Microsoft security alert.
February 12, 2008
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 17 vulnerabilities that were fixed in 11 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 11 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Active Directory and ADAM Vulnerability Could Allow Denial of Service (MS08-003)
- Severity
- Serious 3
- Qualys ID
- 90429
- Vendor Reference
- MS08-003
- CVE Reference
- CVE-2008-0088
- CVSS Scores
- Base 6.8 / Temporal 5.3
- Description
- This is an important security update which addresses a privately reported vulnerability in implementations of Active Directory on Microsoft Windows 2000 Server and Windows Server 2003, and Active Directory Application Mode (ADAM) on Windows XP and Windows Server 2003. This update validates client LDAP requests.
- Consequence
- This vulnerability may result in a denial of service condition. To exploit this vulnerability on Windows Server 2003 and Windows XP, the attacker may require login credentials.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Windows 2000 Server Service Pack 4 (Active Directory):
http://www.microsoft.com/downloads/details.aspx?FamilyID=9df0875d-0466-4974-b4c0-1ecc777173b1Windows XP Professional Service Pack 2 (ADAM):
http://www.microsoft.com/downloads/details.aspx?FamilyID=bff7dcb9-5d00-442e-b03c-ce923d213faaWindows XP Professional x64 Edition and Windows XP Professional Edition Service Pack 2 (ADAM):
http://www.microsoft.com/downloads/details.aspx?FamilyID=36e36e1a-ed0d-45a6-b707-766fabc01fbdWindows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Active Directory):
http://www.microsoft.com/downloads/details.aspx?FamilyID=63d3d784-f057-4686-b85e-ab5fbab5a722Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (ADAM):
http://www.microsoft.com/downloads/details.aspx?FamilyID=60781cf3-7c6d-4795-a9d0-bc18ee356e94Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (Active Directory):
http://www.microsoft.com/downloads/details.aspx?FamilyID=835d647a-dce6-476e-b7c4-928a67b0acfbWindows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (ADAM):
http://www.microsoft.com/downloads/details.aspx?FamilyID=5e97698d-8150-44f9-9d34-87a0db6ba5a7Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems (Active Directory):
http://www.microsoft.com/downloads/details.aspx?FamilyID=eda8af09-1a4c-4163-a8bb-97dacdebeae4Refer to Microsoft Security Bulletin MS08-003 for further details.
-
Windows TCP/IP Denial of Service Vulnerability (MS08-004)
- Severity
- Serious 3
- Qualys ID
- 90426
- Vendor Reference
- MS08-004
- CVE Reference
- CVE-2008-0084
- CVSS Scores
- Base 7.8 / Temporal 6.1
- Description
- The vulnerability exists in Transmission Control Protocol/Internet Protocol (TCP/IP) processing.
- Consequence
- An attacker who successfully exploits this vulnerability could cause the affected system to stop responding and automatically restart.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Windows Vista:
http://www.microsoft.com/downloads/details.aspx?familyid=8ce9608b-7049-47cd-adc4-22a803877d33Windows Vista x64 Edition:
http://www.microsoft.com/downloads/details.aspx?familyid=d7b9c3d1-9c23-4e05-bac6-d0b327feaf53Refer to Microsoft Security Bulletin MS08-004 for further details.
-
Internet Information Services Elevation of Privilege Vulnerability (MS08-005)
- Severity
- Serious 3
- Qualys ID
- 90424
- Vendor Reference
- MS08-005
- CVE Reference
- CVE-2008-0074
- CVSS Scores
- Base 7.2 / Temporal 5.3
- Description
-
A local elevation of privilege vulnerability exists in the way that the Internet Information Service handles file change notifications in the "FTPRoot", "NNTPFile\\Root", and "WWWRoot" folders.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
February Security Updates are Now Available (KB942831)
- Consequence
- An attacker who successfully exploits this vulnerability could execute arbitrary code in the context of a local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Information Services 5.0):
http://www.microsoft.com/downloads/details.aspx?familyid=b24f34fb-40b9-4aa5-b5ac-e3f0a6062753Windows XP Professional Service Pack 2 (Microsoft Internet Information Services 5.1):
http://www.microsoft.com/downloads/details.aspx?familyid=73d24fcf-bea9-4b13-9f1c-4e068c53a4aeWindows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Microsoft Internet Information Services 6.0):
http://www.microsoft.com/downloads/details.aspx?familyid=103a6bc0-034a-443d-b1d4-81117820dcb2Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Microsoft Internet Information Services 6.0):
http://www.microsoft.com/downloads/details.aspx?familyid=516ef8e8-3cb6-4660-b771-3c7f66917a11Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (Microsoft Internet Information Services 6.0):
http://www.microsoft.com/downloads/details.aspx?familyid=e24fb33c-67b9-4ed4-9317-b5fd535d005aWindows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft Internet Information Services 6.0):
http://www.microsoft.com/downloads/details.aspx?familyid=5a4a6083-8c67-4403-8e20-7f2b82178124Windows Vista (Microsoft Internet Information Services 7.0):
http://www.microsoft.com/downloads/details.aspx?familyid=8c7018ec-ae80-4a30-93fc-0f7386732514Windows Vista x64 Edition (Microsoft Internet Information Services 7.0):
http://www.microsoft.com/downloads/details.aspx?familyid=4de2fffc-5793-4acf-98ee-1b801e59ae39Refer to Microsoft Security Bulletin MS08-005 for further details.
