Microsoft security alert.
February 14, 2006
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 7 vulnerabilities that were fixed in 7 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 7 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Vulnerability in Microsoft Windows TCP/IP Could Allow Denial of Service (MS06-007)
- Severity
- Serious 3
- Qualys ID
- 90300
- Vendor Reference
- MS06-007
- CVE Reference
- CVE-2006-0021
- CVSS Scores
- Base 7.8 / Temporal 6.1
- Description
-
A denial of service vulnerability exists in the Microsoft TCP/IP stack that could allow an attacker to send a specially crafted IGMP packet to an affected system to make it unresponsive to further requests.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
February Security Updates are Available (KB913446)
- Consequence
- A remote attacker could exploit this issue to make a system not respond to further requests.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=7BB21D74-C37B-472B-BB10-71D4680680A7Microsoft Windows XP Professional x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=8E2538CC-CC90-4DB7-8D0B-0B8BA4234E67Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=78D7DF14-6049-4318-89CA-9C8681CED8ABMicrosoft Windows Server 2003 for Itanium based Systems and Microsoft Windows Server 2003 with SP1 for Itanium based Systems :
http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE276CF-AB46-4198-BCB3-3EFFDF15550EMicrosoft Windows Server 2003 x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=12AAE69E-C5C3-4E4A-9970-F5DB84DD9744Refer to Microsoft Security Bulletin MS06-007 for further details.
-
Windows Web Client Service Remote Code Execution (MS06-008)
- Severity
- Critical 4
- Qualys ID
- 90301
- Vendor Reference
- MS06-008
- CVE Reference
- CVE-2006-0013
- CVSS Scores
- Base 6.5 / Temporal 5.1
- Description
-
A remote code execution vulnerability exists in the way that Windows processes Web client requests.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
February Security Updates are Available (KB911927)
- Consequence
- An attacker who successfully exploits this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=62535040-5204-4469-B0BF-EAE14567C2D5Microsoft Windows XP Professional x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=9734F634-6869-434F-AAF0-47B70F84D178Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=FA073183-0C83-4F1C-BE46-A2EE8A1A1440Microsoft Windows Server 2003 for Itanium based Systems and Microsoft Windows Server 2003 with SP1 for Itanium based Systems :
http://www.microsoft.com/downloads/details.aspx?FamilyId=E186E149-208A-4035-A0FC-E1CBDE4E6FEFMicrosoft Windows Server 2003 x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=E2F5413A-0B77-4C18-9BAB-E2470D3D3F4ERefer to Microsoft Security Bulletin MS06-008 for further details.
-
Microsoft Internet Explorer Cumulative Update Missing (MS06-004)
- Severity
- Critical 4
- Qualys ID
- 100033
- Vendor Reference
- MS06-004
- CVE Reference
- CVE-2006-0020
- CVSS Scores
- Base 9.3 / Temporal 7.3
- Description
- Internet Explorer Version 5.01 is vulnerable to a remote code execution issue, which could be exploited through a malformed WMF image served through a malicious Web site or email attachment. Microsoft has released a cumulative patch to resolve this issue.
- Consequence
- A remote attacker could execute arbitrary code on a vulnerable system.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=C0DF2FC3-2075-46B5-945F-6E0BD6806151Refer to Micrsoft Security Bulletin MS06-004 for further details.
-
Windows Media Player Remote Code Execution (MS06-005)
- Severity
- Critical 4
- Qualys ID
- 90297
- Vendor Reference
- MS06-005
- CVE Reference
- CVE-2006-0006
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
A remote code execution vulnerability exists in Windows Media Player because of the way that it handles processing bitmap files.
An attacker could exploit the vulnerability by constructing a malicious bitmap file (.bmp) which could potentially allow remote code execution if a user visits a malicious Web site or views a malicious email message.
An attacker who successfully exploits this vulnerability could take complete control of an affected system. However, significant user interaction is required to exploit this vulnerability.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
February Security Updates are Available (KB911565)
- Consequence
- If a user is logged on with administrative user rights, an attacker who successfully exploits this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Windows Media Player 10 when installed on Windows XP Service Pack 1 or Windows XP Service Pack 2 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=182735E1-9382-4F2E-A624-D2316A96B411Windows Media Player for XP on Microsoft Windows XP Service Pack 1 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=110054F2-244D-4036-B98C-E951CBA7E9BAWindows Media Player 9 on Microsoft Windows XP Service Pack 2 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=8F9EEF16-04F7-4DA8-A0EF-1797B52D0B4BWindows Media Player 9 on Microsoft Windows Server 2003 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=8F9EEF16-04F7-4DA8-A0EF-1797B52D0B4BMicrosoft Windows Media Player 7.1 when installed on Windows 2000 Service Pack 4 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=26A0B9E1-1242-4E55-B3D4-8377B83257C6Microsoft Windows Media Player 9 when installed on Windows 2000 Service Pack 4 or Windows XP Service Pack 1 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=8F9EEF16-04F7-4DA8-A0EF-1797B52D0B4BRefer to Micrsoft Security Bulletin MS06-005 for further details.
