Microsoft Security Bulletin: June 10

Advisory overview

Qualys Vulnerability R&D Lab has released new vulnerability checks in the Qualys Cloud Platform to protect organizations against 67 vulnerabilities that were fixed in 7 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.

Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.

Vulnerability details

Microsoft has released 7 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:

Microsoft Windows TCP Protocol Denial of Service Vulnerability (MS14-031)

Severity

Serious 3

Qualys ID

90960

Vendor Reference

MS14-031

CVE Reference

CVE-2014-1811

CVSS Scores

Base 5 / Temporal 3.9

Description

A denial of service vulnerability exists in the Windows TCP/IP networking protocol implementation, that could cause the targeted system to stop responding to legitimate user queries until a system restart.
This security update is rated Important for all supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1.

Consequence

Successful exploitation could allow an unauthenticated, remote attacker to cause the targeted system to stop responding to legitimate user queries, leading to a denial of service condition.

Solution

Refer to MS14-031 for further information.

Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS14-031 Windows 7 for 32-bit Systems Service Pack 1
MS14-031 Windows 7 for x64-based Systems Service Pack 1
MS14-031 Windows 8 for 32-bit Systems
MS14-031 Windows 8 for x64-based Systems
MS14-031 Windows 8.1 for 32-bit Systems
MS14-031 Windows 8.1 for x64-based Systems
MS14-031 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS14-031 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS14-031 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS14-031 Windows Server 2008 for 32-bit Systems Service Pack 2
MS14-031 Windows Server 2008 for 32-bit Systems Service Pack 2
MS14-031 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS14-031 Windows Server 2008 for x64-based Systems Service Pack 2
MS14-031 Windows Server 2008 for x64-based Systems Service Pack 2
MS14-031 Windows Server 2012
MS14-031 Windows Server 2012
MS14-031 Windows Server 2012 R2
MS14-031 Windows Server 2012 R2
MS14-031 Windows Vista Service Pack 2
MS14-031 Windows Vista x64 Edition Service Pack 2
Microsoft Remote Desktop Traffic Content Tampering Vulnerability (MS14-030)

Severity

Critical 4

Qualys ID

90958

Vendor Reference

MS14-030

CVE Reference

CVE-2014-0296

CVSS Scores

Base 5.1 / Temporal 3.8

Description

Remote Desktop Protocol (RDP) lets users create a virtual session on their desktop computers. RDP allows remote users to access all of the data and applications on their computers.
The vulnerability is caused when Remote Desktop does not use robust encryption for an RDP session. The vulnerability could allow tampering if an attacker gains access to the same network segment as the targeted system during an active Remote Desktop Protocol (RDP) session, and then sends specially crafted RDP packets to the targeted system.
This security update is rated Important for all supported editions of Windows 7, Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2.

Consequence

Successful exploitation could allow an attacker to modify the traffic content of an active RDP session.

Solution

Customers are advised to refer to Microsoft Advisory MS14-030 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS14-030 Windows 7 for 32-bit Systems Service Pack 1
MS14-030 Windows 7 for x64-based Systems Service Pack 1
MS14-030 Windows 8 for 32-bit Systems
MS14-030 Windows 8 for x64-based Systems
MS14-030 Windows 8.1 for 32-bit Systems
MS14-030 Windows 8.1 for x64-based Systems
MS14-030 Windows Server 2012
MS14-030 Windows Server 2012
MS14-030 Windows Server 2012 R2
MS14-030 Windows Server 2012 R2
Microsoft Lync Remote Code Execution Vulnerability (MS14-032)

Severity

Critical 4

Qualys ID

90957

Vendor Reference

MS14-032

CVE Reference

CVE-2014-1823

CVSS Scores

Base 4.3 / Temporal 3.4

Description

An information disclosure vulnerability exists when Lync Server fails to properly sanitize specially crafted content.
The security update addresses the vulnerability by correcting how Microsoft Lync Server handles and sanitizes content.

