Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 11 vulnerabilities that were fixed in 10 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Microsoft has released 10 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
The important issues fixed by this security update are:
1. PNG image rendering memory corruption vulnerability which can be exploited remotely (CAN-2005-1211).
2. XML redirect information disclosure vulnerability which allows information disclosure (CAN-2002-0648).
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
June Security Updates for Embedded (KB883939)
Internet Explorer 5.01 Service Pack 3 on Microsoft Windows 2000 Service Pack 3: :
http://www.microsoft.com/downloads/details.aspx?FamilyId=5F577A83-67C6-45AE-B5C5-10D7C7FFA3D3
Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4: :
http://www.microsoft.com/downloads/details.aspx?FamilyId=703859AF-CDD5-4348-8916-472A3FDF8667
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 3, on Microsoft Windows 2000 Service Pack 4, or on Microsoft Windows XP Service Pack 1: :
http://www.microsoft.com/downloads/details.aspx?FamilyId=A1809B9B-9B0F-4A9C-84A5-56B774920313
Internet Explorer 6 for Microsoft Windows XP Service Pack 2: :
http://www.microsoft.com/downloads/details.aspx?FamilyId=36EC67CA-94F6-4E55-ADCD-4406A3D6AADE
Internet Explorer 6 Service Pack 1 for Microsoft Windows XP 64 Bit Edition Service Pack 1 (Itanium): :
http://www.microsoft.com/downloads/details.aspx?FamilyId=6AAE593C-8FFD-443F-B9AC-3F9F0F20A2EB
Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1: :
http://www.microsoft.com/downloads/details.aspx?FamilyId=2C58B8F7-4F2D-44DA-80EF-B83667B5AFD7
Internet Explorer 6 for Microsoft Windows XP 64 Bit Edition Version 2003 (Itanium), Microsoft Windows Server 2003 for Itanium based Systems and Microsoft Windows Server 2003 with SP1 for Itanium based Systems: :
http://www.microsoft.com/downloads/details.aspx?FamilyId=77E601E9-4EED-4671-8F3E-AD58A1E88041
Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition, and Microsoft Windows XP Professional x64 Edition: :
http://www.microsoft.com/downloads/details.aspx?FamilyId=1A7087F1-3AF2-4B33-9F04-6159FAA34C31
Refer to Microsoft Security Bulletin MS05-025 for further details.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
June Security Updates for Embedded (KB896358)
October 2009 Security Database Updates are Available (KB896358)
By exploiting this vulnerability, an attacker could install programs, view, change and delete data, and create new user accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=9AF346AE-4807-42F4-95E2-8F5FAE321102
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=17833B94-AF70-47BD-872C-033A3F0E982A
Microsoft Windows XP 64 Bit Edition Service Pack 1 (Itanium) :
http://www.microsoft.com/downloads/details.aspx?FamilyId=A6A807F2-AD02-4D15-A198-CF8A728B3A25
Microsoft Windows XP 64 Bit Edition Version 2003 (Itanium) :
http://www.microsoft.com/downloads/details.aspx?FamilyId=EE8BA26D-CFDA-428F-9F9B-16908DB88C80
Microsoft Windows XP Professional x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=CE81AE3B-4FA4-4576-8539-AB49E575A98F
Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=A19EEE21-7DF2-4B95-A4C5-44C6CAA5AF9A
Microsoft Windows Server 2003 for Itanium based Systems and Microsoft Windows Server 2003 with SP1 for Itanium based Systems :
http://www.microsoft.com/downloads/details.aspx?FamilyId=EE8BA26D-CFDA-428F-9F9B-16908DB88C80
Microsoft Windows Server 2003 x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=2E8716F7-3A81-4482-8C92-2A2DC3C2F782
Refer to Microsoft Security Bulletin MS05-026 for further details.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
June Security Updates for Embedded (KB896422)
Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=1E83F120-01FB-4029-A524-F3AE08F8BB28
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=9CC719AD-5E57-4AEF-9FB3-9F7AB7BB5D32
Microsoft Windows XP 64 Bit Edition Service Pack 1 (Itanium) :
http://www.microsoft.com/downloads/details.aspx?FamilyId=B3A61221-0DAC-452C-87E9-3362DD97273A
Microsoft Windows XP 64 Bit Edition Version 2003 (Itanium) :
http://www.microsoft.com/downloads/details.aspx?FamilyId=7D97522F-F322-44D4-9E60-BDFED4A7A079
Microsoft Windows XP Professional x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=716B9CDE-5EF1-4005-903F-FC720863F03C
Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=3EA61158-E7C5-49A8-A701-B16AAF83A188
Microsoft Windows Server 2003 for Itanium based Systems and Microsoft Windows Server 2003 with SP1 for Itanium based Systems :
http://www.microsoft.com/downloads/details.aspx?FamilyId=7D97522F-F322-44D4-9E60-BDFED4A7A079
Microsoft Windows Server 2003 x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=B455A686-EFF2-44D7-BAFA-AC73F0F68FB1
Refer to Micrsoft Security Bulletin MS05-027 for further details.
