June 9, 2009 - Qualys® Vulnerability R&D Lab has released new vulnerability checks in QualysGuard® to protect organizations against 10 vulnerabilities present in Microsoft Windows that were announced today. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their QualysGuard subscription.
Microsoft has released 10 security patches to fix newly discovered flaws in Microsoft Windows.
Qualys has released the following checks for these new vulnerabilities:
| Microsoft Active Directory Remote Code Execution Vulnerability |
|---|
SEVERITY: Serious  3 |
| QUALYS ID: 90505 |
| VENDOR REFERENCE: MS09-018 |
| CVE REFERENCE: CVE-2009-1138, CVE-2009-1139 |
| CVSS SCORES: Base 7.3/ Temporal 5.7 |
| THREAT: Active Directory is used to provide central authentication and authorization services for Windows-based computers.
The following vulnerabilities exist in Active Directory on Microsoft Windows 2000 Server and Windows Server 2003, and Active Directory Application Mode (ADAM) when installed on Windows XP Professional and Windows Server 2003: - A remote code execution vulnerability exists because the LDAP service incorrectly frees memory when processing specially crafted LDAP or LDAPS requests. An attacker can exploit this flaw by sending a malicious LDAP or LDAPS packet to a domain controller. (CVE-2009-1138) - A denial of service vulnerability exists because the LDAP service improperly manages memory while executing LDAP or LDAPS requests containing specific OID (Object Identifier) filters. An attacker can exploit this vulnerability by sending a specially crafted LDAP or LDAPS packet to the Active Directory or ADAM server and cause the affected system to stop responding and require it to be restarted. (CVE-2009-1139) Microsoft has released a security update that addresses these vulnerabilities by correcting the way that the LDAP service allocates and frees memory while processing specially crafted LDAP or LDAPS requests. |
| IMPACT: Successful exploitation of this vulnerability can cause arbitrary execution of code. An attacker who successfully exploits this vulnerability could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Exploitation can also cause the affected system to stop responding leading to denial of service. |
| SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities: Microsoft Windows 2000 Server Service Pack 4 (Active Directory) Windows XP Professional x64 Edition Service Pack 2 (Active Directory Application Mode (ADAM)) Windows Server 2003 Service Pack 2 (Active Directory) Windows Server 2003 Service Pack 2 (Active Directory Application Mode (ADAM)) Windows Server 2003 x64 Edition Service Pack 2 (Active Directory) Windows Server 2003 x64 Edition Service Pack 2 (Active Directory Application Mode (ADAM)) Windows Server 2003 with SP2 for Itanium-based Systems (Active Directory) Refer to Microsoft Security Bulletin MS09-018 for further details.
Workarounds:
- Disable anonymous LDAP access on Microsoft Windows 2000 servers. Refer to KB837964 to get information on anonymous LDAP connections. |
| Microsoft Internet Explorer Cumulative Security Update |
|---|
SEVERITY: Critical  4 |
| QUALYS ID: 100073 |
| VENDOR REFERENCE: MS09-019 |
| CVE REFERENCE: CVE-2007-3091, CVE-2009-1140, CVE-2009-1141, CVE-2009-1528, CVE-2009-1529, CVE-2009-1530, CVE-2009-1531, CVE-2009-1532 |
| CVSS SCORES: Base 10/ Temporal 7.8 |
| THREAT: Microsoft Internet Explorer is a Web browser for Microsoft Windows. The
following vulnerabilities have been identified in Internet Explorer: - An information disclosure vulnerability exists in Internet Explorer which can cause a script to create a race condition that could break the same-origin policy of Internet Explorer allowing an attacker to view the content in another browser window in a domain or Internet Explorer zone distinct from the attacker's domain or zone. (CVE-2007-3091) - An information disclosure vulnerability exists in the way that Internet Explorer caches data and incorrectly allows the cached content to be rendered as HTML, bypassing domain restriction. An attacker can exploit this issue to view content from the local computer or browser window in another domain or Internet Explorer zone. (CVE-2009-1140) - A remote code execution vulnerability exists when Internet Explorer displays a Web page that contains unexpected method calls to HTML objects. When a user visits a specially crafted Web site, it corrupts system memory allowing an attacker to execute arbitrary code. (CVE-2009-1141) - Multiple remote code execution vulnerabilities exist in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. This can be exploited by enticing an unsuspecting user into viewing a specially crafted Web page leading to memory corruption in such a way that an attacker could execute arbitrary code. (CVE-2009-1528, CVE-2009-1529, CVE-2009-1530, CVE-2009-1531, CVE-2009-1532) Microsoft has released a security update that addresses these vulnerabilities by modifying the way that Internet Explorer handles scripts and cached content and initializes memory. |
