10.10.10.220 Confirmed 4/5/Patchable June 13, 2012

This report was generated with an evaluation version of QualysGuard This report was generated with an evaluation version of QualysGuard

Report Summary User Name: Paul Klahn Login Name: quays_pk25 Company: Qualys User Role: Manager Address: 1600 Bridge Parkway City: Redwood Shores State: California Zip: 94065 Country: United States of America Created: 06/13/2012 at 22:15:31 (GMT) Template Title: JF - Confirmed Patchable and Exploitable Level 4 and 5 Asset Groups: - IPs: 10.10.10.220 Tags: - Sort by: Host Trend Analysis: Latest report Date Range: N/A Active Hosts: 1 Hosts Matching Filters: 1

Summary of Vulnerabilities

Vulnerabilities Total 222 Security Risk (Avg) 4.3 Business Risk 45/100

by Severity Severity Confirmed Potential Information Gathered Total 5 76 - - 76 4 146 - - 146 3 0 - - 0 2 0 - - 0 1 0 - - 0 Total 222 - - 222

5 Biggest Categories Category Confirmed Potential Information Gathered Total Windows 85 - - 85 Local 70 - - 70 Office Application 39 - - 39 Internet Explorer 15 - - 15 Security Policy 6 - - 6 Total 215 - - 215

Detailed Results

10.10.10.220 Confirmed 4/5/Patchable page 1 10.10.10.220 (win2003-srv-2.w3ktest-1.vuln.qa.qualys.com, WIN2003-SRV-2) Windows 2003

Vulnerabilities Total 222 Security Risk 4.3

by Severity Severity Confirmed Potential Information Gathered Total 5 76 - - 76 4 146 - - 146 3 0 - - 0 2 0 - - 0 1 0 - - 0 Total 222 - - 222

Vulnerabilities (222)

5 Microsoft Internet Explorer Cumulative Security Update (MS07-027) CVSS: - Active QID: 100046 CVSS Base: 9.3 Category: Internet Explorer CVSS Temporal: 7.3 CVE ID: CVE-2007-0942, CVE-2007-0944, CVE-2007-0945, CVE-2007-0946, CVE-2007-0947, CVE-2007-2221 Vendor Reference: MS07-027 Bugtraq ID: - Service Modified: 11/19/2007 User Modified: - Edited: No PCI Vuln: Yes

First Detected: 10/01/2011 at 07:36:07 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 15 CVSS Environment: Asset Group: - Collateral Damage Potential: - Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service Pack 4 : http://www.microsoft.com/downloads/details.aspx?FamilyId=67AE3381-16B2-4B34-B95C-69EE7D58B357 (http://www.microsoft.com/downloads/details.aspx?FamilyId=67AE3381-16B2-4B34-B95C-69EE7D58B357) Microsoft Internet Explorer 6 Service Pack 1 when installed on Windows 2000 Service Pack 4 : http://www.microsoft.com/downloads/details.aspx?FamilyId=03FC8E0C-DEC5-48D1-9A34-3B639F185F7D (http://www.microsoft.com/downloads/details.aspx?FamilyId=03FC8E0C-DEC5-48D1-9A34-3B639F185F7D) Microsoft Internet Explorer 6 for Windows XP Service Pack 2 : http://www.microsoft.com/downloads/details.aspx?FamilyId=EFC6BE04-0D6B-4639-8485-DA1525F6BC52 (http://www.microsoft.com/downloads/details.aspx?FamilyId=EFC6BE04-0D6B-4639-8485-DA1525F6BC52) Microsoft Internet Explorer 6 for Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 : http://www.microsoft.com/downloads/details.aspx?FamilyId=A077BE20-C379-4386-B478-80197A4A4ABC (http://www.microsoft.com/downloads/details.aspx?FamilyId=A077BE20-C379-4386-B478-80197A4A4ABC) Microsoft Internet Explorer 6 for Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 : http://www.microsoft.com/downloads/details.aspx?FamilyId=D249089D-BB8E-4B86-AB8E-18C52844ACB2

10.10.10.220 Confirmed 4/5/Patchable page 2 (http://www.microsoft.com/downloads/details.aspx?FamilyId=D249089D-BB8E-4B86-AB8E-18C52844ACB2) Microsoft Internet Explorer 6 for Windows Server 2003 with SP1 for Itanium based Systems and Windows Server 2003 with SP2 for Itanium based Systems : http://www.microsoft.com/downloads/details.aspx?FamilyId=D52C0AFD-CC3A-4A5C-B91B-E006D497BC26 (http://www.microsoft.com/downloads/details.aspx?FamilyId=D52C0AFD-CC3A-4A5C-B91B-E006D497BC26) Microsoft Internet Explorer 6 for Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 : http://www.microsoft.com/downloads/details.aspx?FamilyId=94B83BDD-2BD1-43E4-BABF-68135D253293 (http://www.microsoft.com/downloads/details.aspx?FamilyId=94B83BDD-2BD1-43E4-BABF-68135D253293) Windows Internet Explorer 7 for Windows XP Service Pack 2 : http://www.microsoft.com/downloads/details.aspx?FamilyId=7A778D93-9D85-4217-8CC0-5C494D954CA0 (http://www.microsoft.com/downloads/details.aspx?FamilyId=7A778D93-9D85-4217-8CC0-5C494D954CA0) Windows Internet Explorer 7 for Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 : http://www.microsoft.com/downloads/details.aspx?FamilyId=29938ED4-F8BB-4793-897C-966BA7F4830C (http://www.microsoft.com/downloads/details.aspx?FamilyId=29938ED4-F8BB-4793-897C-966BA7F4830C) Windows Internet Explorer 7 for Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 : http://www.microsoft.com/downloads/details.aspx?FamilyId=0F173D60-6FD0-4C92-BB2A-A7A78707E35F (http://www.microsoft.com/downloads/details.aspx?FamilyId=0F173D60-6FD0-4C92-BB2A-A7A78707E35F) For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS07-027 (http://www.microsoft.com/technet/security/bulletin/MS07-027.mspx).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1000103: Microsoft Internet Explorer COM Object Instantiation Memory Corruption Vulnerability (Group 1) Virtual Patch #1000994: Microsoft Windows Media Server MDSAuth.DLL ActiveX Control Remote Code Execution

EXPLOITABILITY: The Exploit-DB Reference: CVE-2007-2221 Description: MS Internet Explorer Link: http://www.exploit-db.com/exploits/3892

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB931768 is missing HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP0\KB931768-IE7 is missing %windir%\System32\wininet.dll Version is 6.0.3790.630

5 Cumulative Security Update for Internet Explorer (MS07-069) CVSS: - Active QID: 100054 CVSS Base: 9.3 Category: Internet Explorer CVSS Temporal: 7.3 CVE ID: CVE-2007-3902, CVE-2007-3903, CVE-2007-5344, CVE-2007-5347 Vendor Reference: MS07-069 Bugtraq ID: - Service Modified: 12/12/2007 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 5.01 Service Pack 4):http://www.microsoft.com/downloads/details.aspx?FamilyId=B3BD16EA-5D69-4AE3-84B3-AB773052CEEB (http://www.microsoft.com/downloads/details.aspx?FamilyId=B3BD16EA-5D69-4AE3-84B3-AB773052CEEB) Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 6 Service Pack

10.10.10.220 Confirmed 4/5/Patchable page 3 1):http://www.microsoft.com/downloads/details.aspx?FamilyId=BC8EDF05-262A-4D1D-B196-4FC1A844970C (http://www.microsoft.com/downloads/details.aspx?FamilyId=BC8EDF05-262A-4D1D-B196-4FC1A844970C) Windows XP Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=6E4EBAFC-34C3-4DC7-B712-152C611D3F0A (http://www.microsoft.com/downloads/details.aspx?FamilyId=6E4EBAFC-34C3-4DC7-B712-152C611D3F0A) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=F5A5AF23-30FB-4E47-94BD-3B05B55C92F2 (http://www.microsoft.com/downloads/details.aspx?FamilyId=F5A5AF23-30FB-4E47-94BD-3B05B55C92F2) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=BF466060-A585-4C2E-A48D-70E080C3BBE7 (http://www.microsoft.com/downloads/details.aspx?FamilyId=BF466060-A585-4C2E-A48D-70E080C3BBE7) Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=074697F2-18C8-4521-BBF7-1D0E7395D27D (http://www.microsoft.com/downloads/details.aspx?FamilyId=074697F2-18C8-4521-BBF7-1D0E7395D27D) Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=B3F390A6-0361-4553-B627-5E7AD6BF5055 (http://www.microsoft.com/downloads/details.aspx?FamilyId=B3F390A6-0361-4553-B627-5E7AD6BF5055) Windows XP Service Pack 2 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?FamilyId=B15A6506-02DD-43C2-AEF4-E10C1C76EE97 (http://www.microsoft.com/downloads/details.aspx?FamilyId=B15A6506-02DD-43C2-AEF4-E10C1C76EE97) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?FamilyId=C092A6BB-8E62-4D90-BDB1-5F3A15968F75 (http://www.microsoft.com/downloads/details.aspx?FamilyId=C092A6BB-8E62-4D90-BDB1-5F3A15968F75) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?FamilyId=34759C10-16A5-42A2-974D-9D532FB5A0A7 (http://www.microsoft.com/downloads/details.aspx?FamilyId=34759C10-16A5-42A2-974D-9D532FB5A0A7) For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS07-069 (http://www.microsoft.com/technet/security/bulletin/MS07-069.mspx).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1001247: Microsoft Internet Explorer DHTML Object Memory Corruption Vulnerability Virtual Patch #1001261: Microsoft Internet Explorer Intuit Products AWAPI4.dll ActiveX Control Code Execution Vulnerabilities

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\Software\Microsoft\Internet Explorer Version = 6.0.3790.0 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB942615\Filelist is missing %windir%\System32\wininet.dll Version is 6.0.3790.630

5 Internet Explorer Cumulative Security Update (MS08-010) CVSS: - Active QID: 100055 CVSS Base: 9.3 Category: Internet Explorer CVSS Temporal: 7.3 CVE ID: CVE-2008-0076, CVE-2008-0077, CVE-2008-0078, CVE-2007-4790 Vendor Reference: MS08-010 Bugtraq ID: - Service Modified: 02/13/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

10.10.10.220 Confirmed 4/5/Patchable page 4 Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 5.01 Service Pack 4):http://www.microsoft.com/downloads/details.aspx?FamilyId=1032A039-468B-4C5F-8C1C-5E54C2832E41 (http://www.microsoft.com/downloads/details.aspx?FamilyId=1032A039-468B-4C5F-8C1C-5E54C2832E41) Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 6 Service Pack 1):http://www.microsoft.com/downloads/details.aspx?FamilyId=87E66DCE-5060-4814-8754-829B4E190359 (http://www.microsoft.com/downloads/details.aspx?FamilyId=87E66DCE-5060-4814-8754-829B4E190359) Windows XP Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=BB2AA3CB-021F-4890-AB20-2A51F8E17554 (http://www.microsoft.com/downloads/details.aspx?FamilyId=BB2AA3CB-021F-4890-AB20-2A51F8E17554) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=8989F576-8B30-4866-90EC-929D24F3B409 (http://www.microsoft.com/downloads/details.aspx?FamilyId=8989F576-8B30-4866-90EC-929D24F3B409) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=429B7ED1-FE78-459A-B834-D0F3C69CB703 (http://www.microsoft.com/downloads/details.aspx?FamilyId=429B7ED1-FE78-459A-B834-D0F3C69CB703) Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=E989E23C-38BB-4FE7-A830-D7BDF7659392 (http://www.microsoft.com/downloads/details.aspx?FamilyId=E989E23C-38BB-4FE7-A830-D7BDF7659392) Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=5A097F7A-B696-48D0-B13F-337C5FD14E24 (http://www.microsoft.com/downloads/details.aspx?FamilyId=5A097F7A-B696-48D0-B13F-337C5FD14E24) Windows XP Service Pack 2 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?FamilyId=D4AA293A-6332-4C6C-B128-876F516BD030 (http://www.microsoft.com/downloads/details.aspx?FamilyId=D4AA293A-6332-4C6C-B128-876F516BD030) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?FamilyId=B72AF1B6-6E23-4005-AEF6-82195B380153 (http://www.microsoft.com/downloads/details.aspx?FamilyId=B72AF1B6-6E23-4005-AEF6-82195B380153) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?FamilyId=B2AA6562-881E-4FD6-BE1B-53426A0FF4A9 (http://www.microsoft.com/downloads/details.aspx?FamilyId=B2AA6562-881E-4FD6-BE1B-53426A0FF4A9) For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS08-010 (http://www.microsoft.com/technet/security/bulletin/MS08-010.mspx).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1001088: Microsoft Internet Explorer Visual FoxPro ActiveX Object Memory Corruption Virtual Patch #1001636: Microsoft Internet Explorer HTML Rendering Memory Corruption Vulnerability Virtual Patch #1001821: Microsoft Internet Explorer Image Processing Argument Handling Memory Corruption

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\Software\Microsoft\Internet Explorer Version = 6.0.3790.0 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB944533\Filelist is missing %windir%\System32\wininet.dll Version is 6.0.3790.630

5 Microsoft Internet Explorer Pointer Reference Memory Corruption (MS08-078) CVSS: - Active QID: 100065 CVSS Base: 9.3 Category: Internet Explorer CVSS Temporal: 6.9 CVE ID: CVE-2008-4844 Vendor Reference: MS08-078 Bugtraq ID: 32721 Service Modified: 01/08/2009 User Modified: - Edited: No PCI Vuln: Yes

10.10.10.220 Confirmed 4/5/Patchable page 5 Availability Requirement: -

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 5.01 Service Pack 4):http://www.microsoft.com/downloads/details.aspx?familyid=d3e18732-47f1-40ce-999c-d1fd283bf138 (http://www.microsoft.com/downloads/details.aspx?familyid=d3e18732-47f1-40ce-999c-d1fd283bf138) Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 6 Service Pack 1):http://www.microsoft.com/downloads/details.aspx?familyid=124c14b6-9323-4f6f-902b-727aa56444bc (http://www.microsoft.com/downloads/details.aspx?familyid=124c14b6-9323-4f6f-902b-727aa56444bc) Windows XP Service Pack 2 and Windows XP Service Pack 3 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?familyid=1d83e0af-46fa-4bfc-ba57-635435a7ef2d (http://www.microsoft.com/downloads/details.aspx?familyid=1d83e0af-46fa-4bfc-ba57-635435a7ef2d) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?familyid=a585cb73-2c1a-4fa8-862a-ad6aeaeaf2f8 (http://www.microsoft.com/downloads/details.aspx?familyid=a585cb73-2c1a-4fa8-862a-ad6aeaeaf2f8) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?familyid=d81e9cf9-ce0c-463a-a359-49a348cb89ae (http://www.microsoft.com/downloads/details.aspx?familyid=d81e9cf9-ce0c-463a-a359-49a348cb89ae) Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?familyid=015df302-d79f-43a1-b5c5-32ac04de0510 (http://www.microsoft.com/downloads/details.aspx?familyid=015df302-d79f-43a1-b5c5-32ac04de0510) Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?familyid=18016305-7f72-47f6-ab4c-94282289bf5f (http://www.microsoft.com/downloads/details.aspx?familyid=18016305-7f72-47f6-ab4c-94282289bf5f) Windows XP Service Pack 2 and Windows XP Service Pack 3 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?familyid=0190a289-164e-41a7-8c01-fa1aaed3f531 (http://www.microsoft.com/downloads/details.aspx?familyid=0190a289-164e-41a7-8c01-fa1aaed3f531) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?familyid=9ba71e23-8cef-4399-b215-983b0dcf5cb5 (http://www.microsoft.com/downloads/details.aspx?familyid=9ba71e23-8cef-4399-b215-983b0dcf5cb5) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?familyid=388847ec-817e-45cf-8fa7-32c7e1f57f80 (http://www.microsoft.com/downloads/details.aspx?familyid=388847ec-817e-45cf-8fa7-32c7e1f57f80) For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS08-078 (http://www.microsoft.com/technet/security/bulletin/MS08-078.mspx).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003129: Pointer Reference Memory Corruption Vulnerability Virtual Patch #1003133: Pointer Reference Memory Corruption Vulnerability Domain Blocker

EXPLOITABILITY: Core Security Reference: CVE-2008-4844 Description: Microsoft Internet Explorer XML Buffer Overflow Exploit - Core Security Category : Exploits/Client Side

Immunity Reference: CVE-2008-4844 Description: MS Internet Explorer XML Parsing Vulnerability - Immunity Ref : ms08_078 Link: http://qualys.immunityinc.com/home/exploitpack/CANVAS/ms08_078/qualys_user

Metasploit Reference: CVE-2008-4844 Description: Internet Explorer Data Binding Memory Corruption - Metasploit Ref : /modules/exploit/windows/browser/ms08_078_xml_corruption Link: http://www.metasploit.com/modules/exploit/windows/browser/ms08_078_xml_corruption

The Exploit-DB Reference: CVE-2008-4844 Description: MS Internet Explorer XML Parsing Remote Buffer Overflow Exploit 0day - The Exploit-DB Ref : 7403 Link: http://www.exploit-db.com/exploits/7403

Reference: CVE-2008-4844 Description: MS Internet Explorer XML Parsing Buffer Overflow Exploit (vista) 0day - The Exploit-DB Ref : 7410

10.10.10.220 Confirmed 4/5/Patchable page 6 Link: http://www.exploit-db.com/exploits/7410

Reference: CVE-2008-4844 Description: Internet Explorer Data Binding Memory Corruption - The Exploit-DB Ref : 16583 Link: http://www.exploit-db.com/exploits/16583

ExploitKits Reference: CVE-2008-4844 Description: Internet Explorer 7 XML Exploit

Link: http://contagiodump.blogspot.com/2010/06/overview-of-exploit-packs-update.html

RESULTS: HKLM\Software\Microsoft\Internet Explorer Version = 6.0.3790.0 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB960714 is missing %windir%\System32\mshtml.dll Version is 6.0.3790.630

5 Microsoft Windows GDI+ Remote Code Execution Vulnerability (MS08-052) CVSS: - Active QID: 90454 CVSS Base: 9.3 Category: Windows CVSS Temporal: 7.7 CVE ID: CVE-2007-5348, CVE-2008-3012, CVE-2008-3013, CVE-2008-3014, CVE-2008-3015 Vendor Reference: MS08-052 Bugtraq ID: - Service Modified: 11/17/2009 User Modified: - Edited: No PCI Vuln: Yes

First Detected: 07/27/2011 at 19:27:53 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 25 CVSS Environment: Asset Group: - Collateral Damage Potential: - Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: Refer to Microsoft Security Bulletin MS08-052 (http://www.microsoft.com/technet/security/bulletin/MS08-052.mspx) for more information on this issue.

