Microsoft security alert.
June 10, 2008
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 10 vulnerabilities that were fixed in 7 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 7 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Windows Bluetooth Stack Could Allow Remote Code Execution (MS08-030)
- Severity
- Critical 4
- Qualys ID
- 42008
- Vendor Reference
- MS08-030
- CVE Reference
- CVE-2008-1453
- CVSS Scores
- Base 8.3 / Temporal 6.1
- Description
-
Bluetooth is an industry standard protocol that enables wireless connectivity for computers, handheld devices, keyboards, mice, mobile phones and other devices.
A remote code execution vulnerability exists in the Bluetooth stack because the Bluetooth stack does not correctly handle a large number of service description requests.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
December 2008 Updates are Available (including for XPe SP3 and Standard) (KB951376)
August 2008 Security Updates Are Now Available (KB951376)
July 2008 Windows XP Embedded Security Updates Now Available (KB951376)
June 2008 Security Updates are Now Available (KB951376)
- Consequence
- An attacker could rapidly send a large number of crafted Service Discovery Protocol (SDP) packets to an affected system. The vulnerable system would react to those packets and allow the attacker to run code with elevated privileges and take complete control.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Windows XP Service Pack 2 and Windows XP Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?familyid=980bb421-950f-4825-8039-44cc961a47b8Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=81ab56ca-933f-4974-a393-290a54c30a78Windows Vista and Windows Vista Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=6524debe-be50-44d1-8543-af0bfaf086adWindows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=6adee8b9-3455-4f3b-8bdd-2585c8ff83b8Refer to Micrsoft Security Bulletin MS08-030 for further details.
-
Microsoft Internet Explorer Cumulative Security Update (MS08-031)
- Severity
- Critical 4
- Qualys ID
- 100058
- Vendor Reference
- MS08-031
- CVE Reference
- CVE-2008-1442, CVE-2008-1544
- CVSS Scores
- Base 9.3 / Temporal 6.9
- Description
-
A remote code execution vulnerability exists in the way Internet Explorer displays a Web page that contains certain unexpected method calls to HTML objects. The issue occurs because of the way that it processes data streams.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
June 2008 Security Updates are Now Available (KB950759)
- Consequence
- An attacker could exploit the vulnerability by constructing a specially-crafted Web page. An attacker who successfully exploits this vulnerability could also gain the same user rights as the logged-on user.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 5.01 Service Pack 4):
http://www.microsoft.com/downloads/details.aspx?FamilyId=88990B23-D37F-4D02-A5A3-2EE389ADE53CMicrosoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 6 Service Pack 1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=4C47CF8A-8100-4D43-855A-F225A3492B19Windows XP Service Pack 2 (Microsoft Internet Explorer 6):
http://www.microsoft.com/downloads/details.aspx?FamilyId=CC325017-3A48-4475-90E4-0C79A002FCE3Windows XP Service Pack 3 (Microsoft Internet Explorer 6):
http://www.microsoft.com/downloads/details.aspx?FamilyId=CC325017-3A48-4475-90E4-0C79A002FCE3Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):
http://www.microsoft.com/downloads/details.aspx?FamilyId=C8783CFE-9DA5-4842-AB3A-1E2BE4FAFC47Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Microsoft Internet Explorer 6):
http://www.microsoft.com/downloads/details.aspx?FamilyId=286AADA6-A358-41F1-B81A-8DE39B9F908AWindows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):
http://www.microsoft.com/downloads/details.aspx?FamilyId=6604569A-3DB0-47E7-BD30-7DFBA8145386Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft Internet Explorer 6):
http://www.microsoft.com/downloads/details.aspx?FamilyId=0262BEB8-1EB5-4C2D-A50A-0C6C6E0C1F61Windows XP Service Pack 2 and Windows XP Service Pack 3 (Windows Internet Explorer 7):
http://www.microsoft.com/downloads/details.aspx?FamilyId=FBC31BDE-0BF5-490C-96A8-071310D9464AWindows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Windows Internet Explorer 7):
http://www.microsoft.com/downloads/details.aspx?FamilyId=19C0CCDC-95C9-4151-96B6-4F49B594EBE0For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS08-031.
