February 9, 2010 - Qualys® Vulnerability R&D Lab has released new vulnerability checks in QualysGuard® to protect organizations against 26 vulnerabilities announced today in 13 security bulletins. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their QualysGuard subscription.
Microsoft has released 13 security patches to fix newly discovered flaws in Microsoft Windows.
Qualys has released the following checks for these new vulnerabilities:
| Microsoft Office Could Allow Remote Code Execution |
|---|
SEVERITY: Critical  4 |
| QUALYS ID: 110113 |
| VENDOR REFERENCE: MS10-003 |
| CVE REFERENCE: CVE-2010-2043 |
| CVSS SCORES: Base 7.5/ Temporal 5.5 |
| THREAT: Microsoft Office is an office suite of interrelated desktop applications and services for the Microsoft Windows and Mac OS X operating systems.
The mso.dll contains a buffer overflow. This could allow remote code execution if opening crafted office files. (CVE-2010-0243) Microsoft has released a security update to resolve this issue. |
| IMPACT: Successful exploitation of this vulnerability can allow the attacker to execute arbitrary code with privileges of the current user. |
| SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities: Microsoft Office XP Service Pack 3 Refer to Microsoft Security Bulletin MS10-003 for further details.
Workaround: |
| Microsoft PowerPoint LinkedSlideAtom Heap Overflow Vulnerability |
|---|
| SEVERITY: Critical 4 |
| QUALYS ID: 110107 |
| VENDOR REFERENCE: MS10-004 |
| CVE REFERENCE: CVE-2010-0030 |
| CVSS SCORES: Base 7.5/ Temporal 6 |
| THREAT: Microsoft PowerPoint is a proprietary presentation application written and distributed by Microsoft.
The application is vulnerable to a heap-based buffer overflow issue when the application parses two related PowerPoint record types (LinkedSlideAtom and LinkedShapeAtom10) in a malicious file. PowerPoint 2000 SP3, PowerPoint 2002 (XP) SP3 and PowerPoint 2003 SP3 are vulnerable. Previously this was an iDefense exclusive detection. |
| IMPACT: Successful exploitation of this vulnerability can allow the attacker to execute arbitrary code with privileges of the current user. |
| SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities: Microsoft Office XP Service Pack 3 (Microsoft Office PowerPoint 2002 Service Pack 3) Microsoft Office 2003 Service Pack 3 (Microsoft Office PowerPoint 2003 Service Pack 3) Refer to Microsoft Security Bulletin MS10-004 for further details.
Workarounds: 2) Use the Microsoft Office Isolated Conversion Environment (MOICE) when opening files from unknown or untrusted sources, because it protects Office 2003 installations by more securely opening Word, Excel and PowerPoint binary format files. Information on MOICE can be found at KB935865.
Impact of workaround #2:
3) Microsoft Office File Block policy should be used to block the opening of Office 2003 and earlier documents from unknown or untrusted sources. The following registry scripts can be used to set the File Block policy.
For Office 2003:
For 2007 Office Systems:
Impact of workaround #3: |
| Microsoft PowerPoint OEPlaceholderAtom Use-After-Free Vulnerability |
|---|
| SEVERITY: Critical 4 |
| QUALYS ID: 110108 |
| VENDOR REFERENCE: MS10-004 |
| CVE REFERENCE: CVE-2010-0032 |
| CVSS SCORES: Base 7.5/ Temporal 6 |
| THREAT: Microsoft PowerPoint is a proprietary presentation application written and distributed by Microsoft.
