVE REFERENCE: CVE-2006-0008 |
| CVSS SCORES: Base: 4.5 / Temporal: 3.5 |
| THREAT: A privilege elevation vulnerability exists in the Windows and Office Korean Input Method Editor (IME). To exploit this vulnerability an attacker must have access to the system to perform an interactive logon, either locally or via a Remote Desktop Protocol (RDP) session. |
| IMPACT: This vulnerability could allow a malicious user to take complete control of an affected system. For an attack to be successful, the attacker must be able to interactively logon to the affected system. |
| SOLUTION: Read Microsoft Security Bulletin MS06-009 for complete vulnerability details and security update information. |
| Microsoft PowerPoint Temporary Internet Files Information Disclosure Vulnerability (MS06-010) |
|---|
| SEVERITY: Serious 3 |
| QUALYS ID: 90298 |
| VENDOR REFERENCE: MS006-010 | 889167 |
| CVE REFERENCE: CVE-2006-0004 |
| CVSS SCORES: Base: 2.8 / Temporal: 2.1 |
| THREAT: An Information Disclosure vulnerability exists in PowerPoint. An attacker who successfully exploits this vulnerability could remotely attempt to access objects in the Temporary Internet Files Folder (TIFF) explicitly by name. |
| IMPACT: This vulnerability would not allow an attacker to execute code or to elevate their user rights directly but it could be used to produce useful information that could be used to try to further compromise the affected system. |
| SOLUTION: Read Microsoft Security Bulletin MS06-010 for complete vulnerability details and security update information. |
This new vulnerability check is included in Qualys vulnerability signatures v1.13.66-5. Each QualysGuard account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the QualysGuard HOME menu, select the Account Info tab.
SELECTIVE SCAN INSTRUCTIONS USING QUALYSGUARD:
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
- Enable the following Qualys IDs:
- 100033
- 90297
- 90296
- 90300
- 90301
- 90299
- 90298
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if QualysGuard is unable to logon to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Matrix Report, available from the QualysGuard HOME page.
Technical Support
For more information, customers may contact Qualys Technical Support directly at support@qualys.com or by telephone toll free at:US: 1 866.801.6161 | EMEA: 33 1 44.17.00.41 | UK: +44 1753 872102
About QualysGuard
QualysGuard is an on-demand security audit service delivered over the web that enables organizations to effectively manage their vulnerabilities and maintain control over their network security with centralized reports, verified remedies, and full remediation workflow capabilities with trouble tickets. QualysGuard provides comprehensive reports on vulnerabilities including severity levels, time to fix estimates and impact on business, plus trend analysis on security issues. By continuously and proactively monitoring all network access points, QualysGuard dramatically reduces security managers' time researching, scanning and fixing network exposures and enables companies to eliminate network vulnerabilities before they can be exploited.Access for QualysGuard customers: https://qualysguard.qualys.com
Free trial of QualysGuard service: http://www.qualys.com/forms/trials/qualysguard_trial/
