Microsoft security alert.
December 14, 2010
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 40 vulnerabilities that were fixed in 17 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 17 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Office SharePoint Remote Code Execution Vulnerability (MS10-104)
- Severity
- Critical 4
- Qualys ID
- 110140
- Vendor Reference
- MS10-104
- CVE Reference
- CVE-2010-3964
- CVSS Scores
- Base 7.5 / Temporal 5.9
- Description
-
Microsoft Office SharePoint is an application that allows for collaboration, file sharing and web publishing.
There is a remote code execution issue with the Document Conversions Launcher Service. This service does not properly validates Simple Object Access Protocol (SOAP) requests. Microsoft Office SharePoint Server 2007 Service Pack 2 is vulnerable.
- Consequence
- Allows an attacker to execute arbitrary code on the SharePoint system.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Office SharePoint Server 2007 Service Pack 2 (32-bit editions)
Microsoft Office SharePoint Server 2007 Service Pack 2 (64-bit editions)
Refer to Microsoft Security Bulletin MS10-104 for further details.
-
Microsoft Internet Explorer Remote Code Execution Vulnerability (MS10-090)
- Severity
- Critical 4
- Qualys ID
- 100094
- Vendor Reference
- MS10-090
- CVE Reference
- CVE-2010-3340, CVE-2010-3342, CVE-2010-3343, CVE-2010-3345, CVE-2010-3346, CVE-2010-3348, CVE-2010-3962
- CVSS Scores
- Base 9.3 / Temporal 8.1
- Description
-
This security update resolves four privately reported vulnerabilities and three publicly disclosed vulnerabilities in Internet Explorer.
The security update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory and script during certain processes.
This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8.
Windows Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
Dec 2010 Security Updates for XPe and Standard 2009 Are Now on the ECESite (KB2416400)
- Consequence
- The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Windows XP Service Pack 3 (Internet Explorer 6)
Windows XP Professional x64 Edition Service Pack 2 (Internet Explorer 6)
Windows Server 2003 Service Pack 2 (Internet Explorer 6)
Windows Server 2003 x64 Edition Service Pack 2 (Internet Explorer 6)
Windows Server 2003 with SP2 for Itanium-based Systems (Internet Explorer 6)
Windows XP Service Pack 3 (Internet Explorer 7)
Windows XP Professional x64 Edition Service Pack 2 (Internet Explorer 7)
Windows Server 2003 Service Pack 2 (Internet Explorer 7)
Windows Server 2003 x64 Edition Service Pack 2 (Internet Explorer 7)
Windows Server 2003 with SP2 for Itanium-based Systems (Internet Explorer 7)
Windows Vista Service Pack 1 and Windows Vista Service Pack 2 (Internet Explorer 7)
Windows XP Service Pack 3 (Internet Explorer 8)
Windows XP Professional x64 Edition Service Pack 2 (Internet Explorer 8)
Windows Server 2003 Service Pack 2 (Internet Explorer 8)
For a complete list of patch download links, please refer to Microsoft Security Bulletin MS10-090.
-
Microsoft OpenType Font Driver Remote Code Execution Vulnerability (MS10-091)
- Severity
- Urgent 5
- Qualys ID
- 90662
- Vendor Reference
- MS10-091
- CVE Reference
- CVE-2010-3956, CVE-2010-3957, CVE-2010-3959
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
OpenType is a font format developed jointly by Microsoft and Adobe as an extension of Apple's TrueType font format.
A remote code execution vulnerability exists in the way the OpenType Font driver improperly parses specially crafted OpenType fonts. (CVE-2010-3956,CVE-2010-3957,CVE-2010-3959)
Affected Software:
Windows XP Service Pack 3
Windows Server 2003 Service Pack 2
Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows Server 2008 and Windows Server 2008 Service Pack 2
Windows 7 for 32-bit Systems
Windows Server 2008 R2.Windows Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
Dec 2010 Security Updates for XPe and Standard 2009 Are Now on the ECESite (KB2296199)
- Consequence
- An attacker who successfully exploits this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change or delete data; or create new accounts with full user rights.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems
Refer to Microsoft Security Bulletin MS10-091 for further details.
