Microsoft security alert.
June 14, 2005
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 11 vulnerabilities that were fixed in 10 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 10 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Internet Explorer Security Update Missing (MS05-025)
- Severity
- Urgent 5
- Qualys ID
- 100026
- Vendor Reference
- MS05-025
- CVE Reference
- CVE-2005-1211
- CVSS Scores
- Base 5.1 / Temporal 4.2
- Description
-
The Microsoft Windows host is missing the cumulative security update for Internet Explorer, described in Microsoft advisory MS05-025.
The important issues fixed by this security update are:
1. PNG image rendering memory corruption vulnerability which can be exploited remotely (CAN-2005-1211).2. XML redirect information disclosure vulnerability which allows information disclosure (CAN-2002-0648).
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
June Security Updates for Embedded (KB883939)
- Consequence
- This Microsoft security update fixes security vulnerabilities which could be exploited by remote attackers.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Internet Explorer 5.01 Service Pack 3 on Microsoft Windows 2000 Service Pack 3: :
http://www.microsoft.com/downloads/details.aspx?FamilyId=5F577A83-67C6-45AE-B5C5-10D7C7FFA3D3Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4: :
http://www.microsoft.com/downloads/details.aspx?FamilyId=703859AF-CDD5-4348-8916-472A3FDF8667Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 3, on Microsoft Windows 2000 Service Pack 4, or on Microsoft Windows XP Service Pack 1: :
http://www.microsoft.com/downloads/details.aspx?FamilyId=A1809B9B-9B0F-4A9C-84A5-56B774920313Internet Explorer 6 for Microsoft Windows XP Service Pack 2: :
http://www.microsoft.com/downloads/details.aspx?FamilyId=36EC67CA-94F6-4E55-ADCD-4406A3D6AADEInternet Explorer 6 Service Pack 1 for Microsoft Windows XP 64 Bit Edition Service Pack 1 (Itanium): :
http://www.microsoft.com/downloads/details.aspx?FamilyId=6AAE593C-8FFD-443F-B9AC-3F9F0F20A2EBInternet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1: :
http://www.microsoft.com/downloads/details.aspx?FamilyId=2C58B8F7-4F2D-44DA-80EF-B83667B5AFD7Internet Explorer 6 for Microsoft Windows XP 64 Bit Edition Version 2003 (Itanium), Microsoft Windows Server 2003 for Itanium based Systems and Microsoft Windows Server 2003 with SP1 for Itanium based Systems: :
http://www.microsoft.com/downloads/details.aspx?FamilyId=77E601E9-4EED-4671-8F3E-AD58A1E88041Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition, and Microsoft Windows XP Professional x64 Edition: :
http://www.microsoft.com/downloads/details.aspx?FamilyId=1A7087F1-3AF2-4B33-9F04-6159FAA34C31Refer to Microsoft Security Bulletin MS05-025 for further details.
-
Microsoft HTML Help Remote Code Execution Vulnerability (MS05-026)
- Severity
- Critical 4
- Qualys ID
- 90253
- Vendor Reference
- MS05-026
- CVE Reference
- CVE-2005-1208
- CVSS Scores
- Base 10 / Temporal 7.4
- Description
-
Microsoft Security Update MS05-026 is not installed on the target system. A remote code execution vulnerability exists in HTML Help that could allow an attacker who successfully exploits this vulnerability to take complete control of the affected system.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
June Security Updates for Embedded (KB896358)
October 2009 Security Database Updates are Available (KB896358)
- Consequence
-
If a user is logged on with administrative user rights, an attacker who successfully exploits this vulnerability could take complete control of the affected system.
By exploiting this vulnerability, an attacker could install programs, view, change and delete data, and create new user accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=9AF346AE-4807-42F4-95E2-8F5FAE321102Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=17833B94-AF70-47BD-872C-033A3F0E982AMicrosoft Windows XP 64 Bit Edition Service Pack 1 (Itanium) :
http://www.microsoft.com/downloads/details.aspx?FamilyId=A6A807F2-AD02-4D15-A198-CF8A728B3A25Microsoft Windows XP 64 Bit Edition Version 2003 (Itanium) :
http://www.microsoft.com/downloads/details.aspx?FamilyId=EE8BA26D-CFDA-428F-9F9B-16908DB88C80Microsoft Windows XP Professional x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=CE81AE3B-4FA4-4576-8539-AB49E575A98FMicrosoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=A19EEE21-7DF2-4B95-A4C5-44C6CAA5AF9AMicrosoft Windows Server 2003 for Itanium based Systems and Microsoft Windows Server 2003 with SP1 for Itanium based Systems :
http://www.microsoft.com/downloads/details.aspx?FamilyId=EE8BA26D-CFDA-428F-9F9B-16908DB88C80Microsoft Windows Server 2003 x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=2E8716F7-3A81-4482-8C92-2A2DC3C2F782Refer to Microsoft Security Bulletin MS05-026 for further details.
