Microsoft security alert.
April 8, 2014
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 11 vulnerabilities that were fixed in 4 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 4 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Word and Office Web Apps Remote Code Execution Vulnerability (MS14-017)
- Severity
- Critical 4
- Qualys ID
- 121860
- Vendor Reference
- MS14-017
- CVE Reference
- CVE-2014-1757, CVE-2014-1758, CVE-2014-1761
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
Supported versions of Microsoft Word are exposed to a security vulnerability.
This update fixes the following vulnerabilities:
- CVE-2014-1757: The vulnerability is caused when affected Microsoft Office software does not properly allocate memory while attempting to convert specially crafted, binary-formatted Word documents (.doc) to newer file formats.
- CVE-2014-1758: The vulnerability is caused when Microsoft Word does not properly handle objects in memory while parsing specially crafted Office files. System memory may be corrupted in such a way that an attacker could execute arbitrary code.
- CVE-2014-1761: The vulnerability is caused when Microsoft Word does not properly handle objects in memory while parsing specially crafted Office files. System memory may be corrupted in such a way that an attacker could execute arbitrary code.Affected Versions:
Microsoft Word 2003 Service Pack 3
Microsoft Word 2007 Service Pack 3
Microsoft Word 2010 Service Pack 1 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2010 Service Pack 1 (64-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2013 (32-bit editions)
Microsoft Word 2013 (64-bit editions)
Microsoft Word 2013 RT
Microsoft Word Viewer
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office for Mac 2011
Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 1
Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2
Word Automation Services on Microsoft SharePoint Server 2013
Microsoft Office Web Apps 2010 Service Pack 1
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office Web Apps Server 2013
- Consequence
-
The vulnerabilities can be exploited by malicious users to execute arbitrary code with the privileges of the current user.
- Solution
-
Customers are advised to refer to MS14-017.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS14-017 Microsoft Office 2003 Service Pack 3(Microsoft Word 2003 Service Pack 3)
MS14-017 Microsoft Office 2007 Service Pack 3(Microsoft Word 2007 Service Pack 3)
MS14-017 Microsoft Office 2010 Service Pack 1 (32-bit editions)(Microsoft Word 2010 Service Pack 1 (32-bit editions))
MS14-017 Microsoft Office 2010 Service Pack 1 (32-bit editions)(Microsoft Word 2010 Service Pack 1 (32-bit editions))
MS14-017 Microsoft Office 2010 Service Pack 1 (64-bit editions)(Microsoft Word 2010 Service Pack 1 (64-bit editions))
MS14-017 Microsoft Office 2010 Service Pack 1 (64-bit editions)(Microsoft Word 2010 Service Pack 1 (64-bit editions))
MS14-017 Microsoft Office 2010 Service Pack 2 (32-bit editions)(Microsoft Word 2010 Service Pack 2 (32-bit editions))
MS14-017 Microsoft Office 2010 Service Pack 2 (32-bit editions)(Microsoft Word 2010 Service Pack 2 (32-bit editions))
MS14-017 Microsoft Office 2010 Service Pack 2 (64-bit editions)(Microsoft Word 2010 Service Pack 2 (64-bit editions))
MS14-017 Microsoft Office 2010 Service Pack 2 (64-bit editions)(Microsoft Word 2010 Service Pack 2 (64-bit editions))
MS14-017 Microsoft Office 2013 (32-bit editions)(Microsoft Word 2013 (32-bit editions))
MS14-017 Microsoft Office 2013 (64-bit editions)(Microsoft Word 2013 (64-bit editions))
MS14-017 Microsoft Office 2013 Service Pack 1 (32-bit editions)(Microsoft Word 2013 Service Pack 1 (32-bit editions))
MS14-017 Microsoft Office 2013 Service Pack 1 (64-bit editions)(Microsoft Word 2013 Service Pack 1 (64-bit editions))
MS14-017 Microsoft Office Compatibility Pack Service Pack 3
MS14-017 Microsoft Office Web Apps 2010 Service Pack 1(Microsoft Web Applications 2010 Service Pack 1)
MS14-017 Microsoft Office Web Apps 2010 Service Pack 2(Microsoft Web Applications 2010 Service Pack 2)
MS14-017 Microsoft Office Web Apps 2013(Microsoft Office Web Apps Server 2013)
MS14-017 Microsoft Office for Mac 2011
MS14-017 Microsoft SharePoint Server 2010 Service Pack 1(Word Automation Services)
MS14-017 Microsoft SharePoint Server 2010 Service Pack 2(Word Automation Services)
MS14-017 Microsoft SharePoint Server 2013(Word Automation Services)
MS14-017 Microsoft SharePoint Server 2013 Service Pack 1(Word Automation Services)
MS14-017 Microsoft Word Viewer
-
Microsoft Internet Explorer Multiple Remote Code Execution Vulnerabilities (MS14-018)
- Severity
- Urgent 5
- Qualys ID
- 100187
- Vendor Reference
- MS14-018
- CVE Reference
- CVE-2014-0325, CVE-2014-1751, CVE-2014-1752, CVE-2014-1753, CVE-2014-1755, CVE-2014-1760
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
Microsoft Internet Explorer is a graphical web browser developed by Microsoft and included as part of the Microsoft Windows operating systems.
