New Microsoft Vulnerability Exposes Windows Users to Critical Security Risks

Redwood City, CA — November 8, 2005 — As part of its monthly Patch Tuesday announcements, Microsoft today highlighted new vulnerabilities affecting Windows users. These vulnerabilities are considered critical and Microsoft and Qualys strongly recommend that organizations apply the security update from this bulletin to affected systems immediately. Organizations can audit their networks for these vulnerabilities without having to install additional hardware or software, by accessing their QualysGuard subscription or by signing up for a free trial at www.qualys.com/freetrial.

Vulnerability Impact

The Security Bulletin 05-053 http://www.microsoft.com/technet/security/Bulletin/MS05-053.mspx released today by Microsoft identifies vulnerabilities in Microsoft’s graphics rendering engine and affects Win2000, XP, and 2003. The impact of these vulnerabilities ranges from denial of service to remote execution. An attacker could take complete control of a vulnerable system by exploiting the Graphics Engine vulnerability CVE-2005-2123 or Windows Metafile vulnerability CVE-2005-2124. These vulnerabilities require the user to be involved in the infection process (i.e. browsing a website or opening a malicious email) and are therefore not exploitable by an automated worm.

Users should identify and remediate these vulnerabilities as quickly as possible. In addition, users should also watch for suspicious email attachments, which could be a sign of exploitation of this vulnerability.

About QualysGuard

QualysGuard is an on demand vulnerability management and policy compliance solution that enables organizations to assess and manage business risk. QualysGuard automates the network security auditing process across the enterprise both inside and outside the firewall, and across distributed networking environments. QualysGuard provides network discovery and mapping, asset prioritization, centralized reporting, and remediation workflow and verification. Executive-level reports allow security professionals to demonstrate effective security practices and verify compliance with data protection laws and regulations. QualysGuard’s on demand technology is far more accurate, cost effective, and easier to deploy than software-based alternatives.

About Qualys

With more than 2,000 subscribers ranging from small businesses to multinational corporations, Qualys has become the leader in on demand vulnerability management and policy compliance. The company allows security managers to strengthen the security of their networks effectively, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys’ on demand technology offers customers significant economic advantages, requiring no capital outlay or infrastructure to deploy and manage. Its distributed scanning capabilities and unprecedented scalability make it ideal for large, distributed organisations. Hundreds of large companies have deployed Qualys on a global scale, including AXA, DuPont, Hershey Foods, ICI Ltd, Novartis, Sodexho, Standard Chartered Bank and many others. Qualys is headquartered in Redwood City, California, with European offices in France, Germany and the U.K., and Asian representatives in Japan, Singapore, Australia, Korea and the Republic of China. For more information, please visit www.qualys.com.

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

Media Contact:
Tami Casey
Qualys
media@qualys.com