-
Microsoft Windows Task Scheduler Privilege Escalation Vulnerability (MS10-092)
- Severity
- Critical 4
- Qualys ID
- 90658
- Vendor Reference
- MS10-092
- CVE Reference
- CVE-2010-3338
- CVSS Scores
- Base 7.2 / Temporal 6
- Description
-
Task Scheduler is a Windows service that enables the automation of routine tasks on a chosen computer. Task Scheduler does this by monitoring the criteria the user has chosen for initiating tasks (referred to as triggers) and then executing the tasks when the criteria has been met.
An elevation of privilege vulnerability exists when the Windows Task Scheduler improperly validates whether scheduled tasks run within the intended security context, which could allow a local attacker to schedule a task to run in the context of the System or Administrator accounts.. (CVE-2010-3338)
Affected Software:
Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows Server 2008 and Windows Server 2008 Service Pack 2
Windows 7
Windows Server 2008 R2. - Consequence
- By crafting a special task file, a restricted user can gain administrator and SYSTEM privileges. An attacker will need a local user's account to exploit this vulnerability.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems
Refer to Microsoft Security Bulletin MS10-092 for further details.
-
Microsoft Windows Media Encoder Remote Code Execution Vulnerability (MS10-094)
- Severity
- Critical 4
- Qualys ID
- 90667
- Vendor Reference
- MS10-094
- CVE Reference
- CVE-2010-3965
- CVSS Scores
- Base 9.3 / Temporal 7.3
- Description
-
Microsoft Windows Media Encoder is an easy-to-use, powerful production tool for converting both live and prerecorded audio and video to Windows Media Format.
A remote code execution vulnerability exists in Windows Media Encoder because the Windows Media Encoder incorrectly restricts the path used for loading external libraries. (CVE-2010-3965)
Affected Software:
Windows XP Service Pack 3
Windows Server 2003 Service Pack 2
Windows Vista Service Pack 1 and 2
Windows Server 2008 and 2008 Service Pack 2. - Consequence
- An attacker who successfully exploited this vulnerability could run arbitrary code as the logged on user. An attacker could then install programs; view, change or delete data; or create new accounts with full user rights. If the user is logged on with administrative user rights, an attacker could take complete control of the affected system. Users whose accounts are configured to have fewer user rights on the system could be affected less than users who operate with administrative user rights.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Windows XP Service Pack 3 (Windows Media Encoder 9 x86)
Windows XP Professional x64 Edition Service Pack 2 (Windows Media Encoder 9 x86)
Windows XP Professional x64 Edition Service Pack 2 (Windows Media Encoder 9 x64)
Windows Server 2003 Service Pack 2 (Windows Media Encoder 9 x86)
Windows Server 2003 x64 Edition Service Pack 2 (Windows Media Encoder 9 x86)
Windows Server 2003 x64 Edition Service Pack 2 (Windows Media Encoder 9 x64)
Windows Vista Service Pack 1 (Windows Media Encoder 9 x86)
Windows Vista Service Pack 2 (Windows Media Encoder 9 x86)
Windows Vista x64 Edition Service Pack 1 (Windows Media Encoder 9 x86)
Windows Vista x64 Edition Service Pack 1 (Windows Media Encoder 9 x64)
Windows Vista x64 Edition Service Pack 2 (Windows Media Encoder 9 x86)
Windows Vista x64 Edition Service Pack 2 (Windows Media Encoder 9 x64)
Windows Server 2008 for 32-bit Systems (Windows Media Encoder 9 x86)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Media Encoder 9 x86)
Windows Server 2008 for x64-based Systems (Windows Media Encoder 9 x86)
Windows Server 2008 for x64-based Systems (Windows Media Encoder 9 x64)
Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Media Encoder 9 x86)
Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Media Encoder 9 x64)
Refer to Microsoft Security Bulletin MS10-094 for further details.