-
Internet Information Services Remote Code Execution Vulnerability (MS08-006)
- Severity
- Critical 4
- Qualys ID
- 90428
- Vendor Reference
- MS08-006
- CVE Reference
- CVE-2008-0075
- CVSS Scores
- Base 10 / Temporal 8.3
- Description
-
A remote code execution vulnerability exists in the way that Internet Information Services (IIS) handles input to ASP Web pages.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
February Security Updates are Now Available (KB942830)
- Consequence
- An attacker who successfully exploits this vulnerability could perform actions on the IIS Server with the same rights as the Worker Process Identity (WPI), which by default is configured with Network Service account privileges.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Windows XP Professional Service Pack 2 (Microsoft Internet Information Services 5.1):
http://www.microsoft.com/downloads/details.aspx?FamilyID=2b498065-d682-4227-b23e-d234d7d6a3feWindows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Microsoft Internet Information Services 6.0):
http://www.microsoft.com/downloads/details.aspx?FamilyID=df9875f7-04d6-486e-bdb5-35e9e305fa1dWindows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Microsoft Internet Information Services 6.0):
http://www.microsoft.com/downloads/details.aspx?FamilyID=6583e798-d16d-419c-aee1-30c3e6c635b3Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (Microsoft Internet Information Services 6.0):
http://www.microsoft.com/downloads/details.aspx?familyid=e8286174-8209-409f-8805-e534715a741cWindows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft Internet Information Services 6.0):
http://www.microsoft.com/downloads/details.aspx?familyid=29faa70d-f1ac-4da4-b72a-faf1973cd845Refer to Micrsoft Security Bulletin MS08-006 for further details.
-
WebDAV Mini-Redirector Remote Code Execution Vulnerability (MS08-007)
- Severity
- Urgent 5
- Qualys ID
- 90425
- Vendor Reference
- MS08-007
- CVE Reference
- CVE-2008-0080
- CVSS Scores
- Base 10 / Temporal 7.4
- Description
-
A remote code execution vulnerability exists in the way that the WebDAV Mini-Redirector handles responses.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
February Security Updates are Now Available (KB946026)
- Consequence
- An attacker who successfully exploits this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Windows XP Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=afeef3ec-6160-4c1d-94bd-0bfce641d0a2Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyID=15b7d1c4-4ef4-47b2-9e3b-22eafbdb90d8Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyID=b7e725bf-7248-4119-aca5-b7d502c09cfcWindows Server 2003 x64 Edition and Windows 2003 Server x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyID=8af82f86-731c-46a0-a025-b62447e2af38Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyID=bca224db-fe0e-411d-a948-1c776ce974f3Windows Vista:
http://www.microsoft.com/downloads/details.aspx?FamilyID=ba7a2b42-1c89-45e5-b8a6-049fa500c03aWindows Vista x64 Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyID=45962232-af78-42cb-bfa0-9ce7de199585Refer to Micrsoft Security Bulletin MS08-007 for further details.
