Qualys Vulnerability R&D Lab has released new vulnerability checks in the Qualys Cloud Platform to protect organizations against 15 vulnerabilities that were fixed in 9 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Microsoft has released 9 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
This security update resolves a privately reported vulnerability in the Microsoft Antimalware Client by correcting pathnames used by the Microsoft Antimalware Client.
This security update is rated Important for the Microsoft Antimalware Client in supported versions of Windows Defender for Windows 8 and Windows RT.
Windows XP Professional x64 Edition Service Pack 2
For a complete list of patch download links, please refer to Microsoft Security Bulletin MS13-034.
Workaround:
Use this workaround to block attack vectors for the vulnerability on Windows 8 and Windows RT systems.
Create a backup of the registry keys. Backup copies can be made using a managed deployment script by performing the following command as an administrator:
Regedit.exe /e c:\temp\Windefend_backup.reg HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend
Note When run as an administrator, the above command creates a file named "Windefend_backup.reg" in the c:\temp folder.
Create a text file named Windefend_ImagePath_fix.reg with the following contents:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend]
"ImagePath"=hex(2):22,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,\
69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
00,20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,4d,00,73,00,\
4d,00,70,00,45,00,6e,00,67,00,2e,00,65,00,78,00,65,00,22,00,00,00
Save the Windefend_ImagePath_fix.reg file to the c:\temp folder.
Run the registry script file you created in step 2 on the target system by using one of the following methods:
Method #1:
Double-click the Windefend_ImagePath_fix.reg file.
The following confirmation message should be displayed:
The keys and values contained in C:\temp\Windefend_ImagePath_fix.reg have been successfully added to the registry.
Method #2:
Alternatively, perform the following command as an administrator:
Regedit /s c:\temp\Windefend_ImagePath_fix.reg
Warning When using the command line method above, no confirmation message is displayed. You will not be notified as to whether or not the registry keys and values were successfully added to the registry.
Microsoft Internet Explorer is prone to a remote code execution vulnerability that exists in the way it accesses an object in memory that has been deleted. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.
Microsoft has released a security update that addresses the vulnerability by modifying the way that Internet Explorer handles objects in memory.
This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, and Internet Explorer 10 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, and Internet Explorer 10 on Windows servers.
Windows XP Service Pack 3 (Internet Explorer 6)
Windows XP Professional x64 Edition Service Pack 2 (Internet Explorer 6)
Windows Server 2003 Service Pack 2 (Internet Explorer 6)
Windows Server 2003 x64 Edition Service Pack 2 (Internet Explorer 6)
Windows Server 2003 with SP2 for Itanium-based Systems (Internet Explorer 6)
Windows XP Service Pack 3 (Internet Explorer 7)
Windows XP Professional x64 Edition Service Pack 2 (Internet Explorer 7)
Windows Server 2003 Service Pack 2 (Internet Explorer 7)
Windows Server 2003 x64 Edition Service Pack 2 (Internet Explorer 7)
Windows Server 2003 with SP2 for Itanium-based Systems (Internet Explorer 7)
Windows Vista Service Pack 2 (Internet Explorer 7)
Windows Vista x64 Edition Service Pack 2 (Internet Explorer 7)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Internet Explorer 7)
Windows Server 2003 Service Pack 2 (Internet Explorer 8)
For a complete list of patch download links, please refer to Microsoft Security Bulletin MS13-028.
Workaround:
1. Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
2. Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone
The vulnerability occurs when the Microsoft Remote Desktop ActiveX Control attempts to access an object in memory that has been freed, potentially corrupting memory in a way as that could allow an attacker to execute arbitrary code in the context of the current user.
Microsoft has released a security update that addresses the vulnerability by modifying the way Remote Desktop Client handles objects in memory.
This security update is rated Critical for Remote Desktop Connection 6.1 Client and Remote Desktop Connection 7.0 Client where affected on Windows XP, Windows Vista and Windows 7. It is rated Moderate for Remote Desktop Connection 6.1 Client and Remote Desktop Connection 7.0 Client where affected on Windows Server 2003, Windows Server 2008 and Windows Server 2008 R2.
Windows Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
April 2013 Security Updates are on MyOEM for XPe SP3 and Standard 2009 (KB2813347, 2813345)
July 2013 Security Updates are on MyOEM for XPe SP3 and Standard 2009 (KB2813347)
Windows XP Service Pack 3 (Remote Desktop Connection 6.1 Client)
Windows XP Service Pack 3 (Remote Desktop Connection 7.0 Client)
Windows XP Professional x64 Edition Service Pack 2 (Remote Desktop Connection 6.1 Client)
Windows Server 2003 Service Pack 2 (Remote Desktop Connection 6.1 Client)
Windows Server 2003 x64 Edition Service Pack 2 (Remote Desktop Connection 6.1 Client)
Windows Vista Service Pack 2 (Remote Desktop Connection 6.1 Client)
Windows Vista Service Pack 2 (Remote Desktop Connection 7.0 Client)
Windows Vista x64 Edition Service Pack 2 (Remote Desktop Connection 6.1 Client)
Windows Vista x64 Edition Service Pack 2 (Remote Desktop Connection 7.0 Client)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Remote Desktop Connection 6.1 Client)
Windows Server 2008 for x64-based Systems Service Pack 2 (Remote Desktop Connection 6.1 Client)
Windows Server 2008 for Itanium-based Systems Service Pack 2 (Remote Desktop Connection 6.1 Client)
Windows 7 for 32-bit Systems (Remote Desktop Connection 7.0 Client)
Windows 7 for 32-bit Systems Service Pack 1 (Remote Desktop Connection 7.0 Client)
Windows 7 for x64-based Systems (Remote Desktop Connection 7.0 Client)
Windows 7 for x64-based Systems Service Pack 1 (Remote Desktop Connection 7.0 Client)
For a complete list of patch download links, please refer to Microsoft Security Bulletin MS13-029.
