July 8, 2008 - Today's Microsoft Patch Tuesday marks a first - a synchronized industry wide effort for the patching of a common vulnerability. Microsoft's advisory MS08-037 covers 2 vulnerabilities (CVE-2008-1447 and CVE-2008-1454) in its DNS servers and clients that are also present in DNS software from other vendors including Sun, IBM and Linux vendors, who all collaborated on the issue. Qualys® Vulnerability R&D Lab has released new vulnerability checks in QualysGuard® to protect organizations against the 4 new vulnerabilities present in Microsoft Windows that were announced today. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their QualysGuard subscription.
Microsoft has released 4 security patches to fix newly discovered flaws in Microsoft Windows.
Qualys has released the following checks for these new vulnerabilities:
| DNS Could Allow Spoofing |
|---|
SEVERITY: Serious  3 |
| QUALYS ID: 90446 |
| VENDOR REFERENCE: MS08-037, 953230 |
| CVE REFERENCE: CVE-2008-1454 |
| CVSS SCORES: Base 7.5/ Temporal 5.5 |
| THREAT: Two vulnerabilities exist in the Windows Domain Name System (DNS) that could allow spoofing. |
| IMPACT: These vulnerabilities exist in both the DNS client and DNS server and could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker's own systems. |
| SOLUTION: Refer to Microsoft Security Bulletin MS08-037 for further details on this vulnerability, including a list of affected and non-affected software.
Microsoft has rated this issue as Important. |
| Microsoft Windows Explorer Remote Code Execution Vulnerability |
|---|
SEVERITY: Critical  4 |
| QUALYS ID: 90445 |
| VENDOR REFERENCE: MS08-038, 950582 |
| CVE REFERENCE: CVE-2008-1435 |
| CVSS SCORES: Base 6.4/ Temporal 4.7 |
| THREAT: A security issue exists in Windows Explorer that could allow remote code execution when a specially crafted saved-search file is opened and saved. This issue is caused by an error in Windows Explorer that does not correctly parse search files when saving them. This issue could be exploited by attackers to execute arbitrary code by tricking a user into visiting a malicious Web page, or opening a specially crafted file and saving the saved-search file. |
| IMPACT: If a user is logged on with administrative user rights, an attacker who successfully exploits this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
| SOLUTION: Refer to Microsoft Security Bulletin MS08-038 for further details on this vulnerability and patch instructions.
Microsoft has rated this issue as Important. |
| Microsoft Outlook Web Access for Exchange Server Elevation of Privilege |
|---|
| SEVERITY: Critical 4 |
| QUALYS ID: 90444 |
| VENDOR REFERENCE: MS08-039, 953747 |
| CVE REFERENCE: CVE-2008-2247, CVE-2008-2248 |
| CVSS SCORES: Base 9/ Temporal 6.7 |
| THREAT: This security update resolves two privately reported vulnerabilities in Outlook Web Access (OWA) for Microsoft Exchange Server which exist due to cross-site scripting errors. |
| IMPACT: An attacker who successfully exploits these vulnerabilities could gain access to an individual OWA client's session data, allowing elevation of privilege. The attacker could then perform any action the user could perform from within the individual client's OWA session. |
| SOLUTION: This security update addresses the vulnerabilities by modifying the validation of HTTP session data within Outlook Web Access. Refer to Microsoft Security Bulletin MS08-039 for further details on these vulnerabilities and patch instructions. Microsoft has rated this issue as Important. |
| Microsoft SQL Server Could Allow Elevation of Privilege |
|---|
| SEVERITY: Serious 3 |
| QUALYS ID: 19236 |
| VENDOR REFERENCE: MS08-040, 941203 |
| CVE REFERENCE: CVE-2008-0085, CVE-2008-0086, CVE-2008-0107, CVE-2008-0106 |
| CVSS SCORES: Base 3.6/ Temporal 2.6 |
THREAT: Microsoft SQL server is exposed to the following vulnerabilities.
|
| IMPACT: A malicious user could exploit these vulnerabilities, gain higher privileges, run code and take complete control of the system. |
| SOLUTION: Refer to Microsoft Security Bulletin MS08-040 for further details on these vulnerabilities and patch instructions.
Microsoft has rated this issue as Important. |
This new vulnerability check is included in Qualys vulnerability signatures v1.19.183-3. Each QualysGuard account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the QualysGuard HOME menu, select the Account Info tab.
SELECTIVE SCAN INSTRUCTIONS USING QUALYSGUARD:
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
- Enable the following Qualys IDs:
- 90446
- 90445
- 90444
- 19236
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if QualysGuard is unable to logon to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Matrix Report, available from the QualysGuard HOME page.
US: 1 866.801.6161 | EMEA: 33 1 44.17.00.41 | UK: +44 1753 872102
Access for QualysGuard customers: https://qualysguard.qualys.com
Free trial of QualysGuard service: http://www.qualys.com/solutions/free/trials
