April 12, 2011
Microsoft Security Bulletin: April 12
Advisory Overview

April 12, 2011 - Qualys® Vulnerability R&D Lab has released new vulnerability checks in QualysGuard® to protect organizations against 64 vulnerabilities present in Microsoft products that were announced today in 17 security bulletins. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their QualysGuard subscription.

Vulnerability Details

Microsoft has released 17 security patches to fix newly discovered flaws in Microsoft Windows.

Qualys has released the following checks for these new vulnerabilities:


Microsoft Internet Explorer Cumulative Security Update (MS11-018)
SEVERITY: Critical Critical-4 4
QUALYS ID: 100099
VENDOR REFERENCE: MS11-018
CVE REFERENCE: CVE-2011-0094 | CVE-2011-0346 | CVE-2011-1345 | CVE-2011-1244 | CVE-2011-1245
CVSS SCORES: Base 9.3/ Temporal 7.3
THREAT: Microsoft Internet Explorer is a Web browser available for Microsoft Windows.

Microsoft has released a security update that resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory, content during certain processes, and script during certain processes.

This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients; and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers.

IMPACT: The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploits any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
SOLUTION: Patch:
Following are links for downloading patches to fix the vulnerabilities:

Windows XP Service Pack 3 (Internet Explorer 6)

Windows XP Professional x64 Edition Service Pack 2 (Internet Explorer 6)

Windows Server 2003 Service Pack 2 (Internet Explorer 6)

Windows Server 2003 x64 Edition Service Pack 2 (Internet Explorer 6)

Windows Server 2003 with SP2 for Itanium-based Systems (Internet Explorer 6)

Windows XP Service Pack 3 (Internet Explorer 7)

Windows XP Professional x64 Edition Service Pack 2 (Internet Explorer 7)

Windows Server 2003 Service Pack 2 (Internet Explorer 7)

Windows Server 2003 x64 Edition Service Pack 2 (Internet Explorer 7)

Windows Server 2003 with SP2 for Itanium-based Systems (Internet Explorer 7)

Windows Vista Service Pack 1 and Windows Vista Service Pack 2 (Internet Explorer 7)

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2 (Internet Explorer 7)

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (Internet Explorer 7)

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (Internet Explorer 7)

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2 (Internet Explorer 7)

For a complete list of patch download links, please refer to Microsoft Security Bulletin MS11-018.

Workarounds:
1) Set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting

2) Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone

Impact of workarounds #1 and #2: On visiting Web sites on the Internet or Intranet that use ActiveX or Active Scripting to provide additional functionality, you will be prompted frequently when you enable this workaround.

3) Read e-mails in plain text


Microsoft SMB Client Remote Code Execution Vulnerability (MS11-019)
SEVERITY: Critical Critical-4 4
QUALYS ID: 90692
VENDOR REFERENCE: MS11-019
CVE REFERENCE: CVE-2011-0660 | CVE-2011-0654
CVSS SCORES: Base 10/ Temporal 7.8
THREAT: Microsoft Server Message Block (SMB) Protocol is a Microsoft network file sharing protocol used in Microsoft Windows.

Microsoft SMB Client is prone to a remote code execution vulnerability.

Microsoft has released a security update that addresses the vulnerabilities by correcting the manner in which the CIFS Browser handles specially crafted Browser messages, and correcting the manner in which the SMB client validates specially crafted SMB responses.

This security update is rated Critical for all supported releases of Microsoft Windows.

IMPACT: The vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit these vulnerabilities, an attacker must convince the user to initiate an SMB connection to a specially crafted SMB server.
SOLUTION: Patch:
Following are links for downloading patches to fix the vulnerabilities:

Windows XP Service Pack 3

Windows XP Professional x64 Edition Service Pack 2

Windows Server 2003 Service Pack 2

Windows Server 2003 x64 Edition Service Pack 2

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista Service Pack 1 and Windows Vista Service Pack 2

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

Windows 7 for 32-bit Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems

Windows 7 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Refer to Microsoft Security Bulletin MS11-019 for further details.

Workarounds:
1) Block TCP ports 138 at the firewall

Impact of workaround #1: Applications that rely on the Computer Browser service will not function.

2) TCP ports 139 and 445 should be blocked at the firewall to protect systems behind the firewall from attempts to exploit this vulnerability.

Impact of workaround #2: Blocking the ports can cause several windows services or applications using those ports to stop functioning.


Microsoft SMB Server Remote Code Execution Vulnerability (MS11-020)
SEVERITY: Urgent Urgent-5 5
QUALYS ID: 90699
VENDOR REFERENCE: MS11-020
CVE REFERENCE: CVE-2011-0661
CVSS SCORES: Base 10/ Temporal 7.4
THREAT: Microsoft Server Message Block (SMB) Protocol is a Microsoft network file sharing protocol used in Microsoft Windows.