The application is vulnerable to a memory corruption issue (Use-After-Free) when the application parses multiple "OEPlaceholderAtom" records in a "msofbtClientData" container. PowerPoint 2000 SP3, PowerPoint 2002 (XP) SP3 and PowerPoint 2003 SP3 are vulnerable. Previously this was an iDefense exclusive detection. |
| IMPACT: Successful exploitation of this vulnerability can allow the attacker to execute arbitrary code with privileges of the current user. |
| SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities: Microsoft Office XP Service Pack 3 (Microsoft Office PowerPoint 2002 Service Pack 3) Microsoft Office 2003 Service Pack 3 (Microsoft Office PowerPoint 2003 Service Pack 3) Refer to Microsoft Security Bulletin MS10-004 for further details. Workarounds: 2) Use the Microsoft Office Isolated Conversion Environment (MOICE) when opening files from unknown or untrusted sources, because it protects Office 2003 installations by more securely opening Word, Excel and PowerPoint binary format files. Information on MOICE can be found at KB935865.
Impact of workaround #2:
3) Microsoft Office File Block policy should be used to block the opening of Office 2003 and earlier documents from unknown or untrusted sources. The following registry scripts can be used to set the File Block policy.
For Office 2003:
For 2007 Office Systems:
Impact of workaround #3: |
| Microsoft PowerPoint Remote Code Execution Vulnerability |
|---|
| SEVERITY: Critical 4 |
| QUALYS ID: 110109 |
| VENDOR REFERENCE: MS10-004 |
| CVE REFERENCE: CVE-2010-0034 | CVE-2010-0033 | CVE-2010-0032 | CVE-2010-0031 | CVE-2010-0030 | CVE-2010-0029 |
| CVSS SCORES: Base 7.5/ Temporal 6 |
| THREAT: Microsoft PowerPoint is a proprietary presentation application written and distributed by Microsoft.
The application is vulnerable to the following issues. - Several vulnerabilities exists in the way that Microsoft Office PowerPoint parses the PowerPoint file format when opening a specially crafted PowerPoint file. (CVE-2010-0034, CVE-2010-0033, CVE-2010-0029) - The application is vulnerable to a corrupt stack memory in an array when the application parses an "OEPlaceholderAtom" record in a "msofbtClientData" container. (CVE-2010-0031) - The application is vulnerable to a memory corruption issue (Use-After-Free) when the application parses multiple "OEPlaceholderAtom" records in a "msofbtClientData" container. (CVE-2010-0032) - The application is vulnerable to a heap-based buffer overflow issue when the application parses two related PowerPoint record types (LinkedSlideAtom and LinkedShapeAtom10) in a malicious file. (CVE-2010-0030) Previously this was an iDefense exclusive detection. |
| IMPACT: Successful exploitation of this vulnerability can allow the attacker to execute arbitrary code with privileges of the current user. |
| SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities: Microsoft Office XP Service Pack 3 (Microsoft Office PowerPoint 2002 Service Pack 3) Microsoft Office 2003 Service Pack 3 (Microsoft Office PowerPoint 2003 Service Pack 3) Refer to Microsoft Security Bulletin MS10-004 for further details. Workarounds: 2) Use the Microsoft Office Isolated Conversion Environment (MOICE) when opening files from unknown or untrusted sources, because it protects Office 2003 installations by more securely opening Word, Excel, and PowerPoint binary format files. Information on MOICE can be found at KB935865.
Impact of workaround #2:
3) Microsoft Office File Block policy should be used to block the opening of Office 2003 and earlier documents from unknown or untrusted sources. The following registry scripts can be used to set the File Block policy.
For Office 2003:
For 2007 Office system:
Impact of workaround #3: |
| Microsoft Windows Paint Remote Code Execution Vulnerability |
|---|
| SEVERITY: Critical 4 |
| QUALYS ID: 90581 |
| VENDOR REFERENCE: MS10-005 |
| CVE REFERENCE: CVE-2010-0028 |
| CVSS SCORES: Base 9.3/ Temporal 6.9 |
| THREAT: Microsoft Paint is a tool used to create simple or elaborate drawings. In addition, Microsoft Paint can be used to view and edit scanned photos.