Microsoft has rated this vulnerability as Critical.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1002758: Microsoft Windows GDI+ VML Buffer Overrun Vulnerability Virtual Patch #1003083: Microsoft GDI+ GIF Parsing Vulnerability Virtual Patch #1002762: Microsoft Windows GDI+ WMF Buffer Overrun Vulnerability Virtual Patch #1002757: Microsoft Windows GDI+ BMP Integer Overflow Vulnerability

EXPLOITABILITY: Core Security Reference: CVE-2008-3014 Description: Microsoft Windows GDI Plus WMF Buffer Overflow Exploit (MS08-052) - Core Security Category : Exploits/Client Side

The Exploit-DB Reference: CVE-2007-5348 Description: MS Internet Explorer GDI+ Proof of Concept (MS08-052) - The Exploit-DB Ref : 6619 Link: http://www.exploit-db.com/exploits/6619

10.10.10.220 Confirmed 4/5/Patchable page 7 Reference: CVE-2008-3013 Description: MS Windows GDI+ Proof of Concept (MS08-052) #2 - The Exploit-DB Ref : 6716 Link: http://www.exploit-db.com/exploits/6716

RESULTS: Power Point Viewer 2003 C:\Program Files\Microsoft Office\OFFICE11\\gdiplus.dll version is 6.0.3264.0 . HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB958869\Filelist is missing %windir%\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8D353F13\GdiPlus.dll Version is 5.1.3097.0 %windir%\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.100.0_x-ww_0D1F9F94\GdiPlus.dll Version is 5.2.3790.0 %windir%\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.3790.136_x-ww_23C91158\GdiPlus.dll Version is 5.2.3790.136 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB938464 is missing HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB938464-v2 is missing %windir%\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8D353F13\GdiPlus.dll Version is 5.1.3097.0 %windir%\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.100.0_x-ww_0D1F9F94\GdiPlus.dll Version is 5.2.3790.0 %windir%\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.3790.136_x-ww_23C91158\GdiPlus.dll Version is 5.2.3790.136

5 Microsoft XML Core Services Remote Code Execution Vulnerability (MS08-069) CVSS: - Active QID: 90466 CVSS Base: 9.3 Category: Windows CVSS Temporal: 7.3 CVE ID: CVE-2007-0099, CVE-2008-4029, CVE-2008-4033 Vendor Reference: MS08-069 Bugtraq ID: 21872 Service Modified: 11/11/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (Microsoft XML Core Services 3.0):http://www.microsoft.com/downloads/details.aspx?FamilyId=559cd4b6-24b7-4e60-8749-37d9b833d3eb (http://www.microsoft.com/downloads/details.aspx?FamilyId=559cd4b6-24b7-4e60-8749-37d9b833d3eb) Microsoft Windows 2000 Service Pack 4 (Microsoft XML Core Services 4.0):http://www.microsoft.com/downloads/details.aspx?FamilyId=96a4413c-5261-4f69-83d0-932c430abd14 (http://www.microsoft.com/downloads/details.aspx?FamilyId=96a4413c-5261-4f69-83d0-932c430abd14) Microsoft Windows 2000 Service Pack 4 (Microsoft XML Core Services 6.0):http://www.microsoft.com/downloads/details.aspx?FamilyId=59914795-60c7-4ebe-828d-f28cb457e6e3 (http://www.microsoft.com/downloads/details.aspx?FamilyId=59914795-60c7-4ebe-828d-f28cb457e6e3) Windows XP Service Pack 2 (Microsoft XML Core Services 3.0):http://www.microsoft.com/downloads/details.aspx?FamilyId=6ed1a087-97e2-4283-9b53-b7b046654d08 (http://www.microsoft.com/downloads/details.aspx?FamilyId=6ed1a087-97e2-4283-9b53-b7b046654d08) Windows XP Service Pack 3 (Microsoft XML Core Services 3.0):http://www.microsoft.com/downloads/details.aspx?FamilyId=6ed1a087-97e2-4283-9b53-b7b046654d08 (http://www.microsoft.com/downloads/details.aspx?FamilyId=6ed1a087-97e2-4283-9b53-b7b046654d08) Windows XP Service Pack 2 and Windows XP Service Pack 3 (Microsoft XML Core Services 4.0):http://www.microsoft.com/downloads/details.aspx?FamilyId=96a4413c-5261-4f69-83d0-932c430abd14 (http://www.microsoft.com/downloads/details.aspx?FamilyId=96a4413c-5261-4f69-83d0-932c430abd14) Windows XP Service Pack 2 (Microsoft XML Core Services 6.0):http://www.microsoft.com/downloads/details.aspx?FamilyId=59914795-60c7-4ebe-828d-f28cb457e6e3 (http://www.microsoft.com/downloads/details.aspx?FamilyId=59914795-60c7-4ebe-828d-f28cb457e6e3) Windows XP Service Pack 3 (Microsoft XML Core Services 6.0):http://www.microsoft.com/downloads/details.aspx?FamilyId=7493fa37-2cbf-4d66-8690-d50d63da4096 (http://www.microsoft.com/downloads/details.aspx?FamilyId=7493fa37-2cbf-4d66-8690-d50d63da4096) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Microsoft XML Core Services 3.0):http://www.microsoft.com/downloads/details.aspx?FamilyId=1b79f220-ebfc-49c1-963b-58bbda21b6e7

10.10.10.220 Confirmed 4/5/Patchable page 8 (http://www.microsoft.com/downloads/details.aspx?FamilyId=1b79f220-ebfc-49c1-963b-58bbda21b6e7) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Microsoft XML Core Services 4.0):http://www.microsoft.com/downloads/details.aspx?FamilyId=96a4413c-5261-4f69-83d0-932c430abd14 (http://www.microsoft.com/downloads/details.aspx?FamilyId=96a4413c-5261-4f69-83d0-932c430abd14) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Microsoft XML Core Services 6.0):http://www.microsoft.com/downloads/details.aspx?FamilyId=59914795-60c7-4ebe-828d-f28cb457e6e3 (http://www.microsoft.com/downloads/details.aspx?FamilyId=59914795-60c7-4ebe-828d-f28cb457e6e3) For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS08-069 (http://www.microsoft.com/technet/security/bulletin/MS08-069.mspx).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003011: MSXML DTD Cross-Domain Scripting Vulnerability Virtual Patch #1003013: Microsoft Windows MSXML DTD Cross-Domain Scripting Vulnerability Virtual Patch #1003012: MSXML Header Request Vulnerability

EXPLOITABILITY: The Exploit-DB Reference: CVE-2008-4029 Description: Microsoft XML Core Services DTD Cross-Domain Scripting PoC MS08-069 - The Exploit-DB Ref : 7196 Link: http://www.exploit-db.com/exploits/7196

Reference: CVE-2008-4033 Description: Microsoft XML Core Services DTD Cross-Domain Scripting PoC MS08-069 - The Exploit-DB Ref : 7196 Link: http://www.exploit-db.com/exploits/7196

RESULTS: %windir%\System32\msxml4.dll version is 4.20.9841.0 . %windir%\System32\msxml3.dll version is 8.50.2162.0 .

5 Windows Kernel Vulnerability Could Allow Remote Code Execution (MS09-006) CVSS: - Active QID: 90484 CVSS Base: 9.3 Category: Windows CVSS Temporal: 7.3 CVE ID: CVE-2009-0081, CVE-2009-0082, CVE-2009-0083 Vendor Reference: MS09-006 Bugtraq ID: - Service Modified: 07/30/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Workaround: CVE-2009-0081: Systems that have the update for Microsoft Security Bulletin MS07-017 applied, or systems running Windows Vista or Windows Server 2008 can disable metafile processing by modifying the registry.

Impact of the workaround: Disabling metafile processing can cause the appearance of the output from software or system components to decrease in quality or cause software or system components to fail completely.

Patch: Following are links for downloading patches to fix the vulnerabilities:

10.10.10.220 Confirmed 4/5/Patchable page 9 Microsoft Windows 2000 Service Pack 4: http://www.microsoft.com/downloads/details.aspx?familyid=98bb7d40-89a0-470a-8eb7-06f15072a635 (http://www.microsoft.com/downloads/details.aspx?familyid=98bb7d40-89a0-470a-8eb7-06f15072a635)

Windows XP Service Pack 2 and Windows XP Service Pack 3: http://www.microsoft.com/downloads/details.aspx?familyid=e09641ba-6cbe-4095-82b5-703d3a7dc33b (http://www.microsoft.com/downloads/details.aspx?familyid=e09641ba-6cbe-4095-82b5-703d3a7dc33b)

Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=d0d704c6-48c2-4907-b6c3-2455d7cf21c8 (http://www.microsoft.com/downloads/details.aspx?familyid=d0d704c6-48c2-4907-b6c3-2455d7cf21c8)

Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=f5cfb8da-e7cc-4183-8631-507c2a406500 (http://www.microsoft.com/downloads/details.aspx?familyid=f5cfb8da-e7cc-4183-8631-507c2a406500)

Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=ecf75c70-8489-41ad-9759-3a07e13957be (http://www.microsoft.com/downloads/details.aspx?familyid=ecf75c70-8489-41ad-9759-3a07e13957be)

Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=04be3d7e-7dda-4dca-887a-e7a8156ede1c (http://www.microsoft.com/downloads/details.aspx?familyid=04be3d7e-7dda-4dca-887a-e7a8156ede1c)

Windows Vista and Windows Vista Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=4b1aaaba-f355-4265-83c0-50b901856ced (http://www.microsoft.com/downloads/details.aspx?familyid=4b1aaaba-f355-4265-83c0-50b901856ced)

Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=0fcac480-d6db-4a94-8c7d-b7319282cf56 (http://www.microsoft.com/downloads/details.aspx?familyid=0fcac480-d6db-4a94-8c7d-b7319282cf56)

Windows Server 2008 for 32-bit Systems: http://www.microsoft.com/downloads/details.aspx?familyid=38851df2-4fb5-4d28-9d15-181c260cf8cf (http://www.microsoft.com/downloads/details.aspx?familyid=38851df2-4fb5-4d28-9d15-181c260cf8cf)

Windows Server 2008 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=ec15acc4-3e0f-4414-9383-61c122ff1382 (http://www.microsoft.com/downloads/details.aspx?familyid=ec15acc4-3e0f-4414-9383-61c122ff1382)

Windows Server 2008 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=eead6f93-10fd-4492-8137-481d9876a5fe (http://www.microsoft.com/downloads/details.aspx?familyid=eead6f93-10fd-4492-8137-481d9876a5fe)

Refer to Microsoft Security Bulletin MS09-006 (http://www.microsoft.com/technet/security/bulletin/MS09-006.mspx) for further details.

EXPLOITABILITY: Core Security Reference: CVE-2009-0081 Description: Microsoft Windows NtGdiFastPolyPolyline memory corruption DoS (MS09-006) - Core Security Category : Denial of Service/Client Side RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB2567053 is missing %windir%\System32\Win32k.sys Version is 5.2.3790.651 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB2555917 is missing %windir%\System32\Win32k.sys Version is 5.2.3790.651 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB2506223 is missing %windir%\System32\Win32k.sys Version is 5.2.3790.651 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB2479628\Filelist is missing %windir%\System32\Win32k.sys Version is 5.2.3790.651 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB979559\Filelist is missing %windir%\System32\Win32k.sys Version is 5.2.3790.651 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB968537 is missing %windir%\System32\Win32k.sys Version is 5.2.3790.651

10.10.10.220 Confirmed 4/5/Patchable page 10 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB958690 is missing %windir%\System32\Win32k.sys Version is 5.2.3790.651

5 Microsoft Internet Explorer Cumulative Security Update (MS09-014) CVSS: - Active QID: 100071 CVSS Base: 9.3 Category: Internet Explorer CVSS Temporal: 7.3 CVE ID: CVE-2008-2540, CVE-2009-0550, CVE-2009-0551, CVE-2009-0552, CVE-2009-0553, CVE-2009-0554 Vendor Reference: MS09-014 Bugtraq ID: - Service Modified: 05/05/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Workaround: CVE-2009-0551, CVE-2009-0552, CVE-2009-0553, CVE-2009-0554: - Set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting - Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone

Detailed steps on applying the workarounds can be found in Microsoft Security Bulletin MS09-014 (http://www.microsoft.com/technet/security/bulletin/MS09-014.mspx).

Impact of the Workaround: On visiting Web sites on the Internet or Intranet that use ActiveX or Active Scripting to provide additional functionality, you will be prompted frequently when you enable this workaround.

Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 5.01 Service Pack 4) (http://www.microsoft.com/downloads/details.aspx?familyid=7799fd05-5b26-449f-8a14-50227c9164d1)

Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 6 Service Pack 1) (http://www.microsoft.com/downloads/details.aspx?familyid=87f0c380-5c31-4099-a6a9-c12f9d69b03b)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (Microsoft Internet Explorer 6) (http://www.microsoft.com/downloads/details.aspx?familyid=052c29fc-e8df-402c-9ab1-1079bc738e1b)

Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Microsoft Internet Explorer 6) (http://www.microsoft.com/downloads/details.aspx?familyid=84c62211-2e82-4ccc-9f9b-26462b026d86)

Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Microsoft Internet Explorer 6) (http://www.microsoft.com/downloads/details.aspx?familyid=f73a3669-c17f-4b18-8456-96cb7d52ed86)

Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (Microsoft Internet Explorer 6) (http://www.microsoft.com/downloads/details.aspx?familyid=03a9d581-2bd5-4151-9826-17b96e16f606)

Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft Internet Explorer 6) (http://www.microsoft.com/downloads/details.aspx?familyid=53d13c07-80b0-4f05-b372-a2dac17e6157)

10.10.10.220 Confirmed 4/5/Patchable page 11 Windows XP Service Pack 2 and Windows XP Service Pack 3 (Windows Internet Explorer 7) (http://www.microsoft.com/downloads/details.aspx?familyid=55d6729a-9f96-4da4-b564-676c0a0c9390)

Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Windows Internet Explorer 7) (http://www.microsoft.com/downloads/details.aspx?familyid=191c2f20-89ae-4e1c-bdd4-24b4abfe6b6c)

Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Windows Internet Explorer 7) (http://www.microsoft.com/downloads/details.aspx?familyid=6a45dbd0-0520-4d9b-b76e-3f5109dd310d)

Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (Windows Internet Explorer 7) (http://www.microsoft.com/downloads/details.aspx?familyid=60ccc1d6-ea31-420c-b630-d7878a8dc527)

Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems (Windows Internet Explorer 7) (http://www.microsoft.com/downloads/details.aspx?familyid=0abaa2fb-7c4f-4149-993d-1575888bfc84)

For a complete list of patch download links, please refer to Microsoft Security Bulletin MS09-014 (http://www.microsoft.com/technet/security/bulletin/MS09-014.mspx).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003445: Microsoft Internet Explorer And HTTP Services Authentication Reflection Code Execution Helper Filter Virtual Patch #1003446: Microsoft Internet Explorer And HTTP Services Authentication Reflection Code Execution Virtual Patch #1003430: Page Transition Memory Corruption Vulnerability Virtual Patch #1003427: Internet Explorer Uninitialized Memory Corruption Vulnerability Virtual Patch #1003428: Microsoft Internet Explorer Uninitialized Memory Corruption Code Execution Vulnerability Virtual Patch #1003429: Uninitialized Memory Corruption Remote Code Execution Vulnerability Virtual Patch #1002540: Blended Threat From Combined Attack Using Apple's Safari On The Windows Platform

EXPLOITABILITY: Core Security Reference: CVE-2009-0550 Description: Microsoft Windows HTTP Services Credential Reflection Exploit (MS09-013) - Core Security Category : Exploits/Client Side

The Exploit-DB Reference: CVE-2009-0553 Description: MS Internet Explorer EMBED Memory Corruption PoC (MS09-014) - The Exploit-DB Ref : 8479 Link: http://www.exploit-db.com/exploits/8479

RESULTS: HKLM\Software\Microsoft\Internet Explorer Version = 6.0.3790.0 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB972260 is missing HKLM\Software\Microsoft\Internet Explorer Version = 6.0.3790.0 %windir%\System32\mshtml.dll Version is 6.0.3790.630 HKLM\Software\Microsoft\Internet Explorer Version = 6.0.3790.0 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB969897 is missing HKLM\Software\Microsoft\Internet Explorer Version = 6.0.3790.0 %windir%\System32\mshtml.dll Version is 6.0.3790.630 HKLM\Software\Microsoft\Internet Explorer Version = 6.0.3790.0 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB963027 is missing %windir%\System32\mshtml.dll Version is 6.0.3790.630

5 Vulnerabilities in Windows Could Allow Elevation of Privilege (MS09-012) CVSS: - Active QID: 90490 CVSS Base: 9 Category: Windows CVSS Temporal: 7 CVE ID: CVE-2008-1436, CVE-2009-0078, CVE-2009-0079, CVE-2009-0080 Vendor Reference: MS09-012 Bugtraq ID: - Service Modified: 07/30/2009 User Modified: - Edited: No PCI Vuln: Yes

10.10.10.220 Confirmed 4/5/Patchable page 12 First Detected: 07/27/2011 at 19:27:53 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 25 CVSS Environment: Asset Group: - Collateral Damage Potential: - Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: Workarounds:

1) IIS 6.0: Configure a Worker Process Identity (WPI) for an application pool in IIS to use a created account in IIS Manager and disable MSDTC.

2) IIS 7.0: Specify a WPI for an application pool in IIS Manager.

3) IIS 7.0: Specify a WPI for an application pool using the Command Line utility APPCMD.exe.

Detailed information on applying the workarounds is available at Microsoft Security Bulletin MS09-012 (http://www.microsoft.com/technet/security/bulletin/MS09-012.mspx).

Impact of the workarounds: Management of additional user accounts results in increased administrative overhead. Application functionality may be affected depending on the nature of applications running. Disabling MSDTC will prevent applications from using distributed transactions and will prevent configuration as well as running of COM+ applications.

