Microsoft security alert.
March 11, 2008
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 12 vulnerabilities that were fixed in 4 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 4 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Excel Could Allow Remote Code Execution (MS08-014)
- Severity
- Urgent 5
- Qualys ID
- 110074
- Vendor Reference
- MS08-014
- CVE Reference
- CVE-2008-0081, CVE-2008-0111, CVE-2008-0112, CVE-2008-0114, CVE-2008-0115, CVE-2008-0116, CVE-2008-0117
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
Microsoft Excel is prone to multiple remote code execution vulnerabilities. The security update addresses the following issues.
- A remote code execution vulnerability exists in the way Excel processes data validation records when loading Excel files into memory.
- A remote code execution vulnerability exists in the way Excel handles data when importing files into Excel.
- A remote code execution vulnerability exists in the way Excel handles Style record data when opening Excel files.
- A remote code execution vulnerability exists in the way Excel handles malformed formulas.
- A remote code execution vulnerability exists in the way Excel handles rich text values when loading application data into memory.
- A remote code execution vulnerability exists in the way Excel handles conditional formatting values.
- A remote code execution vulnerability exists in the way Excel handles macros when opening specially-crafted Excel files.
- Consequence
- An attacker who successfully exploits this vulnerability could run arbitrary code on the affected system as the logged on user.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Office 2000 Service Pack 3 (Excel 2000 Service Pack 3):
http://www.microsoft.com/downloads/details.aspx?FamilyId=f7f90c30-1bfd-406b-a77f-612443e30185Microsoft Office XP Service Pack 3 (Excel 2002 Service Pack 3):
http://www.microsoft.com/downloads/details.aspx?FamilyId=907f96d5-d1e9-4471-b41c-3ac811e63038Microsoft Office 2003 Service Pack 2 (Excel 2003 Service Pack 2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=296e5f2c-f594-41c8-a20a-3e4c40ae39482007 Microsoft Office System (Excel 2007):
http://www.microsoft.com/downloads/details.aspx?FamilyId=e7634cb5-9531-4284-9554-4168fc488e0cMicrosoft Office Excel Viewer 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=280bb2ac-b21a-46b5-8751-5a50fbebf107Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats:
http://www.microsoft.com/downloads/details.aspx?FamilyId=e9251d71-9098-4125-ae91-7d4c83ea58adMicrosoft Office 2004 for Mac:
http://www.microsoft.com/downloads/details.aspx?FamilyId=95DCEB37-B35F-46DB-B280-DB0F3B298AA9Microsoft Office 2008 for Mac:
http://www.microsoft.com/downloads/details.aspx?FamilyId=8FE8C32A-6D7A-482B-97C6-42562F089EE4Refer to Microsoft Security Bulletin MS08-014 for further details.
-
Microsoft Outlook Remote Code Execution Vulnerability (MS08-015)
- Severity
- Critical 4
- Qualys ID
- 110076
- Vendor Reference
- MS08-015
- CVE Reference
- CVE-2008-0110
- CVSS Scores
- Base 9.3 / Temporal 7.3
- Description
-
Microsoft Update MS08-015 resolves several newly discovered vulnerabilities in Microsoft Office Outlook.
The following specific issue was reported:
- A remote code execution vulnerability exists when Outlook is passed a specially-crafted mailto URI. - Consequence
- An attacker could install programs; view, change, or delete data; or create new accounts with full user rights.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Office 2000 Service Pack 3 (Outlook 2000 Service Pack 3):
http://www.microsoft.com/downloads/details.aspx?FamilyId=714a49cd-5bca-4719-96a1-e1077f279533Microsoft Office XP Service Pack 3 (Outlook 2002 Service Pack 3):
http://www.microsoft.com/downloads/details.aspx?FamilyId=59853687-d885-4059-9460-ee403855dbd8Microsoft Office 2003 Service Pack 2 (Outlook 2003 Service Pack 2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=fccc7c4c-8496-4682-bd46-6590503c1bf2Microsoft Office 2003 Service Pack 3 (Outlook 2003 Service Pack 3):
http://www.microsoft.com/downloads/details.aspx?FamilyId=fccc7c4c-8496-4682-bd46-6590503c1bf22007 Microsoft Office System (Outlook 2007):
http://www.microsoft.com/downloads/details.aspx?FamilyId=4e2baf00-88eb-4eb6-961a-54245b363c21Refer to Microsoft Security Bulletin MS08-015 for further details.
