Microsoft security alert.
October 11, 2005
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 14 vulnerabilities that were fixed in 9 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 9 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Collaboration Data Objects Remote Code Execution (MS05-048)
- Severity
- Critical 4
- Qualys ID
- 90275
- Vendor Reference
- MS05-048
- CVE Reference
- CVE-2005-1987
- CVSS Scores
- Base 7.5 / Temporal 6.2
- Description
- The target Windows system is missing the patch described in Microsoft Security Bulletin MS05-048. This patch fixes a remote execution issue in Microsoft Collaboration Data Objects. Collaboration Data Objects (CDO) is a COM component that allows to write programs that create or change Internet mail messages. Microsoft Windows and Microsoft Exchange 2000 are primarily at risk for this issue. An attacker could exploit this issue by creating a specially crafted message that would be processed by CDOSYS or CDOEX components on an affected system.
- Consequence
- An attacker could take complete control of the system by exploiting this issue.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Windows 2000 Service Pack 4 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=AE0BA6D7-37AF-46E8-9E25-AB63883FA944Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=E0DAF2D1-656C-4580-94C1-8AB009B4AD4FMicrosoft Windows XP Professional x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=D389EF4D-583D-41C0-9081-844D348F3817Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=1BC06799-B9F5-416F-8965-DC0E07A24A29Microsoft Windows Server 2003 for Itanium based Systems and Microsoft Windows Server 2003 with SP1 for Itanium based Systems :
http://www.microsoft.com/downloads/details.aspx?FamilyId=956FFD90-60AF-4296-8765-F0A17A77DB77Microsoft Windows Server 2003 x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=5504C410-CDCB-4826-B002-DBA0E3A402A4Microsoft Exchange 2000 Server Service Pack 3 with the Exchange 2000 Post Service Pack 3 Update Rollup of August 2004:
http://www.microsoft.com/downloads/details.aspx?FamilyId=60FD0DDC-04B7-4879-930B-53375823CD51Refer to Micrsoft Security Bulletin MS05-048 for further details.
-
Microsoft Windows FTP Client Transfer Location Tampering Vulnerability (MS05-044)
- Severity
- Serious 3
- Qualys ID
- 90277
- Vendor Reference
- MS05-044
- CVE Reference
- CVE-2005-2126
- CVSS Scores
- Base 2.6 / Temporal 1.9
- Description
- A tampering vulnerability exists in the Windows FTP client. This vulnerability could allow an attacker to modify the intended destination location for a file transfer when a client has manually chosen to transfer a file by using FTP. This vulnerability could allow the attacker to write the file to any file system that is located on an affected system.
- Consequence
- An attacker who exploits this vulnerability could save files to specific locations on an affected system. These files could allow other attacks. For example, an attacker could save an executable file in the "Startup" folder. Then, the transferred file would run the next time the user logs on.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Windows Server 2003 for Itanium based Systems :
http://www.microsoft.com/downloads/details.aspx?FamilyId=B715147B-DE2D-4F14-9548-AFF18641D0F3Microsoft Windows XP Service Pack 1 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=351C63A3-AB62-418D-8678-3AF791D73A29Microsoft Windows Server 2003 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=4940CF64-E1FD-4E88-8980-3106BE03BF12Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=FCEA60E5-9EA8-4216-BA4D-C85054892DBBRefer to Microsoft Security Bulletin MS05-044 for further details.
-
Microsoft Network Connection Manager Denial of Service Vulnerability (MS05-045)
- Severity
- Serious 3
- Qualys ID
- 90281
- Vendor Reference
- MS05-045
- CVE Reference
- CVE-2005-2307
- CVSS Scores
- Base 5 / Temporal 3.9
- Description
-
A vulnerability in Network Connection Manager could allow a denial of service on the affected platforms against the Network Connection Manager. Particularly, netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function.
Microsoft rates this issue as "moderate".
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
October Security Updates are (finally) available! (KB905414)
- Consequence
- An attacker who successfully exploits this vulnerability could cause the component responsible for managing network and remote access connections to stop responding. If the affected component is stopped due to an attack, it will automatically restart when new requests are received.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Windows 2000 Service Pack 4 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=92C5A89F-89E5-4A33-ACD6-4F42AE921681Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=19569E67-6D99-41FC-9457-44EC524F6106Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=143B0289-6E60-4918-A46C-B0BE2131C7AFRefer to Microsoft Security Bulletin MS05-045 for further details.