Affected Software:
Microsoft SharePoint Server 2013
This security update is rated Important for Microsoft SharePoint Server 2013.
NOTE: This update requires prior installation of the Project Server 2013 cumulative update (2768001).
Microsoft SharePoint Server 2013
Refer to Microsoft Security Bulletin MS13-030 for further details.
The Ntoskrnl.exe file is prone to multiple race conditions that could be leveraged by an attacker to execute code with elevated privileges. These vulnerabilities are caused by improper handling of objects in the system memory.
This security update is rated Important for all supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT.
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
For a complete list of patch download links, please refer to Microsoft Security Bulletin MS13-031.
A denial of service vulnerability exists in implementations of Active Directory that could cause the service to stop responding. The vulnerability occurs when the LDAP service fails to handle a specially crafted query (CVE-2013-1282).
This security update is rated Important for Active Directory, Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Service (AD LDS), and Active Directory Services on Microsoft Windows servers (excluding Itanium-based systems) and rated Low on Microsoft Windows clients.
Windows XP Service Pack 3 (Active Directory Application Mode (ADAM))
Windows XP Professional x64 Edition Service Pack 2 (Active Directory Application Mode (ADAM))
Windows Server 2003 Service Pack 2 (Active Directory)
Windows Server 2003 Service Pack 2 (Active Directory Application Mode (ADAM))
Windows Server 2003 x64 Edition Service Pack 2 (Active Directory)
Windows Server 2003 x64 Edition Service Pack 2 (Active Directory Application Mode (ADAM))
Windows Server 2003 with SP2 for Itanium-based Systems (Active Directory)
Windows Vista Service Pack 2 (Active Directory Lightweight Directory Service (AD LDS))
Windows Vista x64 Edition Service Pack 2 (Active Directory Lightweight Directory Service (AD LDS))
Windows Server 2008 for 32-bit Systems Service Pack 2 (Active Directory Services)
Windows Server 2008 for x64-based Systems Service Pack 2 (Active Directory Services)
Windows 7 for 32-bit Systems (Active Directory Lightweight Directory Service (AD LDS))
Windows 7 for x64-based Systems (Active Directory Lightweight Directory Service (AD LDS))
For a complete list of patch download links, please refer to Microsoft Security Bulletin ms13-032.
An elevation of privilege vulnerability exists when the Windows CSRSS improperly handles objects in memory. The security update addresses the vulnerability by correcting the way Windows CSRSS handles objects in memory.
Affected Versions:-
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
It is rated as Important for all supported editions.
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Refer to Microsoft Security Bulletin MS13-033 for further details.
An elevation of privilege vulnerability exists in the way HTML strings are sanitized.
This security update is rated Important for supported editions of Microsoft SharePoint Server 2010, Microsoft Groove Server 2010, Microsoft SharePoint Foundation 2010 and Microsoft Office Web Apps 2010.
Microsoft InfoPath 2010 Service Pack 1 (32-bit editions)
Microsoft InfoPath 2010 Service Pack 1 (32-bit editions)
Microsoft InfoPath 2010 Service Pack 1 (64-bit editions)
Microsoft InfoPath 2010 Service Pack 1 (64-bit editions)
Microsoft Groove Server 2010 Service Pack 1
Microsoft SharePoint Foundation 2010 Service Pack 1
Microsoft Office Web Apps 2010 Service Pack 1
Refer to Microsoft Security Bulletin MS13-035 for further details.
This security update addresses the vulnerabilities by correcting the way the Windows kernel-mode and NTFS kernel-mode drivers handle objects in memory and the way the Windows kernel-mode drivers handle a specially crafted font file.
This security update is rated Important for all supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012 and Windows RT.
Note:The MS13-036 update patches two race condition vulnerabilities (CVE-2013-1238 and CVE-2013-1292), a font parsing vulnerability (CVE-2013-1291) and a NTFS NULL pointer deference vulnerability (CVE-2013-1293) that lead to privilege escalation for attackers. Security update KB2823324 addresses the NTFS null pointer deference vulnerability.
Microsoft released KB2840149 for Windows Vista, Windows 7, Windows 2008 and Windows Server R2. This replaces KB2823324.
Microsoft recommends that security update KB2823324 be uninstalled. Instructions to uninstall Security Update KB2823324 can be found under KB2839011.
Only update Security Update KB2823324 has been removed from the Windows download center.
Further details can be found at Microsoft Security Response Center.
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
For a complete list of patch download links, please refer to Microsoft Security Bulletin MS13-036.
These new vulnerability checks are included in Qualys vulnerability signature 2.2.405-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
To perform a selective vulnerability scan, configure a scan profile to use the following options:
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Platforms and Platform Identification
For more information, customers may contact Qualys Technical Support.
The Qualys Cloud Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.