Cloud Platform
Platform
Solutions
Resources
Customers
Partners
Community
Support
Company
Login
Contact us
Try it
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview

  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Compliance
Cloud Security
Cyber Risk Series | Cloud Security Edition | February 28 | Register Now

Microsoft security alert.

September 11, 2012

Advisory overview

Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 2 vulnerabilities that were fixed in 2 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.

Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.

Vulnerability details

Microsoft has released 2 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:

  • Visual Studio Team Foundation Server Elevation of Privilege Vulnerability (MS12-061)

    Severity
    Critical 4
    Qualys ID
    120498
    Vendor Reference
    MS12-061
    CVE Reference
    CVE-2012-1892
    CVSS Scores
    Base 4.3 / Temporal 3.2
    Description
    Microsoft Visual Studio Team Foundation Server is a version-control and bug-tracking system for developers using Visual Studio 2010.

    A reflected XSS vulnerability exists in Visual Studio Team Foundation Server.

    Microsoft has released a security update that addresses the vulnerabilities by correcting how the Team Foundation Server site validates input parameters.

    This security update is rated Important for all supported editions of Microsoft Visual Studio Team Foundation Server 2010.

    Consequence
    If this vulnerability is successfully exploited, attackers can inject a client-side script into the user's instance of Internet Explorer. The script could spoof content, disclose information, or take any action that the user could take on the site on behalf of the targeted user.
    Solution
    Patch:
    Following are links for downloading patches to fix the vulnerabilities:

    Microsoft Visual Studio Team Foundation Server 2010 Service Pack 1

    Refer to Microsoft Security Bulletin MS12-061 for further details.

    Workaround:
    Enable Internet Explorer 8 and Internet Explorer 9 XSS filter in the Local intranet security zone.

  • Microsoft System Center Configuration Manager Elevation of Privilege Vulnerability (MS12-062)

    Severity
    Critical 4
    Qualys ID
    90832
    Vendor Reference
    MS12-062
    CVE Reference
    CVE-2012-2536
    CVSS Scores
    Base 4.3 / Temporal 3.6
    Description
    Systems Management Server is a systems management software product by Microsoft for managing large groups of Windows-based computer systems. It provides remote control, patch management, software distribution, operating system deployment, network access protection, and hardware and software inventory.

    A cross-site scripting vulnerability exists in System Center Configuration Manager where code can be injected back to the user in the resulting page, effectively allowing attacker-controlled code to run in the context of the user clicking the link. This vulnerability is caused when System Center Configuration Manager improperly handles specially crafted requests that allow an attacker to gain access to System Center Configuration Manager and carry out the same actions as an authenticated user. (CVE-2012-2536)

    Affected Software:
    Microsoft Systems Management Server 2003 Service Pack 3
    Microsoft System Center Configuration Manager 2007 Service Pack 2

    Consequence
    An attacker who successfully exploited this vulnerability could inject a client-side script in the user's browser. The script could spoof content, disclose information, or take any action that the user could take on the affected website on behalf of the targeted user.
    Solution
    Patch:
    Following are links for downloading patches to fix the vulnerabilities:

    Microsoft Systems Management Server 2003 Service Pack 3

    Microsoft System Center Configuration Manager 2007 Service Pack 2

    Workaround:
    - Enable Internet Explorer 8 and Internet Explorer 9 XSS filter in the Local intranet security zone.

    - You can help protect against exploitation of this vulnerability by changing your settings to enable the XSS filter in the Local intranet security zone. (XSS filter is enabled by default in the Internet security zone.) To do this, perform the following steps:
    - In Internet Explorer 8 or Internet Explorer 9, click Internet Options on the Tools menu.
    - Click the Security tab.
    - Click Local intranet, and then click Custom level.
    - Under Settings, in the Scripting section, under Enable XSS filter, click Enable, and then click OK.
    - Click OK two times to return to Internet Explorer.

    - Impact of workaround: Internal sites not previously flagged as being XSS risks could be flagged.

These new vulnerability checks are included in Qualys vulnerability signature 2.2.220-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.

Selective Scan Instructions Using Qualys

To perform a selective vulnerability scan, configure a scan profile to use the following options:

  1. Ensure access to TCP ports 135 and 139 are available.
  2. Enable Windows Authentication (specify Authentication Records).
  3. Enable the following Qualys IDs:
    • 120498
    • 90832
  4. If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
  5. If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.

In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.

Access for Qualys Customers

Platforms and Platform Identification

Technical Support

For more information, customers may contact Qualys Technical Support.

About Qualys

The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.