Microsoft security alert.
July 8, 2008
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 10 vulnerabilities that were fixed in 4 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 4 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
DNS Could Allow Spoofing (MS08-037)
- Severity
- Serious 3
- Qualys ID
- 90446
- Vendor Reference
- MS08-037
- CVE Reference
- CVE-2008-1447, CVE-2008-1454
- CVSS Scores
- Base 9.4 / Temporal 7.4
- Description
-
Two vulnerabilities exist in the Windows Domain Name System (DNS) that could allow spoofing.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
December 2008 Updates are Available (including for XPe SP3 and Standard) (KB951748)
August 2008 Security Updates Are Now Available (KB951748)
July 2008 Windows XP Embedded Security Updates Now Available (KB951748)
- Consequence
- These vulnerabilities exist in both the DNS client and DNS server and could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker's own systems.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Windows 2000 Service Pack 4 (DNS Client):
http://www.microsoft.com/downloads/details.aspx?familyid=269c219c-9d6b-4b12-b621-c70cd07cdd22Microsoft Windows 2000 Server Service Pack 4 (DNS Server):
http://www.microsoft.com/downloads/details.aspx?familyid=332aa92f-a1ad-42a0-87d0-485d2d41335bWindows XP Service Pack 2 (DNS Client):
http://www.microsoft.com/downloads/details.aspx?familyid=ed989a33-7a9e-4423-93a8-b38907467cdfWindows XP Service Pack 3 (DNS Client):
http://www.microsoft.com/downloads/details.aspx?familyid=ed989a33-7a9e-4423-93a8-b38907467cdfWindows XP Professional x64 Edition (DNS Client) :
http://www.microsoft.com/downloads/details.aspx?familyid=a2b016fa-b108-4e8e-b41b-4ca89002907bWindows XP Professional x64 Edition Service Pack 2 (DNS Client):
http://www.microsoft.com/downloads/details.aspx?familyid=a2b016fa-b108-4e8e-b41b-4ca89002907bWindows Server 2003 Service Pack 1 (DNS Client):
http://www.microsoft.com/downloads/details.aspx?familyid=4ef5033c-9843-4e0b-bfad-fcaf05d7dab9Windows Server 2003 Service Pack 2 (DNS Client):
http://www.microsoft.com/downloads/details.aspx?familyid=4ef5033c-9843-4e0b-bfad-fcaf05d7dab9Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (DNS Server):
http://www.microsoft.com/downloads/details.aspx?familyid=d1fcb794-e6a5-4c28-b3b3-9cd88f468a42Windows Server 2003 x64 Edition (DNS Client):
http://www.microsoft.com/downloads/details.aspx?familyid=66624a1f-38bf-4af7-936d-3131474ffe1fWindows Server 2003 x64 Edition Service Pack 2 (DNS Client):
http://www.microsoft.com/downloads/details.aspx?familyid=66624a1f-38bf-4af7-936d-3131474ffe1fWindows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (DNS Server):
http://www.microsoft.com/downloads/details.aspx?familyid=040a1ba8-21b0-439e-bf21-1acd1c43b162For a complete list of patch download links, please refer to Microsoft Security Bulletin MS08-037.
-
Microsoft Windows Explorer Remote Code Execution Vulnerability (MS08-038)
- Severity
- Critical 4
- Qualys ID
- 90445
- Vendor Reference
- MS08-038
- CVE Reference
- CVE-2008-0951, CVE-2008-1435
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
- A security issue exists in Windows Explorer that could allow remote code execution when a specially crafted saved-search file is opened and saved. This issue is caused by an error in Windows Explorer that does not correctly parse search files when saving them, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a malicious Web page, or opening a specially crafted file and saving the saved-search file.
- Consequence
- If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Windows Vista and Windows Vista Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=06739ca6-7368-4acb-bb67-7e8146071a29Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=74ea0893-7c2f-4fad-ad27-588ad953b046Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=189a4170-b495-4904-9cbd-209e7494d303Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=85d8701d-f8c7-4079-8a21-a3a9d5ba71ceWindows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=b30ee4f0-850f-4ff3-86a4-663603a0a802Refer to Micrsoft Security Bulletin MS08-038 for further details.