Affected Software:
Microsoft Lync 2010
Microsoft Lync Server 2013

Consequence

An attacker who successfully exploited this vulnerability could potentially execute scripts in the users browser to obtain information from web sessions.

Solution

Refer to Microsoft Security Bulletin MS14-032 for further details.

Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS14-032(Lync Server 2010)
MS14-032(Lync Server 2013)
Microsoft XML Core Services Information Disclosure Vulnerability (MS14-033)

Severity

Serious 3

Qualys ID

90959

Vendor Reference

MS14-033

CVE Reference

CVE-2014-1816

CVSS Scores

Base 4.3 / Temporal 3.2

Description

Microsoft XML Core Services (MSXML) allows customers who use JScript, Visual Basic Scripting Edition (VBScript), and Microsoft Visual Studio 6.0 to develop XML-based applications that provide interoperability with other applications that adhere to the XML 1.0 standard.
An information disclosure vulnerability exists in the way that Microsoft Windows parses XML content. The vulnerability may allow an attacker to access information not otherwise allowed.
The security update for Microsoft XML Core Services 3.0 and Microsoft XML Core Services 6.0 is rated Important for affected releases of Microsoft Windows clients and Low for affected releases of Microsoft Windows servers.

Consequence

Successfully exploiting this vulnerability might allow a remote attacker to gain access to sensitive information.

Solution

Refer to MS14-033 to obtain further information.

Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS14-033 Windows 7 for 32-bit Systems Service Pack 1
MS14-033 Windows 7 for x64-based Systems Service Pack 1
MS14-033 Windows 8 for 32-bit Systems
MS14-033 Windows 8 for x64-based Systems
MS14-033 Windows 8.1 for 32-bit Systems
MS14-033 Windows 8.1 for x64-based Systems
MS14-033 Windows Server 2003 Service Pack 2
MS14-033 Windows Server 2003 Service Pack 2
MS14-033 Windows Server 2003 with SP2 for Itanium-based Systems
MS14-033 Windows Server 2003 with SP2 for Itanium-based Systems
MS14-033 Windows Server 2003 x64 Edition Service Pack 2
MS14-033 Windows Server 2003 x64 Edition Service Pack 2
MS14-033 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS14-033 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS14-033 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS14-033 Windows Server 2008 for 32-bit Systems Service Pack 2
MS14-033 Windows Server 2008 for 32-bit Systems Service Pack 2
MS14-033 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS14-033 Windows Server 2008 for x64-based Systems Service Pack 2
MS14-033 Windows Server 2008 for x64-based Systems Service Pack 2
MS14-033 Windows Server 2012
MS14-033 Windows Server 2012
MS14-033 Windows Server 2012 R2
MS14-033 Windows Server 2012 R2
MS14-033 Windows Vista Service Pack 2
MS14-033 Windows Vista x64 Edition Service Pack 2
Microsoft Word Remote Code Execution Vulnerability (MS14-034)

Severity

Critical 4

Qualys ID

110238

Vendor Reference

MS14-034

CVE Reference

CVE-2014-2778

CVSS Scores

Base 9.3 / Temporal 6.9

Description

A remote code execution vulnerability exists in the way that affected Microsoft Office software parses specially crafted files.
Microsoft released a security update that addresses the vulnerability by correcting the way that Microsoft Office parses specially crafted files.
This security update is rated Important for supported editions of Microsoft Word 2007 and Microsoft Office Compatibility Pack.

Consequence

An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Solution

Refer to MS14-034 to obtain further information.
Workaround:
Do not open Office files received from untrusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted file.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS14-034 Microsoft Office 2007 Service Pack 3(Microsoft Word 2007 Service Pack 3)
MS14-034 Microsoft Office Compatibility Pack Service Pack 3
Microsoft Internet Explorer Multiple Remote Code Execution Vulnerabilities (MS14-035)