Patch: Following are links for downloading patches to fix the vulnerabilities:

MSDTC Transaction Facility: Microsoft Windows 2000 Service Pack 4 (http://www.microsoft.com/downloads/details.aspx?FamilyID=52B756E7-636F-4D9E-8A17-DBF467BFBE4D)

MSDTC Transaction Facility: Windows XP Service Pack 2 and Windows XP Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?FamilyID=90FE715E-8190-43E9-9C43-DF5BE564D923)

Windows Service Isolation: Windows XP Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=73d2324f-be59-4b0c-b1ac-9876a13c2c03)

Windows Service Isolation: Windows XP Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?familyid=73d2324f-be59-4b0c-b1ac-9876a13c2c03)

MSDTC Transaction Facility: Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?FamilyID=A794C32A-9A0C-47D9-9C57-FF5D4A8E4944)

Windows Service Isolation: Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=b2f12ae5-0e46-47e1-ac5b-93550d030189)

MSDTC Transaction Facility: Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?FamilyID=25ADEC10-DB8C-4CAC-BF74-2C784678150A)

Windows Service Isolation: Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=42aba890-8b76-4c5a-8fb6-609797d19831)

MSDTC Transaction Facility: Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?FamilyID=B014C399-F404-4CB2-8F9D-864DF382EFEB)

Windows Service Isolation: Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=a0609f65-82d9-4d82-9f48-f3266e8de123)

MSDTC Transaction Facility: Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based

10.10.10.220 Confirmed 4/5/Patchable page 13 Systems (http://www.microsoft.com/downloads/details.aspx?FamilyID=6ADA372B-BA17-433E-B022-D2C57B35AF8A)

Windows Service Isolation: Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=fda8837c-e5d2-4489-9b44-4c24a1102e77)

For a complete list of patch download links, please refer to Microsoft Security Bulletin MS09-012 (http://www.microsoft.com/technet/security/bulletin/MS09-012.mspx).

EXPLOITABILITY: Core Security Reference: CVE-2008-1436 Description: Microsoft Windows Token Kidnapping Local Privilege Escalation Exploit (MS09-012) - Core Security Category : Exploits/Local

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB952004 is missing HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB956572 is missing %windir%\system32\Msdtclog.dll Version is 2001.12.4720.480

5 WordPad and Office Text Converters Remote Code Execution Vulnerability (MS09-010) CVSS: - Active

QID: 90474 CVSS Base: 9.3 Category: Windows CVSS Temporal: 7.3 CVE ID: CVE-2008-4841, CVE-2009-0087, CVE-2009-0088, CVE-2009-0235 Vendor Reference: MS09-010 Bugtraq ID: - Service Modified: 05/05/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: For Office Users:- In order to resolve this issue, install following office patches:- "office2000-KB921606-FullFile-ENU.exe, office2003-KB960476-FullFile-ENU.exe, officexp-KB933399-FullFile-ENU.exe" along with windows patches "Windows2000-KB923561-x86-ENU.EXE, WindowsServer2003-KB923561-ia64-ENU.exe, WindowsServer2003-KB923561-x86-ENU.exe, WindowsServer2003.WindowsXP-KB923561-x64-ENU.exe, WindowsXP-KB923561-x86-ENU.exe" For Non-Office Users:- In order to resolve this issue, install following Windows patches:- "Windows2000-KB923561-x86-ENU.EXE, WindowsServer2003-KB923561-ia64-ENU.exe, WindowsServer2003-KB923561-x86-ENU.exe, WindowsServer2003.WindowsXP-KB923561-x64-ENU.exe, WindowsXP-KB923561-x86-ENU.exe"

Workaround: 1) Avoid opening or saving Microsoft Office files received from untrusted sources

2) Disable the Word 6 converter by restricting access by applying an access control list to affected converters to ensure that the converter is no longer loaded by WordPad and Office.

Impact of the workaround: Conversion of Word 6 documents to WordPad RTF or Word 2003 documents will no longer work.

3) Disable the Office text converter by restricting access by applying an access list to the affected converter to ensure it is no longer loaded by Microsoft Office Word.

Impact of the workaround: Microsoft Office Word will no longer load WordPerfect documents.

10.10.10.220 Confirmed 4/5/Patchable page 14 Detailed information on applying access lists to disable Word 6 and Office text converter can be found in Microsoft Security Bulletin MS09-010 (http://www.microsoft.com/technet/security/bulletin/MS09-010.mspx).

Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (http://www.microsoft.com/downloads/details.aspx?familyid=552d322a-5282-42c7-9c1e-1d8c494a7318)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?familyid=50a8519a-503e-43dd-a78a-c1bc764fd213)

Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=323f4211-5add-4e02-bce1-e5a1b489982c)

Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=2233a4d2-7c8a-4c89-b020-100d9afb43c8)

Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=323f4211-5add-4e02-bce1-e5a1b489982c)

Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=e840b9cb-f1f4-482a-aa07-eb6b42b477c4)

Microsoft Office 2000 Service Pack 3 (Microsoft Office Word 2000 Service Pack 3) (http://www.microsoft.com/downloads/details.aspx?familyid=95876927-e612-414c-bdec-3632a3100415)

Microsoft Office XP Service Pack 3 (Microsoft Office Word 2002 Service Pack 3) (http://www.microsoft.com/downloads/details.aspx?familyid=e1db55c6-78fb-498d-89a5-9ad54d971546)

Microsoft Office Converter Pack (http://www.microsoft.com/downloads/details.aspx?familyid=d763fae3-b2af-47f9-a554-ec786766b3c3)

Refer to Microsoft Security Bulletin MS09-010 (http://www.microsoft.com/technet/security/bulletin/MS09-010.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003426: WordPad And Office Text Converter Memory Corruption Vulnerability Virtual Patch #1003451: Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability Virtual Patch #1002888: Microsoft WordPad '.doc' File Remote Denial Of Service Vulnerability

EXPLOITABILITY: Core Security Reference: CVE-2009-0235 Description: Microsoft WordPad Word97 Converter Stack Overflow Exploit (MS09-010) - Core Security Category : Exploits/Client Side

The Exploit-DB Reference: CVE-2008-4841 Description: MS Windows Wordpad .doc File Local Denial of Service PoC - The Exploit-DB Ref : 6560 Link: http://www.exploit-db.com/exploits/6560

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB923561 is missing %ProgramFiles%\Windows NT\Accessories\wordpad.exe Version is 5.2.3790.224 C:\Program Files\Common Files\Microsoft Shared\TextConv\Mswrd832.cnv Version is 2003.1100.6252.0 C:\Program Files\Common Files\Microsoft Shared\TextConv\Msconv97.dll Version is 2003.1100.6252.0 C:\PROGRA~1\COMMON~1\MICROS~1\GRPHFLT\GIFIMP32.FLT version is 2003.1100.5510.0 .

5 Windows HTTP Services Could Allow Remote Code Execution (MS09-013) CVSS: - Active

10.10.10.220 Confirmed 4/5/Patchable page 15 QID: 90493 CVSS Base: 10 Category: Windows CVSS Temporal: 7.8 CVE ID: CVE-2009-0086, CVE-2009-0089, CVE-2009-0550 Vendor Reference: MS09-013 Bugtraq ID: - Service Modified: 05/05/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (http://www.microsoft.com/downloads/details.aspx?familyid=39d5468e-5733-4c3e-9e75-3adac8ac8cb9)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?familyid=35af4151-1858-4c9a-85e4-9ff45feca1a4)

Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=49b16f0f-f6c3-4ca8-8041-392f4f7b5bbb)

Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=42509f5a-d0f9-444a-9445-5eabdb555011)

Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=7373ea32-bc2e-49f1-8b9f-4eeda5acc74c)

Windows Vista and Windows Vista Service Pack 1 (http://www.microsoft.com/downloads/details.aspx?familyid=f071d770-3b6b-4040-9911-d4de8cde4c68)

Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1 (http://www.microsoft.com/downloads/details.aspx?familyid=7ceef2d0-f316-48d1-aecc-d74f91cc5e1f)

Windows Server 2008 for 32-bit Systems (http://www.microsoft.com/downloads/details.aspx?familyid=4c36548f-c8c9-4318-91e2-9e0501339548)

Windows Server 2008 for x64-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=1c3f0997-a8a9-4340-ae0c-2c4d6792c65c)

Windows Server 2008 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=0885b3b0-b78e-4980-902d-dff3886bcaac)

Refer to Microsoft Security Bulletin MS09-013 (http://www.microsoft.com/technet/security/bulletin/MS09-013.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003445: Microsoft Internet Explorer And HTTP Services Authentication Reflection Code Execution Helper Filter Virtual Patch #1003446: Microsoft Internet Explorer And HTTP Services Authentication Reflection Code Execution 10.10.10.220 Confirmed 4/5/Patchable page 16 EXPLOITABILITY: Core Security Reference: CVE-2009-0086 Description: Microsoft Windows HTTP Services UPnP Integer Underflow DoS (MS09-013) - Core Security Category : Denial of Service/Remote Reference: CVE-2009-0550 Description: Microsoft Windows HTTP Services Credential Reflection Exploit (MS09-013) - Core Security Category : Exploits/Client Side

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB960803\Filelist is missing %windir%\WinSxS\x86_Microsoft.Windows.WinHTTP_6595b64144ccf1df_5.1.0.0_x-ww_E0651936\winhttp.dll Version is 5.2.3790.0 %windir%\WinSxS\x86_Microsoft.Windows.WinHTTP_6595b64144ccf1df_5.1.3790.218_x-ww_C0A1EEB6\winhttp.dll Version is 5.2.3790.218

5 Microsoft Internet Explorer Cumulative Security Update (MS09-034) CVSS: - Active QID: 90513 CVSS Base: 10 Category: Windows CVSS Temporal: 7.4 CVE ID: CVE-2009-1917, CVE-2009-1918, CVE-2009-1919 Vendor Reference: MS09-034 Bugtraq ID: - Service Modified: 09/04/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 5.01 Service Pack 4) (http://www.microsoft.com/downloads/details.aspx?FamilyID=50ffc8f4-7ab7-4e64-9965-5767db5f53cd)

Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 6 Service Pack 1) (http://www.microsoft.com/downloads/details.aspx?FamilyID=93bd1baa-e2fb-4e8c-9dd7-738efef32282)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (Microsoft Internet Explorer 6) (http://www.microsoft.com/downloads/details.aspx?FamilyID=22bed634-5227-4a22-8df5-801f3e2e232a)

Windows XP Professional x64 Edition Service Pack 2 (Microsoft Internet Explorer 6) (http://www.microsoft.com/downloads/details.aspx?familyid=35ab0c5e-df3d-4873-8139-d1d98b3ac350)

Windows Server 2003 Service Pack 2 (Microsoft Internet Explorer 6) (http://www.microsoft.com/downloads/details.aspx?familyid=44852619-58ad-48f2-bc55-e8e1c72b1ba9)

Windows Server 2003 x64 Edition Service Pack 2 (Microsoft Internet Explorer 6) (http://www.microsoft.com/downloads/details.aspx?familyid=bd7f36c6-c5c5-4f19-ab59-39f1aaba7fe2)

Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft Internet Explorer 6) (http://www.microsoft.com/downloads/details.aspx?familyid=cdb70acf-77c3-40a4-b6a3-0fbc0fc0d7fc)

10.10.10.220 Confirmed 4/5/Patchable page 17 Windows XP Service Pack 2 and Windows XP Service Pack 3 (Windows Internet Explorer 7) (http://www.microsoft.com/downloads/details.aspx?FamilyID=c874c8f8-0449-42b1-8d8b-901040069568)

Windows XP Professional x64 Edition Service Pack 2 (Windows Internet Explorer 7) (http://www.microsoft.com/downloads/details.aspx?familyid=113cc76a-c434-42ff-b594-4834989ad5ba)

Windows Server 2003 Service Pack 2 (Windows Internet Explorer 7) (http://www.microsoft.com/downloads/details.aspx?familyid=f4112c25-9e6f-473a-bdbc-3df6dd66e6af)

Windows Server 2003 x64 Edition Service Pack 2 (Windows Internet Explorer 7) (http://www.microsoft.com/downloads/details.aspx?familyid=a594ee0d-ec8f-47df-9125-89d0bbf2115d)

Windows Server 2003 with SP2 for Itanium-based Systems (Windows Internet Explorer 7) (http://www.microsoft.com/downloads/details.aspx?FamilyID=adb6bad2-9931-4ede-856e-bb43bb0f6071)

Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2 (Windows Internet Explorer 7) (http://www.microsoft.com/downloads/details.aspx?familyid=d3be9a13-1a5b-4b74-9649-449df923f573)

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Internet Explorer 7) (http://www.microsoft.com/downloads/details.aspx?familyid=1958ec40-3b7b-43a9-9fdc-742735dcf516)

For a complete list of patch download links, please refer to Microsoft Security Bulletin MS09-034 (http://www.microsoft.com/technet/security/bulletin/MS09-034.mspx).

Workarounds: - Set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting - Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone

Impact of the workarounds: On visiting Web sites on the Internet or Intranet that use ActiveX or Active Scripting to provide additional functionality, you will be prompted frequently when you enable this workaround.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003643: Microsoft Internet Explorer Memory Corruption Vulnerability Virtual Patch #1003645: Microsoft Internet Explorer HTML Objects Memory Corruption Remote Code Vulnerability Virtual Patch #1003644: Internet Explorer Uninitialized Memory Corruption Remote Code Execution

EXPLOITABILITY: There is no exploitability information for this vulnerability.

5 Microsoft Video ActiveX Control Remote Code Execution Vulnerability (MS09-032 and KB972890) CVSS: - Active QID: 90510 CVSS Base: 9.3 Category: Windows CVSS Temporal: 8.4 CVE ID: CVE-2008-0015, CVE-2008-0020 Vendor Reference: MS09-032, KB972890 Bugtraq ID: 35558 Service Modified: 01/28/2010 User Modified: - Edited: No PCI Vuln: Yes

First Detected: 07/27/2011 at 19:27:53 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 25

10.10.10.220 Confirmed 4/5/Patchable page 18 CVSS Environment: Asset Group: - Collateral Damage Potential: - Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: Workaround: 1) Prevent Microsoft Video ActiveX Control from running in Internet Explorer

Microsoft is providing a capability to implement this workaround automatically. Refer to Microsoft Knowledge Base Article 972890 (http://support.microsoft.com/kb/972890) for information on use of the tool to disable the Microsoft Video ActiveX Control automatically on a computer that is running Windows XP or Windows Server 2003.

Disabling of Microsoft Video ActiveX Control can also be done manually by modifying the registry. Setting the kill-bit associated with Class Identifiers (CLSID) related to Microsoft Video ActiveX Control will prevent the ActiveX control from being loaded within Internet Explorer. Refer to Microsoft article KB240797 (http://support.microsoft.com/kb/240797) for information on setting the kill bits.

Detailed information on applying the workaround manually is available at Microsoft Security Advisory (972890) (http://www.microsoft.com/technet/security/advisory/972890.mspx) under "Workarounds" in the "Suggested Actions" section.

Impact of the workaround: There is no impact as long as the object is not intended to be used in Internet Explorer.

Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (http://www.microsoft.com/downloads/details.aspx?FamilyID=89d941f0-3f71-46e3-8096-716561396b72)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?FamilyID=24701af8-b87e-4e85-9463-f50755a1b6ad)

Windows XP Professional x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?FamilyID=2cbf3699-7f79-4006-99e9-0a4c0d394c48)

Windows Server 2003 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?FamilyID=b0a458d6-c34c-41c7-964a-c130cfcb0d01)

Windows Server 2003 x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?FamilyID=8b7a7bb0-80ef-4f25-bc70-3d0ac06007c5)

Windows Server 2003 with SP2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?FamilyID=7be36edf-02af-402f-983a-f9ca8128b6b5)

Windows Vista, Windows Vista Service Pack1, and Windows Vista Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?FamilyID=6c90240e-c201-4dad-9835-ea71e3527b45)

Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?FamilyID=d2084e8d-212b-4c39-9163-a71ec6d1b1c7)

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2* (http://www.microsoft.com/downloads/details.aspx?FamilyID=0194f994-5821-4fb9-b9e1-ed6af248c995)

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2* (http://www.microsoft.com/downloads/details.aspx?FamilyID=4127b125-fdaa-489a-a80c-14b5647ac7e0)

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?FamilyID=4082c776-318c-4e0c-83fc-2f3f472c039a)

10.10.10.220 Confirmed 4/5/Patchable page 19 Refer to Microsoft Security Bulletin MS09-032 (http://www.microsoft.com/technet/security/bulletin/MS09-032.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003605: Microsoft Windows 'MPEG2TuneRequest' Object Remote Code Execution Vulnerability Virtual Patch #1003606: Microsoft Windows 'MPEG2TuneRequest' Object Remote Code Execution Virtual Patch #1003609: COM Object Instantiation Memory Corruption - July 2009

EXPLOITABILITY: Core Security Reference: CVE-2008-0015 Description: Microsoft Windows MPEG2TuneRequest ActiveX Exploit - Core Security Category : Exploits/Client Side

Immunity Reference: CVE-2008-0015 Description: Microsoft DirectShow (msvidctl.dll) Vulnerability - Immunity Ref : ms09_032 Link: http://qualys.immunityinc.com/home/exploitpack/CANVAS/ms09_032/qualys_user

Metasploit Reference: CVE-2008-0015 Description: Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption - Metasploit Ref : /modules/exploit/windows/browser/msvidctl_mpeg2 Link: http://www.metasploit.com/modules/exploit/windows/browser/msvidctl_mpeg2

The Exploit-DB Reference: CVE-2008-0015 Description: MS Internet Explorer 7 Video ActiveX Remote Buffer Overflow Exploit - The Exploit-DB Ref : 9108 Link: http://www.exploit-db.com/exploits/9108

Reference: CVE-2008-0015 Description: Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption - The Exploit-DB Ref : 16615 Link: http://www.exploit-db.com/exploits/16615

ExploitKits Reference: CVE-2008-0015 Description: MS09-032 DirectX DirectShow (IE)

Link: http://contagiodump.blogspot.com/2010/06/overview-of-exploit-packs-update.html

RESULTS: HKCR\CLSID\{011B3619-FE63-4814-8A84-15A194CE9CE3} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3} Compatibility Flags is missing. HKCR\CLSID\{0149EEDF-D08F-4142-8D73-D23903D21E90} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0149EEDF-D08F-4142-8D73-D23903D21E90} Compatibility Flags is missing. HKCR\CLSID\{0369B4E5-45B6-11D3-B650-00C04F79498E} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E5-45B6-11D3-B650-00C04F79498E} Compatibility Flags is missing. HKCR\CLSID\{0369B4E6-45B6-11D3-B650-00C04F79498E} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E6-45B6-11D3-B650-00C04F79498E} Compatibility Flags is missing. HKCR\CLSID\{055CB2D7-2969-45CD-914B-76890722F112} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{055CB2D7-2969-45CD-914B-76890722F112} Compatibility Flags is missing. HKCR\CLSID\{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF} Compatibility Flags is missing. HKCR\CLSID\{15D6504A-5494-499C-886C-973C9E53B9F1} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15D6504A-5494-499C-886C-973C9E53B9F1} Compatibility Flags is missing. HKCR\CLSID\{1BE49F30-0E1B-11D3-9D8E-00C04F72D980} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1BE49F30-0E1B-11D3-9D8E-00C04F72D980} Compatibility Flags is missing. HKCR\CLSID\{1C15D484-911D-11D2-B632-00C04F79498E} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C15D484-911D-11D2-B632-00C04F79498E} Compatibility Flags is missing. HKCR\CLSID\{1DF7D126-4050-47F0-A7CF-4C4CA9241333} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1DF7D126-4050-47F0-A7CF-4C4CA9241333} Compatibility Flags is missing. HKCR\CLSID\{2C63E4EB-4CEA-41B8-919C-E947EA19A77C} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2C63E4EB-4CEA-41B8-919C-E947EA19A77C} Compatibility Flags is missing. HKCR\CLSID\{334125C0-77E5-11D3-B653-00C04F79498E} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{334125C0-77E5-11D3-B653-00C04F79498E} Compatibility Flags is missing.