An unauthenticated remote code execution vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB packets. The vulnerability is caused when the Microsoft SMB Protocol software improperly handles SMB packets, including some preauthentication scenarios. This vulnerability affects SMB version 1 and SMB version 2.

Microsoft has released a security update that addresses the vulnerability by correcting the way that SMB validates fields in malformed SMB requests.

This security update is rated Critical for all supported releases of Microsoft Windows.

IMPACT: Successful exploitation could lead to arbitrary execution of code.
SOLUTION: Patch:
Following are links for downloading patches to fix this vulnerability:

Windows XP Service Pack 3

Windows XP Professional x64 Edition Service Pack 2

Windows Server 2003 Service Pack 2

Windows Server 2003 x64 Edition Service Pack 2

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista Service Pack 1 and Windows Vista Service Pack 2

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

Windows 7 for 32-bit Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems

Windows 7 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for Itanium-based Systems

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Refer to Microsoft Security Bulletin MS11-020 for further details.

Workaround:
1) TCP ports 139 and 445 should be blocked at the firewall to protect systems behind the firewall from attempts to exploit this vulnerability.

Impact of workaround #1:
Blocking the ports can cause several windows services or applications using those ports to stop functioning.


Microsoft Excel Remote Code Execution Vulnerabilities (MS11-021)
SEVERITY: Critical Critical-4 4
QUALYS ID: 110132
VENDOR REFERENCE: MS11-021
CVE REFERENCE: CVE-2011-0097 | CVE-2011-0098 | CVE-2011-0101 | CVE-2011-0103 | CVE-2011-0104 | CVE-2011-0105 | CVE-2011-0978 | CVE-2011-0979 | CVE-2011-0980
CVSS SCORES: Base 9.3/ Temporal 7.3
THREAT: Microsoft Excel is a proprietary spreadsheet application written and distributed by Microsoft.

Microsoft Excel is vulnerable to a remote code execution vulnerability in the ways that Microsoft Excel manages data structures, validates record information, initializes variables used in memory operations, and allocates buffer space when parsing a specially crafted file.

Microsoft has released an update that addresses the vulnerability.

This security update is rated Important for all supported editions of Microsoft Excel 2002, Microsoft Excel 2003, Microsoft Excel 2007, Microsoft Excel 2010, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Microsoft Office for Mac 2011; Open XML File Format Converter for Mac; and all supported versions of Microsoft Excel Viewer and Microsoft Office Compatibility Pack.

IMPACT: An attacker who successfully exploits these vulnerabilities could take complete control of an affected system.
SOLUTION: N/A

Microsoft PowerPoint Remote Code Execution Vulnerability (MS11-022)
SEVERITY: Critical Critical-4 4
QUALYS ID: 110148
VENDOR REFERENCE: MS11-022
CVE REFERENCE: CVE-2011-0655 | CVE-2011-0656 | CVE-2011-0976
CVSS SCORES: Base 10/ Temporal 7.4
THREAT: Microsoft PowerPoint is a proprietary presentation application written and distributed by Microsoft.

PowerPoint is prone to multiple vulnerabilities that could lead to remote code execution (CVE-2011-0655, CVE-2011-0656, CVE-2011-0976).

Microsoft has released a security update that addresses the vulnerabilities by modifying the way PowerPoint validates records when opening PowerPoint files

This security update is rated Important for all supported releases of Microsoft PowerPoint; Microsoft Office for Mac; Open XML File Format Converter for Mac; Microsoft Office Compatibility Pack for Word, Excel and PowerPoint 2007 File Formats; Microsoft PowerPoint Viewer, and Microsoft PowerPoint Web App

IMPACT: An attacker who successfully exploits these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
SOLUTION: Patch:
Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office XP Service Pack 3 (Microsoft PowerPoint 2002 Service Pack 3)

Microsoft Office 2003 Service Pack 3 (Microsoft PowerPoint 2003 Service Pack 3)

Microsoft Office 2007 Service Pack 2 (Microsoft PowerPoint 2007 Service Pack 2)

Microsoft Office 2010 (32-bit editions) (Microsoft PowerPoint 2010 (32-bit editions))

Microsoft Office 2010 (64-bit editions) (Microsoft PowerPoint 2010 (64-bit editions))

Microsoft Office 2004 for Mac

Microsoft Office 2008 for Mac

Microsoft Office for Mac 2011

Open XML File Format Converter for Mac

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2

Microsoft PowerPoint Viewer 2007 Service Pack 2

Refer to Microsoft Security Bulletin MS11-022 for further details.

Workarounds:
1) Avoid opening Office files received from un-trusted sources.

