Microsoft Security Bulletin: January 2007 Security Bulletin

January 9, 2007 — Qualys™ Vulnerability R&D Lab has released new vulnerability checks in QualysGuard^® to protect organizations against the 4 new vulnerabilities present in Microsoft Office and Microsoft Vector Markup Language that were announced today. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their QualysGuard subscription.

Microsoft has released 4 security patches to fix 10 newly discovered flaws in Microsoft Office and Microsoft Vector Markup Language.

Qualys has released the following checks for these new vulnerabilities:

Vulnerability in Microsoft Office 2003 Brazilian Portuguese Grammar Checker Could Allow Remote Code Execution
SEVERITY: Urgent  5
QUALYS ID: 110051
VENDOR REFERENCE: MS07-001, 921585
CVE REFERENCE: CVE ID: CVE-2006-5574
CVSS SCORES: Base 7.2/ Temporal 5.3
THREAT: A remote code execution vulnerability exists in Microsoft Office 2003 Brazilian Portuguese Grammar Checker.
IMPACT: If these vulnerabilities are successfully exploited, a remote attacker could gain complete control of a vulnerable machine. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
SOLUTION: Microsoft has released Microsoft Security Bulletin MS07-001 to address these issues. Please refer to the advisory for further details.

Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
SEVERITY: Critical  4
QUALYS ID: 110050
VENDOR REFERENCE: MS07-002, 927198
CVE REFERENCE: CVE ID: CVE-2007-0027, CVE-2007-0028, CVE-2007-0029, CVE-2007-0030, CVE-2007-0031
CVSS SCORES: Base 4.1/ Temporal 3
THREAT: Microsoft Excel is exposed to multiple code execution vulnerabilities: Excel Malformed IMDATA Record Vulnerability (CVE-2007-0027) Excel Malformed Record Vulnerability (CVE-2007-0028) Excel Malformed String Vulnerability (CVE-2007-0029) Excel Malformed Column Record Vulnerability (CVE-2007-0030) Excel Malformed Palette Record Vulnerability (CVE-2007-0031)
IMPACT: If a user is logged on with administrative user rights, an attacker who successfully exploit one of the above issues could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
SOLUTION: Refer to Microsoft Security Bulletin MS07-002 for further details on this vulnerability and instructions on installing the patch.

Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution
SEVERITY: Critical  4
QUALYS ID: 110049
VENDOR REFERENCE: MS07-003, 925938
CVE REFERENCE: CVE ID: CVE-2007-0033, CVE-2006-1305, CVE-2007-0034
CVSS SCORES: Base 7/ Temporal 5.2
THREAT: This update resolves several newly discovered in Microsoft Outlook. The following specific issues were reported: A remote code execution when Outlook parses a file and processes a malformed VEVENT record. A denial of service when processing a malformed e-mail. A remote code execution when Outlook parses an .oss file
IMPACT: An attacker could take complete control of the target host if the user is logged in to a vulnerable version of Microsoft Outlook with administrative rights.
SOLUTION: Microsoft has released security bulletin MS07-003 to address these issues. Microsoft has rated this issue as Critical.

Vulnerability in Vector Markup Language Could Allow Remote Code Execution
SEVERITY: Urgent  5
QUALYS ID: 90377
VENDOR REFERENCE: MS07-004, 929969
CVE REFERENCE: CVE ID: CVE-2007-0024
CVSS SCORES: Base 4.8/ Temporal 3.5
THREAT: A remote code execution vulnerability exists in the Vector Markup Language (VML) implementation in Microsoft Windows.
IMPACT: An attacker who successfully exploited this vulnerability could take complete control of an affected system.
SOLUTION: Refer to Microsoft Security Bulletin MS07-004 for further details on this vulnerability and instructions on installing the patch. Microsoft has rated this issue as Critical.

This new vulnerability check is included in Qualys vulnerability signatures v1.16.48-5. Each QualysGuard account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the QualysGuard HOME menu, select the Account Info tab.

SELECTIVE SCAN INSTRUCTIONS USING QUALYSGUARD:

To perform a selective vulnerability scan, configure a scan profile to use the following options:

1. Ensure access to TCP ports 135 and 139 are available.
2. Enable Windows Authentication (specify Authentication Records).
3. Enable the following Qualys IDs:
   • 110051
   • 110050
   • 110049
   • 90377
4. If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
5. If you would like to be notified if QualysGuard is unable to logon to a host (if Authentication fails), also include QID 105015.

In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Matrix Report, available from the QualysGuard HOME page.

For more information, customers may contact Qualys Technical Support directly at support@qualys.com or by telephone toll free at:
US: 1 866.801.6161 | EMEA: 33 1 44.17.00.41 | UK: +44 1753 872102

QualysGuard is an on-demand security audit service delivered over the web that enables organizations to effectively manage their vulnerabilities and maintain control over their network security with centralized reports, verified remedies, and full remediation workflow capabilities with trouble tickets. QualysGuard provides comprehensive reports on vulnerabilities including severity levels, time to fix estimates and impact on business, plus trend analysis on security issues. By continuously and proactively monitoring all network access points, QualysGuard dramatically reduces security managers' time researching, scanning and fixing network exposures and enables companies to eliminate network vulnerabilities before they can be exploited.

Access for QualysGuard customers: https://qualysguard.qualys.com

Free trial of QualysGuard service: http://www.qualys.com/forms/trials/qualysguard_trial/