-
Microsoft Windows Remote Code Execution Vulnerability (MS10-095)
- Severity
- Critical 4
- Qualys ID
- 90660
- Vendor Reference
- MS10-095
- CVE Reference
- CVE-2010-3966
- CVSS Scores
- Base 9.3 / Temporal 7.3
- Description
-
This security update resolves a privately reported vulnerability in Microsoft Windows.
The vulnerability could allow remote code execution if a user opens a file type such as .eml and .rss (Windows Live Mail) or .wpost (Microsoft Live Writer) located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.
This security update is rated Important for all supported editions of Windows 7 and Windows Server 2008 R2.
- Consequence
- An attacker who successfully exploits this vulnerability could execute code remotely.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems
Refer to Microsoft Security Bulletin MS10-095 for further details.
-
Microsoft Windows Address Book Remote Code Execution Vulnerability (MS10-096)
- Severity
- Critical 4
- Qualys ID
- 90668
- Vendor Reference
- MS10-096
- CVE Reference
- CVE-2010-3147
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
The Windows Address Book is an application and service that enables users to store contact information.
A remote code execution vulnerability exists in the way that Windows Address Book handles the loading of DLL files. This vulnerability occurs when the Windows Address Book incorrectly restricts the path used for loading external libraries. (CVE-2010-3147)
Affected Software:
Windows XP Service Pack 3
Windows Server 2003 Service Pack 2
Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows Server 2008 and Windows Server 2008 Service Pack 2
Windows 7 for 32-bit Systems
Windows Server 2008 R2.Windows Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
Dec 2010 Security Updates for XPe and Standard 2009 Are Now on the ECESite (KB2423089)
- Consequence
- An attacker who successfully exploited this vulnerability could run arbitrary code as the logged on user. An attacker could then install programs; view, change or delete data; or create new accounts with full user rights.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems
Refer to Microsoft Security Bulletin MS10-096 for further details.
-
Microsoft Internet Connection Signup Wizard Remote Code Execution Vulnerability (MS10-097)
- Severity
- Critical 4
- Qualys ID
- 90661
- Vendor Reference
- MS10-097
- CVE Reference
- CVE-2010-3144
- CVSS Scores
- Base 9.3 / Temporal 7.3
- Description
-
This security update resolves a publicly disclosed vulnerability in the Internet Connection Signup Wizard of Microsoft Windows.
This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.
Windows Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
Dec 2010 Security Updates for XPe and Standard 2009 Are Now on the ECESite (KB2443105)
- Consequence
- The vulnerability could allow remote code execution if a user opens an .ins or .isp file located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Refer to Microsoft Security Bulletin MS10-097 for further details.
-
Microsoft Windows Kernel-Mode Drivers Elevation of Privilege Vulnerabilities (MS10-098)
- Severity
- Critical 4
- Qualys ID
- 90664
- Vendor Reference
- MS10-098
- CVE Reference
- CVE-2010-3939, CVE-2010-3940, CVE-2010-3941, CVE-2010-3942, CVE-2010-3943, CVE-2010-3944
- CVSS Scores
- Base 7.2 / Temporal 6
- Description
-
This security update resolves one publicly disclosed vulnerability and several privately reported vulnerabilities in Microsoft Windows.
The vulnerabilities could allow elevation of privilege if an attacker logs on locally and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
This security update is rated Important for all supported versions of Microsoft Windows.
Windows Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
Dec 2010 Security Updates for XPe and Standard 2009 Are Now on the ECESite (KB2436673)
- Consequence
- The vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems
Refer to Microsoft Security Bulletin MS10-098 for further details.
-
Microsoft Office Publisher Remote Code Execution Vulnerability (MS10-103)
- Severity
- Critical 4
- Qualys ID
- 110139
- Vendor Reference
- MS10-103
- CVE Reference
- CVE-2010-2569, CVE-2010-2570, CVE-2010-2571, CVE-2010-3954, CVE-2010-3955
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
Microsoft Office Publisher is a desktop publishing application.
Multiple vulnerabilities exists in the file parsing code when Microsoft Office Publisher opens a malicious file.