2) Use the Microsoft Office Isolated Conversion Environment (MOICE) when opening files from unknown or un-trusted sources because it protects Office 2003 installations by more securely opening Word, Excel, and PowerPoint binary format files. Information on MOICE can be found at KB935865.

Impact of workaround #2: Office 2003 and earlier formatted documents that are converted to the 2007 Microsoft Office System Open XML format by MOICE lose their macro functionality. Documents protected with passwords and Digital Rights Management cannot be converted.

3) Microsoft Office File Block policy should be used to block the opening of Office 2003 and earlier documents from unknown or untrusted sources.

Impact of workaround #3: If File Block policy is configured without special "exempt directory" configuration (see KB922848), Office 2003 files or earlier versions will not open in Office 2003 or 2007 Microsoft Office System.

4) Set Office File Validation to disable editing in protected view in PowerPoint 2010.

Impact of workaround #4: Office File Validation will no longer allow the editing of suspicious files in PowerPoint 2010.


Microsoft Office Remote Code Execution Vulnerability (MS11-023)
SEVERITY: Urgent Urgent-5 5
QUALYS ID: 110146
VENDOR REFERENCE: MS11-023
CVE REFERENCE: CVE-2011-0107 | CVE-2011-0977
CVSS SCORES: Base 9.3/ Temporal 6.9
THREAT: Microsoft Office is prone to the following vulnerabilities:

- A remote code execution vulnerability exists in the way that Microsoft Office handles the loading of DLL files. (CVE-2011-0107)

- A remote code execution vulnerability exists in the way that Microsoft Office handles graphic objects when parsing a specially crafted Office file. (CVE-2011-0977)

Microsoft has released an update that addresses the vulnerabilities by correcting the way that Microsoft Office handles graphic objects in specially crafted Office files and by correcting the manner in which Microsoft Office loads external libraries.

This security update is rated Important for all supported editions of Microsoft Office XP, Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac; and Open XML File Format Converter for Mac.

IMPACT: By exploiting these vulnerabilities, an attacker could take complete control of an affected system.
SOLUTION: Patch:
Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office XP Service Pack 3

Microsoft Office 2003 Service Pack 3

Microsoft Office 2007 Service Pack 2

Microsoft Office 2004 for Mac

Microsoft Office 2008 for Mac

Open XML File Format Converter for Mac

Refer to Microsoft Security Bulletin MS11-023 for further details.

Workarounds:
1) Avoid opening Office files received from un-trusted sources.

2) Use the Microsoft Office Isolated Conversion Environment (MOICE) when opening files from unknown or un-trusted sources because it protects Office 2003 installations by more securely opening Word, Excel, and PowerPoint binary format files. Information on MOICE can be found at KB935865.

Impact of workaround #2:
Office 2003 and earlier formatted documents that are converted to the 2007 Microsoft Office System Open XML format by MOICE lose their macro functionality. Documents protected with passwords and Digital Rights Management cannot be converted.

3) Microsoft Office File Block policy should be used to block the opening of Office 2003 and earlier documents from unknown or untrusted sources. The following registry scripts can be used to set the File Block policy.

Impact of workaround #3:
If File Block policy is configured without special "exempt directory" configuration (see KB922848), Office 2003 files or earlier versions will not open in Office 2003 or 2007 Microsoft Office System.

4) Disable loading of libraries from WebDAV and remote network shares

5) Disable the WebClient service

Impact of workaround #5:
When the WebClient service is disabled, Web Distributed Authoring and Versioning (WebDAV) requests are not transmitted. In addition, any services that explicitly depend on the Web Client service will not start, and an error message will be logged in the System log.

6) Block TCP ports 139 and 445 at the firewall

Impact of workaround #6:
Several Windows services use the affected ports. Blocking connectivity to the ports may cause various applications or services to not function.


Microsoft Windows Fax Cover Page Editor Remote Code Execution Vulnerability (MS11-024)
SEVERITY: Critical Critical-4 4
QUALYS ID: 90675
VENDOR REFERENCE: MS11-024
CVE REFERENCE: CVE-2010-4701 | CVE-2010-3974
CVSS SCORES: Base 7.6/ Temporal 6
THREAT: The Fax Cover Page Editor (fxscover.exe) application can be used to create and edit fax cover pages.

The vulnerability exists in Windows Fax Cover Page that is caused when the Windows Fax Cover Page Editor does not properly parse a specially crafted fax cover page.

Microsoft has released a security update that addresses the vulnerability by correcting the manner in which the Windows Fax Page Editor parses fax cover page files.