10.10.10.220 Confirmed 4/5/Patchable page 20 HKCR\CLSID\{37B0353C-A4C8-11D2-B634-00C04F79498E} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B0353C-A4C8-11D2-B634-00C04F79498E} Compatibility Flags is missing. HKCR\CLSID\{37B0353C-A4C8-11D2-B634-00C04F79498E} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B0353C-A4C8-11D2-B634-00C04F79498E} Compatibility Flags is missing. HKCR\CLSID\{37B03544-A4C8-11D2-B634-00C04F79498E} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03544-A4C8-11D2-B634-00C04F79498E} Compatibility Flags is missing. HKCR\CLSID\{418008F3-CF67-4668-9628-10DC52BE1D08} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{418008F3-CF67-4668-9628-10DC52BE1D08} Compatibility Flags is missing. HKCR\CLSID\{577FAA18-4518-445E-8F70-1473F8CF4BA4} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{577FAA18-4518-445E-8F70-1473F8CF4BA4} Compatibility Flags is missing. HKCR\CLSID\{59DC47A8-116C-11D3-9D8E-00C04F72D980} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{59DC47A8-116C-11D3-9D8E-00C04F72D980} Compatibility Flags is missing. HKCR\CLSID\{7F9CB14D-48E4-43B6-9346-1AEBC39C64D3} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7F9CB14D-48E4-43B6-9346-1AEBC39C64D3} Compatibility Flags is missing. HKCR\CLSID\{823535A0-0318-11D3-9D8E-00C04F72D980} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{823535A0-0318-11D3-9D8E-00C04F72D980} Compatibility Flags is missing. HKCR\CLSID\{8872FF1B-98FA-4D7A-8D93-C9F1055F85BB} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8872FF1B-98FA-4D7A-8D93-C9F1055F85BB} Compatibility Flags is missing. HKCR\CLSID\{8A674B4C-1F63-11D3-B64C-00C04F79498E} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4C-1F63-11D3-B64C-00C04F79498E} Compatibility Flags is missing. HKCR\CLSID\{8A674B4D-1F63-11D3-B64C-00C04F79498E} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4D-1F63-11D3-B64C-00C04F79498E} Compatibility Flags is missing. HKCR\CLSID\{9CD64701-BDF3-4D14-8E03-F12983D86664} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9CD64701-BDF3-4D14-8E03-F12983D86664} Compatibility Flags is missing. HKCR\CLSID\{9E77AAC4-35E5-42A1-BDC2-8F3FF399847C} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9E77AAC4-35E5-42A1-BDC2-8F3FF399847C} Compatibility Flags is missing. HKCR\CLSID\{A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980} Compatibility Flags is missing. HKCR\CLSID\{A2E3074E-6C3D-11D3-B653-00C04F79498E} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E3074E-6C3D-11D3-B653-00C04F79498E} Compatibility Flags is missing. HKCR\CLSID\{A2E30750-6C3D-11D3-B653-00C04F79498E} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E30750-6C3D-11D3-B653-00C04F79498E} Compatibility Flags is missing. HKCR\CLSID\{A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE} Compatibility Flags is missing. HKCR\CLSID\{AD8E510D-217F-409B-8076-29C5E73B98E8} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AD8E510D-217F-409B-8076-29C5E73B98E8} Compatibility Flags is missing. HKCR\CLSID\{B0EDF163-910A-11D2-B632-00C04F79498E} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B0EDF163-910A-11D2-B632-00C04F79498E} Compatibility Flags is missing. HKCR\CLSID\{B64016F3-C9A2-4066-96F0-BD9563314726} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B64016F3-C9A2-4066-96F0-BD9563314726} Compatibility Flags is missing. HKCR\CLSID\{BB530C63-D9DF-4B49-9439-63453962E598} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BB530C63-D9DF-4B49-9439-63453962E598} Compatibility Flags is missing. HKCR\CLSID\{C5702CCC-9B79-11D3-B654-00C04F79498E} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCC-9B79-11D3-B654-00C04F79498E} Compatibility Flags is missing. HKCR\CLSID\{C5702CCD-9B79-11D3-B654-00C04F79498E} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCD-9B79-11D3-B654-00C04F79498E} Compatibility Flags is missing. HKCR\CLSID\{C5702CCE-9B79-11D3-B654-00C04F79498E} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCE-9B79-11D3-B654-00C04F79498E} Compatibility Flags is missing. HKCR\CLSID\{C5702CCF-9B79-11D3-B654-00C04F79498E} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCF-9B79-11D3-B654-00C04F79498E} Compatibility Flags is missing. HKCR\CLSID\{C5702CD0-9B79-11D3-B654-00C04F79498E} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CD0-9B79-11D3-B654-00C04F79498E} Compatibility Flags is missing. HKCR\CLSID\{C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7} Compatibility Flags is missing. HKCR\CLSID\{CAAFDD83-CEFC-4E3D-BA03-175F17A24F91} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAAFDD83-CEFC-4E3D-BA03-175F17A24F91} Compatibility Flags is missing. HKCR\CLSID\{D02AAC50-027E-11D3-9D8E-00C04F72D980} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D02AAC50-027E-11D3-9D8E-00C04F72D980} Compatibility Flags is missing. HKCR\CLSID\{F9769A06-7ACA-4E39-9CFB-97BB35F0E77E} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F9769A06-7ACA-4E39-9CFB-97BB35F0E77E} Compatibility Flags is missing. HKCR\CLSID\{FA7C375B-66A7-4280-879D-FD459C84BB02} exists HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA7C375B-66A7-4280-879D-FD459C84BB02} Compatibility Flags is missing.

5 Microsoft Windows Media File Processing Remote Code Execution Vulnerability (MS09-038) CVSS: - Active QID: 90517 CVSS Base: 9.3 Category: Windows CVSS Temporal: 6.9 CVE ID: CVE-2009-1545, CVE-2009-1546 Vendor Reference: MS09-038 Bugtraq ID: 35970, 35967 Service Modified: 10/08/2009 User Modified: -

10.10.10.220 Confirmed 4/5/Patchable page 21 Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (http://www.microsoft.com/downloads/details.aspx?familyid=5f80bf0b-898c-46ca-b20c-21e0e729c332)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?familyid=2e8a68ee-eb24-424c-b084-450636ccaeec)

Windows XP Professional x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=a1ff2ace-b9dc-4cf3-a151-ac6959bcb3a6)

Windows Server 2003 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=cba78658-899c-428f-8b04-cfe14ce3c255)

Windows Server 2003 x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=58a7c8d9-ec36-46a6-a89b-d8dfd989fda4)

Windows Server 2003 with SP2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=187b02bd-73d6-4f72-81d1-d9477d495499)

Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=81fce7bd-f33c-4586-949d-ac40d415f755)

Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=a6cea61a-4ad9-4e18-bf18-348ae4ae51c4)

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=fdc96a07-ed79-4798-8077-b2e9ca64cd0f)

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=8e3afba4-6761-4b3d-98bb-4b4145e27b7f)

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=aa1bb13a-5905-48c4-8e74-a41104593046)

Refer to Microsoft Security Bulletin MS09-038 (http://www.microsoft.com/technet/security/bulletin/MS09-038.mspx) for further details.

Workarounds: 1) Deny access to Avifil32.dll.

On Windows 2000, Windows XP, and Windows Server 2003 systems, run the following command: For 32bit Windows: cacls %windir%\system32\avifil32.dll /E /P everyone:N For 64bit Windows:cacls %windir%\syswow64\avifil32.dll /E /P everyone

On Windows Vista and Windows Server 2008, run the following commands: For 32bit Windows: takeown.exe /f %windir%\system32\avifil32.dll icacls.exe %windir%\system32\avifil32.dll /save %TEMP%\AVIFIL32_ACL.TXT

10.10.10.220 Confirmed 4/5/Patchable page 22 icacls.exe %windir%\system32\avifil32.dll /deny everyone:(F)

For 64bit Windows: takeown /f %windir%\syswow64\avifil32.dll icacls %windir%\syswow64\avifil32.dll /save %TEMP%\AVIFIL32_ACL.TXT icacls %windir%\syswow64\avifil32.dll /deny everyone:(F)

Impact of workaround #1: Applications that rely on the AVIFile API will fail to render AVI video content properly.

2) Remove HKEY_CLASSES_ROOT\CLSID\(40C3D757-D6E4-4b49-BB41-0E5BBEA28817) to prevent Windows Explorer from previewing AVI files. This can be done via the Interactive Method or by using a Managed Deployment Script. Note:This workaround is only applicable for CVE-2009-1545.

Impact of workaround #2: Windows Explorer will not provide a preview image for AVI files.

For detailed instructions on applying the workarounds, please refer to Microsoft Security Bulletin MS09-038 (http://www.microsoft.com/technet/security/bulletin/MS09-038.mspx).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003675: Malformed AVI Header Vulnerability Virtual Patch #1003678: AVI Integer Overflow Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB977914\Filelist is missing %windir%\system32\Avifil32.dll Version is 5.2.3790.0 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB971557\Filelist is missing %windir%\system32\Avifil32.dll Version is 5.2.3790.0

5 Microsoft Windows Message Queuing Elevation of Privilege Vulnerability (MS09-040) CVSS: - Active QID: 90518 CVSS Base: 6.9 Category: Windows CVSS Temporal: 5.4 CVE ID: CVE-2009-1922 Vendor Reference: MS09-040 Bugtraq ID: - Service Modified: 09/09/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (http://www.microsoft.com/downloads/details.aspx?familyid=8ed8bad7-2885-452c-9c34-3982cd498be8)

10.10.10.220 Confirmed 4/5/Patchable page 23 Windows XP Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=93490aa7-9985-4658-b0d7-88fb3f27ada0)

Windows XP Professional x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=12e6be68-dc87-450e-927b-3c9b6873eb13)

Windows Server 2003 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=52f59c56-2aba-4626-a90e-311e0e73c813)

Windows Server 2003 x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=2f77ef7b-54f8-4260-b6a6-d62a0f85ef45)

Windows Server 2003 with SP2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=ad55c653-ee6b-4c92-b7f4-3923bb916546)

Windows Vista (http://www.microsoft.com/downloads/details.aspx?familyid=00afd94c-b483-4155-884f-b617acca6e7d)

Windows Vista x64 Edition (http://www.microsoft.com/downloads/details.aspx?familyid=a0c698aa-a913-4981-8798-6bbb8cacfb86)

Refer to Microsoft Security Bulletin MS09-040 (http://www.microsoft.com/technet/security/bulletin/MS09-040.mspx) for further details.

Workaround: - Disable the Message Queuing Service. Steps on disabling the service via the Interactive Method are listed below:

1) Click Start, and then click Control Panel. Alternatively, point to Settings, and then click Control Panel.

2) Double-click Administrative Tools. Alternatively, click Switch to Classic View and then double-click Administrative Tools.

3) Double-click Services.

4) Double-click Message Queuing.

5) In the Startup type list, click Disabled.

6) Click Stop, and then click OK.

- This service can also be disabled via Group Policy settings.

- The MSMQ service can also be disabled by using the following command at the command prompt (available in Windows XP and in the Microsoft Windows 2000 Resource Kit):

Sc stop MSMQ & sc config MSMQ start= disabled

Additional instructions on applying the workarounds can be found at Microsoft Security Bulletin MS09-040 (http://www.microsoft.com/technet/security/bulletin/MS09-040.mspx).

EXPLOITABILITY: Core Security Reference: CVE-2009-1922 Description: Microsoft Windows MSMQ Null Pointer DoS (MS09-040) - Core Security Category : Denial of Service/Local

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003SP3KB971032Filelist is missing %windir%\System32\mqad.dll Version is 5.2.1716.0

5 Microsoft Active Template Library (ATL) for Microsoft Office Remote Code Execution Vulnerability (MS09-060) CVSS: - Active QID: 90543 CVSS Base: 9.3 Category: Windows CVSS Temporal: 7.7 CVE ID: CVE-2009-0901, CVE-2009-2493, CVE-2009-2495 Vendor Reference: MS09-060 Bugtraq ID: - Service Modified: 12/17/2009 User Modified: - Edited: No

10.10.10.220 Confirmed 4/5/Patchable page 24 PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office XP Service Pack 3 (Microsoft Outlook 2002 Service Pack 3) (http://www.microsoft.com/downloads/details.aspx?FamilyId=04878c2c-eb97-426f-be08-89036a6799db)

Microsoft Office 2003 Service Pack 3 (Microsoft Office Outlook 2003 Service Pack 3) (http://www.microsoft.com/downloads/details.aspx?FamilyId=79e2b2e8-d5e8-4014-b489-720af2b5083d)

2007 Microsoft Office System Service Pack 1 and 2007 Microsoft Office System Service Pack 2 (Microsoft Office Outlook 2007 Service Pack 1 and Microsoft Office Outlook 2007 Service Pack 2) (http://www.microsoft.com/downloads/details.aspx?FamilyId=d39234a3-c62c-44ba-a626-3179a183ca09)

Microsoft Office Visio Viewer 2007, Microsoft Office Visio Viewer 2007 Service Pack 1, and Microsoft Office Visio Viewer 2007 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?FamilyId=d20004c5-dd01-459e-8120-5f127e20c085)

Refer to Microsoft Security Bulletin MS09-060 (http://www.microsoft.com/technet/security/bulletin/MS09-060.mspx) for further details.

Workarounds: - Do not open or save Microsoft Office files received from untrusted sources or files received unexpectedly from trusted sources.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003764: ATL COM Initialization Vulnerability - ActiveX

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: Outlook 2003 C:\Program Files\Microsoft Office\OFFICE11\\Outlook.exe version is 11.0.8000.0 . C:\Program Files\Microsoft Office\OFFICE11\\Outlmime.dll version is 11.0.6555.0 .

5 Microsoft Internet Explorer Cumulative Security Update (MS09-054) CVSS: - Active QID: 90545 CVSS Base: 9.3 Category: Windows CVSS Temporal: 7.7 CVE ID: CVE-2009-1547, CVE-2009-2529, CVE-2009-2530, CVE-2009-2531 Vendor Reference: MS09-054 Bugtraq ID: - Service Modified: 11/30/2009 User Modified: - Edited: No PCI Vuln: Yes

First Detected: 07/27/2011 at 19:27:53 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 25 CVSS Environment:

10.10.10.220 Confirmed 4/5/Patchable page 25 Asset Group: - Collateral Damage Potential: - Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 5.01 Service Pack 4) (http://www.microsoft.com/downloads/details.aspx?FamilyID=26515c7b-d7a6-4405-96b5-a518dcb39d38)

Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 6 Service Pack 1) (http://www.microsoft.com/downloads/details.aspx?FamilyID=8154ba37-0fbc-4d31-9d6e-0b21586ad65a)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (Microsoft Internet Explorer 6) (http://www.microsoft.com/downloads/details.aspx?FamilyID=9aacf890-afb4-46a7-a13f-dd9fe3c0ca4a)

Windows XP Professional x64 Edition Service Pack 2 (Microsoft Internet Explorer 6) (http://www.microsoft.com/downloads/details.aspx?FamilyID=89a2cf2a-a7a2-4d4b-aa6f-24dde288d500)

Windows Server 2003 Service Pack 2 (Microsoft Internet Explorer 6) (http://www.microsoft.com/downloads/details.aspx?FamilyID=8101625d-ee93-46e5-aec2-3bdbf2d86472)

Windows Server 2003 x64 Edition Service Pack 2 (Microsoft Internet Explorer 6) (http://www.microsoft.com/downloads/details.aspx?familyid=2f966053-01eb-4a23-a9d5-71deac2498ea)

Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft Internet Explorer 6) (http://www.microsoft.com/downloads/details.aspx?familyid=79a1a94d-3b47-47e9-9476-2f591c3f6a59)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (Windows Internet Explorer 7) (http://www.microsoft.com/downloads/details.aspx?FamilyID=dc166dc6-577f-4d8d-94df-dd963233dd85)

Windows XP Professional x64 Edition Service Pack 2 (Windows Internet Explorer 7) (http://www.microsoft.com/downloads/details.aspx?familyid=bd54e595-25f2-4839-a838-2a0f809bde2b)

Windows Server 2003 Service Pack 2 (Windows Internet Explorer 7) (http://www.microsoft.com/downloads/details.aspx?familyid=4647bcf1-69fb-4ad6-9e03-7bc22d8a914b)

Windows Server 2003 x64 Edition Service Pack 2 (Windows Internet Explorer 7) (http://www.microsoft.com/downloads/details.aspx?familyid=e7d77bd9-8317-42f3-9ad1-a0b8bfa65b53)

Windows Server 2003 with SP2 for Itanium-based Systems (Windows Internet Explorer 7) (http://www.microsoft.com/downloads/details.aspx?FamilyID=07e66c09-2cd7-47ba-bf87-d3da602184b4)

Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2 (Windows Internet Explorer 7) (http://www.microsoft.com/downloads/details.aspx?familyid=f6995616-2a84-4c26-9599-26f1314873ed)

Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2 (Windows Internet Explorer 7) (http://www.microsoft.com/downloads/details.aspx?familyid=b3de5236-afdd-436e-8648-5382d564cc99)

For a complete list of patch download links, including Windows 7, please refer to Microsoft Security Bulletin MS09-054 (http://www.microsoft.com/technet/security/bulletin/MS09-054.mspx).