| IMPACT: Successful exploitation of these vulnerabilities allows arbitrary execution of code in the context of the logged on user. Exploitation also allows an attacker to view data from a Web page. |
| SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities: Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 5.01 Service Pack 4) Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 6 Service Pack 1) Windows XP Service Pack 2 and Windows XP Service Pack 3 (Microsoft Internet Explorer 6) Windows XP Professional x64 Edition Service Pack 2 (Microsoft Internet Explorer 6) Windows Server 2003 Service Pack 2 (Microsoft Internet Explorer 6) Windows Server 2003 x64 Edition Service Pack 2 (Microsoft Internet Explorer 6) Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft Internet Explorer 6) Windows XP Service Pack 2 and Windows XP Service Pack 3 (Windows Internet Explorer 7) Windows XP Professional x64 Edition Service Pack 2 (Windows Internet Explorer 7) Windows Server 2003 Service Pack 2 (Windows Internet Explorer 7) Windows Server 2003 x64 Edition Service Pack 2 (Windows Internet Explorer 7) Windows Server 2003 with SP2 for Itanium-based Systems (Windows Internet Explorer 7) Windows Vista and Windows Vista Service Pack 1 (Windows Internet Explorer 7) Windows Vista Service Pack 2 (Windows Internet Explorer 7) For a complete list of patch download links, please refer to Microsoft Security Bulletin MS09-019.
Workaround: Detailed steps on applying the workarounds can be found at Microsoft Security Bulletin MS09-019.
Impact of the Workaround: |
| Internet Information Services (IIS) Could Allow Elevation of Privilege |
|---|
| SEVERITY: Critical 4 |
| QUALYS ID: 86837 |
| VENDOR REFERENCE: MS09-020 |
| CVE REFERENCE: CVE-2009-1535, CVE-2009-1122 |
| CVSS SCORES: Base 10/ Temporal 7.8 |
| THREAT: Internet Information Services (IIS) is a set of Internet-based services
for servers created by Microsoft for use with Microsoft Windows.
Web-based Distributed Authoring and Versioning (WebDAV) is a set of
extensions to the Hypertext Transfer Protocol (HTTP) that allows users
to edit and manage files on remote Web servers.
IIS is prone to the following vulnerabilities: - A security vulnerability exists within the WebDAV functionality of Internet Information Server (IIS) because the Web server fails to properly handle unicode tokens when parsing the URI and sending back data. An attacker can exploit this issue to access password protected resources via specially crafted HTTP GET or PROPFIND requests that contain Unicode-encoded characters with a "Translate: f" header. (CVE-2009-1535) - An elevation of privilege vulnerability exists in the way that the WebDAV extension for IIS handles HTTP requests. An attacker could exploit this vulnerability by creating a specially crafted anonymous HTTP request to gain access to a location that should require authentication. (CVE-2009-1122) Microsoft Internet Information Services (IIS) Version 5.0, 5.1, and 6.0 with WebDAV is vulnerable. Note: By default WebDAV is not enabled on Windows Server 2003 systems running IIS 6.0. Unless WebDAV has been enabled by an administrator on these systems, the vulnerability is not exposed. |
| IMPACT: Successful exploitation of this vulnerability allows an attacker to bypass authentication of password protected folders. An attacker could list, download or upload any protected files on the target. |
| SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities: Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Information Services 5.0) Windows XP Professional x64 Edition Service Pack 2 (Microsoft Internet Information Services 6.0) Windows Server 2003 Service Pack 2 (Microsoft Internet Information Services 6.0) Windows Server 2003 x64 Edition Service Pack 2 (Microsoft Internet Information Services 6.0) Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft Internet Information Services 6.0) Refer to Microsoft Security Bulletin MS09-020 for further details. This security update addresses the vulnerability listed in Microsoft Security Advisory 971492.