This security update is rated Important for all supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

IMPACT: The vulnerability could allow remote code execution if a user opened a specially crafted fax cover page file (.cov) using the Windows Fax Cover Page Editor. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
SOLUTION: Patch:
Following are links for downloading patches to fix the vulnerabilities:

Windows XP Service Pack 3

Windows XP Service Pack 3

Windows XP Professional x64 Edition Service Pack 2

Windows XP Professional x64 Edition Service Pack 2

Windows Server 2003 Service Pack 2

Windows Server 2003 Service Pack 2

Windows Server 2003 x64 Edition Service Pack 2

Windows Server 2003 x64 Edition Service Pack 2

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista Service Pack 1 and Windows Vista Service Pack 2

Windows Vista Service Pack 1 and Windows Vista Service Pack 2

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2

For a complete list of patch download links, please refer to Microsoft Security Bulletin MS11-024.

Workarounds:
1) Remove the Fax Cover Page .COV file association on Windows XP and Windows Server 2003

Impact of workaround #1: This workaround removes the .COV file association. Double-clicking a COV file will no longer launch Windows Fax Cover Page Editor.


Microsoft Foundation Class Library Remote Code Execution Vulnerability (MS11-025)
SEVERITY: Urgent Urgent-5 5
QUALYS ID: 90698
VENDOR REFERENCE: MS11-025
CVE REFERENCE: CVE-2010-3190
CVSS SCORES: Base 9.3/ Temporal 7.7
THREAT: The Microsoft Foundation Class Library is an application framework for programming in Microsoft Windows.

A remote code execution vulnerability exists in the way that certain applications built with Microsoft Foundation Classes handle the loading of DLL files.

Affected Software:
Microsoft Visual Studio .NET 2003 Service Pack 1
Microsoft Visual Studio 2005 Service Pack 1
Microsoft Visual Studio 2008 Service Pack 1
Microsoft Visual Studio 2010
Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package
Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package
Microsoft Visual C++ 2010 Redistributable Package

IMPACT: An attacker who successfully exploited this vulnerability could run arbitrary code as the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
SOLUTION: Patch:
Following are links for downloading patches to fix the vulnerabilities:

Microsoft Visual Studio .NET 2003 Service Pack 1

Microsoft Visual Studio 2005 Service Pack 1

Microsoft Visual Studio 2008 Service Pack 1

Microsoft Visual Studio 2010

Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package

Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package

Microsoft Visual C++ 2010 Redistributable Package

Refer to Microsoft Security Bulletin MS11-025 for further details.

Workarounds:

1)Disable loading of libraries from WebDAV and remote network shares

2) Disable the WebClient service

Impact of workaround #2: When the WebClient service is disabled, Web Distributed Authoring and Versioning (WebDAV) requests are not transmitted. In addition, any services that explicitly depend on the Web Client service will not start, and an error message will be logged in the System log.

3) Block TCP ports 139 and 445 at the firewall

Impact of workaround #3: Several Windows services use the affected ports. Blocking connectivity to the ports may cause various applications or services to not function.


Microsoft MHTML Information Disclosure Vulnerability (KB2501696, MS11-026)
SEVERITY: Serious Serious-3 3
QUALYS ID: 90679
VENDOR REFERENCE: KB2501696
CVE REFERENCE: CVE-2011-0096
CVSS SCORES: Base 4.3/ Temporal 3.4
THREAT: MHTML (MIME Encapsulation of Aggregate HTML) is an Internet standard that defines the MIME structure that is used to wrap HTML content.

An information disclosure vulnerability exists in the way MHTML interprets MIME-formatted requests for content blocks within a document. It is possible under certain conditions for this vulnerability to allow an attacker to run a client-side script in the wrong security context.

Affected Software:
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

IMPACT: An attacker who successfully exploited this vulnerability could inject a client-side script into the user's instance of Internet Explorer. The script could spoof content, disclose information, or take any action that the user could take on the affected Web site on behalf of the targeted user.
SOLUTION: Patch:
Following are links for downloading patches to fix the vulnerabilities:

Windows Server 2003 Service Pack 2

Windows Server 2003 x64 Edition Service Pack 2

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista Service Pack 1 and Windows Vista Service Pack 2

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Refer to Microsoft Security Bulletin MS11-026 for further details.

Workarounds:
1) Disable the MHTML protocol handler

Impact of workaround #1: The MHTML protocol will cease to function. Any application that uses MHTML will be affected by this workaround.

2) Enable the MHTML protocol lockdown

Impact of workaround #2: The MHTML protocol will be restricted to prevent the launch of script in all zones within an MHTML document. Any application that uses MHTML will be affected by this workaround. Script in standard HTML files is not affected by this workaround.

3) Set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting

4) Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone

Impact of workaround #3 and #4:
On visiting Web sites on the Internet or Intranet that use ActiveX or Active Scripting to provide additional functionality, you will be prompted frequently when you enable this workaround.