Workarounds: CVE-2009-2529, CVE-2009-2530: - Set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting - Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone

10.10.10.220 Confirmed 4/5/Patchable page 26 Impact of the Workaround: On visiting Web sites on the Internet or Intranet that use ActiveX or Active Scripting to provide additional functionality, you will be prompted frequently when you enable this workaround.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003770: Detect deflate Content-Encoding In HTTP Traffic Virtual Patch #1003774: HTML Component Handling Vulnerability Virtual Patch #1003768: Microsoft Internet Explorer Memory Corruption Remote Code Execution Vulnerability Virtual Patch #1003772: Microsoft Internet Explorer Memory Corruption Remote Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: %windir%\system32\urlmon.dll Version is 6.0.3790.639

5 Microsoft FTP Service for Internet Information Services Remote Code Execution Vulnerability (MS09- CVSS: - Active 053 and KB97519)

QID: 27302 CVSS Base: 9.3 Category: File Transfer Protocol CVSS Temporal: 6.9 CVE ID: CVE-2009-3023, CVE-2009-2521 Vendor Reference: KB975191, MS09-053 Bugtraq ID: 36189 Service Modified: 11/05/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (http://www.microsoft.com/downloads/details.aspx?familyid=7fecd367-aaff-458b-91bc-8925c8e57528)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?familyid=2ae0bdd4-f8b2-420a-b1ac-d2cdaa87c828)

Windows XP Professional x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=819dd2d1-cad5-4784-9baf-185d8a76df5d)

Windows Server 2003 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=48256ea3-b433-4e84-9019-22300069cfc1)

Windows Server 2003 x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=61bded07-201e-4815-ac1e-468bf907e063)

10.10.10.220 Confirmed 4/5/Patchable page 27 Windows Server 2003 with SP2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=b99d4d9b-e0cc-4a8c-ad99-6a53958b37c8)

Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=bb96eb1c-66a2-4276-9773-eea22179bcd4)

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=d9c5039f-d0cf-4d84-850f-f2f7701dcb79)

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=db969ddc-708e-42b7-9956-6c27bf346bbb)

Refer to Microsoft Security Bulletin MS09-053 (http://www.microsoft.com/technet/security/bulletin/MS09-053.mspx) for further details.

Workaround: 1) Modify NTFS file system permissions to disallow directory creation by FTP users. Perform the following steps with administrative privileges to remove directory creation privileges from the Users group.

- Browse to the root directory of your FTP site. By default this is in %systemroot%\inetpub\ftproot. - Right-click on the directory and select Properties. - Click the Security tab and click Advanced. - Click Change Permissions. - Select the Users group and click Edit. If you have a configured FTP user or custom group to manage your FTP users, replace the Users group with the custom identities. - Deselect Create Folders/Append Data.

Impact of workaround #1: FTP users will not be able to create directories through the FTP service. FTP users will still be able to upload files to existing directories through the FTP service.

2) Do not allow FTP write access to untrusted anonymous users. To modify IIS permissions to prevent FTP write access, perform the following steps:

- Launch IIS Manager. - Right click Default FTP Site and point to Properties. - Click the Home Directory tab. - Ensure that Write is deselected.

Impact of workaround #2: Users will not be able to transfer files using FTP, but can do so using WebDAV.

3) Disable the FTP service.

Impact of workaround #3: Users will no longer be able to use the FTP service.

Refer to the advisory to obtain detailed instructions on the workarounds.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003704: Microsoft IIS FTPd Unspecified Remote Denial Of Service Virtual Patch #1003698: Microsoft IIS FTPd Remote Buffer Overflow Vulnerability

EXPLOITABILITY: Core Security Reference: CVE-2009-2521 Description:

10.10.10.220 Confirmed 4/5/Patchable page 28 IIS FTP LIST Stack Exhaustion DoS - Core Security Category : Denial of Service/Remote

10.10.10.220 Confirmed 4/5/Patchable page 29 Reference: CVE-2009-3023 Description: IIS FTP NLST Buffer Overflow Exploit - Core Security Category : Exploits/Remote

Immunity Reference: CVE-2009-3023 Description: IISFTP_NLST - Immunity Ref : iisftp_nlst Link: http://qualys.immunityinc.com/home/exploitpack/CANVAS/iisftp_nlst/qualys_user

Metasploit Reference: CVE-2009-3023 Description: Microsoft IIS FTP Server NLST Response Overflow - Metasploit Ref : /modules/exploit/windows/ftp/ms09_053_ftpd_nlst Link: http://www.metasploit.com/modules/exploit/windows/ftp/ms09_053_ftpd_nlst

Reference: CVE-2009-2521 Description: Microsoft IIS FTP Server <= 7.0 LIST Stack Exhaustion - Metasploit Ref : /modules/auxiliary/dos/windows/ftp/iis_list_exhaustion Link: http://www.metasploit.com/modules/auxiliary/dos/windows/ftp/iis_list_exhaustion

The Exploit-DB Reference: CVE-2009-3023 Description: Microsoft IIS 5.0/6.0 FTP Server Remote Stack Overflow Exploit (win2k) - The Exploit-DB Ref : 9541 Link: http://www.exploit-db.com/exploits/9541

Reference: CVE-2009-3023 Description: Microsoft IIS 5.0 FTP Server Remote Stack Overflow Exploit (win2k sp4) - The Exploit-DB Ref : 9559 Link: http://www.exploit-db.com/exploits/9559

Reference: CVE-2009-2521 Description: Microsoft IIS 5.0/6.0 FTP Server (Stack Exhaustion) Denial of Service - The Exploit-DB Ref : 9587 Link: http://www.exploit-db.com/exploits/9587

Reference: CVE-2009-3023 Description: Microsoft IIS FTP Server NLST Response Overflow - The Exploit-DB Ref : 16740 Link: http://www.exploit-db.com/exploits/16740

RESULTS: MSFTPSVC = STOPPED HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB975254\Filelist is missing %windir%\system32\inetsrv\ftpsvc2.dll Version is 6.0.3790.0

5 Microsoft Windows GDI+ Remote Code Execution Vulnerability (MS09-062) CVSS: - Active QID: 90551 CVSS Base: 9.3 Category: Windows CVSS Temporal: 7.3 CVE ID: CVE-2009-2500, CVE-2009-2501, CVE-2009-2502, CVE-2009-2503, CVE-2009-2504, CVE-2009-3126, CVE-2009-2528, CVE-2009-2518 Vendor Reference: MS09-062 Bugtraq ID: - Service Modified: 07/01/2010 User Modified: - Edited: No PCI Vuln: Yes

10.10.10.220 Confirmed 4/5/Patchable page 30 SOLUTION: Patch:Following are links for downloading patches to fix the vulnerabilities:

Windows XP Service Pack 2 and Windows XP Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?familyid=e2acde20-a6d3-4135-b6eb-1214f743d474)

Windows XP Professional x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=ad92503a-8c91-4d73-98b0-942d7961637d)

Windows Server 2003 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=414466a4-39a0-476d-9a43-ae7674cbd6a0)

Windows Server 2003 x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=eb95e8d9-6ef5-4526-99d2-507e50de049b)

Windows Server 2003 with SP2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=a678ceb9-a37a-4c29-8bd1-f209922990e5)

Windows Vista and Windows Vista Service Pack 1 (http://www.microsoft.com/downloads/details.aspx?familyid=19aa01f3-026d-4264-85f8-216d0597969b)

Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1 (http://www.microsoft.com/downloads/details.aspx?familyid=8f5f0c1d-1dd6-47fa-aef2-d3c96c8fc06e)

Windows Server 2008 for 32-bit Systems (http://www.microsoft.com/downloads/details.aspx?familyid=fd1694af-8873-43aa-9243-91f7cde452b7)

Windows Server 2008 for x64-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=41bc4cdb-273a-4a6e-80d9-c8ce20e32da9)

Windows Server 2008 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=a4f42085-1cb9-4b8d-a931-85be71fdf06d)

Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 6 ServicePack 1) (http://www.microsoft.com/downloads/details.aspx?familyid=f3fef608-dafb-4b37-a65a-9cc4ae8e2c4c)

Microsoft Windows 2000 Service Pack 4 (Microsoft .NET Framework 1.1 Service Pack 1) (http://www.microsoft.com/downloads/details.aspx?FamilyId=ecf78619-80fa-417d-852b-1b5b2cf574e2)

Microsoft Windows 2000 Service Pack 4 (Microsoft .NET Framework 2.0 Service Pack 1) (http://www.microsoft.com/downloads/details.aspx?FamilyId=3e534aa8-29c2-4379-9f57-931a6ff47418)

Microsoft Windows 2000 Service Pack 4 (Microsoft .NET Framework 2.0 Service Pack 2) (http://www.microsoft.com/downloads/details.aspx?familyid=e6f5e730-85cc-4c08-a50d-c456b1e9f5bc)

Microsoft Office XP Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?familyid=b4ac7fbe-dd19-4940-a576-89a6b7ed602d)

Microsoft Office 2003 Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?familyid=48752ab4-5928-476d-a8bc-e998d188b1f7)

2007 Microsoft Office System Service Pack 1 (http://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec)

2007 Microsoft Office System Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec)

Microsoft Office Project 2002 Service Pack 1 (http://www.microsoft.com/downloads/details.aspx?familyid=b4ac7fbe-dd19-4940-a576-89a6b7ed602d)

Microsoft Office Visio 2002 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=920ee70b-c5c1-47b5-8f33-938ffe14eea4)

For a complete list of patch download links, please refer to Microsoft Security Bulletin MS09-062 (http://www.microsoft.com/technet/security/bulletin/MS09-062.mspx). A list of workarounds with details on enabling and disabling them is also available in the Bulletin.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003765: GDI+ WMF Integer Overflow Vulnerability Virtual Patch #1003762: GDI+ PNG Heap Overflow Vulnerability Virtual Patch #1003775: GDI+ TIFF Buffer Overflow Vulnerability Virtual Patch #1003759: Office BMP Integer Overflow Vulnerability Virtual Patch #1003781: Microsoft Office Malformed Object Memory Corruption Vulnerability Virtual Patch #1003773: GDI+ PNG Integer Overflow Vulnerability

EXPLOITABILITY: Core Security Reference: CVE-2009-2528 Description:

10.10.10.220 Confirmed 4/5/Patchable page 31 Microsoft Office Drawing Format Shape Exploit (MS09-062) - Core Security Category : Exploits/Client Side

10.10.10.220 RESULTS:Confirmed 4/5/Patchable page 32 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB958869\Filelist is missing %windir%\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8D353F13\GdiPlus.dll Version is 5.1.3097.0 %windir%\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.100.0_x-ww_0D1F9F94\GdiPlus.dll Version is 5.2.3790.0 %windir%\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.3790.136_x-ww_23C91158\GdiPlus.dll Version is 5.2.3790.136

5 Microsoft SMB Remote Code Execution Vulnerability (MS09-001) CVSS: - Active QID: 90477 CVSS Base: 10 Category: Windows CVSS Temporal: 7.8 CVE ID: CVE-2008-4834, CVE-2008-4835, CVE-2008-4114 Vendor Reference: MS09-001 Bugtraq ID: - Service Modified: 03/26/2009 User Modified: - Edited: No PCI Vuln: Yes

First Detected: 07/27/2011 at 19:27:53 (GMT) Last Detected: 01/14/2012 at 15:03:07 (GMT) Times Detected: 75 CVSS Environment: Asset Group: - Collateral Damage Potential: - Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: Workaround: TCP ports 139 and 445 should be blocked at the firewall to protect systems behind the firewall from attempts to exploit this vulnerability. Impact of workaround: Blocking the ports can cause several windows services or applications using those ports to stop functioning.

Patch: Following are links for downloading patches to fix the vulnerabilities:

Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?familyid=E0678D14-C1B5-457A-8222-8E7682760ED4&displaylang=en (http://www.microsoft.com/downloads/details.aspx?familyid=E0678D14-C1B5-457A-8222-8E7682760ED4&displaylang=en)

Windows XP SP2 and SP3: http://www.microsoft.com/downloads/details.aspx?familyid=EEAFCDC5-DF39-4B29-B6F1-7D32B64761E1&displaylang=en (http://www.microsoft.com/downloads/details.aspx?familyid=EEAFCDC5-DF39-4B29-B6F1-7D32B64761E1&displaylang=en)

Windows XP Professional x64 Edition and XP Professional x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=26898401-F669-4542-AD93-199ED1FE9A2A&displaylang=en (http://www.microsoft.com/downloads/details.aspx?familyid=26898401-F669-4542-AD93-199ED1FE9A2A&displaylang=en)

Windows 2003 Server SP1 and SP2: http://www.microsoft.com/downloads/details.aspx?familyid=588CA8E8-38A9-47ED-9C41-09AAF1022E49&displaylang=en (http://www.microsoft.com/downloads/details.aspx?familyid=588CA8E8-38A9-47ED-9C41-09AAF1022E49&displaylang=en)

Windows 2003 Server x64 Edition and 2003 Server x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=EE59441C-1E8F-4425-AE8D-DEC14E7F13FB&displaylang=en (http://www.microsoft.com/downloads/details.aspx?familyid=EE59441C-1E8F-4425-AE8D-DEC14E7F13FB&displaylang=en)

Windows 2003 Server with SP1 and SP2 for Itanium based systems: http://www.microsoft.com/downloads/details.aspx?familyid=CAEC9321-FA5B-42F0-9F26-61F673FE6EEF&displaylang=en (http://www.microsoft.com/downloads/details.aspx?familyid=CAEC9321-FA5B-42F0-9F26-61F673FE6EEF&displaylang=en)

Windows Vista and Vista SP1: http://www.microsoft.com/downloads/details.aspx?familyid=9179C463-C10A-452A-990F-B7E37CDD889B&displaylang=en (http://www.microsoft.com/downloads/details.aspx?familyid=9179C463-C10A-452A-990F-B7E37CDD889B&displaylang=en)

10.10.10.220 Confirmed 4/5/Patchable page 33 Windows Vista x64 Edition and Vista x64 Edition SP1: http://www.microsoft.com/downloads/details.aspx?familyid=6B26952E-B59D-4B0F-A52D-025E45ECD233&displaylang=en (http://www.microsoft.com/downloads/details.aspx?familyid=6B26952E-B59D-4B0F-A52D-025E45ECD233&displaylang=en)

Windows 2008 Server for 32-bit systems: http://www.microsoft.com/downloads/details.aspx?familyid=7245B411-7C9E-41E5-9841-4C586336086C&displaylang=en (http://www.microsoft.com/downloads/details.aspx?familyid=7245B411-7C9E-41E5-9841-4C586336086C&displaylang=en)

Windows 2008 Server for x64-based systems: http://www.microsoft.com/downloads/details.aspx?familyid=A241EAAD-95A0-442B-978F-F21A6F0C7DB4&displaylang=en (http://www.microsoft.com/downloads/details.aspx?familyid=A241EAAD-95A0-442B-978F-F21A6F0C7DB4&displaylang=en)

Windows 2008 Server for Itanium-based systems: http://www.microsoft.com/downloads/details.aspx?familyid=AB7C7015-20BB-4A0C-977A-969F4E2A5189&displaylang=en (http://www.microsoft.com/downloads/details.aspx?familyid=AB7C7015-20BB-4A0C-977A-969F4E2A5189&displaylang=en)

Refer to Microsoft Security Bulletin MS09-001 (http://www.microsoft.com/technet/security/bulletin/MS09-001.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1002844: "Microsoft Windows ""WRITE_ANDX"" SMB Packet Handling Denial of Service" Virtual Patch #1003207: SMB Buffer Overflow Remote Code Execution Vulnerability Virtual Patch #1003206: SMB Validation Remote Code Execution Vulnerability

EXPLOITABILITY: Core Security Reference: CVE-2008-4834 Description: Microsoft Windows SMB Trans Buffer Overflow DoS (MS09-001) - Core Security Category : Denial of Service/Remote

Metasploit Reference: CVE-2008-4114 Description: Microsoft SRV.SYS WriteAndX Invalid DataOffset - Metasploit Ref : /modules/auxiliary/dos/windows/smb/ms09_001_write Link: http://www.metasploit.com/modules/auxiliary/dos/windows/smb/ms09_001_write

The Exploit-DB Reference: CVE-2008-4114 Description: MS Windows WRITE_ANDX SMB command handling Kernel DoS (meta) - The Exploit-DB Ref : 6463 Link: http://www.exploit-db.com/exploits/6463

RESULTS: detected through null session (MS09-001)

5 Microsoft Windows Server Service Could Allow Remote Code Execution (MS08-067) CVSS: - Active QID: 90464 CVSS Base: 10 Category: Windows CVSS Temporal: 8.3 CVE ID: CVE-2008-4250 Vendor Reference: MS08-067 Bugtraq ID: 31874 Service Modified: 02/12/2009 User Modified: - Edited: No PCI Vuln: Yes

10.10.10.220 Confirmed 4/5/Patchable page 34 Availability Requirement: -

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4: http://www.microsoft.com/downloads/details.aspx?familyid=E22EB3AE-1295-4FE2-9775-6F43C5C2AED3 (http://www.microsoft.com/downloads/details.aspx?familyid=E22EB3AE-1295-4FE2-9775-6F43C5C2AED3) Windows XP Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=0D5F9B6E-9265-44B9-A376-2067B73D6A03 (http://www.microsoft.com/downloads/details.aspx?familyid=0D5F9B6E-9265-44B9-A376-2067B73D6A03) Windows XP Service Pack 3: http://www.microsoft.com/downloads/details.aspx?familyid=0D5F9B6E-9265-44B9-A376-2067B73D6A03 (http://www.microsoft.com/downloads/details.aspx?familyid=0D5F9B6E-9265-44B9-A376-2067B73D6A03) Windows XP Professional x64 Edition: http://www.microsoft.com/downloads/details.aspx?familyid=4C16A372-7BF8-4571-B982-DAC6B2992B25 (http://www.microsoft.com/downloads/details.aspx?familyid=4C16A372-7BF8-4571-B982-DAC6B2992B25) Windows XP Professional x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=4C16A372-7BF8-4571-B982-DAC6B2992B25 (http://www.microsoft.com/downloads/details.aspx?familyid=4C16A372-7BF8-4571-B982-DAC6B2992B25) Windows Server 2003 Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=F26D395D-2459-4E40-8C92-3DE1C52C390D (http://www.microsoft.com/downloads/details.aspx?familyid=F26D395D-2459-4E40-8C92-3DE1C52C390D) Windows Server 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=F26D395D-2459-4E40-8C92-3DE1C52C390D (http://www.microsoft.com/downloads/details.aspx?familyid=F26D395D-2459-4E40-8C92-3DE1C52C390D) Windows Server 2003 x64 Edition: http://www.microsoft.com/downloads/details.aspx?familyid=C04D2AFB-F9D0-4E42-9E1F-4B944A2DE400 (http://www.microsoft.com/downloads/details.aspx?familyid=C04D2AFB-F9D0-4E42-9E1F-4B944A2DE400) Windows Server 2003 x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=C04D2AFB-F9D0-4E42-9E1F-4B944A2DE400 (http://www.microsoft.com/downloads/details.aspx?familyid=C04D2AFB-F9D0-4E42-9E1F-4B944A2DE400) Windows Server 2003 with SP1 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=AB590756-F11F-43C9-9DCC-A85A43077ACF (http://www.microsoft.com/downloads/details.aspx?familyid=AB590756-F11F-43C9-9DCC-A85A43077ACF) Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=AB590756-F11F-43C9-9DCC-A85A43077ACF (http://www.microsoft.com/downloads/details.aspx?familyid=AB590756-F11F-43C9-9DCC-A85A43077ACF) Windows Vista and Windows Vista Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=18FDFF67-C723-42BD-AC5C-CAC7D8713B21 (http://www.microsoft.com/downloads/details.aspx?familyid=18FDFF67-C723-42BD-AC5C-CAC7D8713B21) For a complete list of patch download links, please refer to Microsoft Security Bulletin MS08-067 (http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1002975: Server Service Vulnerability (wkssvc) Virtual Patch #1003080: Server Service Vulnerability (srvsvc) Virtual Patch #1003292: Block Conficker.B++ Worm Incoming Named Pipe Connection Virtual Patch #1003293: Block Conficker.B++ Worm Outgoing Named Pipe Connection

