May 11, 2010 - Qualys® Vulnerability R&D Lab has released new vulnerability checks in QualysGuard® to protect organizations against 2 vulnerabilities present in Microsoft Windows that were announced today. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their QualysGuard subscription.
Microsoft has released 2 security patches to fix newly discovered flaws in Microsoft Windows.
Qualys has released the following checks for these new vulnerabilities:
| Microsoft Outlook Express and Windows Mail Remote Code Execution Vulnerability (MS10-030) |
|---|
SEVERITY: Critical  4 |
| QUALYS ID: 90602 |
| VENDOR REFERENCE: MS10-030 |
| CVE REFERENCE: CVE-2010-0816 |
| CVSS SCORES: Base 9/ Temporal 7.1 |
| THREAT: Windows Mail (formerly Outlook Express) is an online communication tool for use with Windows.
Windows Mail is prone to a vulnerability is caused when a common library used by Outlook Express and Windows Mail insufficiently validates network data before using that data to calculate the necessary size of a buffer. The vulnerability could allow remote code execution if a user visits a malicious email server. Microsoft has released a security update that addresses the vulnerability by correctly validating email server responses. The security update is rated Critical for Microsoft Outlook Express on all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003; and for Windows Mail on all supported editions of Windows Vista and Windows Server 2008. The security update is rated Important for Windows Live Mail on all supported editions of Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2; and for Windows Mail on all supported editions of Windows 7 and Windows Server 2008 R2. |
| IMPACT: An attacker who successfully exploits this vulnerability could take complete control of an affected system.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
| SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities: Microsoft Windows 2000 Service Pack 4 (Microsoft Outlook Express 5.5 Service Pack 2) Microsoft Windows 2000 Service Pack 4 (Microsoft Outlook Express 6 Service Pack 1) Windows XP Service Pack 2 and Windows XP Service Pack 3 (Microsoft Outlook Express 6) Windows XP Service Pack 2 and Windows XP Service Pack 3 (Windows Live Mail) Windows XP Professional x64 Edition Service Pack 2 (Microsoft Outlook Express 6) Windows XP Professional x64 Edition Service Pack 2 (Windows Live Mail) Windows Server 2003 Service Pack 2 (Microsoft Outlook Express 6) Windows Server 2003 x64 Edition Service Pack 2 (Microsoft Outlook Express 6) Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft Outlook Express 6) Windows Vista Service Pack 1 and Windows Vista Service Pack 2 (Windows Mail) Windows Vista Service Pack 1 and Windows Vista Service Pack 2 (Windows Live Mail) Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2 (Windows Mail) For a complete list of patch download links, please refer to Microsoft Security Bulletin MS10-030. Workaround: |
| Microsoft Visual Basic for Applications Remote Code Execution Vulnerability (MS10-031) |
|---|
| SEVERITY: Critical 4 |
| QUALYS ID: 110121 |
| VENDOR REFERENCE: MS10-031 |
| CVE REFERENCE: CVE-2010-0815 |
| CVSS SCORES: Base 10/ Temporal 7.4 |
| THREAT: Microsoft VBA is a development technology for developing client desktop packaged applications and integrating them with existing data and systems. Microsoft VBA is based on the Microsoft Visual Basic development system. Microsoft Office products include VBA and make use of VBA to perform certain functions. VBA can also be used to build customized applications around an existing host application.
A stack-based memory corruption vulnerability exists in VBE6.dll . The vulnerability is caused by the way that VBA searches for ActiveX controls in a document that supports VBA. As a result, it is possible for a host application, such as Microsoft Office or a third-party application developed for Visual Basic programmability, to pass a specially crafted document with embedded ActiveX controls to the VBA runtime creating a condition that could allow arbitrary code to be run. Microsoft has released a security update that addresses this vulnerability by modifying the way that Visual Basic for Applications searches for ActiveX Controls embedded in documents. |
| IMPACT: Successfully exploiting this vulnerability might allow a remote attacker to execute arbitrary code. |
| SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities: Microsoft Office XP Service Pack 3 Microsoft Office 2003 Service Pack 3 2007 Microsoft Office System Service Pack 1 and 2007 Microsoft Office System Service Pack 2 Microsoft Visual Basic for Applications Refer to Microsoft Security Bulletin MS10-031 for further details.
Workaround: Impact of workaround #1: Embedded ActiveX controls (such as macros) will not run in Office documents. 2) Restrict access to VBE6.dll Impact of workaround #2: Embedded ActiveX controls (such as macros) will not run in Office documents. For instance, users will be unable to insert objects into Office documents. 3) Use the Microsoft Office Isolated Conversion Environment (MOICE) when opening files from unknown or un-trusted sources because it protects Office 2003 installations by more securely opening Word, Excel, and PowerPoint binary format files. Information on MOICE can be found at KB935865.
Impact of the workaround: 4) Do not open or save untursted Microsoft Office files Detailed information on applying the workarounds is available at Microsoft Security Bulletin MS10-031. |
This new vulnerability check is included in Qualys vulnerability signatures v1.26.63-3. Each QualysGuard account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the QualysGuard HOME menu, select the Account Info tab.
SELECTIVE SCAN INSTRUCTIONS USING QUALYSGUARD:
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
- Enable the following Qualys IDs:
- 90602
- 110121
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if QualysGuard is unable to logon to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Matrix Report, available from the QualysGuard HOME page.
US: 1 866.801.6161 | EMEA: 33 1 44.17.00.41 | UK: +44 1753 872102
Access for QualysGuard customers: https://qualysguard.qualys.com
Free trial of QualysGuard service: http://www.qualys.com/forms/trials/qualysguard_trial/