A remote code execution vulnerability exists in the way that Windows processes Web Client requests that could allow an attacker who successfully exploits this issue to take complete control of the affected system.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
June Security Updates for Embedded (KB896426)
Microsoft Windows XP Service Pack 1 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=91488DDD-1D7E-4277-916A-D5F2EE0B6327
Microsoft Windows XP 64 Bit Edition Service Pack 1 (Itanium) :
http://www.microsoft.com/downloads/details.aspx?FamilyId=1DC37A74-BF1E-4AFE-8198-D5CA460A3872
Microsoft Windows XP 64 Bit Edition Version 2003 (Itanium) :
http://www.microsoft.com/downloads/details.aspx?FamilyId=2024382A-14A9-4231-8835-E2720C562190
Microsoft Windows Server 2003 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=B7097610-8AAB-4A2F-94C9-18D32E1C297C
Microsoft Windows Server 2003 for Itanium based Systems :
http://www.microsoft.com/downloads/details.aspx?FamilyId=2024382A-14A9-4231-8835-E2720C562190
Refer to Microsoft Security Bulletin MS05-028 for further details.
Microsoft Exchange Server 5.5 Service Pack 4 :
http://www.microsoft.com/downloads/details.aspx?familyid=08435B77-9F3A-40F5-B13A-A7019CB1C244
Refer to Microsoft Security Bulletin MS05-029 for further details.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
June Security Updates for Embedded (KB897715)
Outlook Express 5.5 Service Pack 2 on Microsoft Windows 2000 Service Pack 3 and on Microsoft Windows 2000 Service Pack 4: :
http://www.microsoft.com/downloads/details.aspx?FamilyId=a6932151-2ae2-4c6e-861a-6ff5bde61191
Outlook Express 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 3, on Microsoft Windows 2000 Service Pack 4, or on Microsoft Windows XP Service Pack 1: :
http://www.microsoft.com/downloads/details.aspx?FamilyId=89e4d8ee-4d8e-4660-a53d-28502b3d2518
Outlook Express 6 Service Pack 1 for Microsoft Windows XP 64 Bit Edition Service Pack 1 (Itanium): :
http://www.microsoft.com/downloads/details.aspx?FamilyId=b765c0e1-f4e2-495b-aae5-2db3eeaf71bb
Outlook Express 6 for Microsoft Windows XP 64 Bit Edition Version 2003 (Itanium): :
http://www.microsoft.com/downloads/details.aspx?familyid=69901ec1-a11f-4135-9874-3698bcf7c760
Outlook Express 6 for Microsoft Windows Server 2003 for Itanium based Systems: :
http://www.microsoft.com/downloads/details.aspx?familyid=5fc7d68b-92a6-4c03-8d88-b2501aea8da6
Outlook Express 6 for Microsoft Windows Server 2003: :
http://www.microsoft.com/downloads/details.aspx?FamilyId=d439eee9-05eb-4ecb-9e86-6259f1acaabb
Refer to Micrsoft Security Bulletin MS05-030 for further details.