-
Microsoft Windows Client Service For Netware Buffer Overflow Vulnerability (MS05-046)
- Severity
- Urgent 5
- Qualys ID
- 90280
- Vendor Reference
- MS05-046
- CVE Reference
- CVE-2005-1985
- CVSS Scores
- Base 7.5 / Temporal 5.9
- Description
-
A buffer overflow vulnerability exists in the Client Service for NetWare (CSNW). By default, CSNW is not installed on any affected operating system. Only customers who manually installed CSNW could be vulnerable to this issue. This service is also called Gateway Service for NetWare on Windows 2000 Server.
Please note that this is a patch detection; the target system may or may-not be exploitable.
Microsoft rates this issue as "important".
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
October Security Updates are (finally) available! (KB899589)
- Consequence
- An attacker who successfully exploits this vulnerability could execute arbitrary code and remotely take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Windows 2000 Service Pack 4 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=261A7D4D-90FC-4529-9C4A-B630196C6A83Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=4C1C2C16-99E7-4701-A3F8-65B803B8B881Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=8AB86BA3-54CD-44D7-8016-DE6E3ED51021Refer to Microsoft Security Bulletin MS05-046 for further details.
-
Microsoft Plug and Play Remote Code Execution and Local Privilege Elevation Vulnerability (MS05-047)
- Severity
- Urgent 5
- Qualys ID
- 90278
- Vendor Reference
- MS05-047
- CVE Reference
- CVE-2005-2120
- CVSS Scores
- Base 6.5 / Temporal 5.1
- Description
-
Plug and Play includes remote code execution and local elevation of privilege vulnerabilities. These issues could allow an authenticated attacker to take complete control of the affected system.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
October Security Updates are (finally) available! (KB905749)
- Consequence
- As a result of this vulnerability being exploited, an authenticated attacker could take complete control of the affected system.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Windows 2000 Service Pack 4 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=FFDB8AB7-F979-41B4-9625-EA51CD503258Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=1559E44A-DDEE-4C86-BF02-A6C3B9BEEE0CRefer to Microsoft Security Bulletin MS05-047 for further details.
-
Microsoft Windows Shell Remote Code Execution Vulnerability (MS05-049)
- Severity
- Critical 4
- Qualys ID
- 90273
- Vendor Reference
- MS05-049
- CVE Reference
- CVE-2005-2117, CVE-2005-2118, CVE-2005-2122
- CVSS Scores
- Base 10 / Temporal 7.4
- Description
-
The target Microsoft Windows system is missing the security update described in Microsoft Security Bulletin MS05-049. This update resolves a remote code execution vulnerability in the operating system shell.
A remote code execution vulnerability exists in Windows because of the way that it handles the .lnk file name extension. A vulnerability also exists in the way that Web View in Windows Explorer handles certain HTML characters in preview fields.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
October Security Updates are (finally) available! (KB900725)
- Consequence
- By persuading a user to preview a malicious file, an attacker could execute code. User interaction is required in order for this vulnerability to be exploited.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Windows 2000 Service Pack 4 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=1F063C4A-B0BF-49C6-928B-F1F076C69612Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=F7241DEB-9E2D-401A-9D71-10ACAB4450AFMicrosoft Windows XP Professional x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=594AD01B-F333-4C56-9C12-D1A8B82F2A6EMicrosoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=1A4FCFDE-E549-4078-A180-076A23CB8BB7Microsoft Windows Server 2003 for Itanium based Systems and Microsoft Windows Server 2003 with SP1 for Itanium based Systems :
http://www.microsoft.com/downloads/details.aspx?FamilyId=3BA63AF8-3D36-4F3C-BFEE-11B62572AF73Microsoft Windows Server 2003 x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=994B14B4-EE98-4B61-BDBE-CA5C20094855Refer to Micrsoft Security Bulletin MS05-049 for further details.
-
Microsoft DirectShow Remote Code Execution Vulnerability (MS05-050)
- Severity
- Urgent 5
- Qualys ID
- 90276
- Vendor Reference
- MS05-050
- CVE Reference
- CVE-2005-2128
- CVSS Scores
- Base 5 / Temporal 3.7
- Description
-
The target Microsoft Windows system is missing the security update described in Microsoft Security Bulletin MS05-050. This update resolves a remote code execution vulnerability in DirectShow.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
October Security Updates are (finally) available! (KB904706)
- Consequence
- An attacker who successfully exploits this vulnerability could take complete control of the affected system and gain the same user rights as the local user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
- Solution
-
Refer to Microsoft Security Bulletin MS05-050 for more details and instructions on downloading and installing the patch.
