Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 40 vulnerabilities that were fixed in 17 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Microsoft has released 17 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
There is a remote code execution issue with the Document Conversions Launcher Service. This service does not properly validates Simple Object Access Protocol (SOAP) requests. Microsoft Office SharePoint Server 2007 Service Pack 2 is vulnerable.
Microsoft Office SharePoint Server 2007 Service Pack 2 (32-bit editions)
Microsoft Office SharePoint Server 2007 Service Pack 2 (64-bit editions)
Refer to Microsoft Security Bulletin MS10-104 for further details.
The security update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory and script during certain processes.
This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8.
Windows Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
Dec 2010 Security Updates for XPe and Standard 2009 Are Now on the ECESite (KB2416400)
Windows XP Service Pack 3 (Internet Explorer 6)
Windows XP Professional x64 Edition Service Pack 2 (Internet Explorer 6)
Windows Server 2003 Service Pack 2 (Internet Explorer 6)
Windows Server 2003 x64 Edition Service Pack 2 (Internet Explorer 6)
Windows Server 2003 with SP2 for Itanium-based Systems (Internet Explorer 6)
Windows XP Service Pack 3 (Internet Explorer 7)
Windows XP Professional x64 Edition Service Pack 2 (Internet Explorer 7)
Windows Server 2003 Service Pack 2 (Internet Explorer 7)
Windows Server 2003 x64 Edition Service Pack 2 (Internet Explorer 7)
Windows Server 2003 with SP2 for Itanium-based Systems (Internet Explorer 7)
Windows Vista Service Pack 1 and Windows Vista Service Pack 2 (Internet Explorer 7)
Windows XP Service Pack 3 (Internet Explorer 8)
Windows XP Professional x64 Edition Service Pack 2 (Internet Explorer 8)
Windows Server 2003 Service Pack 2 (Internet Explorer 8)
For a complete list of patch download links, please refer to Microsoft Security Bulletin MS10-090.
A remote code execution vulnerability exists in the way the OpenType Font driver improperly parses specially crafted OpenType fonts. (CVE-2010-3956,CVE-2010-3957,CVE-2010-3959)
Affected Software:
Windows XP Service Pack 3
Windows Server 2003 Service Pack 2
Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows Server 2008 and Windows Server 2008 Service Pack 2
Windows 7 for 32-bit Systems
Windows Server 2008 R2.
Windows Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
Dec 2010 Security Updates for XPe and Standard 2009 Are Now on the ECESite (KB2296199)
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems
Refer to Microsoft Security Bulletin MS10-091 for further details.
An elevation of privilege vulnerability exists when the Windows Task Scheduler improperly validates whether scheduled tasks run within the intended security context, which could allow a local attacker to schedule a task to run in the context of the System or Administrator accounts.. (CVE-2010-3338)
Affected Software:
Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows Server 2008 and Windows Server 2008 Service Pack 2
Windows 7
Windows Server 2008 R2.
Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems
Refer to Microsoft Security Bulletin MS10-092 for further details.
A remote code execution vulnerability exists in Windows Media Encoder because the Windows Media Encoder incorrectly restricts the path used for loading external libraries. (CVE-2010-3965)
Affected Software:
Windows XP Service Pack 3
Windows Server 2003 Service Pack 2
Windows Vista Service Pack 1 and 2
Windows Server 2008 and 2008 Service Pack 2.
Windows XP Service Pack 3 (Windows Media Encoder 9 x86)
Windows XP Professional x64 Edition Service Pack 2 (Windows Media Encoder 9 x86)
Windows XP Professional x64 Edition Service Pack 2 (Windows Media Encoder 9 x64)
Windows Server 2003 Service Pack 2 (Windows Media Encoder 9 x86)
Windows Server 2003 x64 Edition Service Pack 2 (Windows Media Encoder 9 x86)
Windows Server 2003 x64 Edition Service Pack 2 (Windows Media Encoder 9 x64)
Windows Vista Service Pack 1 (Windows Media Encoder 9 x86)
Windows Vista Service Pack 2 (Windows Media Encoder 9 x86)
Windows Vista x64 Edition Service Pack 1 (Windows Media Encoder 9 x86)
Windows Vista x64 Edition Service Pack 1 (Windows Media Encoder 9 x64)
Windows Vista x64 Edition Service Pack 2 (Windows Media Encoder 9 x86)
Windows Vista x64 Edition Service Pack 2 (Windows Media Encoder 9 x64)
Windows Server 2008 for 32-bit Systems (Windows Media Encoder 9 x86)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Media Encoder 9 x86)
Windows Server 2008 for x64-based Systems (Windows Media Encoder 9 x86)
Windows Server 2008 for x64-based Systems (Windows Media Encoder 9 x64)
Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Media Encoder 9 x86)
Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Media Encoder 9 x64)
Refer to Microsoft Security Bulletin MS10-094 for further details.
The vulnerability could allow remote code execution if a user opens a file type such as .eml and .rss (Windows Live Mail) or .wpost (Microsoft Live Writer) located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.