EXPLOITABILITY: Core Security Reference: CVE-2008-4250 Description: MSRPC Server Service Remote Buffer Overflow Exploit (MS08-067) - Core Security Category : Exploits/Remote

Immunity Reference: CVE-2008-4250 Description: Windows Server Service Underflow (MS08-067) - Immunity Ref : ms08_067 Link: http://qualys.immunityinc.com/home/exploitpack/CANVAS/ms08_067/qualys_user

Metasploit Reference: CVE-2008-4250 Description: Microsoft Server Service Relative Path Stack Corruption - Metasploit Ref : /modules/exploit/windows/smb/ms08_067_netapi Link: http://www.metasploit.com/modules/exploit/windows/smb/ms08_067_netapi

The Exploit-DB

10.10.10.220 Confirmed 4/5/Patchable page 35 Reference: CVE-2008-4250 Description: MS Windows Server Service Code Execution PoC (MS08-067) - The Exploit-DB Ref : 6824 Link: http://www.exploit-db.com/exploits/6824

Reference: CVE-2008-4250 Description: MS Windows Server Service Code Execution Exploit (MS08-067) - The Exploit-DB Ref : 7104 Link: http://www.exploit-db.com/exploits/7104

Reference: CVE-2008-4250 Description: MS Windows Server Service Code Execution Exploit (MS08-067) (2k/2k3) - The Exploit-DB Ref : 7132 Link: http://www.exploit-db.com/exploits/7132

Reference: CVE-2008-4250 Description: Microsoft Server Service Relative Path Stack Corruption - The Exploit-DB Ref : 16362 Link: http://www.exploit-db.com/exploits/16362

RESULTS: Detected through MSRPC Interface

5 Microsoft PowerPoint Could Allow Remote Code Execution (MS08-051) CVSS: - Active QID: 110083 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 7.3 CVE ID: CVE-2008-0120, CVE-2008-0121, CVE-2008-1455 Vendor Reference: MS08-051 Bugtraq ID: - Service Modified: 08/13/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office 2000 Service Pack 3 (Microsoft Office PowerPoint 2000 Service Pack 3):http://www.microsoft.com/downloads/details.aspx?FamilyId=e7c044d8-778a-4985-b25b-4f7f6e4abadd (http://www.microsoft.com/downloads/details.aspx?FamilyId=e7c044d8-778a-4985-b25b-4f7f6e4abadd) Microsoft Office XP Service Pack 3 (Microsoft Office PowerPoint 2002 Service Pack 3):http://www.microsoft.com/downloads/details.aspx?FamilyId=f8921074-7985-4d42-ac2b-d2f3b1d466ba (http://www.microsoft.com/downloads/details.aspx?FamilyId=f8921074-7985-4d42-ac2b-d2f3b1d466ba) Microsoft Office 2003 Service Pack 2 (Microsoft Office PowerPoint 2003 Service Pack 2):http://www.microsoft.com/downloads/details.aspx?FamilyId=7a7c21f0-5e0e-4dee-9710-1ce3d565913f (http://www.microsoft.com/downloads/details.aspx?FamilyId=7a7c21f0-5e0e-4dee-9710-1ce3d565913f) Microsoft Office 2003 Service Pack 3 (Microsoft Office PowerPoint 2003 Service Pack 3):http://www.microsoft.com/downloads/details.aspx?FamilyId=7a7c21f0-5e0e-4dee-9710-1ce3d565913f (http://www.microsoft.com/downloads/details.aspx?FamilyId=7a7c21f0-5e0e-4dee-9710-1ce3d565913f) 2007 Microsoft Office System (Microsoft Office PowerPoint 2007):http://www.microsoft.com/downloads/details.aspx?FamilyId=55fd618a-e9c5-4f1e-b9a5-b2e47ec98ef1 (http://www.microsoft.com/downloads/details.aspx?FamilyId=55fd618a-e9c5-4f1e-b9a5-b2e47ec98ef1) 2007 Microsoft Office System Service Pack 1 (Microsoft Office PowerPoint 2007 Service Pack 1):http://www.microsoft.com/downloads/details.aspx?FamilyId=55fd618a-e9c5-4f1e-b9a5-b2e47ec98ef1 (http://www.microsoft.com/downloads/details.aspx?FamilyId=55fd618a-e9c5-4f1e-b9a5-b2e47ec98ef1) Microsoft Office PowerPoint Viewer 2003: http://www.microsoft.com/downloads/details.aspx?FamilyId=911c8872-dec8-4b8e-9708-93dcabd3e036 (http://www.microsoft.com/downloads/details.aspx?FamilyId=911c8872-dec8-4b8e-9708-93dcabd3e036)

10.10.10.220 Confirmed 4/5/Patchable page 36 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats: http://www.microsoft.com/downloads/details.aspx?familyid=84ce5d58-0010-4945-bce9-67a41f898f2f (http://www.microsoft.com/downloads/details.aspx?familyid=84ce5d58-0010-4945-bce9-67a41f898f2f) Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=84ce5d58-0010-4945-bce9-67a41f898f2f (http://www.microsoft.com/downloads/details.aspx?familyid=84ce5d58-0010-4945-bce9-67a41f898f2f) Microsoft Office 2004 for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyId=EBD3AF0C-3F62-4D18-BF45-881655683BD5 (http://www.microsoft.com/downloads/details.aspx?FamilyId=EBD3AF0C-3F62-4D18-BF45-881655683BD5) Refer to Micrsoft Security Bulletin MS08-051 (http://www.microsoft.com/technet/security/bulletin/MS08-051.mspx) for further details.

EXPLOITABILITY: Core Security Reference: CVE-2008-0120 Description: Microsoft Office PowerPoint Viewer Exploit (MS08-051) - Core Security Category : Exploits/Client Side

RESULTS: C:\Program Files\Microsoft Office\OFFICE11\\gdiplus.dll version is 6.0.3264.0 . C:\Program Files\Microsoft Office\OFFICE11\\Powerpnt.exe version is 11.0.6361.0 . C:\Program Files\Microsoft Office\OFFICE11\\Pptview.exe version is 11.0.5703.0 .

5 Microsoft Office 2003 SP2 Missing CVSS: - Active

QID: 110033 CVSS Base: 4.6 [1] Category: Office Application CVSS Temporal: 3.4 CVE ID: - Vendor Reference: - Bugtraq ID: - Service Modified: 12/17/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Refer to the Microsoft Office 2003 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?FamilyId=57E27A97-2DB6-4654-9DB6-EC7D5B4DD867&displaylang=en) Web site for more information and instructions for installing the update.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: C:\Program Files\Microsoft Office\OFFICE11\\EXCEL.exe version is 11.0.6355.0 . C:\Program Files\Microsoft Office\OFFICE11\\EXCEL.exe version is 11.0.6355.0 . C:\Program Files\Microsoft Office\OFFICE11\\WINWORD.exe version is 11.0.6502.0 . C:\Program Files\Microsoft Office\OFFICE11\\WINWORD.exe version is 11.0.6502.0 . C:\Program Files\Microsoft Office\OFFICE11\\POWERPNT.exe version is 11.0.6361.0 . C:\Program Files\Microsoft Office\OFFICE11\\POWERPNT.exe version is 11.0.6361.0 .

5 Microsoft Office Remote Code Execution Vulnerability (MS08-013) CVSS: - Active QID: 110069 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 6.9 CVE ID: CVE-2008-0103 Vendor Reference: MS08-013 Bugtraq ID: -

10.10.10.220 Confirmed 4/5/Patchable page 37 Service Modified: 02/13/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office 2000 Service Pack 3: http://www.microsoft.com/downloads/details.aspx?FamilyId=5FB74E24-D9EE-4951-9C46-E1C84617F097 (http://www.microsoft.com/downloads/details.aspx?FamilyId=5FB74E24-D9EE-4951-9C46-E1C84617F097) Microsoft Office XP Service Pack 3: http://www.microsoft.com/downloads/details.aspx?FamilyId=3E147B1A-F3BE-465F-8587-7F3A33D6A6E5 (http://www.microsoft.com/downloads/details.aspx?FamilyId=3E147B1A-F3BE-465F-8587-7F3A33D6A6E5) Microsoft Office 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyId=F4AC0F34-4604-4BBE-9669-01DB645041CA (http://www.microsoft.com/downloads/details.aspx?FamilyId=F4AC0F34-4604-4BBE-9669-01DB645041CA) Microsoft Office 2004 for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyId=36B00C58-192D-488C-A069-730C69F0B6B0 (http://www.microsoft.com/downloads/details.aspx?FamilyId=36B00C58-192D-488C-A069-730C69F0B6B0) Refer to Micrsoft Security Bulletin MS08-013 (http://www.microsoft.com/technet/security/bulletin/MS08-013.mspx) for further details.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: %ProgramFiles%\Common Files\Microsoft Shared\VBA\VBA6\vbe6.dll found %ProgramFiles%\Common Files\Microsoft Shared\VBA\VBA6\vbe6.dll found %ProgramFiles%\Common Files\Microsoft Shared\VBA\VBA6\vbe6.dll version is 6.4.99.72 .

5 Microsoft Word Remote Code Execution Vulnerabilities (MS06-060) CVSS: - Active QID: 110046 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 6.9 CVE ID: CVE-2006-3647, CVE-2006-3651, CVE-2006-4534, CVE-2006-4693 Vendor Reference: MS06-060 Bugtraq ID: - Service Modified: 06/09/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

10.10.10.220 Confirmed 4/5/Patchable page 38 Microsoft Office 2000 Service Pack 3 : http://www.microsoft.com/downloads/details.aspx?FamilyId=CFC85449-4941-4DA5-A919-1DA388054E83 (http://www.microsoft.com/downloads/details.aspx?FamilyId=CFC85449-4941-4DA5-A919-1DA388054E83) Microsoft Office XP Service Pack 3 : http://www.microsoft.com/downloads/details.aspx?FamilyId=5652303E-04B3-4713-AF2E-2C8D2450468D (http://www.microsoft.com/downloads/details.aspx?FamilyId=5652303E-04B3-4713-AF2E-2C8D2450468D) Microsoft Office 2003 Service Pack 1 or Service Pack 2 (Microsoft Office Word 2003):http://www.microsoft.com/downloads/details.aspx?FamilyId=30C516EB-BD63-4248-A34D-47AF7E9EA55A (http://www.microsoft.com/downloads/details.aspx?FamilyId=30C516EB-BD63-4248-A34D-47AF7E9EA55A) Microsoft Office 2003 Service Pack 1 or Service Pack 2 (Microsoft Office Word 2003 Viewer ):http://www.microsoft.com/downloads/details.aspx?FamilyId=EB230319-14A5-4206-A601-CF9DDE89352A (http://www.microsoft.com/downloads/details.aspx?FamilyId=EB230319-14A5-4206-A601-CF9DDE89352A) Microsoft Works Suites (Microsoft Works Suite 2004 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=5652303E-04B3-4713-AF2E-2C8D2450468D (http://www.microsoft.com/downloads/details.aspx?FamilyId=5652303E-04B3-4713-AF2E-2C8D2450468D) Microsoft Works Suites (Microsoft Works Suite 2005 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=5652303E-04B3-4713-AF2E-2C8D2450468D (http://www.microsoft.com/downloads/details.aspx?FamilyId=5652303E-04B3-4713-AF2E-2C8D2450468D) Microsoft Works Suites (Microsoft Works Suite 2006 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=5652303E-04B3-4713-AF2E-2C8D2450468D (http://www.microsoft.com/downloads/details.aspx?FamilyId=5652303E-04B3-4713-AF2E-2C8D2450468D) Microsoft Office 2004 for Mac : http://www.microsoft.com/mac/ (http://www.microsoft.com/mac/) Microsoft Office v. X for Mac : http://www.microsoft.com/mac/ (http://www.microsoft.com/mac/) Refer to Microsoft Security Bulletin MS06-060 (http://www.microsoft.com/technet/security/bulletin/MS06-060.mspx) for further details.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: Word 2003 C:\Program Files\Microsoft Office\OFFICE11\\WINWORD.exe version is 11.0.6502.0 . C:\Program Files\Microsoft Office\OFFICE11\\WINWORD.exe version is 11.0.6502.0 .

5 Microsoft Active Directory Denial of Service Vulnerability (MS09-066) CVSS: - Active QID: 90568 CVSS Base: 7.8 Category: Windows CVSS Temporal: 6.1 CVE ID: CVE-2009-1928 Vendor Reference: MS09-066 Bugtraq ID: - Service Modified: 12/08/2009 User Modified: - Edited: No PCI Vuln: No

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Server Service Pack 4 (Active Directory) (http://www.microsoft.com/downloads/details.aspx?familyid=297158cf-374c-45d9-b213-978e1f54d244)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (Active Directory Application Mode (ADAM)) (http://www.microsoft.com/downloads/details.aspx?familyid=cbe09780-f288-457a-b254-58c9c8744055)

Windows XP Professional x64 Edition Service Pack 2 (Active Directory Application Mode (ADAM))

10.10.10.220 Confirmed 4/5/Patchable page 39 (http://www.microsoft.com/downloads/details.aspx?familyid=b65ddf36-a02d-4aa2-9b4f-7416dbf59e2a)

Windows Server 2003 Service Pack 2 (Active Directory) (http://www.microsoft.com/downloads/details.aspx?familyid=28f1c494-4e16-43b6-93d2-49e15f142ac9)

Windows Server 2003 Service Pack 2 (Active Directory Application Mode ) (http://www.microsoft.com/downloads/details.aspx?familyid=44cb9029-4b19-4bad-8fc9-3efe285adb0e)

Windows Server 2003 x64 Edition Service Pack 2 (Active Directory) (http://www.microsoft.com/downloads/details.aspx?familyid=509aeec0-112b-44ab-8686-43f381b61940)

Windows Server 2003 x64 Edition Service Pack 2 (Active Directory Application Mode ) (http://www.microsoft.com/downloads/details.aspx?familyid=87f2109e-5129-467c-930f-70af31ebf5de)

Windows Server 2003 with SP2 for Itanium-based Systems (Active Directory) (http://www.microsoft.com/downloads/details.aspx?familyid=040e691b-1ef0-4b73-bef7-a1d77b84b0ca)

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (Active Directory and Active Directory Lightweight Directory Service (AD LDS)) (http://www.microsoft.com/downloads/details.aspx?familyid=701abf15-7f93-41de-8d09-13404fd79a7e)

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (Active Directory and Active Directory Lightweight Directory Service (AD LDS)) (http://www.microsoft.com/downloads/details.aspx?familyid=17f5f9e0-5869-41da-9b3b-6e67540af1f0)

Refer to Microsoft Security Bulletin MS09-066 (http://www.microsoft.com/technet/security/bulletin/MS09-066.mspx) for further details.

Workaround: - Block TCP ports 389, 636, 3268 and 3269 at the firewall. These ports are used to initiate a connection with the affected component. Blocking them at the enterprise firewall, both inbound and outbound, will help prevent systems that are behind that firewall from attempts to exploit this vulnerability.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003821: LSASS Recursive Stack Overflow Vulnerability

EXPLOITABILITY: Core Security Reference: CVE-2009-1928 Description: Microsoft Windows Active Directory Remote DoS (MS09-066) - Core Security Category : Denial of Service/Remote

RESULTS: HKLM\SYSTEM\CurrentControlSet\Services\NTDS exists HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB981550 is missing %windir%\System32\ntdsa.dll Version is 5.2.3790.0 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB973037 is missing %windir%\System32\ntdsa.dll Version is 5.2.3790.0

5 Microsoft WordPad and Office Text Converters Remote Code Execution Vulnerability (MS09-073) CVSS: - Active QID: 90572 CVSS Base: 9.3 Category: Windows CVSS Temporal: 7.3 CVE ID: CVE-2009-2506 Vendor Reference: MS09-073 Bugtraq ID: - Service Modified: 07/22/2010 User Modified: - Edited: No PCI Vuln: Yes

First Detected: 07/27/2011 at 19:27:53 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 25 CVSS Environment:

10.10.10.220 Confirmed 4/5/Patchable page 40 Asset Group: - Collateral Damage Potential: - Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (http://www.microsoft.com/downloads/details.aspx?familyid=50936f51-b0a9-4e94-85bf-93f9ad74fdd1)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?familyid=c090c4c2-c277-4d8c-91e1-28286bc5443e)

Windows XP Professional x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=4b9bf156-cd34-460f-b4ad-571e37f54659)

Windows Server 2003 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=b9678229-2473-4aae-a814-eca9ea556d17)

Windows Server 2003 x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=257facf3-20a1-49e2-ab4c-c1ae67fe05a0)

Windows Server 2003 with SP2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=1a7784ef-5d25-4de1-a293-f742b5a3473d)

Microsoft Office XP Service Pack 3 (Microsoft Office Word 2002 Service Pack 3) (http://www.microsoft.com/downloads/details.aspx?familyid=bc3ec3ba-2cec-43ab-b184-c222794231f2)

Microsoft Office 2003 Service Pack 3 (Microsoft Office Word 2003 Service Pack 3) (http://www.microsoft.com/downloads/details.aspx?familyid=b4a4126c-b0b3-4db2-b6f5-0e67519c2a5f)

Microsoft Works 8.5 (http://www.microsoft.com/downloads/details.aspx?familyid=807426a1-8b78-4681-a606-dc39f4d7b64a)

Microsoft Office Converter Pack (http://www.microsoft.com/downloads/details.aspx?familyid=f3ff8bb6-d047-42f1-9331-b6df85fff9fd)