Microsoft has categorized this update as Critical.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS05-050 Microsoft DirectX 7.0 on Microsoft Windows 2000 with Service Pack 4
MS05-050 Microsoft DirectX 8.0, 8.0a, 8.1, 8.1a, 8.1b, and 8.2 when installed on Windows 2000 Service Pack 4
MS05-050 Microsoft DirectX 8.1 on Microsoft Windows Server 2003 and Microsoft DirectX 9.0c on Microsoft Windows Server 2003 with Service Pack 1
MS05-050 Microsoft DirectX 8.1 on Microsoft Windows Server 2003 for Itanium based Systems and Microsoft DirectX 9.0c on Microsoft Windows Server 2003 with Service Pack 1 for Itanium based Systems
MS05-050 Microsoft DirectX 8.1 on Microsoft Windows XP Service Pack 1 and Microsoft DirectX 9.0c on Microsoft Windows XP with Service Pack 2
MS05-050 Microsoft DirectX 9.0, 9.0a, 9.0b, and 9.0c when installed on Windows 2000 Service Pack 4
MS05-050 Microsoft DirectX 9.0, 9.0a, 9.0b, and 9.0c when installed on Windows Server 2003
MS05-050 Microsoft DirectX 9.0, 9.0a, 9.0b, and 9.0c when installed on Windows XP Service Pack 1
MS05-050 Microsoft DirectX 9.0c on Microsoft Windows Server 2003 x64 Edition
MS05-050 Microsoft DirectX 9.0c on Microsoft Windows XP Professional x64 Edition
-
Microsoft MSDTC and COM+ Remote Code Execution Vulnerability (MS05-051)
- Severity
- Urgent 5
- Qualys ID
- 90274
- Vendor Reference
- MS05-051
- CVE Reference
- CVE-2005-1978, CVE-2005-1979, CVE-2005-1980, CVE-2005-2119
- CVSS Scores
- Base 7.5 / Temporal 6.2
- Description
-
The target Microsoft Windows system is missing an update described in Microsoft Security Bulletin MS05-051. This update fixes remote code execution issues in MSDTC and COM+.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
October Security Updates are (finally) available! (KB902400)
- Consequence
- A remote attacker could take complete control of the system by exploiting this issue.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Windows 2000 Service Pack 4 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=4E5B96D8-BA74-4008-80D9-922364ABC6ACMicrosoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=20F79CE7-D4DB-42D7-8E57-58656A3FB2F7Microsoft Windows XP Professional x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=A6EC1352-042E-4FFB-B379-0E1C06AB9DBEMicrosoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=CA202CCC-792E-4462-9A2F-A20D1F8607F7Microsoft Windows Server 2003 for Itanium based Systems and Microsoft Windows Server 2003 with SP1 for Itanium based Systems :
http://www.microsoft.com/downloads/details.aspx?FamilyId=554A86A5-0B03-4CA9-A32D-642E40570424Microsoft Windows Server 2003 x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=1FF26142-6E1E-4E17-9DCD-994B339A69CFRefer to Micrsoft Security Bulletin MS05-051 for further details.
-
Microsoft Internet Explorer Cumulative Patch Missing (MS05-052)
- Severity
- Urgent 5
- Qualys ID
- 100030
- Vendor Reference
- MS05-052
- CVE Reference
- CVE-2005-2127
- CVSS Scores
- Base 7.5 / Temporal 6.5
- Description
-
The target Microsoft Windows system is missing an update described in Microsoft Security Bulletin MS05-052. This patch fixes critical security issues in Microsoft Internet Explorer.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
October Security Updates are (finally) available! (KB896688)
- Consequence
- By exploiting this vulnerability, a remote attacker could take complete control of a vulnerable system.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=B1F0216C-0D62-4141-9DC7-3C7B06C3A30AInternet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=8F638D4A-670D-46C7-A7A1-1D1E3DC9732FInternet Explorer 6 for Microsoft Windows XP Service Pack 2 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=41CCCA21-5010-49FF-A2DD-CB365F6FD3C5Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=4739846F-C35D-4C62-8E1A-60E01F3B3A59Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium based Systems and Microsoft Windows Server 2003 with SP1 for Itanium based Systems :
http://www.microsoft.com/downloads/details.aspx?FamilyId=44F43899-E897-4495-A4F1-73A4D48E001AInternet Explorer 6 for Microsoft Windows Server 2003 x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=24846F0A-0530-42D1-AC60-216C0260ACA3Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=59575247-3E71-4595-92B9-4E45F6D324EFRefer to Micrsoft Security Bulletin MS05-052 for further details.
These new vulnerability checks are included in Qualys vulnerability signature 1.12.52-5. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 90275
- 90277
- 90281
- 90280
- 90278
- 90273
- 90276
- 90274
- 100030
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.