Microsoft Paint is prone to a vulnerability that could allow remote code execution if a user viewed a specially crafted JPEG image file using Microsoft Paint. This vulnerability is caused by memory corruption when decoding JPEG images processed by Microsoft Paint. Microsoft has released a security update to resolve this issue. The update is rated Moderate for Microsoft Windows 2000, Windows XP, and Windows Server 2003. |
| IMPACT: An attacker who successfully exploits this vulnerability could take complete control of an affected system. |
| SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities: Microsoft Windows 2000 Service Pack 4 Windows XP Service Pack 2 and Windows XP Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Refer to Microsoft Security Bulletin MS10-005 for further details.
Workarounds: Impact of the workarounds: Users will not be able to run Microsoft Paint. Refer to the advisory for further details on enabling and disabling the workarounds. |
| Microsoft SMB Client Remote Code Execution Vulnerability |
|---|
SEVERITY: Urgent  5 |
| QUALYS ID: 90577 |
| VENDOR REFERENCE: MS10-006 |
| CVE REFERENCE: CVE-2010-0016 | CVE-2010-0017 |
| CVSS SCORES: Base 10/ Temporal 7.4 |
| THREAT: Microsoft Server Message Block (SMB) protocol is a Microsoft network file sharing protocol used in Microsoft Windows.
Microsoft SMB Client is prone to the following vulnerabilities: A remote code execution vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB responses. (CVE-2010-0016) A remote code execution vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB packets. (CVE-2010-0017) Microsoft has released a security update to address these issues. |
| IMPACT: Successful exploitation allows remote code execution. An attacker may be able to take complete control of the system. |
| SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities: Microsoft Windows 2000 Service Pack 4 Windows XP Service Pack 2 and Windows XP Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista and Windows Vista Service Pack 1 Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1 Windows Vista x64 Edition Service Pack 2 Windows Server 2008 for 32-bit Systems Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows 7 for x64-based Systems Windows Server 2008 R2 for x64-based Systems Windows Server 2008 R2 for Itanium-based Systems Refer to Microsoft Security Bulletin MS10-006 for further details. Workaround: Impact of workaround: Blocking the ports can cause windows services or applications using those ports to stop functioning. |
| Microsoft Windows Shell Handler Remote Code Execution Vulnerability |
|---|
| SEVERITY: Urgent 5 |
| QUALYS ID: 90578 |
| VENDOR REFERENCE: MS10-007 |
| CVE REFERENCE: CVE-2010-0027 |
| CVSS SCORES: Base 9/ Temporal 6.7 |
| THREAT: Microsoft has released a security update that resolves a vulnerability in Microsoft Windows 2000, Windows XP, and Windows Server 2003.
A remote code execution vulnerability exists in Microsoft Windows. The vulnerability results from the incorrect validation of input sent to the ShellExecute API function. The security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003. |
| IMPACT: Successfully exploiting this issue might allow a remote attacker to could take complete control of an affected system. |
| SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities: Microsoft Windows 2000 Service Pack 4 Windows XP Service Pack 2 and Windows XP Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Refer to Microsoft Security Bulletin MS10-007 for further details. |
| Microsoft Windows Cumulative Security Update of ActiveX Kill Bits |
|---|
| SEVERITY: Critical 4 |
| QUALYS ID: 90583 |
| VENDOR REFERENCE: MS10-008 |
| CVE REFERENCE: CVE-2010-0252 |
| CVSS SCORES: Base 7.5/ Temporal 5.5 |
| THREAT: The Microsoft Data Analyzer ActiveX control allows programmatic control of the Data Analyzer from COM-based development applications such as Microsoft Visual Basic.