-
Cumulative Security Update of ActiveX Kill Bits (MS08-032)
- Severity
- Critical 4
- Qualys ID
- 90441
- Vendor Reference
- MS08-032
- CVE Reference
- CVE-2007-0675
- CVSS Scores
- Base 7.6 / Temporal 5.6
- Description
-
This security update resolves a publicly reported vulnerability for the Microsoft Speech API.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
June 2008 Security Updates are Now Available (KB950760)
- Consequence
- The vulnerability could allow remote code execution if a user views a specially-crafted Web page using Internet Explorer and has the Speech Recognition feature in Windows enabled. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes a kill bit for software produced by BackWeb.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Windows 2000 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=CEDFD988-232C-4CBA-AC65-BEB54B8946E0Windows XP Service Pack 2 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=2D8957C2-E473-4DCA-8D68-19FDAEA36E26Windows XP Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=2D8957C2-E473-4DCA-8D68-19FDAEA36E26Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=62874096-7D17-4116-9795-4756E2FB6DAEWindows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=DADEAD99-09CB-4F2B-850D-E98A627CB9F8Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=84F9B533-B0CB-46D1-B4A8-5C9469ABBD22Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=AC35CE19-D761-4529-9F55-1E1B5B2447ADWindows Vista and Windows Vista Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=4AF6575E-B061-45A6-B3D8-ECB32D76B2D3Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=67576ACB-9CB6-4C76-9A72-DC5E5556B658Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=8A507FBA-8C93-4952-91E4-98E9E7AFFBD2Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=1A11499D-A008-407F-9084-A5189FA27015Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=59B1689C-E723-4D87-973E-4BEAC107A6F7Refer to Micrsoft Security Bulletin MS08-032 for further details.
-
Microsoft DirectX Remote Code Execution Vulnerabilities (MS08-033)
- Severity
- Critical 4
- Qualys ID
- 90438
- Vendor Reference
- MS08-033
- CVE Reference
- CVE-2008-0011, CVE-2008-1444
- CVSS Scores
- Base 9.3 / Temporal 6.9
- Description
-
This is a critical security update that affects all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. This security update resolves two privately reported vulnerabilities in Microsoft DirectX that could allow remote code execution if a user opens a specially-crafted media file.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
June 2008 Security Updates are Now Available (KB951698)
- Consequence
- An attacker who successfully exploits either of these vulnerabilities could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Windows 2000 Service Pack 4 (DirectX 7.0):
http://www.microsoft.com/downloads/details.aspx?FamilyId=65640123-a9e4-455c-a51a-9df28bd2d412Microsoft Windows 2000 Service Pack 4 (DirectX 8.1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=c6a28d45-13cf-48c4-8f89-3417d552e90bMicrosoft Windows 2000 Service Pack 4 (DirectX 9.0, DirectX 9.0a, DirectX 9.0b, or DirectX 9.0c):
http://www.microsoft.com/downloads/details.aspx?FamilyId=4dc47e04-5e95-4636-a814-3f912d961461Windows XP Service Pack 2 and Windows XP Service Pack 3 (DirectX 9.0, DirectX 9.0a, DirectX 9.0b, or DirectX 9.0c):
http://www.microsoft.com/downloads/details.aspx?FamilyId=7aaa6427-1e22-4566-960c-836a3b9e5f36Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (DirectX 9.0, DirectX 9.0a, DirectX 9.0b, or DirectX 9.0c):
http://www.microsoft.com/downloads/details.aspx?FamilyId=5e8e7e9d-828d-442c-acac-8d91e80dfb36Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (DirectX 9.0, DirectX 9.0a, DirectX 9.0b, or DirectX 9.0c):
http://www.microsoft.com/downloads/details.aspx?FamilyId=2274ecb2-2802-47e2-84fd-6621fcb17758Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (DirectX 9.0, DirectX 9.0a, DirectX 9.0b, or DirectX 9.0c):
http://www.microsoft.com/downloads/details.aspx?FamilyId=5ba63bb7-ed6d-4c59-88b3-456eda07e190Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems (DirectX 9.0, DirectX 9.0a, DirectX 9.0b, or DirectX 9.0c):
http://www.microsoft.com/downloads/details.aspx?FamilyId=be71c002-2f64-49e9-9f4b-ba99c4f3caf6Windows Vista (DirectX 10.0):
http://www.microsoft.com/downloads/details.aspx?FamilyId=4d4b305b-57f8-448d-92fa-3dcdd1f42ed7Windows Vista Service Pack 1 (DirectX 10.0):
http://www.microsoft.com/downloads/details.aspx?FamilyId=4d4b305b-57f8-448d-92fa-3dcdd1f42ed7For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS08-033.
-
Microsoft WINS Elevation of Privilege Vulnerability (MS08-034)
- Severity
- Critical 4
- Qualys ID
- 90439
- Vendor Reference
- MS08-034
- CVE Reference
- CVE-2008-1451
- CVSS Scores
- Base 7.2 / Temporal 5.6
- Description
- An elevation of privilege vulnerability exists in the Windows Internet Name Service (WINS) in the way that WINS does not sufficiently validate the data structures within specially-crafted WINS network packets.
- Consequence
- Successful exploitation could allow a local attacker to run code with elevated privileges. An attacker who successfully exploits this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete date; or create new accounts.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Windows 2000 Server Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?familyid=aa8aa79f-c2cc-440c-9e5c-089143e6f814Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=08fc90d5-23aa-4327-8aef-16bc5170769dWindows Server 2003 x64 Edition:
http://www.microsoft.com/downloads/details.aspx?familyid=71675ae8-d60a-4834-b358-2d8e761e62fcWindows Server 2003 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=71675ae8-d60a-4834-b358-2d8e761e62fcWindows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=87affdc9-d9fe-413c-af30-f3d3b671ec72Refer to Micrsoft Security Bulletin MS08-034 for further details.
