Microsoft security alert.
September 10, 2013
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 47 vulnerabilities that were fixed in 13 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 13 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Internet Explorer Multiple Remote Code Execution Vulnerabilities (MS13-069)
- Severity
- Urgent 5
- Qualys ID
- 100162
- Vendor Reference
- MS13-069
- CVE Reference
- CVE-2013-3201, CVE-2013-3202, CVE-2013-3203, CVE-2013-3204, CVE-2013-3205, CVE-2013-3206, CVE-2013-3207, CVE-2013-3208, CVE-2013-3209, CVE-2013-3845
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
Microsoft Internet Explorer is a graphical web browser developed by Microsoft and included as part of the Microsoft Windows operating systems.
Microsoft Internet Explorer is affected by following vulnerabilities. Multiple memory corruption vulnerabilities that exists in the way that Internet Explorer improperly handles objects in memory. An attacker could host a specially crafted website designed to exploit these vulnerabilities through Internet Explorer and then convince a user to view the website.
This security update is rated Critical for Internet Explorer 6, 7, 8, 9 and 10 on Windows clients and Moderate for Internet Explorer 6, 7, 8, 9 and 10 on Windows servers.
- Consequence
- An attacker who successfully exploited these vulnerabilities could execute arbitrary code on affected systems with elevated privileges.
- Solution
-
Following are links for downloading patches to fix the vulnerabilities:
Windows XP Service Pack 3 (Internet Explorer 6)
Windows XP Professional x64 Edition Service Pack 2 (Internet Explorer 6)
Windows Server 2003 Service Pack 2 (Internet Explorer 6)
Windows Server 2003 x64 Edition Service Pack 2 (Internet Explorer 6)
Windows Server 2003 with SP2 for Itanium-based Systems (Internet Explorer 6)
Windows XP Service Pack 3 (Internet Explorer 7)
Windows XP Professional x64 Edition Service Pack 2 (Internet Explorer 7)
Windows Server 2003 Service Pack 2 (Internet Explorer 7)
Windows Server 2003 x64 Edition Service Pack 2 (Internet Explorer 7)
Windows Server 2003 with SP2 for Itanium-based Systems (Internet Explorer 7)
Windows Vista Service Pack 2 (Internet Explorer 7)
Windows Vista x64 Edition Service Pack 2 (Internet Explorer 7)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Internet Explorer 7)
Windows Server 2008 for x64-based Systems Service Pack 2 (Internet Explorer 7)
Windows Server 2008 for Itanium-based Systems Service Pack 2 (Internet Explorer 7)
For a complete list of patch download links, please refer to Microsoft Security Bulletin MS13-069.
Workaround:
1. Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
2. Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-069 Windows 7 for 32-bit Systems Service Pack 1(Internet Explorer 10)
MS13-069 Windows 7 for 32-bit Systems Service Pack 1(Internet Explorer 8)
MS13-069 Windows 7 for 32-bit Systems Service Pack 1(Internet Explorer 9)
MS13-069 Windows 7 for x64-based Systems Service Pack 1(Internet Explorer 10)
MS13-069 Windows 7 for x64-based Systems Service Pack 1(Internet Explorer 8)
MS13-069 Windows 7 for x64-based Systems Service Pack 1(Internet Explorer 9)
MS13-069 Windows 8 for 32-bit Systems(Internet Explorer 10)
MS13-069 Windows 8 for 64-bit Systems(Internet Explorer 10)
MS13-069 Windows Server 2003 Service Pack 2(Internet Explorer 6)
MS13-069 Windows Server 2003 Service Pack 2(Internet Explorer 7)
MS13-069 Windows Server 2003 Service Pack 2(Internet Explorer 8)
MS13-069 Windows Server 2003 with SP2 for Itanium-based Systems(Internet Explorer 6)
MS13-069 Windows Server 2003 with SP2 for Itanium-based Systems(Internet Explorer 7)
MS13-069 Windows Server 2003 x64 Edition Service Pack 2(Internet Explorer 6)
MS13-069 Windows Server 2003 x64 Edition Service Pack 2(Internet Explorer 7)
MS13-069 Windows Server 2003 x64 Edition Service Pack 2(Internet Explorer 8)
MS13-069 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(Internet Explorer 8)
MS13-069 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Internet Explorer 10)
MS13-069 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Internet Explorer 8)
MS13-069 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Internet Explorer 9)
MS13-069 Windows Server 2008 for 32-bit Systems Service Pack 2(Internet Explorer 7)