-
Microsoft SMB Remote Code Execution Vulnerability (MS05-027)
- Severity
- Urgent 5
- Qualys ID
- 90252
- Vendor Reference
- MS05-027
- CVE Reference
- CVE-2005-1206
- CVSS Scores
- Base 7.5 / Temporal 5.9
- Description
-
A remote code execution vulnerability exists in Server Message Block (SMB) that could allow an attacker who successfully exploits this vulnerability to take complete control of the affected system.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
June Security Updates for Embedded (KB896422)
- Consequence
- A remote attacker could exploit this vulnerability to execute arbitrary code and take complete control of the affected system.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=1E83F120-01FB-4029-A524-F3AE08F8BB28Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=9CC719AD-5E57-4AEF-9FB3-9F7AB7BB5D32Microsoft Windows XP 64 Bit Edition Service Pack 1 (Itanium) :
http://www.microsoft.com/downloads/details.aspx?FamilyId=B3A61221-0DAC-452C-87E9-3362DD97273AMicrosoft Windows XP 64 Bit Edition Version 2003 (Itanium) :
http://www.microsoft.com/downloads/details.aspx?FamilyId=7D97522F-F322-44D4-9E60-BDFED4A7A079Microsoft Windows XP Professional x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=716B9CDE-5EF1-4005-903F-FC720863F03CMicrosoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=3EA61158-E7C5-49A8-A701-B16AAF83A188Microsoft Windows Server 2003 for Itanium based Systems and Microsoft Windows Server 2003 with SP1 for Itanium based Systems :
http://www.microsoft.com/downloads/details.aspx?FamilyId=7D97522F-F322-44D4-9E60-BDFED4A7A079Microsoft Windows Server 2003 x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=B455A686-EFF2-44D7-BAFA-AC73F0F68FB1Refer to Micrsoft Security Bulletin MS05-027 for further details.
-
Microsoft Windows Web Client Service Remote Code Execution Vulnerability (MS05-028)
- Severity
- Urgent 5
- Qualys ID
- 90256
- Vendor Reference
- MS05-028
- CVE Reference
- CVE-2005-1207
- CVSS Scores
- Base 7.2 / Temporal 5.3
- Description
-
The Web Client service allows applications to access documents on the Internet. Web Client extends the networking capability of Windows by allowing standard Win32 applications to create, read and write files on Internet file servers by using the WebDAV protocol.
A remote code execution vulnerability exists in the way that Windows processes Web Client requests that could allow an attacker who successfully exploits this issue to take complete control of the affected system.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
June Security Updates for Embedded (KB896426)
- Consequence
- If successfully exploited, an attacker could take complete control of the affected system.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Windows XP Service Pack 1 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=91488DDD-1D7E-4277-916A-D5F2EE0B6327Microsoft Windows XP 64 Bit Edition Service Pack 1 (Itanium) :
http://www.microsoft.com/downloads/details.aspx?FamilyId=1DC37A74-BF1E-4AFE-8198-D5CA460A3872Microsoft Windows XP 64 Bit Edition Version 2003 (Itanium) :
http://www.microsoft.com/downloads/details.aspx?FamilyId=2024382A-14A9-4231-8835-E2720C562190Microsoft Windows Server 2003 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=B7097610-8AAB-4A2F-94C9-18D32E1C297CMicrosoft Windows Server 2003 for Itanium based Systems :
http://www.microsoft.com/downloads/details.aspx?FamilyId=2024382A-14A9-4231-8835-E2720C562190Refer to Microsoft Security Bulletin MS05-028 for further details.
-
Microsoft Outlook Web Access for Exchange Server Cross-Site Scripting Vulnerability (MS05-029)
- Severity
- Serious 3
- Qualys ID
- 90254
- Vendor Reference
- MS05-029
- CVE Reference
- CVE-2005-0563
- CVSS Scores
- Base 4.3 / Temporal 3.2
- Description
- Microsoft Security Update MS05-029 is not installed on the target system. This cross-site scripting vulnerability could allow an attacker to convince a user to run a malicious script. Attempts to exploit this vulnerability require user interaction.