Microsoft Windows Cumulative Security Update of ActiveX Kill Bits (MS11-027)
SEVERITY: Urgent Urgent-5 5
QUALYS ID: 90694
VENDOR REFERENCE: MS11-027
CVE REFERENCE: CVE-2010-0811 | CVE-2010-3973 | CVE-2011-1243
CVSS SCORES: Base 10/ Temporal 7.8
THREAT: The Microsoft Data Analyzer ActiveX control allows programmatic control of the Data Analyzer from COM-based development applications such as Microsoft Visual Basic. The Microsoft Internet Explorer 8 Developer Tools enables Web site developers to quickly debug Microsoft Jscript, investigate behavior specific to Internet Explorer, and prototype new designs or solutions on-the-fly.

A remote code execution vulnerability exists in the Microsoft Data Analyzer ActiveX Control, WMITools ActiveX Control and Windows Messenger ActiveX Control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. (CVE-2010-0811,CVE-2010-3973, CVE-2011-1243).

Microsoft has released an update that also sets kill bits for the some ActiveX Controls from Oracle, CA and IBM.

This security update is rated Critical for all supported editions of Windows XP, Windows Vista, and Windows 7, and Moderate for all supported editions of Windows Server 2003 (except Itanium-based editions), Windows Server2008 (except Itanium-based editions), and Windows Server 2008 R2.

IMPACT: Successfully exploiting this vulnerability could allow a remote attacker to execute arbitrary code.
SOLUTION: Patch:
Following are links for downloading patches to fix the vulnerabilities:

Windows XP Service Pack 3

Windows XP Professional x64 Edition Service Pack 2

Windows Server 2003 Service Pack 2

Windows Server 2003 x64 Edition Service Pack 2

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista Service Pack 1 and Windows Vista Service Pack 2

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

Windows 7 for 32-bit Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems

Windows 7 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Refer to Microsoft Security Bulletin MS11-027 for further details.

Workarounds:
1) Set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting

2) Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone

Impact of workarounds #1 and #2: On visiting Web sites on the Internet or Intranet that use ActiveX or Active Scripting to provide additional functionality, you will be prompted frequently when you enable this workaround.

3) Prevent COM objects from running in Internet Explorer


Microsoft .NET Framework Remote Code Execution Vulnerability (MS11-028)
SEVERITY: Urgent Urgent-5 5
QUALYS ID: 90696
VENDOR REFERENCE: MS11-028
CVE REFERENCE: CVE-2010-3958
CVSS SCORES: Base 10/ Temporal 7.8
THREAT: The Microsoft .NET Framework is a software framework for computers running Microsoft Windows operating systems.

A remote code execution vulnerability exists in the way that Microsoft .NET Framework handles certain function calls. (CVE-2010-3958).

Microsoft has released a security update that addresses the vulnerability by correcting the manner in which the .NET Framework handles certain types of function calls.

This security update is rated Critical for all affected releases of Microsoft .NET Framework for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

IMPACT: Successfully exploiting this vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs).
SOLUTION: Patch:
Following are links for downloading patches to fix this vulnerability:

Windows XP Service Pack 3 (Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1)

Windows XP Service Pack 3 (Microsoft .NET Framework 4.0[1])

Windows XP Professional x64 Edition Service Pack 2 (Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1)

Windows XP Professional x64 Edition Service Pack 2 (Microsoft .NET Framework 4.0[1])

Windows Server 2003 Service Pack 2 (Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1)

Windows Server 2003 Service Pack 2 (Microsoft .NET Framework 4.0[1])

Windows Server 2003 x64 Edition Service Pack 2 (Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1)

Windows Server 2003 x64 Edition Service Pack 2 (Microsoft .NET Framework 4.0[1])

Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1)

Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft .NET Framework 4.0[1])

Windows Vista Service Pack 1 (Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1)

Windows Vista Service Pack 1 (Microsoft .NET Framework 4.0[1])

Windows Vista Service Pack 2 (Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1)

For a complete list of patch download links, please refer to Microsoft Security Bulletin MS11-028.

Workarounds:
1) Disable partially trusted Microsoft .NET applications

Impact of workaround #1: Microsoft .NET applications may not run.

2) Disable XAML browser applications in Internet Explorer

Impact of workaround #2: Microsoft .NET code will not run in Internet Explorer or will not run without prompting. Disabling Microsoft .NET applications and components in the Internet and Local intranet security zones may cause some Web sites to work incorrectly.


Microsoft Windows GDI+ Remote Code Execution Vulnerability (MS11-029)
SEVERITY: Urgent Urgent-5 5
QUALYS ID: 90702
VENDOR REFERENCE: MS11-029
CVE REFERENCE: CVE-2011-0041
CVSS SCORES: Base 9.3/ Temporal 6.9
THREAT: GDI+ is a graphics device interface that provides two-dimensional vector graphics, imaging, and typography to applications and programmers.

