June 10, 2008
Qualys has released the following checks for these new vulnerabilities:
US: 1 866.801.6161 | EMEA: 33 1 44.17.00.41 | UK: +44 1753 872102
Access for QualysGuard customers: https://qualysguard.qualys.com
Free trial of QualysGuard service: http://www.qualys.com/forms/trials/qualysguard_trial/
Microsoft Security Bulletin: June 2008 Security Bulletin
Advisory Overview
June 10, 2008 - Qualys® Vulnerability R&D Lab has released new vulnerability checks in QualysGuard® to protect organizations against the 7 new vulnerabilities present in Microsoft Windows that were announced today. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their QualysGuard subscription.
Vulnerability Details
Microsoft has released 7 security patches to fix newly discovered flaws in Microsoft Windows.Qualys has released the following checks for these new vulnerabilities:
| Microsoft Windows Bluetooth Stack Could Allow Remote Code Execution |
|---|
SEVERITY: Critical  4 |
| QUALYS ID: 42008 |
| VENDOR REFERENCE: MS08-030, 951376 |
| CVE REFERENCE: CVE-2008-1453 |
| CVSS SCORES: Base 10/ Temporal 7.4 |
| THREAT: Bluetooth is an industry standard protocol that enables wireless connectivity for computers, handheld devices, keyboards, mice, mobile phones and other devices. A remote code execution vulnerability exists in the Bluetooth stack because the Bluetooth stack does not correctly handle a large number of service description requests. |
| IMPACT: An attacker would rapidly send a large number of crafted Service Discovery Protocol (SDP) packets to an affected system. The vulnerable system would react to those packets and allow an attacker to run code with elevated privileges and take complete control. |
| SOLUTION: Refer to Microsoft Security Bulletin MS08-030 for further details on this vulnerability and patch instructions.
Microsoft has rated this issue as Critical. |
| Cumulative Security Update for Internet Explorer |
|---|
| SEVERITY: Critical 4 |
| QUALYS ID: 100058 |
| VENDOR REFERENCE: MS08-031, 950759 |
| CVE REFERENCE: CVE-2008-1442, CVE-2008-1544 |
| CVSS SCORES: Base 8.3/ Temporal 6.5 |
| THREAT: A remote code execution vulnerability exists in the way Internet Explorer displays a Web page that contains certain unexpected method calls to HTML objects. The issue occurs because of the way that it processes data streams. |
| IMPACT: An attacker could exploit the vulnerability by constructing a specially crafted Web page. An attacker who successfully exploited this vulnerability could also gain the same user rights as the logged-on user. |
| SOLUTION: Refer to Microsoft Security Bulletin MS08-031 for further details on this vulnerability, including a list of affected and non-affected software.
Microsoft has rated this issue as Critical. |
| Cumulative Security Update of ActiveX Kill Bits |
|---|
| SEVERITY: Critical 4 |
| QUALYS ID: 90441 |
| VENDOR REFERENCE: MS08-032, 950760 |
| CVE REFERENCE: CVE-2007-0675 |
| CVSS SCORES: Base 6.8/ Temporal 5 |
| THREAT: This security update resolves a publicly reported vulnerability for the Microsoft Speech API. |
| IMPACT: The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer and has the Speech Recognition feature in Windows enabled. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes a kill bit for software produced by BackWeb. |
| SOLUTION: Refer to Microsoft Security Bulletin MS08-032 for further details on this vulnerability, including a list of affected and non-affected software.
Microsoft has rated this issue as Moderate. |
| Vulnerabilities in DirectX Could Allow Remote Code Execution |
|---|
| SEVERITY: Critical 4 |
| QUALYS ID: 90438 |
| VENDOR REFERENCE: MS08-033, 951698 |
| CVE REFERENCE: CVE-2008-0011,CVE-2008-1444 |
| CVSS SCORES: Base 7.5/ Temporal 5.9 |
| THREAT: This is a critical security update which affects all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. This security update resolves two privately reported vulnerabilities in Microsoft DirectX that could allow remote code execution if a user opens a specially crafted media file. |
| IMPACT: An attacker who successfully exploited either of these vulnerabilities could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
| SOLUTION: The security update addresses the vulnerability by modifying the way that DirectX handles MJPEG and SAMI format files. Refer to Microsoft Security Bulletin MS08-033 for further details on this vulnerability and patch instructions.