A remote code execution vulnerability exists in the Microsoft Data Analyzer ActiveX Control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution Microsoft has released a security update to resolve this issue. The security update is rated Critical for all supported editions of Microsoft Windows 2000 and Windows XP, Important for all supported editions of Windows Vista and Windows 7, Moderate for all supported editions of Windows Server 2003, and Low for all supported editions of Windows Server 2008 and Windows Server 2008 R2. |
| IMPACT: Successfully exploiting this vulnerability might allow a remote attacker to execute arbitrary code. |
| SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities: Microsoft Windows 2000 Service Pack 4 Windows XP Service Pack 2 and Windows XP Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2 Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 Windows 7 for x64-based Systems Windows Server 2008 R2 for x64-based Systems Windows Server 2008 R2 for Itanium-based Systems Refer to Microsoft Security Bulletin MS10-008 for further details. Workaround: 2) Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone.
Impact of workaround #1 and #2: 3) Prevent COM objects from running in Internet Explorer. Refer to the advisory to obtain detailed information on enabling and disabling the workarounds. |
| Microsoft Windows TCP/IP Remote Code Execution Vulnerability |
|---|
| SEVERITY: Urgent 5 |
| QUALYS ID: 116887 |
| VENDOR REFERENCE: MS10-009 |
| CVE REFERENCE: CVE-2010-0239 | CVE-2010-0240 | CVE-2010-0241 | CVE-2010-0242 |
| CVSS SCORES: Base 9/ Temporal 7.1 |
| THREAT: Microsoft has released a security update that resolve the following vulnerabilities in Microsoft Windows:
- A remote code execution vulnerability exists in the Windows TCP/IP stack due to insufficient bounds checking when processing specially crafted ICMPv6 Router Advertisement packets - A remote code execution vulnerability exists in the Windows TCP/IP stack due to the manner in which the TCP/IP stack handles specially crafted Encapsulating Security Payloads (ESP) over UDP datagram fragments when running a custom network driver. - A remote code execution vulnerability exists in the Windows TCP/IP stack due to insufficient bounds checking when processing specially crafted ICMPv6 Route Information packets. - A denial of service vulnerability exists in TCP/IP processing in Microsoft Windows due to an error in the processing of specially crafted TCP packets with a malformed selective acknowledgment (SACK) value. This security update is rated Critical for Windows Vista and Windows Server 2008. |
| IMPACT: Successful exploitation allows remote code execution and can cause denial of service conditions. |
| SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities: Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2 Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 Refer to Microsoft Security Bulletin MS10-009 for further details.
Workarounds: Impact of workaround #1: ICMPv6 router advertisements will be blocked. 2) For CVE-2010-0240: Enable advanced TCP/IP filtering on systems that support this feature Refer to the advisory to obtain additional details for applying these workarounds. |
| Microsoft Windows Server 2008 Hyper-V Denial of Service Vulnerability |
|---|
| SEVERITY: Critical 4 |
| QUALYS ID: 90580 |
| VENDOR REFERENCE: MS10-010 |
| CVE REFERENCE: CVE-2010-0026 |
| CVSS SCORES: Base 7.8/ Temporal 5.8 |
| THREAT: Microsoft Hyper-V Server is a stand-alone product that provides a reliable and optimized virtualization solution enabling organizations to improve server utilization and reduce costs.
A denial of service vulnerability exists in Hyper-V on Windows Server 2008 and Windows Server 2008 R2. The vulnerability is due to insufficient validation of specific sequences of machine instructions by Hyper-V. An attacker who successfully exploits this vulnerability could cause the affected Hyper-V system to stop responding. This would affect all virtual machines hosted by that system.
Affected Operating Systems: |
| IMPACT: An attacker who successfully exploits this vulnerability could cause a users system to become non-responsive until the system is restarted. |
| SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities: Windows Server 2008 R2 for x64-based Systems Refer to Microsoft Security Bulletin MS10-010 for further details. |
| Microsoft Windows Client/Server Run-time Subsystem Elevation of Privilege Vulnerability |
|---|
| SEVERITY: Critical 4 |
| QUALYS ID: 116886 |
| VENDOR REFERENCE: MS10-011 |
| CVE REFERENCE: CVE-2010-0023 |
| CVSS SCORES: Base 7.5/ Temporal 5.9 |
| THREAT: This security update resolves a privately reported vulnerability in Microsoft Windows Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000, Windows XP, and Windows Server 2003.