Microsoft Internet Explorer is affected by multiple memory corruption vulnerabilities because it improperly handles objects in memory.
An attacker could host a specially crafted website designed to exploit these vulnerabilities through Internet Explorer and then convince a user to view the website.
This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, and Internet Explorer 11 on affected Windows clients, and Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, and Internet Explorer 11 on affected Windows servers.
- Consequence
- An attacker who successfully exploits these vulnerabilities could execute arbitrary code on affected systems with elevated privileges.
- Solution
-
Please refer to MS14-018 for details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS14-018 Windows 7 for 32-bit Systems Service Pack 1(Internet Explorer 11)
MS14-018 Windows 7 for 32-bit Systems Service Pack 1(Internet Explorer 8)
MS14-018 Windows 7 for 32-bit Systems Service Pack 1(Internet Explorer 9)
MS14-018 Windows 7 for x64-based Systems Service Pack 1(Internet Explorer 11)
MS14-018 Windows 7 for x64-based Systems Service Pack 1(Internet Explorer 8)
MS14-018 Windows 7 for x64-based Systems Service Pack 1(Internet Explorer 9)
MS14-018 Windows 8.1 for 32-bit Systems(Internet Explorer 11)
MS14-018 Windows 8.1 for x64-based Systems(Internet Explorer 11)
MS14-018 Windows Server 2003 Service Pack 2(Internet Explorer 6)
MS14-018 Windows Server 2003 Service Pack 2(Internet Explorer 7)
MS14-018 Windows Server 2003 Service Pack 2(Internet Explorer 8)
MS14-018 Windows Server 2003 with SP2 for Itanium-based Systems(Internet Explorer 6)
MS14-018 Windows Server 2003 with SP2 for Itanium-based Systems(Internet Explorer 7)
MS14-018 Windows Server 2003 x64 Edition Service Pack 2(Internet Explorer 6)
MS14-018 Windows Server 2003 x64 Edition Service Pack 2(Internet Explorer 7)
MS14-018 Windows Server 2003 x64 Edition Service Pack 2(Internet Explorer 8)
MS14-018 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(Internet Explorer 8)
MS14-018 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Internet Explorer 11)
MS14-018 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Internet Explorer 8)
MS14-018 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Internet Explorer 9)
MS14-018 Windows Server 2008 for 32-bit Systems Service Pack 2(Internet Explorer 7)
MS14-018 Windows Server 2008 for 32-bit Systems Service Pack 2(Internet Explorer 8)
MS14-018 Windows Server 2008 for 32-bit Systems Service Pack 2(Internet Explorer 9)
MS14-018 Windows Server 2008 for Itanium-based Systems Service Pack 2(Internet Explorer 7)
MS14-018 Windows Server 2008 for x64-based Systems Service Pack 2(Internet Explorer 7)
MS14-018 Windows Server 2008 for x64-based Systems Service Pack 2(Internet Explorer 8)
MS14-018 Windows Server 2008 for x64-based Systems Service Pack 2(Internet Explorer 9)
MS14-018 Windows Server 2012 R2(Internet Explorer 11)
MS14-018 Windows Vista Service Pack 2(Internet Explorer 7)
MS14-018 Windows Vista Service Pack 2(Internet Explorer 8)
MS14-018 Windows Vista Service Pack 2(Internet Explorer 9)
MS14-018 Windows Vista x64 Edition Service Pack 2(Internet Explorer 7)
MS14-018 Windows Vista x64 Edition Service Pack 2(Internet Explorer 8)
MS14-018 Windows Vista x64 Edition Service Pack 2(Internet Explorer 9)
MS14-018 Windows XP Professional x64 Edition Service Pack 2(Internet Explorer 6)
MS14-018 Windows XP Professional x64 Edition Service Pack 2(Internet Explorer 7)
MS14-018 Windows XP Professional x64 Edition Service Pack 2(Internet Explorer 8)
MS14-018 Windows XP Service Pack 3(Internet Explorer 6)
MS14-018 Windows XP Service Pack 3(Internet Explorer 7)
MS14-018 Windows XP Service Pack 3(Internet Explorer 8)
-
Microsoft Windows File Handling Component Remote Code Execution Vulnerability (MS14-019)
- Severity
- Critical 4
- Qualys ID
- 90948
- Vendor Reference
- MS14-019
- CVE Reference
- CVE-2014-0315
- CVSS Scores
- Base 6.9 / Temporal 5.1
- Description
-
A remote code execution vulnerability exists in the way Microsoft Windows processes .bat and .cmd files that are run from an external network. An attacker who successfully exploited this vulnerability could take complete control of an affected system. (CVE-2014-0315).