Microsoft has rated this issue as Critical. |
| Vulnerability in WINS Could Allow Elevation of Privilege |
|---|
| SEVERITY: Critical 4 |
| QUALYS ID: 90439 |
| VENDOR REFERENCE: MS08-034, 948745 |
| CVE REFERENCE: CVE-2008-1451 |
| CVSS SCORES: Base 6.9/ Temporal 5.1 |
| THREAT: An elevation of privilege vulnerability exists in the Windows Internet Name Service (WINS) in the way that WINS does not sufficiently validate the data structures within specially crafted WINS network packets. |
| IMPACT: Successful exploitation could allow a local attacker to run code with elevated privileges. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete date; or create new accounts. |
| SOLUTION: Refer to Microsoft Security Bulletin MS08-034 for further details on this vulnerability and patch instructions.
Microsoft has rated this issue as Important. |
| Vulnerability in Active Directory Could Allow Denial of Service |
|---|
SEVERITY: Serious  3 |
| QUALYS ID: 90443 |
| VENDOR REFERENCE: MS08-035, 953235 |
| CVE REFERENCE: CVE-2008-1445 |
| CVSS SCORES: Base 5.4/ Temporal 4 |
| THREAT: A denial of service vulnerability exists in implementations of Active Directory on several Windows operating systems. It also exists in implementations of Active Directory Application Mode (ADAM). The vulnerability is due to insufficient validation of specially crafted LDAP requests. |
| IMPACT: An attacker who successfully exploited this vulnerability could cause the computer to stop responding and automatically restart. |
| SOLUTION: Refer to Microsoft Security Bulletin MS08-035 for further information and patch instructions.
Microsoft has rated this issue as Important. |
| Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service |
|---|
| SEVERITY: Serious 3 |
| QUALYS ID: 90442 |
| VENDOR REFERENCE: MS08-036, 950762 |
| CVE REFERENCE: CVE-2008-1440, CVE-2008-1441 |
| CVSS SCORES: Base 5.4/ Temporal 4 |
| THREAT: These vulnerabilities exist in implementations of the Pragmatic General Multicast protocol on several Windows Operating systems. The vulnerability is due to improper validation of specially crafted PGM packets. Also the protocols parsing code does not properly validate specially crafted PGM fragments and will cause the affected system to become non responsive until the attack has ceased. |
| IMPACT: An attacker who successfully exploited this vulnerability could cause the computer to become non responsive and require a restart to restore functionality. |
| SOLUTION: Microsoft released security bulletin MS08-036 to address this vulnerability.
Microsoft has rated this issue as Important. |
This new vulnerability check is included in Qualys vulnerability signatures v1.19.158-4. Each QualysGuard account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the QualysGuard HOME menu, select the Account Info tab.
SELECTIVE SCAN INSTRUCTIONS USING QUALYSGUARD:
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
- Enable the following Qualys IDs:
- 42008
- 100058
- 90441
- 90438
- 90439
- 90443
- 90442
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if QualysGuard is unable to logon to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Matrix Report, available from the QualysGuard HOME page.
Technical Support
For more information, customers may contact Qualys Technical Support directly at support@qualys.com or by telephone toll free at:US: 1 866.801.6161 | EMEA: 33 1 44.17.00.41 | UK: +44 1753 872102
About QualysGuard
QualysGuard is an on-demand security audit service delivered over the web that enables organizations to effectively manage their vulnerabilities and maintain control over their network security with centralized reports, verified remedies, and full remediation workflow capabilities with trouble tickets. QualysGuard provides comprehensive reports on vulnerabilities including severity levels, time to fix estimates and impact on business, plus trend analysis on security issues. By continuously and proactively monitoring all network access points, QualysGuard dramatically reduces security managers' time researching, scanning and fixing network exposures and enables companies to eliminate network vulnerabilities before they can be exploited.Access for QualysGuard customers: https://qualysguard.qualys.com
Free trial of QualysGuard service: http://www.qualys.com/forms/trials/qualysguard_trial/