- Consequence
- If the malicious script is run, it would execute in the security context of the user. This vulnerability could allow an attacker to gain access to any data on the Outlook Web Access server that was accessible to the individual user.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Exchange Server 5.5 Service Pack 4 :
http://www.microsoft.com/downloads/details.aspx?familyid=08435B77-9F3A-40F5-B13A-A7019CB1C244Refer to Microsoft Security Bulletin MS05-029 for further details.
-
Outlook Express News Reading Vulnerability (MS05-030)
- Severity
- Serious 3
- Qualys ID
- 90258
- Vendor Reference
- MS05-030
- CVE Reference
- CVE-2005-1213
- CVSS Scores
- Base 7.5 / Temporal 6.2
- Description
-
A remote code execution vulnerability exists in Outlook Express when it is used as a newsgroup reader. An attacker could exploit the vulnerability by constructing a malicious newsgroup server which could potentially allow remote code execution if a user queries the server for news.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
June Security Updates for Embedded (KB897715)
- Consequence
- An attacker who successfully exploits this vulnerability could take complete control of an affected system. However, user interaction is required to exploit this vulnerability.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Outlook Express 5.5 Service Pack 2 on Microsoft Windows 2000 Service Pack 3 and on Microsoft Windows 2000 Service Pack 4: :
http://www.microsoft.com/downloads/details.aspx?FamilyId=a6932151-2ae2-4c6e-861a-6ff5bde61191Outlook Express 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 3, on Microsoft Windows 2000 Service Pack 4, or on Microsoft Windows XP Service Pack 1: :
http://www.microsoft.com/downloads/details.aspx?FamilyId=89e4d8ee-4d8e-4660-a53d-28502b3d2518Outlook Express 6 Service Pack 1 for Microsoft Windows XP 64 Bit Edition Service Pack 1 (Itanium): :
http://www.microsoft.com/downloads/details.aspx?FamilyId=b765c0e1-f4e2-495b-aae5-2db3eeaf71bbOutlook Express 6 for Microsoft Windows XP 64 Bit Edition Version 2003 (Itanium): :
http://www.microsoft.com/downloads/details.aspx?familyid=69901ec1-a11f-4135-9874-3698bcf7c760Outlook Express 6 for Microsoft Windows Server 2003 for Itanium based Systems: :
http://www.microsoft.com/downloads/details.aspx?familyid=5fc7d68b-92a6-4c03-8d88-b2501aea8da6Outlook Express 6 for Microsoft Windows Server 2003: :
http://www.microsoft.com/downloads/details.aspx?FamilyId=d439eee9-05eb-4ecb-9e86-6259f1acaabbRefer to Micrsoft Security Bulletin MS05-030 for further details.
-
Microsoft Step-by-Step Interactive Training Could Allow Remote Code Execution (MS05-031)
- Severity
- Serious 3
- Qualys ID
- 90257
- Vendor Reference
- MS05-031
- CVE Reference
- CVE-2005-1212
- CVSS Scores
- Base 7.5 / Temporal 5.5
- Description
- Microsoft Security Update MS05-031 not installed on the target system. The Step-by-Step Interactive Training has a remote code execution vulnerability that could allow an attacker to take complete control of the affected system.
- Consequence
- If a user is logged on with administrative user rights, an attacker who successfully exploits this vulnerability could take complete control of the affected system. The attacker could then install programs, view, change and delete data, and create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. User interaction is required to exploit this vulnerability.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Step by Step Interactive Training :
http://www.microsoft.com/downloads/details.aspx?FamilyId=591265a7-e7f4-409f-992b-84d954824ba8Step by Step Interactive Training when it is running on Itanium based systems :
http://www.microsoft.com/downloads/details.aspx?FamilyId=591265a7-e7f4-409f-992b-84d954824ba8Step by Step Interactive Training when it is running on x64 based systems :
http://www.microsoft.com/downloads/details.aspx?FamilyId=591265a7-e7f4-409f-992b-84d954824ba8Refer to Microsoft Security Bulletin MS05-031 for further details.
-
Microsoft Agent Content-Spoofing Vulnerability (MS05-032)
- Severity
- Serious 3
- Qualys ID
- 90259
- Vendor Reference
- MS05-032
- CVE Reference
- CVE-2005-1214
- CVSS Scores
- Base 5.1 / Temporal 3.8
- Description
- Microsoft Agent is software technology that enables an enriched form of user interaction that can make using and learning to use a computer easier. A vulnerability exists in Microsoft Agent that could enable an attacker to spoof trusted Internet content.
