September 27, 2006
Microsoft Security Bulletin: Microsoft VML Security Vulnerabilities
Advisory Overview
September 27, 2006 – Qualys® Vulnerability R&D Lab has released a new vulnerability checks in QualysGuard® to protect organizations against a new vulnerability present in Microsoft Windows. The Vulnerability that was announced today in the Vector Markup Language Could Allow Remote Code Execution. Customers can immediately audit their networks for this critical vulnerability by accessing their QualysGuard subscription.

Due to the criticality of the vulnerability, Microsoft recently released a patch outside of the monthly cycle. QualysGuard has new vulnerability checks to test for the vulnerability.

Vulnerability Details
Microsoft has released an official security patch to fix the newly discovered flaw in Microsoft Windows. Please refer to the advisory MS06-055 for more details.

Qualys has released the following check for this vulnerability:
Vector Markup Language Could Allow Remote Code Execution
SEVERITY: Urgent Urgent-5 5
QUALYS ID: 100039 | 90351
VENDOR REFERENCE: MS06-055
CVE REFERENCE: CVE-2006-4868
CVSS SCORES: Base: 5.4 / Temporal: 4.7
THREAT: Vector Markup Language (VML) is an XML-based exchange, editing, and delivery format for high-quality vector graphics on the Web that meets the needs of both productivity users and graphic design professionals. A remote code execution vulnerability exists in the Vector Markup Language (VML) implementation in Microsoft Windows. An attacker could exploit the vulnerability by constructing a specially crafted Web page or HTML e-mail that could potentially allow remote code execution if a user visited the Web page or viewed the message.
IMPACT: Exploitation will allow complete compromise of the affected system.
SOLUTION: Microsoft has released MS06-055 to address this issue. Microsoft has categorized this update as Critical.

These new vulnerability check is included in Qualys vulnerability signatures v1.15.64-3. Each QualysGuard account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the QualysGuard HOME menu, select the Account Info tab.

SELECTIVE SCAN INSTRUCTIONS USING QUALYSGUARD:

To perform a selective vulnerability scan, configure a scan profile to using the following options:

  1. Ensure that access to TCP ports 135 and 139 are available.
  2. Enable Windows Authentication (specify Authentication Records).
  3. Enable the following Qualys IDs:
    • 100039
    • 90351
  4. If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
  5. If you would like to be notified if QualysGuard is unable to logon to a host (if Authentication fails), also include QID 105015.

In addition, prior to running a scan for this new vulnerability, you can estimate your exposure to these new threats by running the Risk Matrix Report, available from the QualysGuard HOME page.

Users are reminded that browsing a malicious website, or opening a malicious email or attachment may result in infection.


Technical Support
For more information, customers may contact Qualys Technical Support directly at support@qualys.com or by telephone toll free at:
US: 1 866.801.6161 | EMEA: 33 1 44.17.00.41 | UK: +44 1753 872102
About QualysGuard
QualysGuard is an on-demand security audit service delivered over the web that enables organizations to effectively manage their vulnerabilities and maintain control over their network security with centralized reports, verified remedies, and full remediation workflow capabilities with trouble tickets. QualysGuard provides comprehensive reports on vulnerabilities including severity levels, time to fix estimates and impact on business, plus trend analysis on security issues. By continuously and proactively monitoring all network access points, QualysGuard dramatically reduces security managers' time researching, scanning and fixing network exposures and enables companies to eliminate network vulnerabilities before they can be exploited.

Access for QualysGuard customers: https://qualysguard.qualys.com

Free trial of QualysGuard service: http://www.qualys.com/forms/trials/qualysguard_trial/