Vulnerable versions include:
Microsoft Office Publisher 2002 (XP)
Microsoft Office Publisher 2003
Microsoft Office Publisher 2007
Microsoft Office Publisher 2010.Microsoft has released a security update that addresses the vulnerability by correcting the way that Microsoft Office Publisher opens specially crafted Publisher files.
- Consequence
- An attacker can exploit this issue by persuading an unsuspecting user into opening a malicious file. This vulnerability allows attackers to execute arbitrary code on the user's system.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Office XP Service Pack 3 (Microsoft Publisher 2002 Service Pack 3)
Microsoft Office 2003 Service Pack 3 (Microsoft Publisher 2003 Service Pack 3)
Microsoft Office 2007 Service Pack 2 (Microsoft Publisher 2007 Service Pack 2)
Microsoft Office 2010 (32-bit editions) (Microsoft Publisher 2010 (32-bit editions))
Microsoft Office 2010 (64-bit editions) (Microsoft Publisher 2010 (64-bit editions))
Refer to Microsoft Security Bulletin MS10-103 for further details.
-
Microsoft Office Graphics Filters Remote Code Execution (MS10-105)
- Severity
- Critical 4
- Qualys ID
- 110141
- Vendor Reference
- MS10-105
- CVE Reference
- CVE-2010-3945, CVE-2010-3946, CVE-2010-3947, CVE-2010-3949, CVE-2010-3950, CVE-2010-3951, CVE-2010-3952
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
Microsoft Office Graphics filters are vulnerable to the following issues:
GM Image Converter Buffer Overrun Vulnerability - CVE-2010-3945
PICT Image Converter Integer Overflow Vulnerability - CVE-2010-3946
TIFF Image Converter Heap Overflow Vulnerability - CVE-2010-3947
TIFF Image Converter Buffer Overflow Vulnerability - CVE-2010-3949
TIFF Image Converter Memory Corruption Vulnerability - CVE-2010-3950
FlashPix Image Converter Buffer Overflow Vulnerability - CVE-2010-3951
FlashPix Image Converter Heap Corruption Vulnerability - CVE-2010-3952Vulnerable software includes:
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 3
Microsoft Office 2007 Service Pack 2
Microsoft Office 2010
Microsoft Office Converter Pack - Consequence
- An attacker can exploit this issue by persuading an unsuspecting user to open a malicious file. This vulnerability allows attackers to execute arbitrary code on the user's system.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 3
Microsoft Office 2007 Service Pack 2
Microsoft Office 2010 (32-bit editions)
Microsoft Office 2010 (64-bit editions)
Microsoft Office Converter Pack
Refer to Microsoft Security Bulletin MS10-105 for further details.
-
Microsoft Exchange Server Denial of Service Vulnerability (MS10-106)
- Severity
- Critical 4
- Qualys ID
- 90663
- Vendor Reference
- MS10-106
- CVE Reference
- CVE-2010-3937
- CVSS Scores
- Base 4 / Temporal 3.1
- Description
-
This security update resolves a privately reported vulnerability in Microsoft Exchange Server.
The security update addresses the vulnerability by correcting the manner in which the Exchange Server store processes RPC requests.
This security update is rated Moderate for Microsoft Exchange Server 2007 Service Pack 2 for x64-based Systems. - Consequence
- The vulnerability could allow denial of service if an authenticated attacker sent a specially crafted network message to a computer running the Exchange service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Exchange Server 2007 Service Pack 2 for x64-based Systems
Refer to Microsoft Security Bulletin MS10-106 for further details.
-
Microsoft Windows Movie Maker Remote Code Execution Vulnerability (MS10-093)
- Severity
- Critical 4
- Qualys ID
- 90671
- Vendor Reference
- MS10-093
- CVE Reference
- CVE-2010-3967
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
Windows Movie Maker is an application that allows users to create, edit and add special effects to home movies.