MS13-069 Windows Server 2008 for 32-bit Systems Service Pack 2(Internet Explorer 8)
MS13-069 Windows Server 2008 for 32-bit Systems Service Pack 2(Internet Explorer 9)
MS13-069 Windows Server 2008 for Itanium-based Systems Service Pack 2(Internet Explorer 7)
MS13-069 Windows Server 2008 for x64-based Systems Service Pack 2(Internet Explorer 7)
MS13-069 Windows Server 2008 for x64-based Systems Service Pack 2(Internet Explorer 8)
MS13-069 Windows Server 2008 for x64-based Systems Service Pack 2(Internet Explorer 9)
MS13-069 Windows Server 2012(Internet Explorer 10)
MS13-069 Windows Vista Service Pack 2(Internet Explorer 7)
MS13-069 Windows Vista Service Pack 2(Internet Explorer 8)
MS13-069 Windows Vista Service Pack 2(Internet Explorer 9)
MS13-069 Windows Vista x64 Edition Service Pack 2(Internet Explorer 7)
MS13-069 Windows Vista x64 Edition Service Pack 2(Internet Explorer 8)
MS13-069 Windows Vista x64 Edition Service Pack 2(Internet Explorer 9)
MS13-069 Windows XP Professional x64 Edition Service Pack 2(Internet Explorer 6)
MS13-069 Windows XP Professional x64 Edition Service Pack 2(Internet Explorer 7)
MS13-069 Windows XP Professional x64 Edition Service Pack 2(Internet Explorer 8)
MS13-069 Windows XP Service Pack 3(Internet Explorer 6)
MS13-069 Windows XP Service Pack 3(Internet Explorer 7)
MS13-069 Windows XP Service Pack 3(Internet Explorer 8)
-
Microsoft SharePoint Server Remote Code Execution Vulnerabilities (MS13-067)
- Severity
- Critical 4
- Qualys ID
- 110217
- Vendor Reference
- MS13-067
- CVE Reference
- CVE-2013-0081, CVE-2013-1315, CVE-2013-1330, CVE-2013-3179, CVE-2013-3180, CVE-2013-3847, CVE-2013-3848, CVE-2013-3849, CVE-2013-3857, CVE-2013-3858
- CVSS Scores
- Base 10 / Temporal 7.8
- Description
-
Microsoft SharePoint is prone to one publicly disclosed vulnerability and nine privately reported vulnerabilities in Microsoft Office Server software.
Microsoft has released a security update that addresses the vulnerabilities by enabling machine authentication check (MAC) according to best practices, correcting how SharePoint Server sanitizes requests, correcting how SharePoint Server verifies and handles undefined workflows, and correcting how Microsoft Office Services and Web Apps parse specially crafted files.
This security update is rated Critical for supported editions of Microsoft SharePoint Server 2007, Microsoft SharePoint Server 2010, Microsoft SharePoint Services 2.0, Microsoft SharePoint Services 3.0, and Microsoft SharePoint Foundation 2010. This security update is also rated Critical for affected Microsoft Office Services and Web Apps on supported editions of Microsoft SharePoint Server 2010. In addition, this security update is rated Important for Microsoft SharePoint Server 2013, Microsoft SharePoint Foundation 2013, and Excel Services on Microsoft SharePoint Server 2007.
- Consequence
- Exploitation could result in remote code execution in the context of the W3WP service account.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft SharePoint Portal Server 2003 Service Pack 3 (Microsoft Windows SharePoint Services 2.0)
Microsoft SharePoint Server 2013 (Microsoft SharePoint Foundation 2013)
For a complete list of patch download links, please refer to Microsoft Security Bulletin MS13-067.
Workaround:
Microsoft Office Memory Corruption Vulnerability:Do not open Office files that you receive from untrusted sources or that you receive unexpectedly from trusted sources.
MAC Disabled Vulnerability:
Enable viewstate MAC on sites where it is not already enabled.
Multiple Memory Corruption Vulnerabilities in Word:
Do not open Office files that you receive from untrusted sources or that you receive unexpectedly from trusted sources
-
Microsoft Outlook Remote Code Execution Vulnerability (MS13-068)
- Severity
- Urgent 5
- Qualys ID
- 110220
- Vendor Reference
- MS13-068
- CVE Reference
- CVE-2013-3870
- CVSS Scores
- Base 9.3 / Temporal 7.3
- Description
-
A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted S/MIME email messages. (CVE-2013-3870)
Affected Software:
Microsoft Outlook 2007 Service Pack 3
Microsoft Outlook 2010 Service Pack 1
Microsoft Outlook 2010 Service Pack 2This security update is rated Critical for all supported releases of Microsoft Windows.