-
Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (MS06-006)
- Severity
- Critical 4
- Qualys ID
- 90296
- Vendor Reference
- MS06-006
- CVE Reference
- CVE-2006-0005
- CVSS Scores
- Base 9.3 / Temporal 8.1
- Description
-
A remote code execution vulnerability exists in the Windows Media Player plug-in for non-Microsoft Internet browsers because of the way Windows Media Player plug-in handles a malformed EMBED element. An attacker could exploit this vulnerability by constructing a malicious EMBED element which could potentially allow remote code execution if a user visits a malicious Web site.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
February Security Updates are Available (KB911564)
- Consequence
- If this vulnerability is successfully exploited, the attacker may take complete control of the affected system.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Windows 2000 Service Pack 4 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=CCDD3D35-BE5C-4C43-8FFA-BB8570A7321CMicrosoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=CCDD3D35-BE5C-4C43-8FFA-BB8570A7321CMicrosoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=CCDD3D35-BE5C-4C43-8FFA-BB8570A7321CMicrosoft Windows XP Professional x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=165916C2-037E-4EDD-B64A-84838BEE151CMicrosoft Windows Server 2003 x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=E3DAAB50-2AC7-49DD-8971-4F98FED9FBA6Refer to Micrsoft Security Bulletin MS06-006 for further details.
-
Microsoft Windows Privilege Escalation Vulnerability in Korean Input Method Editor (MS06-009)
- Severity
- Serious 3
- Qualys ID
- 90299
- Vendor Reference
- MS06-009
- CVE Reference
- CVE-2006-0008
- CVSS Scores
- Base 7.2 / Temporal 5.6
- Description
-
A privilege elevation vulnerability exists in the Windows and Office Korean Input Method Editor (IME). To exploit this vulnerability an attacker must have access to the system to perform an interactive logon, either locally or via a Remote Desktop Protocol (RDP) session.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
February Security Updates are Available (KB901190)
- Consequence
- This vulnerability could allow a malicious user to take complete control of an affected system. For an attack to be successful, the attacker must be able to interactively logon to the affected system.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Office 2003 Software (Microsoft Office 2003 Service Pack 1 and Service Pack 2 ):
http://www.microsoft.com/downloads/details.aspx?FamilyId=8E6F16E9-CD73-47D5-887E-616DB9B09591&displaylang=enMicrosoft Office 2003 Software (Microsoft Office 2003 Multilingual User Interface Packs ):
http://www.microsoft.com/downloads/details.aspx?FamilyId=986F9A8D-AFE7-455A-B78D-0795CBB0E80E&displaylang=enMicrosoft Office 2003 Software (Microsoft Office Visio 2003 Multilingual User Interface Packs ):
http://www.microsoft.com/downloads/details.aspx?FamilyId=5A4D0A92-2DFC-4F8B-9D14-138CEA57AF96&displaylang=enMicrosoft Office 2003 Software (Microsoft Office Project 2003 Multilingual User Interface Packs ):
http://www.microsoft.com/downloads/details.aspx?FamilyId=22C96D7F-F384-4678-9AC0-3A11B81A4C1D&displaylang=enMicrosoft Office 2003 Software (Microsoft Office 2003 Proofing Tools ):
http://www.microsoft.com/downloads/details.aspx?FamilyId=32CF9F59-FFBD-45E5-A4D2-690183462D0F&displaylang=enMicrosoft Office 2003 Software (Microsoft Office Visio 2003 ):
http://www.microsoft.com/downloads/details.aspx?FamilyId=8E6F16E9-CD73-47D5-887E-616DB9B09591&displaylang=enMicrosoft Office 2003 Software (Microsoft Office OneNote 2003 ):
http://www.microsoft.com/downloads/details.aspx?FamilyId=8E6F16E9-CD73-47D5-887E-616DB9B09591&displaylang=enMicrosoft Office 2003 Software (Microsoft Office Project 2003 ):
http://www.microsoft.com/downloads/details.aspx?FamilyId=8E6F16E9-CD73-47D5-887E-616DB9B09591&displaylang=enMicrosoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=290453DF-1CAE-4691-B20C-5D65D92216BFMicrosoft Windows XP Professional x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=7D75BF5C-2E1D-4793-B7D1-DD372A99ECA5For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS06-009.
-
Microsoft PowerPoint Temporary Internet Files Information Disclosure Vulnerability (MS06-010)
- Severity
- Serious 3
- Qualys ID
- 90298
- Vendor Reference
- MS06-010
- CVE Reference
- CVE-2006-0004
- CVSS Scores
- Base 5 / Temporal 3.7
- Description
- An Information Disclosure vulnerability exists in PowerPoint. An attacker who successfully exploits this vulnerability could remotely attempt to access objects in the Temporary Internet Files Folder (TIFF) explicitly by name.
- Consequence
- This vulnerability would not allow an attacker to execute code or to elevate their user rights directly but it could be used to produce useful information that could be used to try to further compromise the affected system.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Office 2000 Service Pack 3 (PowerPoint 2000 ):
http://www.microsoft.com/downloads/details.aspx?familyid=E51B27C8-2F31-4E99-B868-CE626FED5B7DRefer to Microsoft Security Bulletin MS06-010 for further details.
These new vulnerability checks are included in Qualys vulnerability signature 1.13.66-5. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 90300
- 90301
- 100033
- 90297
- 90296
- 90299
- 90298
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.