-
OLE Automation Remote Code Execution Vulnerability (MS08-008)
- Severity
- Critical 4
- Qualys ID
- 90427
- Vendor Reference
- MS08-008
- CVE Reference
- CVE-2007-0065
- CVSS Scores
- Base 10 / Temporal 7.8
- Description
-
This is a critical security update that resolves a privately reported vulnerability. The vulnerability can be exploited when a user views a specially-crafted web page. This update adds a check on memory requests within OLE Automation.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
April Security Updates are Available (KB943055)
March Security Updates (for DQI) Now Avaliable (KB943055)
- Consequence
- The vulnerability could be exploited through attacks on Object Linking and Embedding (OLE) Automation. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative rights.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Windows 2000 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=93b3d0a3-2091-405e-8dd4-10f20dc2be7fWindows XP Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5c331a3a-93e0-42e4-9cd1-4e32ebdda38dWindows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=e0a15967-7184-4194-8edb-81760e440604Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=cfa0d5c6-a9b0-4c5c-a651-898e9f900799Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=a08e87dc-993b-493b-8af3-be6e98643aebWindows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5a88522b-ee30-4deb-878b-598e852fd60eWindows Vista:
http://www.microsoft.com/downloads/details.aspx?FamilyID=c67ec357-0f86-4f7d-9af0-d63d8b765f44Windows Vista x64 Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=9137108f-e80b-46f1-b547-82da8fb058bfMicrosoft Office 2004 for Mac:
http://www.microsoft.com/downloads/details.aspx?FamilyId=36B00C58-192D-488C-A069-730C69F0B6B0Microsoft Visual Basic 6.0 Service Pack 6:
http://www.microsoft.com/downloads/details.aspx?FamilyID=C96420A9-7436-4625-9649-75F1514B0FE3Refer to Micrsoft Security Bulletin MS08-008 for further details.
-
Microsoft Word Remote Code Execution Vulnerability (MS08-009)
- Severity
- Urgent 5
- Qualys ID
- 110070
- Vendor Reference
- MS08-009
- CVE Reference
- CVE-2008-0109
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
- Microsoft Word is susceptible to a remote code execution vulnerability due to a memory calculation error when parsing a specially-crafted Word file. The error may corrupt system memory in such a way that an attacker could execute arbitrary code.
- Consequence
- If a user opens a specially-crafted Word file, then an attacker could take complete control of the affected system.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Office 2000 Service Pack 3 (Microsoft Word 2000 Service Pack 3):
http://www.microsoft.com/downloads/details.aspx?FamilyId=A513069B-8244-48E9-B136-01DDD3862802Microsoft Office XP Service Pack 3 (Microsoft Word 2002 Service Pack 3):
http://www.microsoft.com/downloads/details.aspx?FamilyId=78C338AA-E410-4422-9E36-562F70D742E9Microsoft Office 2003 Service Pack 2 (Microsoft Word 2003 Service Pack 2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=85CB1AA5-211F-4652-827B-2E79B8FFC2FCMicrosoft Office Word Viewer 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=FD4DDECD-ABD6-4783-B300-32B9D4BAD22ARefer to Micrsoft Security Bulletin MS08-009 for further details.
-
Internet Explorer Cumulative Security Update (MS08-010)
- Severity
- Urgent 5
- Qualys ID
- 100055
- Vendor Reference
- MS08-010
- CVE Reference
- CVE-2007-4790, CVE-2008-0076, CVE-2008-0077, CVE-2008-0078
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
This critical security update involves Internet Explorer. This update resolves three privately reported vulnerabilities and one publicly reported vulnerability. This update modifies the way that Internet Explorer handles HTML and validates data, as well as the way it sets the kill bit for an ActiveX control.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
February Security Updates are Now Available (KB944533)
- Consequence
- The attacker can execute remote code using a specially-crafted Web page by Internet Explorer.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 5.01 Service Pack 4):
http://www.microsoft.com/downloads/details.aspx?FamilyId=1032A039-468B-4C5F-8C1C-5E54C2832E41Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 6 Service Pack 1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=87E66DCE-5060-4814-8754-829B4E190359Windows XP Service Pack 2 (Microsoft Internet Explorer 6):
http://www.microsoft.com/downloads/details.aspx?FamilyId=BB2AA3CB-021F-4890-AB20-2A51F8E17554Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):
http://www.microsoft.com/downloads/details.aspx?FamilyId=8989F576-8B30-4866-90EC-929D24F3B409Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Microsoft Internet Explorer 6):
http://www.microsoft.com/downloads/details.aspx?FamilyId=429B7ED1-FE78-459A-B834-D0F3C69CB703Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):
http://www.microsoft.com/downloads/details.aspx?FamilyId=E989E23C-38BB-4FE7-A830-D7BDF7659392Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft Internet Explorer 6):
http://www.microsoft.com/downloads/details.aspx?FamilyId=5A097F7A-B696-48D0-B13F-337C5FD14E24Windows XP Service Pack 2 (Windows Internet Explorer 7):
http://www.microsoft.com/downloads/details.aspx?FamilyId=D4AA293A-6332-4C6C-B128-876F516BD030Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Windows Internet Explorer 7):
http://www.microsoft.com/downloads/details.aspx?FamilyId=B72AF1B6-6E23-4005-AEF6-82195B380153Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Windows Internet Explorer 7):
http://www.microsoft.com/downloads/details.aspx?FamilyId=B2AA6562-881E-4FD6-BE1B-53426A0FF4A9For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS08-010.