- Consequence
- An attacker who successfully exploited this vulnerability could run arbitrary code as the logged-on user. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Office 2007 Service Pack 3 (Microsoft Outlook 2007 Service Pack 3)
Refer to Microsoft Security Bulletin MS13-068 for further details.
-
Microsoft Windows OLE Remote Code Execution Vulnerability (MS13-070)
- Severity
- Critical 4
- Qualys ID
- 90908
- Vendor Reference
- MS13-070
- CVE Reference
- CVE-2013-3863
- CVSS Scores
- Base 9.3 / Temporal 6.9
- Description
-
A vulnerability exists in OLE that could lead to remote code execution if a user opens a file that contains a specially crafted OLE object. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user (CVE-2013-3863).
This security update is rated Critical for all supported editions of Windows XP and Windows Server 2003.
- Consequence
- Successfully exploiting this vulnerability might allow a remote attacker to execute arbitrary code.
- Solution
-
N/A
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-070 Windows Server 2003 Service Pack 2
MS13-070 Windows Server 2003 with SP2 for Itanium-based Systems
MS13-070 Windows Server 2003 x64 Edition Service Pack 2
MS13-070 Windows XP Professional x64 Edition Service Pack 2
MS13-070 Windows XP Service Pack 3
-
Microsoft Windows Theme File Remote Code Execution Vulnerability (MS13-071)
- Severity
- Critical 4
- Qualys ID
- 90905
- Vendor Reference
- MS13-071
- CVE Reference
- CVE-2013-0810
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
A Microsoft Windows Theme (.theme) file is a .ini text file that is divided into sections, which specify personalization settings that change how your desktop looks and sounds. It enables you to change the appearance of certain desktop elements and simultaneously change the desktop background, window border color, sounds, and screen saver on your Windows PC. Users can switch between themes and can create, and share, personalized themes.
The vulnerability exists because Microsoft Windows improperly handles certain theme and screensaver files.
This security update is rated Important for all supported editions of Windows XP and Windows Server 2003.
- Consequence
- An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary code on the targeted system via a crafted Windows theme file.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Refer to Microsoft Security Bulletin MS13-071 for further details.
-
Microsoft Office Remote Code Execution Vulnerability (MS13-072)
- Severity
- Critical 4
- Qualys ID
- 110216
- Vendor Reference
- MS13-072
- CVE Reference
- CVE-2013-3160, CVE-2013-3847, CVE-2013-3848, CVE-2013-3849, CVE-2013-3850, CVE-2013-3851, CVE-2013-3852, CVE-2013-3853, CVE-2013-3854, CVE-2013-3855, CVE-2013-3856, CVE-2013-3857, CVE-2013-3858
- CVSS Scores
- Base 9.3 / Temporal 6.9
- Description
-
An information disclosure vulnerability exists in the Microsoft Word. The vulnerability is caused when Microsoft Word improperly handles XML external entities that are resolved within other XML external entity declarations.
Affected Software:
Microsoft Office 2003 Service Pack 3
Microsoft Word 2003 Service Pack 3
Microsoft Office 2007 Service Pack 3
Microsoft Word 2007 Service Pack 3
Microsoft Word 2010 Service Pack 1
Microsoft Word 2010 Service Pack 2
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Word ViewerThis security update is rated Important for all supported releases of Microsoft Windows.
- Consequence
- An attacker who successfully exploited this vulnerability would be able to read data from files on the target system.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Office 2003 Service Pack 3
Microsoft Office 2003 Service Pack 3 (Microsoft Word 2003 Service Pack 3)
Microsoft Office 2007 Service Pack 3
Microsoft Office 2007 Service Pack 3
Microsoft Office 2007 Service Pack 3 (Microsoft Word 2007 Service Pack 3)
Microsoft Office Compatibility Pack Service Pack 3
Refer to Microsoft Security Bulletin MS13-072 for further details.
-
Microsoft Excel Remote Code Execution Vulnerabilities (MS13-073)
- Severity
- Urgent 5
- Qualys ID
- 110219
- Vendor Reference
- MS13-073
- CVE Reference
- CVE-2013-1315, CVE-2013-3158, CVE-2013-3159
- CVSS Scores
- Base 9.3 / Temporal 7.3
- Description
-
Microsoft Excel is a proprietary spreadsheet application written and distributed by Microsoft.
Excel is prone to multiple remote code execution vulnerabilities that exist in the way that Microsoft Excel handles specially crafted Excel files.