This security update is rated Important for all supported editions of Windows 7 and Windows Server 2008 R2.
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems
Refer to Microsoft Security Bulletin MS10-095 for further details.
A remote code execution vulnerability exists in the way that Windows Address Book handles the loading of DLL files. This vulnerability occurs when the Windows Address Book incorrectly restricts the path used for loading external libraries. (CVE-2010-3147)
Affected Software:
Windows XP Service Pack 3
Windows Server 2003 Service Pack 2
Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows Server 2008 and Windows Server 2008 Service Pack 2
Windows 7 for 32-bit Systems
Windows Server 2008 R2.
Windows Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
Dec 2010 Security Updates for XPe and Standard 2009 Are Now on the ECESite (KB2423089)
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems
Refer to Microsoft Security Bulletin MS10-096 for further details.
This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.
Windows Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
Dec 2010 Security Updates for XPe and Standard 2009 Are Now on the ECESite (KB2443105)
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Refer to Microsoft Security Bulletin MS10-097 for further details.
The vulnerabilities could allow elevation of privilege if an attacker logs on locally and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
This security update is rated Important for all supported versions of Microsoft Windows.
Windows Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
Dec 2010 Security Updates for XPe and Standard 2009 Are Now on the ECESite (KB2436673)
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems
Refer to Microsoft Security Bulletin MS10-098 for further details.
Multiple vulnerabilities exists in the file parsing code when Microsoft Office Publisher opens a malicious file.
Vulnerable versions include:
Microsoft Office Publisher 2002 (XP)
Microsoft Office Publisher 2003
Microsoft Office Publisher 2007
Microsoft Office Publisher 2010.
Microsoft has released a security update that addresses the vulnerability by correcting the way that Microsoft Office Publisher opens specially crafted Publisher files.
Microsoft Office XP Service Pack 3 (Microsoft Publisher 2002 Service Pack 3)
Microsoft Office 2003 Service Pack 3 (Microsoft Publisher 2003 Service Pack 3)
Microsoft Office 2007 Service Pack 2 (Microsoft Publisher 2007 Service Pack 2)
Microsoft Office 2010 (32-bit editions) (Microsoft Publisher 2010 (32-bit editions))
Microsoft Office 2010 (64-bit editions) (Microsoft Publisher 2010 (64-bit editions))
Refer to Microsoft Security Bulletin MS10-103 for further details.
GM Image Converter Buffer Overrun Vulnerability - CVE-2010-3945
PICT Image Converter Integer Overflow Vulnerability - CVE-2010-3946
TIFF Image Converter Heap Overflow Vulnerability - CVE-2010-3947
TIFF Image Converter Buffer Overflow Vulnerability - CVE-2010-3949
TIFF Image Converter Memory Corruption Vulnerability - CVE-2010-3950
FlashPix Image Converter Buffer Overflow Vulnerability - CVE-2010-3951
FlashPix Image Converter Heap Corruption Vulnerability - CVE-2010-3952
Vulnerable software includes:
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 3
Microsoft Office 2007 Service Pack 2
Microsoft Office 2010
Microsoft Office Converter Pack
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 3
Microsoft Office 2007 Service Pack 2
Microsoft Office 2010 (32-bit editions)
Microsoft Office 2010 (64-bit editions)
Microsoft Office Converter Pack
Refer to Microsoft Security Bulletin MS10-105 for further details.
Microsoft Exchange Server 2007 Service Pack 2 for x64-based Systems
Refer to Microsoft Security Bulletin MS10-106 for further details.
A remote code execution vulnerability exists in the way that Windows Movie Maker handles the loading of DLL files. (CVE-2010-3967)
Affected Software:
Windows Vista Service Pack 1 and Windows Vista Service Pack 2.
Windows Vista Service Pack 1 and Windows Vista Service Pack 2 (Movie Maker 2.6)
Refer to Microsoft Security Bulletin MS10-093 for further details.
An elevation of privilege vulnerability exists in the Routing and Remote Access NDProxy component of the Windows kernel due to improper validation of input passed from user mode to the kernel. (CVE-2010-3963)
Affected Software:
Windows XP Service Pack 3
Windows Server 2003 Service Pack 2.
Windows Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
Dec 2010 Security Updates for XPe and Standard 2009 Are Now on the ECESite (KB2440591)
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Refer to Microsoft Security Bulletin MS10-099 for further details.
Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems
Refer to Microsoft Security Bulletin MS10-100 for further details.
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems
Refer to Microsoft Security Bulletin MS10-101 for further details.
Windows Server 2008 R2 for x64-based Systems
Refer to Microsoft Security Bulletin MS10-102 for further details.
These new vulnerability checks are included in Qualys vulnerability signature 1.27.127-4. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
To perform a selective vulnerability scan, configure a scan profile to use the following options:
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Platforms and Platform Identification
For more information, customers may contact Qualys Technical Support.
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.