Step by Step Interactive Training :
http://www.microsoft.com/downloads/details.aspx?FamilyId=591265a7-e7f4-409f-992b-84d954824ba8
Step by Step Interactive Training when it is running on Itanium based systems :
http://www.microsoft.com/downloads/details.aspx?FamilyId=591265a7-e7f4-409f-992b-84d954824ba8
Step by Step Interactive Training when it is running on x64 based systems :
http://www.microsoft.com/downloads/details.aspx?FamilyId=591265a7-e7f4-409f-992b-84d954824ba8
Refer to Microsoft Security Bulletin MS05-031 for further details.
Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=6A7DEE96-F693-4C50-896D-2365873245A9
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=F2247275-25F9-4937-97CD-9334135D6D79
Microsoft Windows XP 64 Bit Edition Service Pack 1 (Itanium) :
http://www.microsoft.com/downloads/details.aspx?FamilyId=33E0A62D-395B-402C-A0A4-82E892E9B7AE
Microsoft Windows XP 64 Bit Edition Version 2003 (Itanium) :
http://www.microsoft.com/downloads/details.aspx?FamilyId=9BA306DC-9C31-432B-91E0-B057C9C1EEAE
Microsoft Windows XP Professional x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=8C73D017-CF4F-49A3-9752-764F165F5B83
Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=5B38AF7A-3054-4EFD-9007-E4EB3B57179E
Microsoft Windows Server 2003 for Itanium based Systems and Microsoft Windows Server 2003 with SP1 for Itanium based Systems :
http://www.microsoft.com/downloads/details.aspx?FamilyId=EDFF8603-6352-4410-9258-54DF418CCA99
Microsoft Windows Server 2003 x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=AFF0FE48-AFE0-4E7A-9FB0-6CB7E8332D49
Refer to Microsoft Security Bulletin MS05-032 for further details.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
February Security Updates are Now Available (KB896428)
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=B8BA775E-E9A7-47E9-81A9-A68A71B9FAAC
Microsoft Windows XP 64 Bit Edition Service Pack 1 (Itanium) :
http://www.microsoft.com/downloads/details.aspx?FamilyId=C6161D9E-1672-479E-8BAF-754A64DFAB47
Microsoft Windows XP 64 Bit Edition Version 2003 (Itanium) :
http://www.microsoft.com/downloads/details.aspx?FamilyId=C23A4E16-E228-4A80-A4CB-9DCEF462B97A
Microsoft Windows XP Professional x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=B281550B-8FAE-4FF3-9BB7-E4BA325779B9
Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=22095E78-A559-40EA-8B65-9C727F4E752F
Microsoft Windows Server 2003 for Itanium based Systems and Microsoft Windows Server 2003 with SP1 for Itanium based Systems :
http://www.microsoft.com/downloads/details.aspx?FamilyId=C23A4E16-E228-4A80-A4CB-9DCEF462B97A
Microsoft Windows Server 2003 x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=DCC6840F-E626-4266-A63A-CDDEC0EC44D6
Microsoft Windows Services for UNIX 3.5 when running on Windows 2000 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=7c3dd615-b82d-4520-9c3a-376283b01d5b
Microsoft Windows Services for UNIX 3.0 when running on Windows 2000 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=8eaad650-54db-44bc-ac9b-fc8a50f5a3b5
Microsoft Windows Services for UNIX 2.2 when running on Windows 2000 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=32c4e286-2c4d-491a-9e05-4ca0b055d5dc
Microsoft Windows Services for UNIX 2.1 when running on Windows 2000 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=a41c701c-c0bb-40b3-88c5-ccc484202b2c
For a complete list of patch download links, please refer to Microsoft Security Bulletin MS05-033.
Microsoft Internet Security and Acceleration (ISA) Server 2000 Service Pack 2 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=E579813B-0372-45BE-8070-3F4D7D4CB89C
Refer to Microsoft Security Bulletin MS05-034 for further details.
These new vulnerability checks are included in Qualys vulnerability signature 1.11.46-6. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
To perform a selective vulnerability scan, configure a scan profile to use the following options:
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Platforms and Platform Identification
For more information, customers may contact Qualys Technical Support.
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.