Microsoft has released a security update that addresses the vulnerabilities by correcting how Microsoft Excel parses and validates data when opening specially crafted Excel files.
This security update is rated Important for all supported editions of Microsoft Excel 2003, Microsoft Excel 2007, Microsoft Excel 2010, Microsoft Excel 2013, Microsoft Excel 2013 RT, and Microsoft Office for Mac 2011; it is also rated Important for supported versions of Microsoft Excel Viewer and Microsoft Office Compatibility Pack.
- Consequence
- The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploits these vulnerabilities could gain the same user rights as the logged-on user.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Security Bulletin MS13-073
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-073
-
Microsoft Office Access Multiple Memory Corruption Vulnerabilities (MS13-074)
- Severity
- Critical 4
- Qualys ID
- 110218
- Vendor Reference
- MS13-074
- CVE Reference
- CVE-2013-3155, CVE-2013-3156, CVE-2013-3157
- CVSS Scores
- Base 9.3 / Temporal 7.3
- Description
-
Microsoft Office Access is a database management system that combines the relational Microsoft Jet Database Engine with a graphical user interface and software-development tools. It is a member of the Microsoft Office suite of applications, included in the Professional and higher editions or sold separately.
The vulnerabilities exists because of improper handling of memory by Microsoft Access, when opening specially crafted Access files. The vulnerabilities are:
- CVE-2013-3155 - Access Memory Corruption Vulnerability
- CVE-2013-3156 - Access File Format Memory Corruption Vulnerability
- CVE-2013-3157 - Access Memory Corruption VulnerabilityThis security update is rated Important for supported editions of Microsoft Access 2007, Microsoft Access 2010, and Microsoft Access 2013.
- Consequence
-
Successful exploitation could allow remote, unauthenticated attackers to execute arbitrary code on the targeted system.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Security Bulletin MS13-074
-
Microsoft Office IME (Chinese) Elevation of Privilege Vulnerability (MS13-075)
- Severity
- Serious 3
- Qualys ID
- 110214
- Vendor Reference
- MS13-075
- CVE Reference
- CVE-2013-3859
- CVSS Scores
- Base 6.9 / Temporal 5.1
- Description
-
An elevation of privilege vulnerability exists in Office IME for Chinese that could allow a low-privilege user to elevate their access privileges.
The security update addresses the vulnerability by correcting the manner in which the Microsoft Office IME (Chinese) exposes configuration options not designed to run on the secure desktop.
This security update is rated Important for all supported editions of Microsoft Office 2010 where Microsoft Pinyin IME 2010 is installed.
- Consequence
- If this vulnerability is successfully exploited, attackers can run arbitrary code as the local system and take complete control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Office 2010 Service Pack 1 (32-bit editions) (Microsoft Pinyin IME 2010 (32-bit version))
Microsoft Office 2010 Service Pack 1 (64-bit editions) (Microsoft Pinyin IME 2010 (64-bit version))
Refer to Microsoft Security Bulletin MS13-075 for further details.
-
Microsoft Windows Kernel-Mode Drivers Elevation of Privilege (MS13-076)
- Severity
- Urgent 5
- Qualys ID
- 90907
- Vendor Reference
- MS13-076
- CVE Reference
- CVE-2013-1341, CVE-2013-1342, CVE-2013-1343, CVE-2013-1344, CVE-2013-3864, CVE-2013-3865, CVE-2013-3866
- CVSS Scores
- Base 7.2 / Temporal 5.3
- Description
-
The Windows kernel is the core of the operating system. It provides system-level services such as device management and memory management, allocates processor time to processes, and manages error handling.
The kernel is prone to the following vulnerabilities:
- An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory. (CVE-2013-1300, CVE-2013-1345, CVE-2013-3173)
- An elevation of privilege vulnerability exists in the way that the Windows kernel-mode driver improperly handles objects in memory. (CVE-2013-3866)
Microsoft has released a security update that addresses the vulnerabilities by correcting the way the Windows kernel-mode drivers handle objects in memory.
This security update is rated Important for all supported releases of Microsoft Windows.
- Consequence
-
Successful exploitation of these vulnerabilities could allow a local attacker to execute arbitrary code with elevated privileges.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
For a complete list of patch download links, please refer to Microsoft Security Bulletin MS13-076.