Workarounds: For IIS 5.0 and IIS 5.1, instructions on disabling WebDav can be found at KB241520
For IIS 6.0, WebDAV can be disabled using the following steps: Impact of workaround: WebDAV requests will not be served by IIS. B: Use the IIS Lockdown Tool 2.1 to disable WebDAV on IIS 5.0 and IIS 5.1: Instructions on downloading and installing the tool can be found at KB325864. Impact of workaround. This method achieves its results by installing UrlScan. By default, UrlScan blocks requests to WebDAV by detecting either HTTP verbs or headers that would be mapped to WebDAV. C: Use Microsoft UrlScan Filter v3.1 to disable WebDAV on IIS
5.1 and IIS 6.0: Download Microsoft UrlScan Filter v3.1 from one of the
following: Impact of workaround. This method achieves its results by installing UrlScan. By default, UrlScan blocks requests to WebDAV by detecting either HTTP verbs or headers that would be mapped to WebDAV. D: If WebDAV functionality is required, change file system ACLs to deny access to the anonymous user account. Detailed information on setting ACLs for IIS content can be found at Article ID 271071 or KB812614. |
| Microsoft Excel Remote Code Execution Vulnerability |
|---|
| SEVERITY: Critical 4 |
| QUALYS ID: 110100 |
| VENDOR REFERENCE: MS09-021 |
| CVE REFERENCE: CVE-2009-0549, CVE-2009-0557, CVE-2009-0558, CVE-2009-0559, CVE-2009-0560, CVE-2009-0561, CVE-2009-1134 |
| CVSS SCORES: Base 7.5/ Temporal 5.5 |
| THREAT: Microsoft Excel is a proprietary spreadsheet application written and
distributed by Microsoft for Microsoft Windows and Mac OS X. Excel is
prone to the following vulnerabilities:
- A remote code execution vulnerability is caused by the improper parsing of the Excel spreadsheet file format. An attacker can exploit this issue via a specially crafted Excel file containing a malformed record pointer. (CVE-2009-0549, CVE-2009-1134) - A remote code execution vulnerability that is caused by the improper parsing of Excel files can be exploited by an attacker via a specially crafted Excel file containing a malformed object record. (CVE-2009-0557) - Excel is prone to an array indexing error when parsing the Excel spreadsheet file format. An attacker can exploit this issue via a specially crafted Excel file containing a malformed object record. (CVE-2009-0558) - A stack-based buffer overflow exists due to improper boundary checking when parsing Excel files. An attacker can exploit this issue by persuading an unsuspecting user into opening a specially-crafted Excel file containing an overly long string copy. (CVE-2009-0559) - A memory corruption vulnerability related to field sanitization occurs when parsing Excel files. An attacker can exploit this issue by persuading an unsuspecting user into opening a specially-crafted Excel file containing a malformed record object. (CVE-2009-0560) - Excel is prone to a record integer overflow vulnerability which can be exploited via a specially-crafted Excel file containing a malformed object record. (CVE-2009-0561) Microsoft has released an update that addresses the vulnerabilities by modifying the way that Excel parses Excel files. |
| IMPACT: Successful exploitation of these vulnerabilities allows an attacker to run arbitrary code as the logged-on user. An attacker with administrative rights can take complete control of the affected system and then install programs; view, change, or delete data; or create new accounts with full user rights. |
| SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities: Microsoft Office 2000 Service Pack 3 (Microsoft Office Excel 2000 Service Pack 3) Microsoft Office XP Service Pack 3 (Microsoft Office Excel 2002 Service Pack 3) Microsoft Office 2003 Service Pack 3 (Microsoft Office Excel 2003 Service Pack 3) 2007 Microsoft Office System Service Pack 1 (Microsoft Office Excel 2007 Service Pack 1) 2007 Microsoft Office System Service Pack 2 (Microsoft Office Excel 2007 Service Pack 2) Open XML File Format Converter for Mac Microsoft Office Excel Viewer 2003 Service Pack 3 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 For a complete list of patch download links, please refer to Microsoft Security Bulletin MS09-021.