A remote code execution vulnerability exists in the way that Windows Movie Maker handles the loading of DLL files. (CVE-2010-3967)
Affected Software:
Windows Vista Service Pack 1 and Windows Vista Service Pack 2. - Consequence
- An attacker who successfully exploited this vulnerability could run arbitrary code as the logged-on user. An attacker could then install programs; view, change or delete data; or create new accounts with full user rights.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Windows Vista Service Pack 1 and Windows Vista Service Pack 2 (Movie Maker 2.6)
Refer to Microsoft Security Bulletin MS10-093 for further details.
-
Microsoft Windows Routing and Remote Access Elevation of Privilege Vulnerability (MS10-099)
- Severity
- Critical 4
- Qualys ID
- 90672
- Vendor Reference
- MS10-099
- CVE Reference
- CVE-2010-3963
- CVSS Scores
- Base 7.2 / Temporal 6
- Description
-
RRAS makes it possible for a computer to function as a network router.
An elevation of privilege vulnerability exists in the Routing and Remote Access NDProxy component of the Windows kernel due to improper validation of input passed from user mode to the kernel. (CVE-2010-3963)
Affected Software:
Windows XP Service Pack 3
Windows Server 2003 Service Pack 2.Windows Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
Dec 2010 Security Updates for XPe and Standard 2009 Are Now on the ECESite (KB2440591)
- Consequence
- An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change or delete data; or create new accounts with full user rights.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Refer to Microsoft Security Bulletin MS10-099 for further details.
-
Microsoft Consent User Interface Elevation of Privilege Vulnerability (MS10-100)
- Severity
- Critical 4
- Qualys ID
- 90665
- Vendor Reference
- MS10-100
- CVE Reference
- CVE-2010-3961
- CVSS Scores
- Base 7.2 / Temporal 5.6
- Description
-
This security update resolves a privately reported vulnerability in the Consent User Interface.
The security update addresses the vulnerability by correcting the manner in which the Consent UI processes values read from the registry.
This security update is rated Important for all supported editions of Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2. - Consequence
- The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application on an affected system. An attacker must have valid logon credentials and the SeImpersonatePrivilege and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems
Refer to Microsoft Security Bulletin MS10-100 for further details.
-
Microsoft Windows Netlogon Service Denial of Service Vulnerability (MS10-101)
- Severity
- Critical 4
- Qualys ID
- 90666
- Vendor Reference
- MS10-101
- CVE Reference
- CVE-2010-2742
- CVSS Scores
- Base 5.4 / Temporal 4.2
- Description
-
This security update resolves a privately reported vulnerability in the Netlogon RPC Service on affected versions of Windows Server that are configured to serve as domain controllers.
This security update is rated Important for all supported editions of Windows Server 2003, Windows Server 2008 (except Itanium-based editions) and Windows Server 2008 R2 (except Itanium-based editions). - Consequence
- The vulnerability could allow denial of service if an attacker sends a specially crafted RPC packet to the Netlogon RPC Service interface on an affected system. An attacker requires administrator privileges on a machine that is joined to the same domain as the affected domain controller in order to exploit this vulnerability.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems
Refer to Microsoft Security Bulletin MS10-101 for further details.
-
Microsoft Hyper-V Denial of Service Vulnerability (MS10-102)
- Severity
- Critical 4
- Qualys ID
- 90669
- Vendor Reference
- MS10-102
- CVE Reference
- CVE-2010-3960
- CVSS Scores
- Base 4.9 / Temporal 3.9
- Description
-
This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V.
This security update is rated Important for all supported x64-based editions of Windows Server 2008 and Windows Server 2008 R2.
The security update addresses the vulnerability by correcting the way the Hyper-V server validates malformed packets sent to the VMBus inside its guest virtual machines. - Consequence
- The vulnerability could allow denial of service if a specially crafted packet is sent to the VMBus by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to send specially crafted content from a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Windows Server 2008 R2 for x64-based Systems
Refer to Microsoft Security Bulletin MS10-102 for further details.
These new vulnerability checks are included in Qualys vulnerability signature 1.27.127-4. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 110140
- 100094
- 90662
- 90658
- 90667
- 90660
- 90668
- 90661
- 90664
- 110139
- 110141
- 90663
- 90671
- 90672
- 90665
- 90666
- 90669
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.