This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003. |
| IMPACT: An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability and could not be exploited by anonymous users. The vulnerability could allow elevation of privilege if an attacker logs on to the system and starts a specially crafted application designed to continue running after the attacker logs out. |
| SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities: Microsoft Windows 2000 Service Pack 4 Windows XP Service Pack 2 and Windows XP Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Refer to Microsoft Security Bulletin MS10-011 for further details. |
| Microsoft SMB Server Remote Code Execution Vulnerability |
|---|
| SEVERITY: Urgent 5 |
| QUALYS ID: 90579 |
| VENDOR REFERENCE: MS10-012 |
| CVE REFERENCE: CVE-2010-0020 | CVE-2010-0021 | CVE-2010-0022 | CVE-2010-0231 |
| CVSS SCORES: Base 10/ Temporal 7.4 |
| THREAT: Microsoft Server Message Block (SMB) Protocol is a Microsoft network file sharing protocol used in Microsoft Windows.
Microsoft SMB Server is prone to the following vulnerabilities: An authenticated remote code execution vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB packets. (CVE-2010-0020) A SMB memory corruption exists due to Microsoft Server Message Block (SMB) protocol software improperly handling a race condition that can occur when parsing SMB packets during the Negotiate phase. (CVE-2010-0021) A null pointer vulnerability exists due to Microsoft Server Message Block (SMB) Protocol software improperly verifying the share and servername fields in malformed SMB packets. (CVE-2010-0022) - A vulnerability is caused by a lack of cryptographic entropy when the SMB server generates challenges and presents them to a connecting client. This could cause an attacker to continuously attempt to authenticate against the SMB server and subsequently cause that server to generate duplicate values. (CVE-2010-0231) Microsoft has released a security update to address these issues. |
| IMPACT: Successful exploitation allows remote code execution as well as cause denial of service conditions. |
| SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities: Microsoft Windows 2000 Service Pack 4 Windows XP Service Pack 2 and Windows XP Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2 Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 Windows 7 for x64-based Systems Windows Server 2008 R2 for x64-based Systems Windows Server 2008 R2 for Itanium-based Systems Refer to Microsoft Security Bulletin MS10-012 for further details. Workaround: |
| Microsoft DirectShow Remote Code Execution Vulnerability |
|---|
| SEVERITY: Urgent 5 |
| QUALYS ID: 90584 |
| VENDOR REFERENCE: MS10-013 |
| CVE REFERENCE: CVE-2010-0250 |
| CVSS SCORES: Base 9.3/ Temporal 6.9 |
| THREAT: Microsoft DirectShow is used for streaming media on Microsoft Windows operating systems. DirectShow is also integrated with other DirectX technologies.
A remote code execution vulnerability exists in the way that Microsoft DirectShow parses AVI media files. This vulnerability could allow remote code execution if a user opened a specially crafted AVI file. (CVE-2010-0250) Microsoft has released a security update to resolve this issue. |
| IMPACT: An attacker who successfully exploits this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
| SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities: Microsoft Windows 2000 Service Pack 4 (AVI Filter) Microsoft Windows 2000 Service Pack 4 (Quartz) Microsoft Windows 2000 Service Pack 4 (Quartz in DirectX 9.0) Windows XP Service Pack 2 and Windows XP Service Pack 3 (AVI Filter) Windows XP Service Pack 2 and Windows XP Service Pack 3 (Quartz) Windows XP Professional x64 Edition Service Pack 2 (AVI Filter) Windows XP Professional x64 Edition Service Pack 2 (Quartz) Windows Server 2003 Service Pack 2 (AVI Filter) Windows Server 2003 Service Pack 2 (Quartz) Windows Server 2003 x64 Edition Service Pack 2 (AVI Filter) Windows Server 2003 x64 Edition Service Pack 2 (Quartz) Windows Server 2003 with SP2 for Itanium-based Systems (AVI Filter) Windows Server 2003 with SP2 for Itanium-based Systems (Quartz) Windows Vista, Windows Vista Service Pack 1 and Windows Vista Service Pack 2 (Quartz) For a complete list of patch download links, please refer to Microsoft Security Bulletin MS10-013. |
| Microsoft Windows Kerberos Denial of Service Vulnerability |
|---|
| SEVERITY: Critical 4 |
| QUALYS ID: 90582 |
| VENDOR REFERENCE: MS10-014 |
| CVE REFERENCE: CVE-2010-0035 |
| CVSS SCORES: Base 6.3/ Temporal 4.7 |
| THREAT: Microsoft has released a security update that addresses a denial of service vulnerability for Microsoft Windows.