Severity

Critical 4

Qualys ID

100202

Vendor Reference

MS14-035

CVE Reference

CVE-2014-0282, CVE-2014-1762, CVE-2014-1764, CVE-2014-1766, CVE-2014-1769, CVE-2014-1770, CVE-2014-1771, CVE-2014-1772, CVE-2014-1773, CVE-2014-1774, CVE-2014-1775, CVE-2014-1777, CVE-2014-1778, CVE-2014-1779, CVE-2014-1780, CVE-2014-1781, CVE-2014-1782, CVE-2014-1783, CVE-2014-1784, CVE-2014-1785, CVE-2014-1786, CVE-2014-1788, CVE-2014-1789, CVE-2014-1790, CVE-2014-1791, CVE-2014-1792, CVE-2014-1794, CVE-2014-1795, CVE-2014-1796, CVE-2014-1797, CVE-2014-1799, CVE-2014-1800, CVE-2014-1802, CVE-2014-1803, CVE-2014-1804, CVE-2014-1805, CVE-2014-2753, CVE-2014-2754, CVE-2014-2755, CVE-2014-2756, CVE-2014-2757, CVE-2014-2758, CVE-2014-2759, CVE-2014-2760, CVE-2014-2761, CVE-2014-2763, CVE-2014-2764, CVE-2014-2765, CVE-2014-2766, CVE-2014-2767, CVE-2014-2768, CVE-2014-2769, CVE-2014-2770, CVE-2014-2771, CVE-2014-2772, CVE-2014-2773, CVE-2014-2775, CVE-2014-2776, CVE-2014-2777, CVE-2014-2782

CVSS Scores

Base 10 / Temporal 8.3

Description

Microsoft Internet Explorer is a graphical web browser developed by Microsoft and included as part of the Microsoft Windows operating systems.
This security update resolves two vulnerabilities in Internet Explorer that exist because of improper handling of objects in the memory. The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
This security update is rated Critical for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows clients, Moderate for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers.

Consequence

Successful exploitation could allow an unauthenticated, remote attacker to gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Solution

Customers are advised to visit MS14-035 for more details. Workaround:
- Administrators may consider configuring the Microsoft Enhanced Mitigation Experience Toolkit (EMET) to work with Internet Explorer.
- Users may consider using a different browser than Internet Explorer until a patch becomes available.

Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS14-035 Windows 7 for 32-bit Systems Service Pack 1(Internet Explorer 10)
MS14-035 Windows 7 for 32-bit Systems Service Pack 1(Internet Explorer 11)
MS14-035 Windows 7 for 32-bit Systems Service Pack 1(Internet Explorer 8)
MS14-035 Windows 7 for 32-bit Systems Service Pack 1(Internet Explorer 9)
MS14-035 Windows 7 for x64-based Systems Service Pack 1(Internet Explorer 10)
MS14-035 Windows 7 for x64-based Systems Service Pack 1(Internet Explorer 11)
MS14-035 Windows 7 for x64-based Systems Service Pack 1(Internet Explorer 8)
MS14-035 Windows 7 for x64-based Systems Service Pack 1(Internet Explorer 9)
MS14-035 Windows 8 for 32-bit Systems(Internet Explorer 10)
MS14-035 Windows 8 for x64-based Systems(Internet Explorer 10)
MS14-035 Windows 8.1 for 32-bit Systems(Internet Explorer 11)
MS14-035 Windows 8.1 for x64-based Systems(Internet Explorer 11)
MS14-035 Windows Server 2003 Service Pack 2(Internet Explorer 6)
MS14-035 Windows Server 2003 Service Pack 2(Internet Explorer 7)
MS14-035 Windows Server 2003 Service Pack 2(Internet Explorer 8)
MS14-035 Windows Server 2003 with SP2 for Itanium-based Systems(Internet Explorer 6)
MS14-035 Windows Server 2003 with SP2 for Itanium-based Systems(Internet Explorer 7)
MS14-035 Windows Server 2003 x64 Edition Service Pack 2(Internet Explorer 6)
MS14-035 Windows Server 2003 x64 Edition Service Pack 2(Internet Explorer 7)
MS14-035 Windows Server 2003 x64 Edition Service Pack 2(Internet Explorer 8)
MS14-035 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(Internet Explorer 8)
MS14-035 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Internet Explorer 10)
MS14-035 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Internet Explorer 11)
MS14-035 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Internet Explorer 8)
MS14-035 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Internet Explorer 9)
MS14-035 Windows Server 2008 for 32-bit Systems Service Pack 2(Internet Explorer 7)
MS14-035 Windows Server 2008 for 32-bit Systems Service Pack 2(Internet Explorer 8)
MS14-035 Windows Server 2008 for 32-bit Systems Service Pack 2(Internet Explorer 9)
MS14-035 Windows Server 2008 for Itanium-based Systems Service Pack 2(Internet Explorer 7)
MS14-035 Windows Server 2008 for x64-based Systems Service Pack 2(Internet Explorer 7)
MS14-035 Windows Server 2008 for x64-based Systems Service Pack 2(Internet Explorer 8)
MS14-035 Windows Server 2008 for x64-based Systems Service Pack 2(Internet Explorer 9)
MS14-035 Windows Server 2012(Internet Explorer 10)
MS14-035 Windows Server 2012 R2(Internet Explorer 11)
MS14-035 Windows Vista Service Pack 2(Internet Explorer 7)
MS14-035 Windows Vista Service Pack 2(Internet Explorer 8)
MS14-035 Windows Vista Service Pack 2(Internet Explorer 9)
MS14-035 Windows Vista x64 Edition Service Pack 2(Internet Explorer 7)
MS14-035 Windows Vista x64 Edition Service Pack 2(Internet Explorer 8)
MS14-035 Windows Vista x64 Edition Service Pack 2(Internet Explorer 9)
Microsoft Graphics Component Remote Code Execution (MS14-036)