Refer to Microsoft Security Bulletin MS09-073 (http://www.microsoft.com/technet/security/bulletin/MS09-073.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003872: WordPad And Office Text Converter Memory Corruption

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: %ProgramFiles%\Common Files\Microsoft Shared\TextConv\Write32.wpc found HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB973904 is missing %ProgramFiles%\Common Files\Microsoft Shared\TextConv\Write32.wpc Version is 1999.8.7.0

5 Microsoft SMB Client Remote Code Execution Vulnerability (MS10-006) CVSS: - Active QID: 90577 CVSS Base: 9.3 Category: Windows CVSS Temporal: 7.3 CVE ID: CVE-2010-0016, CVE-2010-0017 Vendor Reference: MS10-006

10.10.10.220 Confirmed 4/5/Patchable page 41 Bugtraq ID: 38100, 38093 Service Modified: 07/08/2010 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch:Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (http://www.microsoft.com/downloads/details.aspx?familyid=80b49bab-6c2f-48a8-a901-ca3f76e4fe6b)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?familyid=f6c4472e-385c-4412-bda9-c2e615e50713) Windows XP Professional x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=63e15ff0-73b3-46c9-96f8-c18977d35a10) Windows Server 2003 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=feb8c145-7c30-45fa-a6f0-8b6453ddd521) Windows Server 2003 x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=36d88c1b-814c-4371-9ed2-d4576f419fc3) Windows Server 2003 with SP2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=622442b0-cffe-4fc2-94a8-edff9d71ecd3) Windows Vista and Windows Vista Service Pack 1 (http://www.microsoft.com/downloads/details.aspx?familyid=1902fc93-0f4b-4261-9da3-17d1931daf2e) Windows Vista Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=1902fc93-0f4b-4261-9da3-17d1931daf2e) Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1 (http://www.microsoft.com/downloads/details.aspx?familyid=7c2f89b5-a3b3-42cd-857d-923fe8b8f1da)

Windows Vista x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=7c2f89b5-a3b3-42cd-857d-923fe8b8f1da)

Windows Server 2008 for 32-bit Systems (http://www.microsoft.com/downloads/details.aspx?familyid=09e19263-18ba-495e-bcf7-719e957204a7)

Windows Server 2008 for 32-bit Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=09e19263-18ba-495e-bcf7-719e957204a7)

Windows Server 2008 for x64-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=180c2313-5e3e-4d84-87cd-64048f51e0f6)

Windows Server 2008 for x64-based Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=180c2313-5e3e-4d84-87cd-64048f51e0f6) Windows Server 2008 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=614eaf7e-95aa-4f8f-910c-1980e1f14d11) Windows Server 2008 for Itanium-based Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=614eaf7e-95aa-4f8f-910c-1980e1f14d11) Windows 7 for 32-bit Systems (http://www.microsoft.com/downloads/details.aspx?familyid=a589431a-93dc-42cd-a74e-d9c1e3452fef) Windows 7 for x64-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=3c1edcf8-d304-45c4-9818-1cd86383b3fe) Windows Server 2008 R2 for x64-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=ecb06350-47a7-48eb-825f-3e8f89c5ca8e)

Windows Server 2008 R2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=badd6cab-7738-4401-a68c-c15414388601)

Refer to Microsoft Security Bulletin MS10-006 (http://www.microsoft.com/technet/security/bulletin/MS10-006.mspx) for further details.

Workaround: TCP ports 139 and 445 should be blocked at the firewall to protect systems behind the firewall from attempts to exploit this vulnerability.

Impact of workaround: Blocking the ports can cause Windows services or applications using those ports to stop functioning.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003973: 1003973 - SMB Client Pool Corruption Vulnerability Virtual Patch #1003980: 1003980 - SMB Client Race Condition Vulnerability

10.10.10.220 Confirmed 4/5/Patchable page 42 EXPLOITABILITY: Core Security Reference: CVE-2010-0016 Description: Microsoft Windows SMB Client Pool Corruption Vulnerability Dos (MS10-006) - Core Security Category : Denial of Service/Client Side Metasploit Reference: CVE-2010-0017 Description: Microsoft Windows 7 / Server 2008 R2 SMB Client Infinite Loop - Metasploit Ref : /modules/auxiliary/dos/windows/smb/ms10_006_negotiate_response_loop Link: http://www.metasploit.com/modules/auxiliary/dos/windows/smb/ms10_006_negotiate_response_loop

The Exploit-DB Reference: CVE-2010-0017 Description: Proof of Concept for MS10-006 SMB Client-Side Bug - The Exploit-DB Ref : 12258 Link: http://www.exploit-db.com/exploits/12258

5 Microsoft DirectShow Remote Code Execution Vulnerability (MS10-013) CVSS: - Active QID: 90584 CVSS Base: 9.3 Category: Windows CVSS Temporal: 6.9 CVE ID: CVE-2010-0250 Vendor Reference: MS10-013 Bugtraq ID: - Service Modified: 07/08/2010 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (AVI Filter) (http://www.microsoft.com/downloads/details.aspx?familyid=ba110440-10ce-40a0-884a-8b9afd45a3e3)

Microsoft Windows 2000 Service Pack 4 (Quartz) (http://www.microsoft.com/downloads/details.aspx?familyid=16787c93-2c95-4c13-8492-be1db9d18146)

Microsoft Windows 2000 Service Pack 4 (Quartz in DirectX 9.0) (http://www.microsoft.com/downloads/details.aspx?familyid=59a8bc19-02bb-4800-bac1-464f59e1cb7b)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (AVI Filter) (http://www.microsoft.com/downloads/details.aspx?familyid=a9beb2bd-e5f6-43f9-bbcc-a2afee5e5ceb)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (Quartz) (http://www.microsoft.com/downloads/details.aspx?familyid=7ab53be3-3f42-4e61-a2bc-3ed41d8736ff)

Windows XP Professional x64 Edition Service Pack 2 (AVI Filter) (http://www.microsoft.com/downloads/details.aspx?familyid=dedc3010-a989-45f7-b9d4-f7079db3e572)

Windows XP Professional x64 Edition Service Pack 2 (Quartz)

10.10.10.220 Confirmed 4/5/Patchable page 43 (http://www.microsoft.com/downloads/details.aspx?familyid=7543e819-cd36-4e89-9850-60f00c50999d)

Windows Server 2003 Service Pack 2 (AVI Filter) (http://www.microsoft.com/downloads/details.aspx?familyid=cc5150d7-070e-4a87-9c02-d050a8cb2204)

Windows Server 2003 Service Pack 2 (Quartz) (http://www.microsoft.com/downloads/details.aspx?familyid=983c5484-6321-4765-97ec-8d42d42d1f70)

Windows Server 2003 x64 Edition Service Pack 2 (AVI Filter) (http://www.microsoft.com/downloads/details.aspx?familyid=db13e99b-2f2a-4474-8d6e-271b025bd07f)

Windows Server 2003 x64 Edition Service Pack 2 (Quartz) (http://www.microsoft.com/downloads/details.aspx?familyid=7dc20252-6091-407b-befc-c25e8f5d3fb0)

Windows Server 2003 with SP2 for Itanium-based Systems (AVI Filter) (http://www.microsoft.com/downloads/details.aspx?familyid=aec66173-e2c6-4c39-8d60-8fbef6d7b764)

Windows Server 2003 with SP2 for Itanium-based Systems (Quartz) (http://www.microsoft.com/downloads/details.aspx?familyid=b1a7533a-913f-4054-b579-489a257bae5f)

Windows Vista, Windows Vista Service Pack 1 and Windows Vista Service Pack 2 (Quartz) (http://www.microsoft.com/downloads/details.aspx?familyid=7130ce0f-df38-4c96-ac54-cdbff35f03e7)

Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2 (Quartz) (http://www.microsoft.com/downloads/details.aspx?familyid=de7b7c8f-bd0a-4e13-bd58-d95507a6274b)

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (Quartz) (http://www.microsoft.com/downloads/details.aspx?familyid=5ac0a948-0bdc-4c10-9b88-16a5d7092e47)

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (Quartz) (http://www.microsoft.com/downloads/details.aspx?familyid=362fea40-649b-4471-aad7-db29edd0ac10)

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2 (Quartz) (http://www.microsoft.com/downloads/details.aspx?familyid=effa638b-cfc1-4777-8219-7b433ed5e717)

For a complete list of patch download links, please refer to Microsoft Security Bulletin MS10-013 (http://www.microsoft.com/technet/security/bulletin/MS10-013.mspx).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003981: DirectShow Heap Overflow Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB975560\Filelist is missing %windir%\System32\quartz.dll Version is 6.4.3790.399 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB977914\Filelist is missing %windir%\system32\Avifil32.dll Version is 5.2.3790.0

5 Microsoft Windows Remote Code Execution Vulnerability (MS10-019) CVSS: - Active QID: 90596 CVSS Base: 9.3 Category: Windows CVSS Temporal: 6.9 CVE ID: CVE-2010-0486, CVE-2010-0487 Vendor Reference: MS10-019 Bugtraq ID: - Service Modified: 07/08/2010 User Modified: - Edited: No PCI Vuln: Yes

First Detected: 07/27/2011 at 19:27:53 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 25 CVSS Environment: Asset Group: - Collateral Damage Potential: - Target Distribution: -

10.10.10.220 Confirmed 4/5/Patchable page 44 Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Windows Server 2008 R2 for x64-based Systems (Authenticode Signature Verification 6.1) (http://www.microsoft.com/downloads/details.aspx?familyid=94DFDAAE-8464-4DE6-A401-7EB70B3BB34F)

Windows Server 2008 R2 for x64-based Systems (Cabinet File Viewer Shell Extension 6.1) (http://www.microsoft.com/downloads/details.aspx?familyid=A2979C02-2A80-4B84-BF6C-4798064BDF28)

Windows Server 2008 R2 for Itanium-based Systems (Authenticode Signature Verification 6.1) (http://www.microsoft.com/downloads/details.aspx?familyid=40F622D2-48E7-4EB2-9430-BBD218CB5208)

Windows Server 2008 R2 for Itanium-based Systems (Cabinet File Viewer Shell Extension 6.1) (http://www.microsoft.com/downloads/details.aspx?familyid=5E416D4B-5DE7-4688-80C6-245DE159E0CE)

Windows XP Professional x64 Edition Service Pack 2 (Authenticode Signature Verification 5.1) (http://www.microsoft.com/downloads/details.aspx?familyid=9BBFF00C-F8F4-4A44-98F2-18A868986AE1)

Windows XP Professional x64 Edition Service Pack 2 (Cabinet File Viewer Shell Extension 6.0) (http://www.microsoft.com/downloads/details.aspx?familyid=E64E487E-2727-4396-B0C9-6EAF000214D2)

Windows Server 2003 Service Pack 2 (Authenticode Signature Verification 5.1) (http://www.microsoft.com/downloads/details.aspx?familyid=0E7E3DEB-F078-4953-9642-675EC69267F2)

Windows Server 2003 Service Pack 2 (Cabinet File Viewer Shell Extension 6.0) (http://www.microsoft.com/downloads/details.aspx?familyid=7AE9B1D0-0DBE-4ABD-B315-10CEA4CECCD7)

Windows Server 2003 x64 Edition Service Pack 2 (Authenticode Signature Verification 5.1) (http://www.microsoft.com/downloads/details.aspx?familyid=99A3F6DA-728F-421C-AB41-C4C4751934A4)

Windows Server 2003 x64 Edition Service Pack 2 (Cabinet File Viewer Shell Extension 6.0) (http://www.microsoft.com/downloads/details.aspx?familyid=1709FD4E-D7C6-4CBB-8B71-A96B8D6EEE58)

Windows Server 2003 with SP2 for Itanium-based Systems (Authenticode Signature Verification 5.1) (http://www.microsoft.com/downloads/details.aspx?familyid=06832599-1E9B-4792-8C7B-7B5B3A3D6277)

Windows Server 2003 with SP2 for Itanium-based Systems (Cabinet File Viewer Shell Extension 6.0) (http://www.microsoft.com/downloads/details.aspx?familyid=811A2B28-655D-4B5D-821E-5A90D556DBA3)

Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2 (Authenticode Signature Verification 6.0) (http://www.microsoft.com/downloads/details.aspx?familyid=A52225A7-6005-4F2B-8291-DB20558F23F8)

Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2 (Cabinet File Viewer Shell Extension 6.0) (http://www.microsoft.com/downloads/details.aspx?familyid=6145E2B2-36FD-4360-BD5B-2BD11890FC52)

Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2 (Authenticode Signature Verification 6.0) (http://www.microsoft.com/downloads/details.aspx?familyid=9BA7468C-23A4-4994-9A5A-22E96EF586F3)

Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2 (Cabinet File Viewer Shell Extension 6.0) (http://www.microsoft.com/downloads/details.aspx?familyid=5B7EFA82-0FEB-413A-9F8E-212E7432CD99)

For a complete list of patch download links, please refer to Microsoft Security Bulletin MS10-019 (http://www.microsoft.com/technet/security/bulletin/MS10-019.mspx).

Virtual Patches:

10.10.10.220 Confirmed 4/5/Patchable page 45 Trend Micro Virtual Patching Virtual Patch #1004101: WinVerifyTrust Signature Validation Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB978601 is missing %windir%\System32\Wintrust.dll Version is 5.131.3790.0 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB979309 is missing %windir%\System32\Cabview.dll Version is 6.0.3790.0

5 Microsoft PowerPoint Multiple Remote Code Execution Vulnerabilities (MS06-058) CVSS: - Active QID: 110043 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 7.7 CVE ID: CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, CVE-2006-4694 Vendor Reference: MS06-058 Bugtraq ID: 20226 Service Modified: 06/12/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office 2000 Service Pack 3 : http://www.microsoft.com/downloads/details.aspx?FamilyId=14A61FDA-BFE2-47CA-8313-40B772359994 (http://www.microsoft.com/downloads/details.aspx?FamilyId=14A61FDA-BFE2-47CA-8313-40B772359994) Microsoft Office XP Service Pack 3 : http://www.microsoft.com/downloads/details.aspx?FamilyId=0FBD66FB-28BB-4587-9425-AD4A3F10651D (http://www.microsoft.com/downloads/details.aspx?FamilyId=0FBD66FB-28BB-4587-9425-AD4A3F10651D) Microsoft Office 2003 Service Pack 1 or Service Pack 2 : http://www.microsoft.com/downloads/details.aspx?FamilyId=D0E30F77-B48F-4B8B-A6FA-105A354B1A4E (http://www.microsoft.com/downloads/details.aspx?FamilyId=D0E30F77-B48F-4B8B-A6FA-105A354B1A4E) Microsoft Office 2004 for Mac (Microsoft PowerPoint 2004 for Mac ):http://www.microsoft.com/mac/ (http://www.microsoft.com/mac/) Microsoft Office v. X for Mac (Microsoft PowerPoint v. X for Mac ):http://www.microsoft.com/mac/ (http://www.microsoft.com/mac/) Refer to Micrsoft Security Bulletin MS06-058 (http://www.microsoft.com/technet/security/bulletin/MS06-058.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1000815: Microsoft PowerPoint Malformed Data Record Code Execution Virtual Patch #1001207: Microsoft PowerPoint Malformed Data Record Code Execution. Virtual Patch #1000795: Microsoft PowerPoint Unspecified Code Execution Virtual Patch #1001231: Microsoft PowerPoint Unspecified Code Execution.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS:

10.10.10.220 Confirmed 4/5/Patchable page 46 C:\Program Files\Microsoft Office\OFFICE11\\gdiplus.dll version is 6.0.3264.0 . C:\Program Files\Microsoft Office\OFFICE11\\Powerpnt.exe version is 11.0.6361.0 . %ProgramFiles%\Microsoft Office\Office11\PowerPnt.exe version is 11.0.6361.0 .

5 Microsoft RichEdit Could Allow Remote Code Execution (MS07-013) CVSS: - Active QID: 110054 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 6.9 CVE ID: CVE-2006-1311 Vendor Reference: MS07-013 Bugtraq ID: 21876 Service Modified: 09/04/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows Server 2003 x64 Edition : http://www.microsoft.com/downloads/details.aspx?FamilyId=3b6ee258-b636-455b-8833-74dea6269e24 (http://www.microsoft.com/downloads/details.aspx?FamilyId=3b6ee258-b636-455b-8833-74dea6269e24) Microsoft Office 2000 Service Pack 3 : http://www.microsoft.com/downloads/details.aspx?FamilyID=2FF67E78-2A08-45C9-A7AC-09678D060439 (http://www.microsoft.com/downloads/details.aspx?FamilyID=2FF67E78-2A08-45C9-A7AC-09678D060439) Microsoft Office XP Service Pack 3 : http://www.microsoft.com/downloads/details.aspx?FamilyId=85C5162C-FC35-40B4-AD04-ADD247950423 (http://www.microsoft.com/downloads/details.aspx?FamilyId=85C5162C-FC35-40B4-AD04-ADD247950423) Microsoft Office 2003 Service Pack 2 : http://www.microsoft.com/downloads/details.aspx?FamilyId=6C3BCAB8-0C99-4BE6-8DE7-71D463473A4A (http://www.microsoft.com/downloads/details.aspx?FamilyId=6C3BCAB8-0C99-4BE6-8DE7-71D463473A4A) Microsoft Windows 2000 Service Pack 4 : http://www.microsoft.com/downloads/details.aspx?FamilyId=0b0b13d3-b2fb-4cf4-8ee1-51871d39eecd (http://www.microsoft.com/downloads/details.aspx?FamilyId=0b0b13d3-b2fb-4cf4-8ee1-51871d39eecd) Microsoft Windows XP Service Pack 2 : http://www.microsoft.com/downloads/details.aspx?FamilyId=3159428d-7212-4bf0-9699-3dbae5db6ca1 (http://www.microsoft.com/downloads/details.aspx?FamilyId=3159428d-7212-4bf0-9699-3dbae5db6ca1) Microsoft Windows XP Professional x64 Edition : http://www.microsoft.com/downloads/details.aspx?FamilyId=daf2f7ac-20b4-4ec9-9467-2ddd4fc493d6 (http://www.microsoft.com/downloads/details.aspx?FamilyId=daf2f7ac-20b4-4ec9-9467-2ddd4fc493d6) Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 : http://www.microsoft.com/downloads/details.aspx?FamilyId=2e8d2355-d5c5-406d-9322-5fe1b2134d2f (http://www.microsoft.com/downloads/details.aspx?FamilyId=2e8d2355-d5c5-406d-9322-5fe1b2134d2f) Microsoft Windows Server 2003 for Itanium based Systems and Microsoft Windows Server 2003 with SP1 for Itanium based Systems : http://www.microsoft.com/downloads/details.aspx?FamilyId=ed6dd20f-4c0b-48f7-a1f9-613265506835 (http://www.microsoft.com/downloads/details.aspx?FamilyId=ed6dd20f-4c0b-48f7-a1f9-613265506835) Microsoft Project 2000 Service Release 1 : http://www.microsoft.com/downloads/details.aspx?FamilyId=019B11FC-00B8-451C-AB3C-772780D4C46A (http://www.microsoft.com/downloads/details.aspx?FamilyId=019B11FC-00B8-451C-AB3C-772780D4C46A) Microsoft Office 2000 Multilanguage Packs : http://www.microsoft.com/downloads/details.aspx?FamilyID=B5A087F8-74D2-4184-9986-23AB3C4EF7F2 (http://www.microsoft.com/downloads/details.aspx?FamilyID=B5A087F8-74D2-4184-9986-23AB3C4EF7F2) Microsoft Project 2002 Service Pack 1 : http://www.microsoft.com/downloads/details.aspx?FamilyId=D162C366-C5E7-4850-B773-1FE669FAEEAF (http://www.microsoft.com/downloads/details.aspx?FamilyId=D162C366-C5E7-4850-B773-1FE669FAEEAF) For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS07-013 (http://www.microsoft.com/technet/security/bulletin/MS07-013.mspx).

