Microsoft Security Bulletin: May 2006 Security Bulletin

May 9, 2006 – Qualys^® Vulnerability R&D Lab has released new vulnerability checks in QualysGuard^® to protect organizations against the 3 new vulnerabilities present in Microsoft Windows that were announced today. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their QualysGuard subscription.

Microsoft has released 3 security patches to fix 3 newly discovered flaws in Microsoft Windows, and Microsoft Exchange.

Qualys has released the following checks for these new vulnerabilities:

Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (MS06-018)
SEVERITY: Serious  3
QUALYS ID: 90310
VENDOR REFERENCE: MS06-018 | 913580
CVE REFERENCE: CVE-2006-0034 | CVE-2006-1184
CVSS SCORES: Base: 5 / Temporal: 3.7
THREAT: The Microsoft Distributed Transaction Coordinator (MSDTC) is a distributed transaction facility for the Windows platform. It permits client applications to include several different sources of data in one transaction and then coordinates the distribution of the transactions. The target host is missing an update described in Microsoft Security Bulletin MS06-018. This update fixes an unspecified denial of service issues in MSDTC when receiving crafted packets.
IMPACT: If successfully exploited, an attacker could cause the Microsoft Distributed Transaction Coordinator (MSDTC) to stop responding.
SOLUTION: Microsoft released security bulletin MS06-018 to address this issue. Please refer to the security bulletin for further details.

Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (MS06-019)
SEVERITY: Critical  4
QUALYS ID: 90309
VENDOR REFERENCE: MS06-019 | 916803
CVE REFERENCE: CVE-2006-0027
CVSS SCORES: Base: 10 / Temporal: 7.4
THREAT: A buffer overflow vulnerability exists in Microsoft Exchange that is triggered when an Exchange Server processes an email with certain vCal or iCal properties. Collaboration Data Objects for Exchange (CDOEX) and Exchange Collaboration Data Objects (EXCDO) are interfaces that allow for certain types of information to be processed in the Exchange store. These are known to be at the root of the vulnerability. Microsoft has rated this update as critical.
IMPACT: Successful exploitation will lead to complete control of the target system.
SOLUTION: Microsoft has released MS06-019 to address this issue. Please refer to the bulletin for further details.

Macromedia Flash Player from Adobe Remote Code Execution Vulnerability (MS06-020)
SEVERITY: Critical  4
QUALYS ID: 90311
VENDOR REFERENCE: MS06-020 | 913433
CVE REFERENCE: CVE-2006-0024 | CVE-2005-2628
CVSS SCORES: Base: 5.6 / Temporal: 4.4
THREAT: A remote code execution vulnerability exists in Macromedia Flash Player from Adobe because of the way that it handles Flash Animation (SWF) files. An attacker could exploit the vulnerability by constructing a specially crafted Flash Animation (SWF) file that could potentially allow remote code execution if a user visited a web site containing the specially crafted SWF file or viewed an e-mail message containing the specially crafted SWF file as an attachment.
IMPACT: Successful exploitation can allow an attacker to execute arbitrary code and possibly take complete control of an affected system.
SOLUTION: Microsoft released security bulletin MS06-020 to address this issue. Please refer to the security bulletin for further details.

This new vulnerability check is included in Qualys vulnerability signatures v1.14.45-4. Each QualysGuard account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the QualysGuard HOME menu, select the Account Info tab.

SELECTIVE SCAN INSTRUCTIONS USING QUALYSGUARD:

To perform a selective vulnerability scan, configure a scan profile to use the following options:

1. Ensure access to TCP ports 135 and 139 are available.
2. Enable Windows Authentication (specify Authentication Records).
3. Enable the following Qualys IDs:
   • 90310
   • 90309
   • 90311
4. If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
5. If you would like to be notified if QualysGuard is unable to logon to a host (if Authentication fails), also include QID 105015.

In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Matrix Report, available from the QualysGuard HOME page.

For more information, customers may contact Qualys Technical Support directly at support@qualys.com or by telephone toll free at:
US: 1 866.801.6161 | EMEA: 33 1 44.17.00.41 | UK: +44 1753 872102

QualysGuard is an on-demand security audit service delivered over the web that enables organizations to effectively manage their vulnerabilities and maintain control over their network security with centralized reports, verified remedies, and full remediation workflow capabilities with trouble tickets. QualysGuard provides comprehensive reports on vulnerabilities including severity levels, time to fix estimates and impact on business, plus trend analysis on security issues. By continuously and proactively monitoring all network access points, QualysGuard dramatically reduces security managers' time researching, scanning and fixing network exposures and enables companies to eliminate network vulnerabilities before they can be exploited.

Access for QualysGuard customers: https://qualysguard.qualys.com

Free trial of QualysGuard service: http://www.qualys.com/forms/trials/qualysguard_trial/