The vulnerability exists in implementations of Kerberos. The vulnerability is due to improper handling of Ticket-Granting-Ticket renewal requests by a client on a remote, non-Windows realm in a mixed-mode Kerberos implementation. (CVE-2010-0035) The security update is rated Critical for all supported editions of Microsoft Windows 2000 and Windows XP, Important for all supported editions of Windows Vista and Windows 7, Moderate for all supported editions of Windows Server 2003, and Low for all supported editions of Windows Server 2008 and Windows Server 2008 R2. |
| IMPACT: Successfully exploiting this vulnerability might allow a remote attacker to cause affected Windows domain controller to stop responding. |
| SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities: Microsoft Windows 2000 Server Service Pack 4 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 Refer to Microsoft Security Bulletin MS10-014 for further details. |
| Microsoft Windows Kernel Elevation Privilege Vulnerability |
|---|
| SEVERITY: Critical 4 |
| QUALYS ID: 90576 |
| VENDOR REFERENCE: KB979682 |
| CVE REFERENCE: CVE-2010-0232 | CVE-2010-0233 |
| CVSS SCORES: Base 9.3/ Temporal 7.3 |
| THREAT: Windows Kernel is the core of the operating system. It provides system level services such as device management and memory management, allocates processor time to processes, and manages error handling.
The kernel is prone to multiple elevation of privilege vulnerabilities. An attacker who successfully exploits this vulnerability could execute arbitrary code and take complete control of an affected system.
Affected Software: |
| IMPACT: A successful exploit will allow arbitrary attacker-supplied code to run with kernel-level privileges. |
| SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities: Microsoft Windows 2000 Service Pack 4 Windows XP Service Pack 2 and Windows XP Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2 Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 Refer to Microsoft Security Bulletin MS10-015 for further details. Also refer to Microsoft Security Advisory (979682) to obtain additional details on one of the vulnerabilities that was resolved by MS10-015.
Workaround: See Microsoft Knowledge Base Article 979682 to use the automated Microsoft Fix it solution to enable or disable this workaround. Manual Instructions are as follows: Impact of Workaround: Users will not be able to run 16-bit applications. |
This new vulnerability check is included in Qualys vulnerability signatures v1.24.122-4. Each QualysGuard account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the QualysGuard HOME menu, select the Account Info tab.
SELECTIVE SCAN INSTRUCTIONS USING QUALYSGUARD:
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
- Enable the following Qualys IDs:
- 110113
- 110107
- 110108
- 110109
- 90581
- 90577
- 90578
- 90583
- 116887
- 90580
- 116886
- 90579
- 90584
- 90582
- 90576
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if QualysGuard is unable to logon to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Matrix Report, available from the QualysGuard HOME page.
US: 1 866.801.6161 | EMEA: 33 1 44.17.00.41 | UK: +44 1753 872102
Access for QualysGuard customers: https://qualysguard.qualys.com
Free trial of QualysGuard service: http://www.qualys.com/forms/trials/qualysguard_trial/