A remote code execution vulnerability exists in the way that GDI+ handles integer calculations when a user opens a specially crafted Enhanced Metafile (EMF) image format file.

Microsoft has released a security update that addresses the vulnerability by modifying the way that GDI+ handles integer calculations when processing EMF files.

This security update is rated Critical for all supported versions of Microsoft Windows.

IMPACT: An attacker who successfully exploits this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
SOLUTION: Patch:
Following are links for downloading patches to fix this vulnerability:

Windows XP Service Pack 3

Windows XP Professional x64 Edition Service Pack 2

Windows Server 2003 Service Pack 2

Windows Server 2003 x64 Edition Service Pack 2

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista Service Pack 1 and Windows Vista Service Pack 2

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

Microsoft Office XP Service Pack 3

Refer to Microsoft Security Bulletin MS11-029 for further details.

Workarounds:
1) Disable metafile processing

Impact of workaround #1: Turning off processing of metafiles may cause the performance of software or system components to decrease in functionality. Turning off processing of metafiles may also cause the software or system components to fail completely.

2) Restrict access to gdiplus.dll

Impact of workaround #2: Windows Picture and Fax Viewer (on editions prior to Windows Vista) and other applications that rely on GDI+ will not be able to view images. Also, thumbnails in Windows Explorer (on versions prior to Vista) will not display.


Microsoft DNS Resolution Remote Code Execution Vulnerability (MS11-030)
SEVERITY: Critical Critical-4 4
QUALYS ID: 90695
VENDOR REFERENCE: MS11-030
CVE REFERENCE: CVE-2011-0657
CVSS SCORES: Base 7.6/ Temporal 5.6
THREAT: DNSAPI.dll component is prone to a remote code execution vulnerability.

The vulnerability is caused by the way the DNS client handles specially crafted LLMNR queries.

Microsoft has released a security update that addresses the vulnerability by correcting the manner in which the DNS client processes specifically crafted DNS queries.

This security update is rated Critical for all supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. The security update is rated Important for all supported editions of Windows XP and Windows Server 2003.

IMPACT: The vulnerability could allow remote code execution if an attacker gained access to the network and then created a custom program to send specially crafted LLMNR broadcast queries to the target systems.
SOLUTION: Patch:
Following are links for downloading patches to fix the vulnerabilities:

Windows XP Service Pack 3

Windows XP Professional x64 Edition Service Pack 2

Windows Server 2003 Service Pack 2

Windows Server 2003 x64 Edition Service Pack 2

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista Service Pack 1 and Windows Vista Service Pack 2

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Refer to Microsoft Security Bulletin MS11-030 for further details.

Workarounds:
1) Block TCP port 5355 and UDP port 5355 at the firewall

Impact of workaround #1: Blocking connectivity to these ports will help prevent systems that are behind the firewall from attempts to exploit this vulnerability.

2) Disable Link-Local Mulitcast Name Resolution using group policy

Impact of workaround #2: The computer may not be visible to other computers on the network.

3) Turn off Network Discovery

Impact of workaround #3: The computer may not be visible to other computers on the network.


Microsoft JScript and VBScript Scripting Engines Remote Code Execution Vulnerability (MS11-031)
SEVERITY: Urgent Urgent-5 5
QUALYS ID: 90700
VENDOR REFERENCE: MS11-031
CVE REFERENCE: CVE-2011-0663
CVSS SCORES: Base 9.3/ Temporal 7.7
THREAT: JScript is an interpreted, object-based scripting language that is often used to make Web sites more flexible or interactive. VBScript (Visual Basic Script) is an interpreted, object-based scripting language that is often used to make Web sites more flexible or interactive.

Microsoft Jscript and VBscript engines are prone to a remote code execution vulnerability that is caused by the way JScript and VBScript scripting engines process scripts in Web pages. When the scripting engines attempt to reallocate memory while decoding a script in order to run it, an integer overflow can occur.

Affected Software:
JScript 5.7 and VBScript 5.7
JScript 5.8 and VBScript 5.8
JScript 5.6 and VBScript 5.6

IMPACT: An attacker who successfully exploits this vulnerability could run arbitrary code in the context of the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
SOLUTION: Patch:
Following are links for downloading patches to fix the vulnerabilities:

Windows XP Service Pack 3 (JScript 5.7 and VBScript 5.7)

Windows XP Service Pack 3 (JScript 5.8 and VBScript 5.8)

Windows XP Professional x64 Edition Service Pack 2 (JScript 5.6 and VBScript 5.6)

Windows XP Professional x64 Edition Service Pack 2 (JScript 5.7 and VBScript 5.7)

Windows XP Professional x64 Edition Service Pack 2 (JScript 5.8 and VBScript 5.8)

