Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 17 vulnerabilities that were fixed in 11 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Microsoft has released 11 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
Microsoft Windows 2000 Server Service Pack 4 (Active Directory):
http://www.microsoft.com/downloads/details.aspx?FamilyID=9df0875d-0466-4974-b4c0-1ecc777173b1
Windows XP Professional Service Pack 2 (ADAM):
http://www.microsoft.com/downloads/details.aspx?FamilyID=bff7dcb9-5d00-442e-b03c-ce923d213faa
Windows XP Professional x64 Edition and Windows XP Professional Edition Service Pack 2 (ADAM):
http://www.microsoft.com/downloads/details.aspx?FamilyID=36e36e1a-ed0d-45a6-b707-766fabc01fbd
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Active Directory):
http://www.microsoft.com/downloads/details.aspx?FamilyID=63d3d784-f057-4686-b85e-ab5fbab5a722
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (ADAM):
http://www.microsoft.com/downloads/details.aspx?FamilyID=60781cf3-7c6d-4795-a9d0-bc18ee356e94
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (Active Directory):
http://www.microsoft.com/downloads/details.aspx?FamilyID=835d647a-dce6-476e-b7c4-928a67b0acfb
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (ADAM):
http://www.microsoft.com/downloads/details.aspx?FamilyID=5e97698d-8150-44f9-9d34-87a0db6ba5a7
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems (Active Directory):
http://www.microsoft.com/downloads/details.aspx?FamilyID=eda8af09-1a4c-4163-a8bb-97dacdebeae4
Refer to Microsoft Security Bulletin MS08-003 for further details.
Windows Vista:
http://www.microsoft.com/downloads/details.aspx?familyid=8ce9608b-7049-47cd-adc4-22a803877d33
Windows Vista x64 Edition:
http://www.microsoft.com/downloads/details.aspx?familyid=d7b9c3d1-9c23-4e05-bac6-d0b327feaf53
Refer to Microsoft Security Bulletin MS08-004 for further details.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
February Security Updates are Now Available (KB942831)
Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Information Services 5.0):
http://www.microsoft.com/downloads/details.aspx?familyid=b24f34fb-40b9-4aa5-b5ac-e3f0a6062753
Windows XP Professional Service Pack 2 (Microsoft Internet Information Services 5.1):
http://www.microsoft.com/downloads/details.aspx?familyid=73d24fcf-bea9-4b13-9f1c-4e068c53a4ae
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Microsoft Internet Information Services 6.0):
http://www.microsoft.com/downloads/details.aspx?familyid=103a6bc0-034a-443d-b1d4-81117820dcb2
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Microsoft Internet Information Services 6.0):
http://www.microsoft.com/downloads/details.aspx?familyid=516ef8e8-3cb6-4660-b771-3c7f66917a11
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (Microsoft Internet Information Services 6.0):
http://www.microsoft.com/downloads/details.aspx?familyid=e24fb33c-67b9-4ed4-9317-b5fd535d005a
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft Internet Information Services 6.0):
http://www.microsoft.com/downloads/details.aspx?familyid=5a4a6083-8c67-4403-8e20-7f2b82178124
Windows Vista (Microsoft Internet Information Services 7.0):
http://www.microsoft.com/downloads/details.aspx?familyid=8c7018ec-ae80-4a30-93fc-0f7386732514
Windows Vista x64 Edition (Microsoft Internet Information Services 7.0):
http://www.microsoft.com/downloads/details.aspx?familyid=4de2fffc-5793-4acf-98ee-1b801e59ae39
Refer to Microsoft Security Bulletin MS08-005 for further details.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
February Security Updates are Now Available (KB942830)
Windows XP Professional Service Pack 2 (Microsoft Internet Information Services 5.1):
http://www.microsoft.com/downloads/details.aspx?FamilyID=2b498065-d682-4227-b23e-d234d7d6a3fe
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Microsoft Internet Information Services 6.0):
http://www.microsoft.com/downloads/details.aspx?FamilyID=df9875f7-04d6-486e-bdb5-35e9e305fa1d
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Microsoft Internet Information Services 6.0):
http://www.microsoft.com/downloads/details.aspx?FamilyID=6583e798-d16d-419c-aee1-30c3e6c635b3
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (Microsoft Internet Information Services 6.0):
http://www.microsoft.com/downloads/details.aspx?familyid=e8286174-8209-409f-8805-e534715a741c
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft Internet Information Services 6.0):
http://www.microsoft.com/downloads/details.aspx?familyid=29faa70d-f1ac-4da4-b72a-faf1973cd845
Refer to Micrsoft Security Bulletin MS08-006 for further details.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
February Security Updates are Now Available (KB946026)
Windows XP Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=afeef3ec-6160-4c1d-94bd-0bfce641d0a2
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyID=15b7d1c4-4ef4-47b2-9e3b-22eafbdb90d8
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyID=b7e725bf-7248-4119-aca5-b7d502c09cfc
Windows Server 2003 x64 Edition and Windows 2003 Server x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyID=8af82f86-731c-46a0-a025-b62447e2af38
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyID=bca224db-fe0e-411d-a948-1c776ce974f3
Windows Vista:
http://www.microsoft.com/downloads/details.aspx?FamilyID=ba7a2b42-1c89-45e5-b8a6-049fa500c03a
Windows Vista x64 Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyID=45962232-af78-42cb-bfa0-9ce7de199585
Refer to Micrsoft Security Bulletin MS08-007 for further details.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
April Security Updates are Available (KB943055)
March Security Updates (for DQI) Now Avaliable (KB943055)
Windows 2000 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=93b3d0a3-2091-405e-8dd4-10f20dc2be7f
Windows XP Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5c331a3a-93e0-42e4-9cd1-4e32ebdda38d
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=e0a15967-7184-4194-8edb-81760e440604
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=cfa0d5c6-a9b0-4c5c-a651-898e9f900799
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=a08e87dc-993b-493b-8af3-be6e98643aeb
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5a88522b-ee30-4deb-878b-598e852fd60e
Windows Vista:
http://www.microsoft.com/downloads/details.aspx?FamilyID=c67ec357-0f86-4f7d-9af0-d63d8b765f44
Windows Vista x64 Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=9137108f-e80b-46f1-b547-82da8fb058bf
Microsoft Office 2004 for Mac:
http://www.microsoft.com/downloads/details.aspx?FamilyId=36B00C58-192D-488C-A069-730C69F0B6B0
Microsoft Visual Basic 6.0 Service Pack 6:
http://www.microsoft.com/downloads/details.aspx?FamilyID=C96420A9-7436-4625-9649-75F1514B0FE3
Refer to Micrsoft Security Bulletin MS08-008 for further details.