Workarounds:
For CVE-2009-0549, CVE-2009-0557, CVE-2009-0560, CVE-2009-0561, CVE-2009-1134: Impact of the workaround: For CVE-2009-0549, CVE-2009-0560, CVE-2009-0561, CVE-2009-1134: Impact of the workaround: |
| Microsoft Windows Print Spooler Could Allow Remote Code Execution |
|---|
| SEVERITY: Serious 3 |
| QUALYS ID: 90508 |
| VENDOR REFERENCE: MS09-022 |
| CVE REFERENCE: CVE-2009-0228, CVE-2009-0229, CVE-2009-0230 |
| CVSS SCORES: Base 7.2/ Temporal 5.6 |
| THREAT: The Print Spooler service manages the printing process.
The following vulnerabilities exist in the Windows Print Spooler. - The Windows Print Spooler is prone to a buffer overflow vulnerability that exists due to improper parsing of certain printing data structures. The attacker can exploit this flaw by sending a specially crafted RPC request to an affected system causing it to improperly parse the "ShareName" on a malicious print server during enumeration. This would allow the attacker to perform remote code execution on the affected system with system-level privileges. (CVE-2009-0228) - An information disclosure vulnerability exists in the Windows Printing Service because the service does not properly check the files that can be included with separator pages. An attacker can exploit this flaw to read or print any file on the system via a specially crafted separator page. (CVE-2009-0229) - A privilege elevation vulnerability exists in the Windows Print Spooler because it does not properly validate the paths from which a DLL may be loaded. An attacker can exploit this issue via a specially crafted RPC message sent to an affected system. The message would cause the print spooler to load a malicious DLL that was created by the attacker and execute code with elevated privileges. (CVE-2009-0230) Microsoft has released an update that addresses these vulnerabilities by changing the way the print spooler parses certain printing data structures, limiting the location where separator pages or embedded files can be read by the Windows Printing Service, and restricting the paths from which the print spooler can load a DLL. |
| IMPACT: Successful exploitation of this vulnerability allows arbitrary execution of code. Exploitation could allow a user to read or print any file on the system. |
| SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities: Microsoft Windows 2000 Service Pack 4 Windows XP Service Pack 2 and Windows XP Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2 Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 Refer to Microsoft Security Bulletin MS09-022 for further details.
Workarounds: Impact of the workaround: Blocking the ports can cause several Windows services or applications using those ports to stop functioning.
- On Microsoft Windows 2000 Server Service Pack 4, remove the Print
Spooler service from the NullSessionPipes registry key to prevent
attempts to exploit this vulnerability by anonymous attackers. Impact of the workaround: Anonymous connections to the Print Spooler service will not be allowed.
For CVE-2009-0228 and CVE-2009-0229:
1) Click Start, and then click Control Panel. Alternatively, point to Settings, and then click Control Panel. Impact of the workaround. Printing locally or remotely will not be allowed. Additional details on applying the workarounds are available at Microsoft Security Bulletin MS09-022. |
| Windows Search Information Disclosure Vulnerability |
|---|
| SEVERITY: Serious 3 |
| QUALYS ID: 90507 |
| VENDOR REFERENCE: MS09-023 |
| CVE REFERENCE: CVE-2009-0239 |
| CVSS SCORES: Base 6.1/ Temporal 4.5 |
| THREAT: Windows Search allows instant search capabilities for most common file
and data types such as e-mail, contacts, calendar appointments,
documents, photos, multimedia, and other formats extended by third
parties.