Windows Server 2003 Service Pack 2 (JScript 5.6 and VBScript 5.6)

Windows Server 2003 Service Pack 2 (JScript 5.7 and VBScript 5.7)

Windows Server 2003 Service Pack 2 (JScript 5.8 and VBScript 5.8)

Windows Server 2003 x64 Edition Service Pack 2 (JScript 5.6 and VBScript 5.6)

Windows Server 2003 x64 Edition Service Pack 2 (JScript 5.7 and VBScript 5.7)

Windows Server 2003 x64 Edition Service Pack 2 (JScript 5.8 and VBScript 5.8)

Windows Server 2003 with SP2 for Itanium-based Systems (JScript 5.6 and VBScript 5.6)

For a complete list of patch download links, please refer to Microsoft Security Bulletin MS11-031.

Workarounds:
1) Set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting

2) Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone

Impact of workarounds #1 and #2: On visiting Web sites on the Internet or Intranet that use ActiveX or Active Scripting to provide additional functionality, you will be prompted frequently when you enable this workaround.


Microsoft OpenType Compact Font Format (CFF) Driver Remote Code Execution Vulnerability (MS11-032)
SEVERITY: Urgent Urgent-5 5
QUALYS ID: 90697
VENDOR REFERENCE: MS11-032
CVE REFERENCE: CVE-2011-0034
CVSS SCORES: Base 9.3/ Temporal 6.9
THREAT: Microsoft OpenType is a font format developed jointly by Microsoft and Adobe as an extension of Apple's TrueType font format. An OpenType CFF font is an OpenType font that contains PostScript Type 1 outlines. OpenType fonts can contain either PostScript Type 1 or TrueType outlines.

A remote code execution vulnerability exists in the way that the OpenType Font (OTF) driver improperly parses specially crafted OpenType fonts. (CVE-2011-0034)

Microsoft has released an update that addresses the vulnerabilitiy by correcting the manner in which the OpenType Font (OTF) driver parses a specially crafted OpenType font.

This security update is rated Critical for all supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. This security update is also rated Important for all supported editions of Windows XP and Windows Server 2003.

IMPACT: By exploiting this vulnerability, an attacker could run arbitrary code in kernel mode.
SOLUTION: Patch:
Following are links for downloading patches to fix this vulnerability:

Windows XP Service Pack 3

Windows XP Professional x64 Edition Service Pack 2

Windows Server 2003 Service Pack 2

Windows Server 2003 x64 Edition Service Pack 2

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista Service Pack 1 and Windows Vista Service Pack 2

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Refer to Microsoft Security Bulletin MS11-032 for further details.

Workarounds:
1) Disable the Preview Pane and Details Pane in Windows Explorer

Impact of workaround #1: Windows Explorer will not automatically display OTF fonts.

2) Disable the WebClient service

Impact of workaround #2: When the WebClient service is disabled, Web Distributed Authoring and Versioning (WebDAV) requests are not transmitted. In addition, any services that explicitly depend on the WebClient service will not start, and an error message will be logged in the System log.


Microsoft WordPad Text Converters Remote Code Execution Vulnerability (MS11-033)
SEVERITY: Critical Critical-4 4
QUALYS ID: 90693
VENDOR REFERENCE: MS11-033
CVE REFERENCE: CVE-2011-0028
CVSS SCORES: Base 7.6/ Temporal 5.6
THREAT: WordPad is a basic word processor that is included in Windows.

A remote code execution vulnerability exists in the way that Microsoft WordPad parses specially crafted Word documents. The vulnerability could allow remote code execution if a user opens a specially crafted Word file that includes a malformed structure.

Microsoft has released a security update that addresses the vulnerability by changing the way that the WordPad Text Converters handle specially crafted files.

This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.

IMPACT: Exploitation could result in arbitrary execution of code.
SOLUTION: Patch:
Following are links for downloading patches to fix this vulnerability:

Windows XP Service Pack 3

Windows XP Professional x64 Edition Service Pack 2

Windows Server 2003 Service Pack 2

Windows Server 2003 x64 Edition Service Pack 2

Windows Server 2003 with SP2 for Itanium-based Systems

Refer to Microsoft Security Bulletin MS11-033 for further details.

Workaround:
Disable the WordPad Word 97 text converter by restricting access to the converter file.

Impact of workaround: Upon implementing the workaround, opening a Word document in WordPad results in WordPad displaying representations of binary data instead of formatted text.