This security update is rated Important for all supported releases of Windows.
- Consequence
- Successfully exploiting this vulnerability might allow a remote attacker to gain complete control of an affected system.
- Solution
-
Refer to MS14-019 for further information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS14-019 Windows 7 for 32-bit Systems Service Pack 1
MS14-019 Windows 7 for x64-based Systems Service Pack 1
MS14-019 Windows 8 for 32-bit Systems
MS14-019 Windows 8 for x64-based Systems
MS14-019 Windows 8.1 for 32-bit Systems
MS14-019 Windows 8.1 for x64-based Systems
MS14-019 Windows Server 2003 Service Pack 2
MS14-019 Windows Server 2003 with SP2 for Itanium-based Systems
MS14-019 Windows Server 2003 x64 Edition Service Pack 2
MS14-019 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS14-019 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS14-019 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS14-019 Windows Server 2008 for 32-bit Systems Service Pack 2
MS14-019 Windows Server 2008 for 32-bit Systems Service Pack 2
MS14-019 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS14-019 Windows Server 2008 for x64-based Systems Service Pack 2
MS14-019 Windows Server 2008 for x64-based Systems Service Pack 2
MS14-019 Windows Server 2012
MS14-019 Windows Server 2012
MS14-019 Windows Server 2012 R2
MS14-019 Windows Server 2012 R2
MS14-019 Windows Vista Service Pack 2
MS14-019 Windows Vista x64 Edition Service Pack 2
MS14-019 Windows XP Professional x64 Edition Service Pack 2
MS14-019 Windows XP Service Pack 3
-
Microsoft Publisher Remote Code Execution Vulnerability (MS14-020)
- Severity
- Critical 4
- Qualys ID
- 110234
- Vendor Reference
- MS14-020
- CVE Reference
- CVE-2014-1759
- CVSS Scores
- Base 9.3 / Temporal 6.9
- Description
-
Publisher is the desktop publishing application included with Microsoft Office productivity software suite.
A vulnerability exists in the PUBCONV.DLL module in Microsoft Publisher.
To exploit this vulnerability, the attacker must persuade a user to open a specially crafted file. Attackers typically accomplish this by e-mailing a targeted user the file or hosting the file on a Web page. Note that attackers cannot exploit Office file format vulnerabilities in a drive-by manner. At a minimum, a targeted user must click an "open" dialog or choose to view an attachment.
This security update is rated Important for supported editions of Microsoft Publisher 2003 and Microsoft Publisher 2007.
Affected Versions:
Microsoft Office Publisher 2007 SP3
Microsoft Office Publisher 2003 SP3 - Consequence
-
An attacker who successfully exploited this vulnerability could run arbitrary code as the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Solution
-
Microsoft has released patch to fix this issue. For more details please refer to vendor advisory : MS14-020
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS14-020 Microsoft Office 2003 Service Pack 3(Microsoft Publisher 2003 Service Pack 3)
MS14-020 Microsoft Office 2007 Service Pack 3(Microsoft Publisher 2007 Service Pack 3)
These new vulnerability checks are included in Qualys vulnerability signature 2.2.700-5. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 121860
- 100187
- 90948
- 110234
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.