An information disclosure vulnerability exists in Windows Search due to the way file previews are generated. Windows Search does not properly restrict the environment within which scripts execute allowing an attacker to run a malicious client-side script that is placed on the system. (CVE-2009-0239) If a user performs a search that returns the malicious file as the first result, arbitrary HTML script execution could occur. If the specially crafted file is not the first result, the user would need to select and preview the file in order for the exploit to occur. Microsoft has released an update that addresses this vulnerability by modifying how Windows Search restricts the environment within which scripts execute. |
| IMPACT: An attacker who successfully exploits this vulnerability could run a malicious HTML script that could disclose information, forward user data to a third party, or access any data on the affected systems that was accessible to the logged-on user. |
| SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities: Windows XP Service Pack 2 and Windows XP Service Pack 3 (Windows Search 4.0) Windows XP Professional x64 Edition Service Pack 2 (Windows Search 4.0) Windows Server 2003 Service Pack 2 (Windows Search 4.0) Windows Server 2003 x64 Edition Service Pack 2 (Windows Search 4.0) Refer to Microsoft Security Bulletin MS09-023 for further details. |
| Microsoft Works Converters Remote Code Execution Vulnerability |
|---|
| SEVERITY: Critical 4 |
| QUALYS ID: 110098 |
| VENDOR REFERENCE: MS09-024 |
| CVE REFERENCE: CVE-2009-1533 |
| CVSS SCORES: Base 5.1/ Temporal 3.8 |
| THREAT: Microsoft Works is an office suite produced by Microsoft.
Microsoft Office Works for Windows document converters is prone to a remote code execution vulnerability because of the way the application handles specially crafted Works files. When a user opens a specially crafted Works file (.wps), it may corrupt system memory allowing an attacker could execute arbitrary code. (CVE-2009-1533) Microsoft has released a security update that addresses the vulnerability by modifying the way that Microsoft Office opens Works files. |
| IMPACT: A malicious attacker can execute arbitrary code on the vulnerable target machine. |
| SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities: Microsoft Office 2000 Service Pack 3 (Microsoft Office Word 2000 Service Pack 3) Microsoft Office XP Service Pack 3 (Microsoft Office Word 2002 Service Pack 3) 2007 Microsoft Office System Service Pack 1 (Microsoft Office Word 2007 Service Pack 1) Refer to Microsoft Security Bulletin MS09-024 for further details.
Workarounds: Impact of the workaround: The user will not be able to open or save Works 4.x documents. - For Word 2003 with the Microsoft Works 6-9 File Converter and Word 2007: Apply access control lists to disable the Works 6-9 converter by restricting access. This will prevent the converters from being loaded by Works and Office. Impact of the workaround: The user will not be able to open or save Works 6-9 documents. Additional details on applying the workarounds are available at Microsoft Security Bulletin MS09-024. |
| Windows Kernel Elevation of Privilege Vulnerability |
|---|
| SEVERITY: Serious 3 |
| QUALYS ID: 90509 |
| VENDOR REFERENCE: MS09-025 |
| CVE REFERENCE: CVE-2009-1123, CVE-2009-1124, CVE-2009-1125, CVE-2009-1126 |
| CVSS SCORES: Base 4.3/ Temporal 3.2 |
| THREAT: The Windows kernel is the core of the operating system that handles
device management and memory management, allocates processor time to
processes, and manages error handling.
The Windows kernel is prone to the following privilege escalation vulnerabilities: - An error in the Windows kernel causes changes in certain kernel objects to not be properly validated. (CVE-2009-1123) - An error in the Windows kernel causes certain pointers passed from user mode to not be properly validated. (CVE-2009-1124) - An error exists because the Windows kernel does not properly validate an argument passed to a Windows kernel system call. (CVE-2009-1125) - An error exists because the Windows kernel does not properly validate input passed from user mode to the kernel when editing a specific desktop parameter. (CVE-2009-1126) Microsoft has released an update that addresses these vulnerabilities by correcting the methods used for validating a change in specific kernel objects, for validating the input passed from user mode to the kernel, and for validating the argument passed to the system call. |
| IMPACT: Successful exploitation of this vulnerability allows an attacker to run arbitrary code in kernel mode. An attacker can gain elevated privileges and could then install programs; view, change, or delete data; or create new accounts with full user rights. |
| SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities: Microsoft Windows 2000 Service Pack 4 Windows XP Service Pack 2 and Windows XP Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista and Windows Vista Service Pack 1 Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1 Windows Vista x64 Edition Service Pack 2 Windows Server 2008 for 32-bit Systems Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Windows Server 2008 for Itanium-based Systems Service Pack 2 Refer to Microsoft Security Bulletin MS09-025 for further details. |
| Windows RPC Elevation of Privilege Vulnerability |
|---|
SEVERITY: Urgent  5 |
| QUALYS ID: 90506 |
| VENDOR REFERENCE: MS09-026 |
| CVE REFERENCE: CVE-2009-0568 |
| CVSS SCORES: Base 7.6/ Temporal 5.6 |
| THREAT: The RPC Marshalling Engine provides a common RPC interface between RPC clients and servers.