-
Microsoft Windows Service Control Manager Could Allow Elevation of Privilege (MS13-077)
- Severity
- Serious 3
- Qualys ID
- 90906
- Vendor Reference
- MS13-077
- CVE Reference
- CVE-2013-3862
- CVSS Scores
- Base 6.9 / Temporal 5.1
- Description
-
The Windows Service Control Manager (SCM) maintains a database of the installed services and driver services that allow the operating system to start successfully, and provides a means of controlling them. The database includes configuration and security information about each service or driver service.
An elevation of privilege vulnerability exists when the Windows Service Control Manager improperly handles objects in memory. (CVE-2013-3862)
This security update is rated Important.
Affected Software:
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) - Consequence
- An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the local system. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Refer to Microsoft Security Bulletin MS13-077 for further details.
Workaround:
Microsoft has not identified any workarounds for this vulnerability.
-
Microsoft FrontPage Information Disclosure Vulnerability (MS13-078)
- Severity
- Serious 3
- Qualys ID
- 110215
- Vendor Reference
- MS13-078
- CVE Reference
- CVE-2013-3137
- CVSS Scores
- Base 4.3 / Temporal 3.6
- Description
-
This security update resolves a privately reported vulnerability in Microsoft FrontPage. The vulnerability could allow information disclosure if a user opens a specially crafted FrontPage document.
The security update addresses the vulnerability by ensuring that FrontPage properly handles Document Type Definition (DTD) entities.
DTD, standing for document type definition, is a file format type that is used in XML and other markup languages to identify the markup to be used to format a document.
Affected Software:
Microsoft FrontPage 2003 Service Pack 3 - Consequence
- An attacker who successfully exploited this vulnerability could disclose the contents of a local file on a target system. The vulnerability cannot be exploited automatically; for an attack to be successful a user must be convinced to open the specially crafted document.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft FrontPage 2003 Service Pack 3
Refer to Microsoft Security Bulletin MS13-078 for further details.
-
Microsoft Windows Active Directory Denial of Service Vulnerability (MS13-079)
- Severity
- Serious 3
- Qualys ID
- 90909
- Vendor Reference
- MS13-079
- CVE Reference
- CVE-2013-3868
- CVSS Scores
- Base 5 / Temporal 3.9
- Description
-
A denial of service vulnerability exists in implementations of Active Directory Services and AD LDS that could cause the LDAP directory service to stop responding until an administrator restarts the service. The vulnerability is caused when the LDAP directory service fails to handle a specially crafted query (CVE-2013-3868).
This security update is rated Important for Active Directory Lightweight Directory Service (AD LDS) and Active Directory Services where affected on Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012.
- Consequence
- Successfully exploiting this vulnerability might allow a remote attacker to cause denial of service like conditions.
- Solution
-
N/A
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-079 Windows 7 for 32-bit Systems Service Pack 1(Active Directory Lightweight Directory Service (AD LDS))
MS13-079 Windows 7 for x64-based Systems Service Pack 1(Active Directory Lightweight Directory Service (AD LDS))
MS13-079 Windows 8 for 32-bit Systems(Active Directory Lightweight Directory Service (AD LDS))
MS13-079 Windows 8 for 64-bit Systems(Active Directory Lightweight Directory Service (AD LDS))
MS13-079 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Active Directory Services and Active Directory Lightweight Directory Service (AD LDS))
MS13-079 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(Active Directory Services and Active Directory Lightweight Directory Service (AD LDS))
MS13-079 Windows Server 2008 for 32-bit Systems Service Pack 2(Active Directory Services and Active Directory Lightweight Directory Service (AD LDS))
MS13-079 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)(Active Directory Services and Active Directory Lightweight Directory Service (AD LDS))
MS13-079 Windows Server 2008 for x64-based Systems Service Pack 2(Active Directory Services and Active Directory Lightweight Directory Service (AD LDS))
MS13-079 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)(Active Directory Services and Active Directory Lightweight Directory Service (AD LDS))
MS13-079 Windows Server 2012(Active Directory Services and Active Directory Lightweight Directory Service (AD LDS))
MS13-079 Windows Server 2012 (Server Core installation)(Active Directory Services and Active Directory Lightweight Directory Service (AD LDS))
MS13-079 Windows Vista Service Pack 2(Active Directory Lightweight Directory Service (AD LDS))
MS13-079 Windows Vista x64 Edition Service Pack 2(Active Directory Lightweight Directory Service (AD LDS))
These new vulnerability checks are included in Qualys vulnerability signature 2.2.528-4. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 100162
- 110217
- 110220
- 90908
- 90905
- 110216
- 110219
- 110218
- 110214
- 90907
- 90906
- 110215
- 90909
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.