-
Active Directory Denial of Service Vulnerability (MS08-035)
- Severity
- Serious 3
- Qualys ID
- 90443
- Vendor Reference
- MS08-035
- CVE Reference
- CVE-2008-1445
- CVSS Scores
- Base 7.1 / Temporal 5.3
- Description
- A denial of service vulnerability exists in implementations of Active Directory on several Windows operating systems. It also exists in implementations of Active Directory Application Mode (ADAM). The vulnerability is due to insufficient validation of specially-crafted LDAP requests.
- Consequence
- An attacker who successfully exploits this vulnerability could cause the computer to stop responding and automatically restart.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Windows 2000 Server Service Pack 4 (Active Directory):
http://www.microsoft.com/downloads/details.aspx?FamilyID=53438880-9ea9-4975-9b85-2a1d3d232793Windows XP Professional Service Pack 2 (ADAM):
http://www.microsoft.com/downloads/details.aspx?FamilyID=7d6aec31-cfb4-470c-983e-78c6a3ebabfeWindows XP Professional Service Pack 3 (ADAM):
http://www.microsoft.com/downloads/details.aspx?FamilyID=7d6aec31-cfb4-470c-983e-78c6a3ebabfeWindows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (ADAM):
http://www.microsoft.com/downloads/details.aspx?FamilyID=ef2e0b48-1bde-4ccc-8f40-2918c2568b2bWindows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Active Directory):
http://www.microsoft.com/downloads/details.aspx?FamilyID=a4aed117-3c76-4d80-b50e-8e07e2ef2f7dWindows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (ADAM):
http://www.microsoft.com/downloads/details.aspx?FamilyID=0a983ffb-4f5a-4b78-9bf5-813dcc5df8d3Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (Active Directory):
http://www.microsoft.com/downloads/details.aspx?FamilyID=8298a6e4-d3e2-48ea-ac29-aa4dc5a8ec77Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (ADAM):
http://www.microsoft.com/downloads/details.aspx?FamilyID=334252db-4a7a-4161-bb71-2a20c0b5bd93Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems (Active Directory):
http://www.microsoft.com/downloads/details.aspx?FamilyID=f6bf4b85-b91d-4378-a356-cd11f12cbbfdWindows Server 2008 for 32-bit Systems (Active Directory):
http://www.microsoft.com/downloads/details.aspx?FamilyID=2981156e-2e2f-469e-91be-da127d50f3fcWindows Server 2008 for 32-bit Systems (AD LDS):
http://www.microsoft.com/downloads/details.aspx?FamilyID=2981156e-2e2f-469e-91be-da127d50f3fcFor a complete list of patch download links, please refer to Micrsoft Security Bulletin MS08-035.
-
Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (MS08-036)
- Severity
- Serious 3
- Qualys ID
- 90442
- Vendor Reference
- MS08-036
- CVE Reference
- CVE-2008-1440, CVE-2008-1441
- CVSS Scores
- Base 7.1 / Temporal 5.3
- Description
-
Vulnerabilities exist in implementations of the Pragmatic General Multicast (PGM) protocol on several Windows operating systems. This is due to improper validation of specially-crafted PGM packets. Also the protocol's parsing code does not properly validate specially-crafted PGM fragments and will cause the affected system to become non responsive until the attack has ceased.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
June 2008 Security Updates are Now Available (KB950762)
- Consequence
- An attacker who successfully exploits this vulnerability could cause the system to become non responsive and require a restart to restore functionality.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Windows XP Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=36b14a81-5979-4e38-9ba3-ed83dfc17adfWindows XP Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?familyid=36b14a81-5979-4e38-9ba3-ed83dfc17adfWindows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=9e9d24ee-8183-428c-8067-168a8d85eaa1Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=1e8e2faf-009f-403b-a5fe-a47cf014db3aWindows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=78bf92d8-63c4-4596-8425-8fcfea7f5582Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=5b7e94fa-22ed-4f7c-b452-647b2e620113Windows Vista and Windows Vista Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=ef2d2a4b-4831-41be-b5d0-8df5b01fd205Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=0839fcf4-85ca-445e-896b-f634b10b6700Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=0466a6e7-fdca-4647-af62-449e5f20d1e4Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=304898e6-21a7-476f-b9ed-7ac0d88a91e2Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=8907783b-e3fe-40b2-9fc8-4937e7d58b7eRefer to Micrsoft Security Bulletin MS08-036 for further details.
These new vulnerability checks are included in Qualys vulnerability signature 1.19.158-4. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 42008
- 100058
- 90441
- 90438
- 90439
- 90443
- 90442
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.