Microsoft Office 2000 Service Pack 3 (Microsoft Word 2000 Service Pack 3):
http://www.microsoft.com/downloads/details.aspx?FamilyId=A513069B-8244-48E9-B136-01DDD3862802
Microsoft Office XP Service Pack 3 (Microsoft Word 2002 Service Pack 3):
http://www.microsoft.com/downloads/details.aspx?FamilyId=78C338AA-E410-4422-9E36-562F70D742E9
Microsoft Office 2003 Service Pack 2 (Microsoft Word 2003 Service Pack 2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=85CB1AA5-211F-4652-827B-2E79B8FFC2FC
Microsoft Office Word Viewer 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=FD4DDECD-ABD6-4783-B300-32B9D4BAD22A
Refer to Micrsoft Security Bulletin MS08-009 for further details.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
February Security Updates are Now Available (KB944533)
Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 5.01 Service Pack 4):
http://www.microsoft.com/downloads/details.aspx?FamilyId=1032A039-468B-4C5F-8C1C-5E54C2832E41
Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 6 Service Pack 1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=87E66DCE-5060-4814-8754-829B4E190359
Windows XP Service Pack 2 (Microsoft Internet Explorer 6):
http://www.microsoft.com/downloads/details.aspx?FamilyId=BB2AA3CB-021F-4890-AB20-2A51F8E17554
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):
http://www.microsoft.com/downloads/details.aspx?FamilyId=8989F576-8B30-4866-90EC-929D24F3B409
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Microsoft Internet Explorer 6):
http://www.microsoft.com/downloads/details.aspx?FamilyId=429B7ED1-FE78-459A-B834-D0F3C69CB703
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):
http://www.microsoft.com/downloads/details.aspx?FamilyId=E989E23C-38BB-4FE7-A830-D7BDF7659392
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft Internet Explorer 6):
http://www.microsoft.com/downloads/details.aspx?FamilyId=5A097F7A-B696-48D0-B13F-337C5FD14E24
Windows XP Service Pack 2 (Windows Internet Explorer 7):
http://www.microsoft.com/downloads/details.aspx?FamilyId=D4AA293A-6332-4C6C-B128-876F516BD030
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Windows Internet Explorer 7):
http://www.microsoft.com/downloads/details.aspx?FamilyId=B72AF1B6-6E23-4005-AEF6-82195B380153
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Windows Internet Explorer 7):
http://www.microsoft.com/downloads/details.aspx?FamilyId=B2AA6562-881E-4FD6-BE1B-53426A0FF4A9
For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS08-010.
Microsoft Office 2003 Service Pack 2 (Microsoft Works 6 File Converter):
http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C3FE-FB85-43D9-BBC3-0B30D3A20286
Microsoft Office 2003 Service Pack 3 (Microsoft Works 6 File Converter):
http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C3FE-FB85-43D9-BBC3-0B30D3A20286
Microsoft Works 8.0 (Microsoft Works 6 File Converter):
http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C3FE-FB85-43D9-BBC3-0B30D3A20286
Microsoft Works Suite 2005 (Microsoft Works 6 File Converter):
http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C3FE-FB85-43D9-BBC3-0B30D3A20286
Refer to Micrsoft Security Bulletin MS08-011 for further details.
Microsoft Office 2000 Service Pack 3 (Microsoft Office Publisher 2000):
http://www.microsoft.com/downloads/details.aspx?FamilyId=D8B085FB-858F-4C7E-96DE-EDFF8F49D62A
Microsoft Office XP Service Pack 3 (Microsoft Office Publisher 2002):
http://www.microsoft.com/downloads/details.aspx?FamilyId=1135C63A-6CE7-4051-81BA-BFBBA8D857FB
Microsoft Office 2003 Service Pack 2 (Microsoft Office Publisher 2003 Service Pack 2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=7078B952-09F6-4C47-8C05-40667E1F1C3B
Refer to Micrsoft Security Bulletin MS08-012 for further details.
Microsoft Office 2000 Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5FB74E24-D9EE-4951-9C46-E1C84617F097
Microsoft Office XP Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=3E147B1A-F3BE-465F-8587-7F3A33D6A6E5
Microsoft Office 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=F4AC0F34-4604-4BBE-9669-01DB645041CA
Microsoft Office 2004 for Mac:
http://www.microsoft.com/downloads/details.aspx?FamilyId=36B00C58-192D-488C-A069-730C69F0B6B0
Refer to Micrsoft Security Bulletin MS08-013 for further details.
These new vulnerability checks are included in Qualys vulnerability signature 1.19.64-4. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
To perform a selective vulnerability scan, configure a scan profile to use the following options:
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Platforms and Platform Identification
For more information, customers may contact Qualys Technical Support.
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.