-
Microsoft Office Could Allow Remote Code Execution (MS08-016)
- Severity
- Critical 4
- Qualys ID
- 110073
- Vendor Reference
- MS08-016
- CVE Reference
- CVE-2008-0113, CVE-2008-0118
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
A remote code execution vulnerability exists in the way Microsoft Office handles specially crafted Excel files.
Another remote code execution vulnerability exists in the way Microsoft Office processes malformed Office files.
- Consequence
- An attacker who successfully exploits this vulnerability could take complete control of an affected system.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Office 2000 Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?familyid=72735aa1-e22c-40ed-8c79-38fba89979aaMicrosoft Office XP Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?familyid=9cf8aafa-71a5-4017-b53c-4e80ef6e1188Microsoft Office 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=9f25922c-d3c2-4ef1-b164-8a21a77d29aaMicrosoft Office Excel Viewer 2003:
http://www.microsoft.com/downloads/details.aspx?familyid=9f25922c-d3c2-4ef1-b164-8a21a77d29aaMicrosoft Office Excel Viewer 2003 Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?familyid=9f25922c-d3c2-4ef1-b164-8a21a77d29aaMicrosoft Office Word Viewer 2003:
http://www.microsoft.com/downloads/details.aspx?familyid=9f25922c-d3c2-4ef1-b164-8a21a77d29aaMicrosoft Office Word Viewer 2003 Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?familyid=9f25922c-d3c2-4ef1-b164-8a21a77d29aaMicrosoft Office 2004 for Mac:
http://www.microsoft.com/downloads/details.aspx?FamilyId=95DCEB37-B35F-46DB-B280-DB0F3B298AA9Refer to Micrsoft Security Bulletin MS08-016 for further details.
-
Microsoft Office Web Components Could Allow Remote Code Execution (MS08-017)
- Severity
- Urgent 5
- Qualys ID
- 110075
- Vendor Reference
- MS08-017
- CVE Reference
- CVE-2006-4695, CVE-2007-1201
- CVSS Scores
- Base 9.3 / Temporal 7.3
- Description
- This critical update resolves two privately reported vulnerabilities in Microsoft Office Web Components that can be exploited using a specially-crafted Web page.
- Consequence
- An attacker who successfully exploits this vulnerability could take complete control of an affected system by installing programs; viewing modifying data; or creating new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Office 2000 Service Pack 3 (Microsoft Office Web Components 2000):
http://www.microsoft.com/downloads/details.aspx?FamilyId=806c654a-35e3-4385-855a-4b803249bfcfMicrosoft Office XP Service Pack 3 (Microsoft Office Web Components 2000):
http://www.microsoft.com/downloads/details.aspx?FamilyId=f54d2a5e-c0ed-4f70-9746-38dd61c8e9d7Visual Studio .NET 2002 Service Pack 1 (Microsoft Office Web Components 2000):
http://www.microsoft.com/downloads/details.aspx?FamilyId=D71B23FA-A873-406D-BAD7-E38E565DEE39Visual Studio .NET 2003 Service Pack 1 (Microsoft Office Web Components 2000):
http://www.microsoft.com/downloads/details.aspx?FamilyId=2FE10CCD-40CB-4090-B83D-EAE3D4ECA174Microsoft BizTalk Server 2000 (Microsoft Office Web Components 2000):
http://www.microsoft.com/downloads/details.aspx?FamilyId=5FDDD54F-7A33-4EA3-B68D-B96A9BAE509DMicrosoft BizTalk Server 2002 (Microsoft Office Web Components 2000):
http://www.microsoft.com/downloads/details.aspx?FamilyId=5FDDD54F-7A33-4EA3-B68D-B96A9BAE509DMicrosoft Commerce Server 2000 (Microsoft Office Web Components 2000):
http://www.microsoft.com/downloads/details.aspx?FamilyId=71DE76BA-B62C-4A7A-A78A-9317F5255B13Internet Security and Acceleration Server 2000 Service Pack 2 (Microsoft Office Web Components 2000):
http://www.microsoft.com/downloads/details.aspx?FamilyId=526D87BD-C3DA-412E-8765-C15987AE9B01Refer to Micrsoft Security Bulletin MS08-017 for further details.
These new vulnerability checks are included in Qualys vulnerability signature 1.19.87-4. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 110074
- 110076
- 110073
- 110075
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.