An elevation of privilege vulnerability exists in the Windows Remote Procedure Call (RPC) facility where the RPC Marshalling Engine does not update its internal state appropriately. The failure to update internal state could lead to a pointer being read from an incorrect location. This issue can be exploited by an attacker via a specially crafted RPC message that is sent to an affected system over an affected TCP or UDP port. The message could then allow the client to write arbitrary data to memory in the RPC server address space. (CVE-2009-0568) Microsoft has released an update that addresses this vulnerability by correcting the way that the RPC Marshalling Engine updates its internal state. |
| IMPACT: Successful exploitation of this vulnerability allows an attacker to
execute arbitrary code and take complete control of an affected system.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
| SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities: Microsoft Windows 2000 Service Pack 4 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista Service Pack 1 and Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2 Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 Refer to Microsoft Security Bulletin MS09-026 for further details. |
| Microsoft Word Remote Code Execution Vulnerability |
|---|
| SEVERITY: Critical 4 |
| QUALYS ID: 110099 |
| VENDOR REFERENCE: MS09-027 |
| CVE REFERENCE: CVE-2009-0563, CVE-2009-0565 |
| CVSS SCORES: Base 7.5/ Temporal 5.5 |
| THREAT: Microsoft Word is a proprietary word processing application written and
distributed by Microsoft for Microsoft Windows and Mac OS X.
A remote code execution vulnerability exists in the way that Microsoft Office Word handles a specially crafted Word file that includes a malformed record. An attacker can entice an unsuspecting user into opening a maliciously crafted Word file which may corrupt system memory in such a way that arbitrary code can be executed. (CVE-2009-0563, CVE-2009-0565) Microsoft has released an update that addresses the vulnerabilities by modifying the way that Word opens and parses files. |
| IMPACT: An attacker who successfully exploits these vulnerabilities can execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
| SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities: Microsoft Office 2000 Service Pack 3 (Microsoft Office Word 2000 Service Pack 3) Microsoft Office XP Service Pack 3 (Microsoft Office Word 2002 Service Pack 3) Microsoft Office 2003 Service Pack 3 (Microsoft Office Word 2003 Service Pack 3) 2007 Microsoft Office System Service Pack 1 (Microsoft Office Word 2007 Service Pack 1) 2007 Microsoft Office System Service Pack 2 (Microsoft Office Word 2007 Service Pack 2) Open XML File Format Converter for Mac Microsoft Office Word Viewer 2003 Service Pack 3 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2 Refer to Microsoft Security Bulletin MS09-027 for further details.
Workaround:
For Office 2003:
For 2007 Office system:
Impact of the workaround: - Avoid opening or saving Word files received from untrusted sources. |
This new vulnerability check is included in Qualys vulnerability signatures v1.23.0-3. Each QualysGuard account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the QualysGuard HOME menu, select the Account Info tab.
SELECTIVE SCAN INSTRUCTIONS USING QUALYSGUARD:
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
- Enable the following Qualys IDs:
- 90505
- 100073
- 86837
- 110100
- 90508
- 90507
- 110098
- 90509
- 90506
- 110099
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if QualysGuard is unable to logon to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Matrix Report, available from the QualysGuard HOME page.
US: 1 866.801.6161 | EMEA: 33 1 44.17.00.41 | UK: +44 1753 872102
Access for QualysGuard customers: https://qualysguard.qualys.com
Free trial of QualysGuard service: http://www.qualys.com/forms/trials/qualysguard_trial/
