July 12, 2011 - Qualys® Vulnerability R&D Lab has released new vulnerability checks in QualysGuard® to protect organizations against 22 vulnerabilities present in Microsoft Windows that were announced today. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their QualysGuard subscription.
Microsoft has released 4 security patches to fix newly discovered flaws in Microsoft Windows. Qualys has released the following checks for these new vulnerabilities:
| Microsoft Bluetooth Stack Remote Code Execution Vulnerability (MS11-053) |
|---|
SEVERITY: Urgent  5 |
| QUALYS ID: 90720 |
| VENDOR REFERENCE: MS11-053 |
| CVE REFERENCE: CVE-2011-1265 |
| CVSS SCORES: Base 10/ Temporal 7.4 |
| THREAT: Bluetooth is an industry-standard protocol that enables wireless connectivity for computers, handheld devices, mobile phones, and other devices.
A remote code execution vulnerability exists in the Windows Bluetooth 2.1 Stack due to the way an object in memory is accessed when it has not been correctly initialized or has been deleted.
Affected Software: |
| IMPACT: An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
| SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities: Windows Vista x64 Edition Service Pack 1 Windows Vista x64 Edition Service Pack 2 Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1 Refer to Microsoft Security Bulletin MS11-053 for further details.
Workaround: |
| Microsoft Visio Remote Code Execution Vulnerability (MS11-055) |
|---|
| SEVERITY: Urgent 5 |
| QUALYS ID: 110155 |
| VENDOR REFERENCE: MS11-055 |
| CVE REFERENCE: CVE-2010-3148 |
| CVSS SCORES: Base 9.3/ Temporal 6.9 |
| THREAT: Microsoft Visio is diagramming software for Microsoft Windows. It uses vector graphics to create diverse diagrams.
Microsoft Visio is prone to an insecure library loading vulnerability because the application loads libraries (e.g. mfc71enu.dll and mfc71loc.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening a Microsoft Visio Stencil (".vss") file located on a remote WebDAV or SMB share.
Affected Software: |
| IMPACT: Successful exploitation allows execution of arbitrary code. |
| SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities: Microsoft Visio 2003 Service Pack 3 Refer to Microsoft Security Bulletin MS11-055 for further details.
Workaround: Impact of workaround #2: When the WebClient service is disabled, Web Distributed Authoring and Versioning (WebDAV) requests are not transmitted. In addition, any services that explicitly depend on the Web Client service will not start, and an error message will be logged in the System log. For example, WebDAV shares will be inaccessible from the client computer. |
| Microsoft Windows Kernel Mode Drivers Elevation of Privilege (MS11-054) |
|---|
SEVERITY: Critical  4 |
| QUALYS ID: 90718 |
| VENDOR REFERENCE: MS11-054 |
| CVE REFERENCE: CVE-2011-1874,CVE-2011-1875,CVE-2011-1876,CVE-2011-1877,CVE-2011-1878,CVE-2011-1879,CVE-2011-1880,CVE-2011-1881,CVE-2011-1882,CVE-2011-1883,CVE-2011-1884,CVE-2011-1885,CVE-2011-1886,CVE-2011-1887,CVE-2011-1888 |
| CVSS SCORES: Base 7.2/ Temporal 5.6 |
| THREAT: This security update resolves 15 privately reported vulnerabilities in Microsoft Windows.
The security update addresses the vulnerabilities by correcting the way that kernel mode drivers manage kernel mode driver objects, keep track of kernel mode driver objects, and validate function parameters. This security update is rated Important for all supported releases of Microsoft Windows. |
| IMPACT: The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. |
| SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities: Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista Service Pack 1 and Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2 Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1 Refer to Microsoft Security Bulletin MS11-054 for further details. |
| Microsoft Windows Client/Server Runtime Subsystem Elevation of Privilege Vulnerability (MS11-056) |
|---|
| SEVERITY: Critical 4 |
| QUALYS ID: 90719 |
| VENDOR REFERENCE: MS11-056 |
| CVE REFERENCE: CVE-2011-1281,CVE-2011-1282,CVE-2011-1283,CVE-2011-1284,CVE-2011-1870 |
| CVSS SCORES: Base 9.3/ Temporal 6.9 |
| THREAT: The Windows Client/Server Runtime Subsystem (CSRSS) is the user mode portion of the Win32 subsystem (with Win32.sys being the kernel mode portion). CSRSS is responsible for console windows, creating and/or deleting threads.
Windows CSRSS is prone to multiple elevation of privilege vulnerabilities due to the way that it assigns memory for specific user transactions. Microsoft has released a security update that addresses the vulnerabilities by not allowing multiple console objects to be associated with one process, by modifying the way the CSRSS initializes memory, by validating user input before use as an index for an array, and by modifying bounds checking to prevent memory corruption. This security update is rated Important for all supported versions of Microsoft Windows. |
| IMPACT: An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
| SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities: Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista Service Pack 1 and Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2 Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1 Refer to Microsoft Security Bulletin MS11-056 for further details. |
This new vulnerability check is included in Qualys vulnerability signatures 1.28.160-3. Each QualysGuard account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the QualysGuard HOME menu, select the Account Info tab.
SELECTIVE SCAN INSTRUCTIONS USING QUALYSGUARD:
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 90720
- 110155
- 90718
- 90719
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if QualysGuard is unable to logon to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Matrix Report, available from the QualysGuard HOME page.
US: 1 866.801.6161 | EMEA: 33 1 44.17.00.41 | UK: +44 1753 872102
Access for QualysGuard customers: https://qualysguard.qualys.com
Free trial of QualysGuard service: http://www.qualys.com/forms/trials/qualysguard_trial/