- Consequence
- Users could believe that they are accessing trusted Internet content. However, they are accessing malicious Internet content such as a malicious Web site. An attacker would first need to persuade a user to visit the attacker's site to attempt to exploit this vulnerability.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=6A7DEE96-F693-4C50-896D-2365873245A9Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=F2247275-25F9-4937-97CD-9334135D6D79Microsoft Windows XP 64 Bit Edition Service Pack 1 (Itanium) :
http://www.microsoft.com/downloads/details.aspx?FamilyId=33E0A62D-395B-402C-A0A4-82E892E9B7AEMicrosoft Windows XP 64 Bit Edition Version 2003 (Itanium) :
http://www.microsoft.com/downloads/details.aspx?FamilyId=9BA306DC-9C31-432B-91E0-B057C9C1EEAEMicrosoft Windows XP Professional x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=8C73D017-CF4F-49A3-9752-764F165F5B83Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=5B38AF7A-3054-4EFD-9007-E4EB3B57179EMicrosoft Windows Server 2003 for Itanium based Systems and Microsoft Windows Server 2003 with SP1 for Itanium based Systems :
http://www.microsoft.com/downloads/details.aspx?FamilyId=EDFF8603-6352-4410-9258-54DF418CCA99Microsoft Windows Server 2003 x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=AFF0FE48-AFE0-4E7A-9FB0-6CB7E8332D49Refer to Microsoft Security Bulletin MS05-032 for further details.
-
Vulnerability in Microsoft Windows Telnet Client Could Allow Information Disclosure (MS05-033)
- Severity
- Serious 3
- Qualys ID
- 90260
- Vendor Reference
- MS05-033
- CVE Reference
- CVE-2005-1205
- CVSS Scores
- Base 5 / Temporal 3.7
- Description
-
The Microsoft Windows host is missing a security update described in Microsoft Security Advisory MS05-033. This update fixes a vulnerability in the telnet client that could lead to information disclosure.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
February Security Updates are Now Available (KB896428)
- Consequence
- An attacker could exploit this issue to read telnet session variables remotely.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=B8BA775E-E9A7-47E9-81A9-A68A71B9FAACMicrosoft Windows XP 64 Bit Edition Service Pack 1 (Itanium) :
http://www.microsoft.com/downloads/details.aspx?FamilyId=C6161D9E-1672-479E-8BAF-754A64DFAB47Microsoft Windows XP 64 Bit Edition Version 2003 (Itanium) :
http://www.microsoft.com/downloads/details.aspx?FamilyId=C23A4E16-E228-4A80-A4CB-9DCEF462B97AMicrosoft Windows XP Professional x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=B281550B-8FAE-4FF3-9BB7-E4BA325779B9Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=22095E78-A559-40EA-8B65-9C727F4E752FMicrosoft Windows Server 2003 for Itanium based Systems and Microsoft Windows Server 2003 with SP1 for Itanium based Systems :
http://www.microsoft.com/downloads/details.aspx?FamilyId=C23A4E16-E228-4A80-A4CB-9DCEF462B97AMicrosoft Windows Server 2003 x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=DCC6840F-E626-4266-A63A-CDDEC0EC44D6Microsoft Windows Services for UNIX 3.5 when running on Windows 2000 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=7c3dd615-b82d-4520-9c3a-376283b01d5bMicrosoft Windows Services for UNIX 3.0 when running on Windows 2000 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=8eaad650-54db-44bc-ac9b-fc8a50f5a3b5Microsoft Windows Services for UNIX 2.2 when running on Windows 2000 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=32c4e286-2c4d-491a-9e05-4ca0b055d5dcMicrosoft Windows Services for UNIX 2.1 when running on Windows 2000 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=a41c701c-c0bb-40b3-88c5-ccc484202b2cFor a complete list of patch download links, please refer to Microsoft Security Bulletin MS05-033.
-
Microsoft ISA Server 2000 Cumulative Update Missing (MS05-034)
- Severity
- Serious 3
- Qualys ID
- 90255
- Vendor Reference
- MS05-034
- CVE Reference
- CVE-2005-1215, CVE-2005-1216
- CVSS Scores
- Base 7.5 / Temporal 5.5
- Description
- Microsoft ISA Server 2000 on the target system is missing the cumulative security update described in Microsoft Security Bulletin MS05-034.
- Consequence
- The cumulative security update fixes issues that could be exploited by an attacker to gain escalated privileges on the vulnerable system.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Internet Security and Acceleration (ISA) Server 2000 Service Pack 2 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=E579813B-0372-45BE-8070-3F4D7D4CB89CRefer to Microsoft Security Bulletin MS05-034 for further details.
These new vulnerability checks are included in Qualys vulnerability signature 1.11.46-6. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 100026
- 90253
- 90252
- 90256
- 90254
- 90258
- 90257
- 90259
- 90260
- 90255
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.