Severity

Critical 4

Qualys ID

122122

Vendor Reference

MS14-036

CVE Reference

CVE-2014-1817, CVE-2014-1818

CVSS Scores

Base 9.3 / Temporal 6.9

Description

This security update resolves two privately reported vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Lync.
The security update addresses the vulnerabilities by correcting the way Windows handles certain specially crafted files and by correcting the way GDI+ validates specially crafted image record types.
This security update is rated Critical for all supported editions of Windows, Microsoft Live Meeting 2007, Microsoft Lync 2010, and Microsoft Lync 2013. It is rated Important for all supported editions of Microsoft Office 2007 and Microsoft Office 2010.

Consequence

The vulnerabilities can be exploited by malicious users to execute arbitrary code with the privileges of the current user.

Solution

Refer to MS14-036 to obtain further information.

Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS14-036 Microsoft Live Meeting 2007 Console
MS14-036 Microsoft Lync 2010
MS14-036 Microsoft Lync 2010
MS14-036 Microsoft Lync 2010 Attendee
MS14-036 Microsoft Lync 2010 Attendee
MS14-036 Microsoft Lync 2013
MS14-036 Microsoft Lync 2013
MS14-036 Microsoft Lync 2013 Service Pack 1
MS14-036 Microsoft Lync 2013 Service Pack 1
MS14-036 Microsoft Lync Basic 2013
MS14-036 Microsoft Lync Basic 2013
MS14-036 Microsoft Lync Basic 2013 Service Pack 1
MS14-036 Microsoft Lync Basic 2013 Service Pack 1
MS14-036 Microsoft Office 2007 Service Pack 3
MS14-036 Microsoft Office 2007 Service Pack 3
MS14-036 Microsoft Office 2010 Service Pack 1
MS14-036 Microsoft Office 2010 Service Pack 1
MS14-036 Microsoft Office 2010 Service Pack 1
MS14-036 Microsoft Office 2010 Service Pack 1
MS14-036 Microsoft Office 2010 Service Pack 2
MS14-036 Microsoft Office 2010 Service Pack 2
MS14-036 Microsoft Office 2010 Service Pack 2
MS14-036 Microsoft Office 2010 Service Pack 2
MS14-036 Windows 7 for 32-bit Systems Service Pack 1
MS14-036 Windows 7 for 32-bit Systems Service Pack 1
MS14-036 Windows 7 for x64-based Systems Service Pack 1
MS14-036 Windows 7 for x64-based Systems Service Pack 1
MS14-036 Windows 8 for 32-bit Systems
MS14-036 Windows 8 for x64-based Systems
MS14-036 Windows 8.1 for 32-bit Systems
MS14-036 Windows 8.1 for 32-bit Systems
MS14-036 Windows 8.1 for x64-based Systems
MS14-036 Windows 8.1 for x64-based Systems
MS14-036 Windows Server 2003 Service Pack 2
MS14-036 Windows Server 2003 Service Pack 2
MS14-036 Windows Server 2003 with SP2 for Itanium-based Systems
MS14-036 Windows Server 2003 with SP2 for Itanium-based Systems
MS14-036 Windows Server 2003 x64 Edition Service Pack 2
MS14-036 Windows Server 2003 x64 Edition Service Pack 2
MS14-036 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS14-036 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS14-036 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS14-036 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS14-036 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS14-036 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS14-036 Windows Server 2008 for 32-bit Systems Service Pack 2