Microsoft Windows Kernel-Mode Drivers Elevation of Privilege Vulnerability (MS11-034)
SEVERITY: Critical Critical-4 4
QUALYS ID: 90701
VENDOR REFERENCE: MS11-034
CVE REFERENCE: CVE-2011-0662 | CVE-2011-0665 | CVE-2011-0666 | CVE-2011-0667 | CVE-2011-0670 | CVE-2011-0671 | CVE-2011-0672 | CVE-2011-0674 | CVE-2011-0675 | CVE-2011-1234 | CVE-2011-1235 | CVE-2011-1236 | CVE-2011-1237 | CVE-2011-1238 | CVE-2011-1239 | CVE-2011-1240 | CVE-2011-1241 | CVE-2011-1242 | CVE-2011-0673 | CVE-2011-0676 | CVE-2011-0677 | CVE-2011-1225 | CVE-2011-1226 | CVE-2011-1227 | CVE-2011-1228 | CVE-2011-1229 | CVE-2011-1230 | CVE-2011-1231 | CVE-2011-1232 | CVE-2011-1233
CVSS SCORES: Base 6.6/ Temporal 4.9
THREAT: The Windows kernel is the core of the operating system. It provides system-level services such as device management and memory management, allocates processor time to processes, and manages error handling.

The kernel is prone to the multiple vulnerabilities that could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application.

Microsoft has released an update that addresses the following issues: - An elevation of privilege vulnerability exists due to improper Kernel-mode driver object management.
This addresses the following CVE-IDs : CVE-2011-0662, CVE-2011-0665, CVE-2011-0666, CVE-2011-0667, CVE-2011-0670, CVE-2011-0671, CVE-2011-0672, CVE-2011-0674, CVE-2011-0675, CVE-2011-1234, CVE-2011-1235, CVE-2011-1236, CVE-2011-1237, CVE-2011-1238, CVE-2011-1239, CVE-2011-1240, CVE-2011-1241 and CVE-2011-1242

- An elevation of privilege vulnerability exists due to a Null pointer dereference. This is due to the way the kernel-mode drivers keep track of pointers to certain kernel-mode driver objects.
This addresses the following CVE-IDs : CVE-2011-0673, CVE-2011-0676, CVE-2011-0677, CVE-2011-1225, CVE-2011-1226, CVE-2011-1227, CVE-2011-1228, CVE-2011-1229, CVE-2011-1230, CVE-2011-1231, CVE-2011-1232 and CVE-2011-1233

Microsoft has released an update that addresses the vulnerabilities by correcting the way that kernel-mode drivers manage kernel-mode driver objects and keep track of pointers to kernel-mode driver objects.

This security update is rated Important for all supported versions of Microsoft Windows.

IMPACT: An attacker must have valid login credentials and be able to log on locally to exploit these vulnerabilities.
SOLUTION: Patch:
Following are links for downloading patches to fix the vulnerabilities:

Windows XP Service Pack 3

Windows XP Professional x64 Edition Service Pack 2

Windows Server 2003 Service Pack 2

Windows Server 2003 x64 Edition Service Pack 2

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista Service Pack 1 and Windows Vista Service Pack 2

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Refer to Microsoft Security Bulletin MS11-034 for further details.

This new vulnerability check is included in Qualys vulnerability signatures 1.28.85-3. Each QualysGuard account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the QualysGuard HOME menu, select the Account Info tab.

SELECTIVE SCAN INSTRUCTIONS USING QUALYSGUARD:

To perform a selective vulnerability scan, configure a scan profile to use the following options:

  1. Ensure access to TCP ports 135 and 139 are available.
  2. Enable Windows Authentication (specify Authentication Records).
  3. Enable the following Qualys IDs:
    • 100099
    • 90692
    • 90699
    • 110132
    • 110148
    • 110146
    • 90675
    • 90698
    • 90679
    • 90694
    • 90696
    • 90702
    • 90695
    • 90700
    • 90697
    • 90693
    • 90701
  4. If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
  5. If you would like to be notified if QualysGuard is unable to logon to a host (if Authentication fails), also include QID 105015.

In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Matrix Report, available from the QualysGuard HOME page.


Technical Support
For more information, customers may contact Qualys Technical Support directly at support@qualys.com or by telephone toll free at:
US: 1 866.801.6161 | EMEA: 33 1 44.17.00.41 | UK: +44 1753 872102
About QualysGuard
QualysGuard is an on-demand security audit service delivered over the web that enables organizations to effectively manage their vulnerabilities and maintain control over their network security with centralized reports, verified remedies, and full remediation workflow capabilities with trouble tickets. QualysGuard provides comprehensive reports on vulnerabilities including severity levels, time to fix estimates and impact on business, plus trend analysis on security issues. By continuously and proactively monitoring all network access points, QualysGuard dramatically reduces security managers' time researching, scanning and fixing network exposures and enables companies to eliminate network vulnerabilities before they can be exploited.

Access for QualysGuard customers: https://qualysguard.qualys.com

Free trial of QualysGuard service: http://www.qualys.com/forms/trials/qualysguard_trial/