-
Microsoft Outlook Web Access for Exchange Server Elevation of Privilege (MS08-039)
- Severity
- Critical 4
- Qualys ID
- 90444
- Vendor Reference
- MS08-039
- CVE Reference
- CVE-2008-2247, CVE-2008-2248
- CVSS Scores
- Base 4.3 / Temporal 3.4
- Description
- This security update resolves two privately reported vulnerabilities in Outlook Web Access (OWA) for Microsoft Exchange Server which exist due to cross-site scripting errors.
- Consequence
- An attacker who successfully exploits these vulnerabilities could gain access to an individual OWA client's session data, allowing elevation of privilege. The attacker could then perform any action the user could perform from within the individual client's OWA session.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Exchange Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=E099C1D1-5AF6-4D6C-B735-9599412B3131Microsoft Exchange Server 2007:
http://www.microsoft.com/downloads/details.aspx?familyid=086A2A13-A1DE-4B1D-BD12-B148BFD2DAFAMicrosoft Exchange Server 2007 Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=63E7F26C-92A8-4264-882D-F96B348C96ABRefer to Micrsoft Security Bulletin MS08-039 for further details.
-
Microsoft SQL Server Could Allow Elevation of Privilege (MS08-040)
- Severity
- Serious 3
- Qualys ID
- 19236
- Vendor Reference
- MS08-040
- CVE Reference
- CVE-2008-0085, CVE-2008-0086, CVE-2008-0106, CVE-2008-0107
- CVSS Scores
- Base 9 / Temporal 6.7
- Description
-
Microsoft SQL server is exposed to the following vulnerabilities.
An information disclosure vulnerability exists in the way that SQL Server manages memory page reuse. (CVE-2008-0085)
A vulnerability exists in the convert function in SQL Server that could allow an authenticated attacker to gain elevation of privilege. (CVE-2008-0086)
A memory corruption vulnerability could allow elevation of privileges. (CVE-2008-0107)
A buffer overrun vulnerability could lead to elevation of privileges. (CVE-2008-0106)
- Consequence
- A malicious user could exploit these vulnerabilities, gain higher privileges, run code and take complete control of the system.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:(GDR Software Update) SQL Server 7.0 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?familyid=C95B2CB3-51A4-44E4-B9F4-9416E9CE16A0(QFE Software Update) SQL Server 7.0 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?familyid=C95B2CB3-51A4-44E4-B9F4-9416E9CE16A0(GDR Software Update) SQL Server 2000 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?familyid=4FD1F86A-94A2-43D8-9B0A-774C81426D9E(QFE Software Update) SQL Server 2000 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?familyid=8316BC5E-8C2D-4710-8ACC-B815CCC81CD4(GDR Software Update) SQL Server 2000 Itanium-based Edition Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?familyid=4FD1F86A-94A2-43D8-9B0A-774C81426D9E(QFE Software Update) SQL Server 2000 Itanium-based Edition Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?familyid=8316BC5E-8C2D-4710-8ACC-B815CCC81CD4(GDR Software Update) SQL Server 2005 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=4C9851CC-2C4C-4190-872C-84993A7623B7(QFE Software Update) SQL Server 2005 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=A60BB7E7-EF4E-4CBD-B63A-0AD7BD1402B3(GDR Software Update) SQL Server 2005 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=4C9851CC-2C4C-4190-872C-84993A7623B7(QFE Software Update) SQL Server 2005 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=A60BB7E7-EF4E-4CBD-B63A-0AD7BD1402B3(GDR Software Update) SQL Server 2005 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=4C9851CC-2C4C-4190-872C-84993A7623B7(GDR Software Update) Microsoft Data Engine :
http://www.microsoft.com/downloads/details.aspx?familyid=C95B2CB3-51A4-44E4-B9F4-9416E9CE16A0For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS08-040.
These new vulnerability checks are included in Qualys vulnerability signature 1.19.183-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 90446
- 90445
- 90444
- 19236
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.