-
Microsoft Works File Converter Remote Code Execution Vulnerabilities (MS08-011)
- Severity
- Urgent 5
- Qualys ID
- 110071
- Vendor Reference
- MS08-011
- CVE Reference
- CVE-2007-0216, CVE-2008-0105, CVE-2008-0108
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
Microsoft Works File Converter contains multiple remote code execution vulnerabilities as described below.
- A remote code execution vulnerability exists in Microsoft Works File Converter due to the way that it improperly validates section length headers with the .wps format. (CVE-2007-0216)
- A remote code execution vulnerability exists in Microsoft Works File Converter due to the way that it improperly validates section header index table information with the .wps file format. (CVE-2008-0105)
- A remote code execution vulnerability exists in Microsoft Works File Converter due to the way that it improperly validates various filed lengths information with the .wps file format. (CVE-2008-0108)
- Consequence
- An attacker who successfully exploits this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Office 2003 Service Pack 2 (Microsoft Works 6 File Converter):
http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C3FE-FB85-43D9-BBC3-0B30D3A20286Microsoft Office 2003 Service Pack 3 (Microsoft Works 6 File Converter):
http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C3FE-FB85-43D9-BBC3-0B30D3A20286Microsoft Works 8.0 (Microsoft Works 6 File Converter):
http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C3FE-FB85-43D9-BBC3-0B30D3A20286Microsoft Works Suite 2005 (Microsoft Works 6 File Converter):
http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C3FE-FB85-43D9-BBC3-0B30D3A20286Refer to Micrsoft Security Bulletin MS08-011 for further details.
-
Microsoft Office Publisher Remote Code Execution Vulnerability (MS08-012)
- Severity
- Urgent 5
- Qualys ID
- 110072
- Vendor Reference
- MS08-012
- CVE Reference
- CVE-2008-0102, CVE-2008-0104
- CVSS Scores
- Base 10 / Temporal 7.4
- Description
- Microsoft Office Publisher is susceptible to remote code execution due to a memory corruption and invalid memory reference issue when parsing a specially-crafted Publisher file. The error may corrupt system memory in such a way that an attacker could execute arbitrary code.
- Consequence
- If a user opens a specially-crafted Publisher file, then an attacker could take complete control of the affected system.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Office 2000 Service Pack 3 (Microsoft Office Publisher 2000):
http://www.microsoft.com/downloads/details.aspx?FamilyId=D8B085FB-858F-4C7E-96DE-EDFF8F49D62AMicrosoft Office XP Service Pack 3 (Microsoft Office Publisher 2002):
http://www.microsoft.com/downloads/details.aspx?FamilyId=1135C63A-6CE7-4051-81BA-BFBBA8D857FBMicrosoft Office 2003 Service Pack 2 (Microsoft Office Publisher 2003 Service Pack 2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=7078B952-09F6-4C47-8C05-40667E1F1C3BRefer to Micrsoft Security Bulletin MS08-012 for further details.
-
Microsoft Office Remote Code Execution Vulnerability (MS08-013)
- Severity
- Urgent 5
- Qualys ID
- 110069
- Vendor Reference
- MS08-013
- CVE Reference
- CVE-2008-0103
- CVSS Scores
- Base 9.3 / Temporal 6.9
- Description
- This vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office document with a malformed object inserted into the document.
- Consequence
- An attacker who successfully exploits this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Office 2000 Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5FB74E24-D9EE-4951-9C46-E1C84617F097Microsoft Office XP Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=3E147B1A-F3BE-465F-8587-7F3A33D6A6E5Microsoft Office 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=F4AC0F34-4604-4BBE-9669-01DB645041CAMicrosoft Office 2004 for Mac:
http://www.microsoft.com/downloads/details.aspx?FamilyId=36B00C58-192D-488C-A069-730C69F0B6B0Refer to Micrsoft Security Bulletin MS08-013 for further details.
These new vulnerability checks are included in Qualys vulnerability signature 1.19.64-4. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 90429
- 90426
- 90424
- 90428
- 90425
- 90427
- 110070
- 100055
- 110071
- 110072
- 110069
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.