Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 4 vulnerabilities that were fixed in 4 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Microsoft has released 4 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Microsoft Windows 2000 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=7cd248ed-d154-4dce-89ef-ceefd2700965
Refer to Micrsoft Security Bulletin MS07-051 for further details.
Visual Studio .NET 2002 Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=2608C83B-E1B2-4449-9A0E-1E566AAC3D76
Visual Studio .NET 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=D612AD41-5A0D-4E13-99EA-D6A5589786D6
Visual Studio .NET 2003 Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=0B10B04B-932C-4BFF-9CBC-B3EEB15064B1
Visual Studio 2005:
http://www.microsoft.com/downloads/details.aspx?FamilyId=21073CC2-919C-40DF-8EBB-AA3DB06050D2
Visual Studio 2005 Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=967D43C8-EFBA-4221-BEB0-981E7DEEF33A
Refer to Microsoft Security Bulletin MS07-052 for further details.
Windows 2000 Service Pack 4 (Windows Services for UNIX 3.0):
http://www.microsoft.com/downloads/details.aspx?FamilyId=557f89fc-c5d9-4405-9007-1654abf92277
Windows 2000 Service Pack 4 (Windows Services for UNIX 3.5):
http://www.microsoft.com/downloads/details.aspx?FamilyId=70ae23c2-3ae8-4ea6-ba8d-8ac7e4f82663
Windows XP Service Pack 2 (Windows Services for UNIX 3.0):
http://www.microsoft.com/downloads/details.aspx?FamilyId=557f89fc-c5d9-4405-9007-1654abf92277
Windows XP Service Pack 2 (Windows Services for UNIX 3.5):
http://www.microsoft.com/downloads/details.aspx?FamilyId=70ae23c2-3ae8-4ea6-ba8d-8ac7e4f82663
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Windows Services for UNIX 3.0):
http://www.microsoft.com/downloads/details.aspx?FamilyId=557f89fc-c5d9-4405-9007-1654abf92277
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Windows Services for UNIX 3.5):
http://www.microsoft.com/downloads/details.aspx?FamilyId=70ae23c2-3ae8-4ea6-ba8d-8ac7e4f82663
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Subsystem for UNIX-based Applications):
http://www.microsoft.com/downloads/details.aspx?FamilyId=8ab5cc43-0b9c-45eb-aa51-47568ab6ce3f
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (Subsystem for UNIX-based Applications):
http://www.microsoft.com/downloads/details.aspx?FamilyId=1d21e3e8-b5f6-4044-9db6-054af836492b
Window Vista (Subsystem for UNIX-based Applications):
http://www.microsoft.com/downloads/details.aspx?FamilyId=4d52e4f4-2888-42df-8163-85c648e65b29
Windows Vista x64 Edition (Subsystem for UNIX-based Applications):
http://www.microsoft.com/downloads/details.aspx?FamilyId=4be667cc-c239-480b-a9a0-939bcd27f0de
Refer to Microsoft Security Bulletin MS07-053 for further details.
It is caused due to an error in the handling of video conversations, and can be exploited to cause a heap-based buffer overflow via specially crafted data sent to a user.
Windows XP Service Pack 2 (MSN Messenger 6.2):
http://www.microsoft.com/downloads/details.aspx?FamilyID=d78f2ff1-79ea-4066-8ba0-ddbed94864fc&DisplayLang=en
Windows XP Service Pack 2 (MSN Messenger 7.0):
http://www.microsoft.com/downloads/details.aspx?FamilyID=d78f2ff1-79ea-4066-8ba0-ddbed94864fc&DisplayLang=en
Windows XP Service Pack 2 (MSN Messenger 7.5):
http://www.microsoft.com/downloads/details.aspx?FamilyID=d78f2ff1-79ea-4066-8ba0-ddbed94864fc&DisplayLang=en
Windows XP Service Pack 2 (Windows Live Messenger 8.0):
http://www.microsoft.com/downloads/details.aspx?FamilyID=d78f2ff1-79ea-4066-8ba0-ddbed94864fc&DisplayLang=en
Windows XP Professional x64 Edition (MSN Messenger 6.2):
http://www.microsoft.com/downloads/details.aspx?FamilyID=d78f2ff1-79ea-4066-8ba0-ddbed94864fc&DisplayLang=en
Windows XP Professional x64 Edition (MSN Messenger 7.0):
http://www.microsoft.com/downloads/details.aspx?FamilyID=d78f2ff1-79ea-4066-8ba0-ddbed94864fc&DisplayLang=en
Windows XP Professional x64 Edition (MSN Messenger 7.5):
http://www.microsoft.com/downloads/details.aspx?FamilyID=d78f2ff1-79ea-4066-8ba0-ddbed94864fc&DisplayLang=en
Windows XP Professional x64 Edition (Windows Live Messenger 8.0):
http://www.microsoft.com/downloads/details.aspx?FamilyID=d78f2ff1-79ea-4066-8ba0-ddbed94864fc&DisplayLang=en
Windows XP Professional x64 Edition Service Pack 2 (MSN Messenger 6.2):
http://www.microsoft.com/downloads/details.aspx?FamilyID=d78f2ff1-79ea-4066-8ba0-ddbed94864fc&DisplayLang=en
For a complete list of patch download links, please refer to Microsoft Security Bulletin MS07-054.
These new vulnerability checks are included in Qualys vulnerability signature 1.18.49-5. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
To perform a selective vulnerability scan, configure a scan profile to use the following options:
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Platforms and Platform Identification
For more information, customers may contact Qualys Technical Support.
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.