MS14-036 Windows Server 2008 for 32-bit Systems Service Pack 2
MS14-036 Windows Server 2008 for 32-bit Systems Service Pack 2
MS14-036 Windows Server 2008 for 32-bit Systems Service Pack 2
MS14-036 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS14-036 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS14-036 Windows Server 2008 for x64-based Systems Service Pack 2
MS14-036 Windows Server 2008 for x64-based Systems Service Pack 2
MS14-036 Windows Server 2008 for x64-based Systems Service Pack 2
MS14-036 Windows Server 2008 for x64-based Systems Service Pack 2
MS14-036 Windows Server 2012
MS14-036 Windows Server 2012
MS14-036 Windows Server 2012 R2
MS14-036 Windows Server 2012 R2
MS14-036 Windows Server 2012 R2
MS14-036 Windows Server 2012 R2
MS14-036 Windows Vista Service Pack 2
MS14-036 Windows Vista Service Pack 2
MS14-036 Windows Vista x64 Edition Service Pack 2
MS14-036 Windows Vista x64 Edition Service Pack 2

These new vulnerability checks are included in Qualys vulnerability signature 2.2.747-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.

Selective Scan Instructions Using Qualys

To perform a selective vulnerability scan, configure a scan profile to use the following options:

Ensure access to TCP ports 135 and 139 are available.
Enable Windows Authentication (specify Authentication Records).
Enable the following Qualys IDs:
- 90960
- 90958
- 90957
- 90959
- 110238
- 100202
- 122122
If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.

In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.

Access for Qualys Customers

Platforms and Platform Identification

Technical Support

For more information, customers may contact Qualys Technical Support.

About Qualys

The Qualys Cloud Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.

OVERVIEW

CAPABILITIES

PLATFORM APPS

ASSET MANAGEMENT

Vulnerability & Configuration Management

Risk REMEDIATION

Threat Detection and Response

Compliance

Cloud Security

Use Cases

Segments

RESOURCES

RESEARCH

Customers

Partners

Company

Overview

CAPABILITIES

Platform Apps

Use Cases

Segments

Resources

Research

Qualys Cloud Platform

Free Services

Platform Apps

Platform Apps

Platform Apps

Platform Apps

Platform Apps

Platform Apps

Microsoft security alert.

June 10, 2014

Advisory overview

Vulnerability details

Microsoft Windows TCP Protocol Denial of Service Vulnerability (MS14-031)

Microsoft Remote Desktop Traffic Content Tampering Vulnerability (MS14-030)

Microsoft Lync Remote Code Execution Vulnerability (MS14-032)

Microsoft XML Core Services Information Disclosure Vulnerability (MS14-033)

Microsoft Word Remote Code Execution Vulnerability (MS14-034)

Microsoft Internet Explorer Multiple Remote Code Execution Vulnerabilities (MS14-035)

Microsoft Graphics Component Remote Code Execution (MS14-036)

Selective Scan Instructions Using Qualys

Access for Qualys Customers

Technical Support

About Qualys