Virtual Patches:

Trend Micro Virtual Patching 10.10.10.220 Confirmed 4/5/PatchableVirtual Patch #1000948: Microsoft OLE Dialog Code Execution Vulnerability page 47 Virtual Patch #1000949: Microsoft OLE Dialog Code Execution. EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: %ProgramFiles%\Common Files\Microsoft Shared\OFFICE11\Riched20.dll version is 5.50.99.2009 .

5 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (MS07-015) CVSS: - Active QID: 110053 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 7.7 CVE ID: CVE-2006-3877, CVE-2007-0671 Vendor Reference: MS07-015 Bugtraq ID: 22383 Service Modified: 11/19/2007 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office 2000 Service Pack 3 : http://www.microsoft.com/downloads/details.aspx?familyid=20E089E7-7DD3-44A4-ABFE-6D8C27721683 (http://www.microsoft.com/downloads/details.aspx?familyid=20E089E7-7DD3-44A4-ABFE-6D8C27721683) Microsoft Office XP Service Pack 3 : http://www.microsoft.com/downloads/details.aspx?FamilyId=C54B1FDA-1237-48F7-AD19-F0830EE0E8FF (http://www.microsoft.com/downloads/details.aspx?FamilyId=C54B1FDA-1237-48F7-AD19-F0830EE0E8FF) Microsoft Office 2003 Service Pack 2 : http://www.microsoft.com/downloads/details.aspx?FamilyId=BB0973E7-275D-4491-9BA1-91EAEA84EEFD (http://www.microsoft.com/downloads/details.aspx?FamilyId=BB0973E7-275D-4491-9BA1-91EAEA84EEFD) Microsoft Project 2000 Service Release 1 : http://www.microsoft.com/downloads/details.aspx?FamilyId=3DF54B5C-CB82-4A99-9B90-EDAB38AD6310 (http://www.microsoft.com/downloads/details.aspx?FamilyId=3DF54B5C-CB82-4A99-9B90-EDAB38AD6310) Microsoft Project 2002 Service Pack 1 : http://www.microsoft.com/downloads/details.aspx?FamilyId=419191DC-01B8-4E2A-BA5B-71BF3066C169 (http://www.microsoft.com/downloads/details.aspx?FamilyId=419191DC-01B8-4E2A-BA5B-71BF3066C169) Microsoft Visio 2002 Service Pack 2 : http://www.microsoft.com/downloads/details.aspx?FamilyId=F50A5111-0926-4221-96DF-18294230ED1E (http://www.microsoft.com/downloads/details.aspx?FamilyId=F50A5111-0926-4221-96DF-18294230ED1E) Microsoft Office 2004 for Mac : http://www.microsoft.com/mac/ (http://www.microsoft.com/mac/) Refer to Micrsoft Security Bulletin MS07-015 (http://www.microsoft.com/technet/security/bulletin/MS07-015.mspx) for further details.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: %ProgramFiles%\Common Files\Microsoft Shared\Office11\mso.dll version is 11.0.6360.0 .

5 Microsoft Word Remote Code Execution Vulnerability (MS07-014) CVSS: - Active QID: 110052 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 7.7 CVE ID: CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, CVE-2007-0208, CVE-2007-0209, CVE-2007-0515 Vendor Reference: MS07-014 Bugtraq ID: 22225

10.10.10.220 Confirmed 4/5/Patchable page 48 Service Modified: 06/04/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office 2000 Service Pack 3 (Microsoft Word 2000 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=F1E61E6A-BE3D-4536-AF76-A11D5CE67199 (http://www.microsoft.com/downloads/details.aspx?FamilyId=F1E61E6A-BE3D-4536-AF76-A11D5CE67199) Microsoft Office XP Service Pack 3 (Microsoft Word 2002 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=A1CA8DD7-0622-4D66-A85F-A6586545EF9D (http://www.microsoft.com/downloads/details.aspx?FamilyId=A1CA8DD7-0622-4D66-A85F-A6586545EF9D) Microsoft Office 2003 Service Pack 2 (Microsoft Word 2003 ):http://www.microsoft.com/downloads/details.aspx?FamilyID=882F8503-DA72-43C9-B556-A002EC58F289 (http://www.microsoft.com/downloads/details.aspx?FamilyID=882F8503-DA72-43C9-B556-A002EC58F289) Microsoft Office 2003 Service Pack 2 (Microsoft Word Viewer 2003 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=FB59798B-AFE2-4103-9991-CBDD7686F9AD (http://www.microsoft.com/downloads/details.aspx?FamilyId=FB59798B-AFE2-4103-9991-CBDD7686F9AD) Microsoft Works Suites (Microsoft Works Suite 2004 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=A1CA8DD7-0622-4D66-A85F-A6586545EF9D (http://www.microsoft.com/downloads/details.aspx?FamilyId=A1CA8DD7-0622-4D66-A85F-A6586545EF9D) Microsoft Works Suites (Microsoft Works Suite 2005 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=A1CA8DD7-0622-4D66-A85F-A6586545EF9D (http://www.microsoft.com/downloads/details.aspx?FamilyId=A1CA8DD7-0622-4D66-A85F-A6586545EF9D) Microsoft Works Suites (Microsoft Works Suite 2006 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=A1CA8DD7-0622-4D66-A85F-A6586545EF9D (http://www.microsoft.com/downloads/details.aspx?FamilyId=A1CA8DD7-0622-4D66-A85F-A6586545EF9D) Microsoft Office 2004 for Mac : http://www.microsoft.com/mac/ (http://www.microsoft.com/mac/) Refer to Micrsoft Security Bulletin MS07-014 (http://www.microsoft.com/technet/security/bulletin/MS07-014.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1000887: Microsoft Word Code Execution Vulnerability Virtual Patch #1001233: Microsoft Word Code Execution Vulnerability. Virtual Patch #1000933: Microsoft Word 2000 Unspecified Code Execution Virtual Patch #1001227: Microsoft Word 2000 Unspecified Code Execution.

EXPLOITABILITY: Core Security Reference: CVE-2006-6561 Description: Microsoft Word MS07-014 Exploit - Core Security Category : Exploits/Client Side

The Exploit-DB Reference: CVE-2006-6561 Description: Microsoft Word Document (malformed pointer) Proof of Concept - The Exploit-DB Ref : 2922 Link: http://www.exploit-db.com/exploits/2922

RESULTS: C:\Program Files\Microsoft Office\OFFICE11\\WINWORD.exe version is 11.0.6502.0 .

5 Microsoft Word Malformed String Vulnerability (MS07-014) CVSS: - Active

10.10.10.220 Confirmed 4/5/Patchable page 49 QID: 110048 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 6.9 CVE ID: CVE-2006-5994 Vendor Reference: MS07-014 Bugtraq ID: 21451 Service Modified: 06/09/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Refer to Microsoft Security Bulletin MS07-014 (http://www.microsoft.com/technet/security/Bulletin/MS07-014.mspx) for further details on this issue and patch instructions.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: C:\Program Files\Microsoft Office\OFFICE11\\WINWORD.exe version is 11.0.6502.0 .

5 Microsoft Excel Could Allow Remote Code Execution (MS07-044) CVSS: - Active QID: 110063 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 6.9 CVE ID: CVE-2007-3890 Vendor Reference: MS07-044 Bugtraq ID: - Service Modified: 06/10/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office 2000 Service Pack 3 (Microsoft Excel 2000 Service Pack 3):http://www.microsoft.com/downloads/details.aspx?FamilyId=082B98F7-9556-4F1F-823A-C41DDF5A7C9A (http://www.microsoft.com/downloads/details.aspx?FamilyId=082B98F7-9556-4F1F-823A-C41DDF5A7C9A) Microsoft Office XP Service Pack 3 (Microsoft Excel 2002 Service Pack 3):http://www.microsoft.com/downloads/details.aspx?FamilyId=91308769-2577-4F9F-8209-06F2C8C8A86F (http://www.microsoft.com/downloads/details.aspx?FamilyId=91308769-2577-4F9F-8209-06F2C8C8A86F) Microsoft Office 2003 Service Pack 2 (Microsoft Excel 2003 Service Pack 2):http://www.microsoft.com/downloads/details.aspx?FamilyId=B0130E9E-8845-4D79-AAA1-A21CC9388ABE (http://www.microsoft.com/downloads/details.aspx?FamilyId=B0130E9E-8845-4D79-AAA1-A21CC9388ABE)

10.10.10.220 Confirmed 4/5/Patchable page 50 Microsoft Office 2003 Service Pack 2 (Microsoft Excel Viewer 2003):http://www.microsoft.com/downloads/details.aspx?FamilyId=C4A87572-3128-44F7-8069-95535A78500A (http://www.microsoft.com/downloads/details.aspx?FamilyId=C4A87572-3128-44F7-8069-95535A78500A) Microsoft Office 2004 for Mac (Microsoft Office 2004 for Mac):http://www.microsoft.com/mac/downloads.aspx#Office2004 (http://www.microsoft.com/mac/downloads.aspx#Office2004) Refer to Micrsoft Security Bulletin MS07-044 (http://www.microsoft.com/technet/security/bulletin/MS07-044.mspx) for further details.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: C:\Program Files\Microsoft Office\OFFICE11\\EXCEL.exe found C:\Program Files\Microsoft Office\OFFICE11\\EXCEL.exe version is 11.0.6355.0 . C:\Program Files\Microsoft Office\OFFICE11\\EXCEL.exe version is 11.0.6355.0 . C:\Program Files\Microsoft Office\OFFICE11\\EXCEL.exe version is 11.0.6355.0 . C:\Program Files\Microsoft Office\OFFICE11\\EXCEL.exe version is 11.0.6355.0 .

5 Microsoft Excel Could Allow Remote Code Execution Vulnerabilities (MS07-036) CVSS: - Active QID: 110062 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 6.9 CVE ID: CVE-2007-1756, CVE-2007-3029, CVE-2007-3030 Vendor Reference: MS07-036 Bugtraq ID: 24801, 22555, 24803 Service Modified: 06/10/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office 2000 Service Pack 3 (Microsoft Excel 2000 Service Pack 3):http://www.microsoft.com/downloads/details.aspx?FamilyId=83D94D8E-DDA6-4D74-B40D-476C2F0A3AF4 (http://www.microsoft.com/downloads/details.aspx?FamilyId=83D94D8E-DDA6-4D74-B40D-476C2F0A3AF4) Microsoft Office XP Service Pack 3 (Microsoft Excel 2002 Service Pack 3):http://www.microsoft.com/downloads/details.aspx?FamilyId=5E09D13B-D4B0-48FD-9880-73C180570267 (http://www.microsoft.com/downloads/details.aspx?FamilyId=5E09D13B-D4B0-48FD-9880-73C180570267) Microsoft Office 2003 Service Pack 2 (Microsoft Excel 2003 Service Pack 2):http://www.microsoft.com/downloads/details.aspx?FamilyId=9D93C0CE-5124-4234-BA84-3C27005E010F (http://www.microsoft.com/downloads/details.aspx?FamilyId=9D93C0CE-5124-4234-BA84-3C27005E010F) Microsoft Office 2003 Service Pack 2 (Microsoft Excel 2003 Viewer):http://www.microsoft.com/downloads/details.aspx?FamilyId=11F42977-8828-494A-A183-D1ABA827B708 (http://www.microsoft.com/downloads/details.aspx?FamilyId=11F42977-8828-494A-A183-D1ABA827B708) Microsoft Office 2004 for Mac (Microsoft Office 2004 for Mac):http://www.microsoft.com/mac/downloads.aspx?pid=download&location=/mac/down load/Office2004/Office2004_1136.xml&secid=4&ssid=35&flgnosysreq=True (http://www.microsoft.com/mac/downloads.aspx?pid=download&location=/mac/download /Office2004/Office2004_1136.xml&secid=4&ssid=35&flgnosysreq=True) 2007 Microsoft Office System (Microsoft Office Excel 2007):http://www.microsoft.com/downloads/details.aspx?FamilyId=9AB28283-0320-4527-B033-5E80EF32CD34 (http://www.microsoft.com/downloads/details.aspx?FamilyId=9AB28283-0320-4527-B033-5E80EF32CD34) Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats: http://www.microsoft.com/downloads/details.aspx?FamilyId=E592AE5B-09AC-4F5B-B457-A54C9850AD4A (http://www.microsoft.com/downloads/details.aspx?FamilyId=E592AE5B-09AC-4F5B-B457-A54C9850AD4A) Refer to Micrsoft Security Bulletin MS07-036 (http://www.microsoft.com/technet/security/bulletin/MS07-036.mspx) for further details.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: 10.10.10.220 Confirmed 4/5/Patchable page 51 C:\Program Files\Microsoft Office\OFFICE11\\EXCEL.exe version is 11.0.6355.0 .

5 Microsoft Word Remote Code Execution Vulnerability (MS08-009) CVSS: - Active QID: 110070 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 7.7 CVE ID: CVE-2008-0109 Vendor Reference: MS08-009 Bugtraq ID: - Service Modified: 02/13/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office 2000 Service Pack 3 (Microsoft Word 2000 Service Pack 3):http://www.microsoft.com/downloads/details.aspx?FamilyId=A513069B-8244-48E9-B136-01DDD3862802 (http://www.microsoft.com/downloads/details.aspx?FamilyId=A513069B-8244-48E9-B136-01DDD3862802) Microsoft Office XP Service Pack 3 (Microsoft Word 2002 Service Pack 3):http://www.microsoft.com/downloads/details.aspx?FamilyId=78C338AA-E410-4422-9E36-562F70D742E9 (http://www.microsoft.com/downloads/details.aspx?FamilyId=78C338AA-E410-4422-9E36-562F70D742E9) Microsoft Office 2003 Service Pack 2 (Microsoft Word 2003 Service Pack 2):http://www.microsoft.com/downloads/details.aspx?FamilyId=85CB1AA5-211F-4652-827B-2E79B8FFC2FC (http://www.microsoft.com/downloads/details.aspx?FamilyId=85CB1AA5-211F-4652-827B-2E79B8FFC2FC) Microsoft Office Word Viewer 2003: http://www.microsoft.com/downloads/details.aspx?FamilyId=FD4DDECD-ABD6-4783-B300-32B9D4BAD22A (http://www.microsoft.com/downloads/details.aspx?FamilyId=FD4DDECD-ABD6-4783-B300-32B9D4BAD22A) Refer to Micrsoft Security Bulletin MS08-009 (http://www.microsoft.com/technet/security/bulletin/MS08-009.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1001769: Microsoft Word File Handling Memory Corruption

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: C:\Program Files\Microsoft Office\OFFICE11\\WINWORD.exe version is 11.0.6502.0 . C:\Program Files\Microsoft Office\OFFICE11\\WINWORD.exe version is 11.0.6502.0 . C:\Program Files\Microsoft Office\OFFICE11\\WINWORD.exe version is 11.0.6502.0 .

5 Microsoft Office 2003 SP3 Not Installed CVSS: - Active QID: 110064 CVSS Base: 7.5 [1] Category: Office Application CVSS Temporal: 5.5 CVE ID: - Vendor Reference: Office 2003 SP3 Bugtraq ID: - Service Modified: 12/16/2009 User Modified: - Edited: No

10.10.10.220 Confirmed 4/5/Patchable page 52 PCI Vuln: Yes

SOLUTION: For more information, read Microsoft Knowledge Base Article 923618 (http://support.microsoft.com/default.aspx?kbid=923618).

It's recommended that you run Microsoft Office Update to install the latest critical updates. You can run Office Update from http://officeupdate.microsoft.com (http://officeupdate.microsoft.com).

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: C:\Program Files\Microsoft Office\OFFICE11\\EXCEL.exe version is 11.0.6355.0 . C:\Program Files\Microsoft Office\OFFICE11\\WINWORD.exe version is 11.0.6502.0 . C:\Program Files\Microsoft Office\OFFICE11\\OUTLOOK.exe version is 11.0.8000.0 . C:\Program Files\Microsoft Office\OFFICE11\\POWERPNT.exe version is 11.0.6361.0 .

5 Microsoft Excel Could Allow Remote Code Execution (MS08-014) CVSS: - Active QID: 110074 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 7.7 CVE ID: CVE-2008-0111, CVE-2008-0112, CVE-2008-0114, CVE-2008-0115, CVE-2008-0116, CVE-2008-0117, CVE-2008-0081 Vendor Reference: MS08-014 Bugtraq ID: 28095, 28094 Service Modified: 07/08/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office 2000 Service Pack 3 (Excel 2000 Service Pack 3):http://www.microsoft.com/downloads/details.aspx?FamilyId=f7f90c30-1bfd-406b-a77f-612443e30185 (http://www.microsoft.com/downloads/details.aspx?FamilyId=f7f90c30-1bfd-406b-a77f-612443e30185) Microsoft Office XP Service Pack 3 (Excel 2002 Service Pack 3):http://www.microsoft.com/downloads/details.aspx?FamilyId=907f96d5-d1e9-4471-b41c-3ac811e63038 (http://www.microsoft.com/downloads/details.aspx?FamilyId=907f96d5-d1e9-4471-b41c-3ac811e63038) Microsoft Office 2003 Service Pack 2 (Excel 2003 Service Pack 2):http://www.microsoft.com/downloads/details.aspx?FamilyId=296e5f2c-f594-41c8-a20a-3e4c40ae3948 (http://www.microsoft.com/downloads/details.aspx?FamilyId=296e5f2c-f594-41c8-a20a-3e4c40ae3948) 2007 Microsoft Office System (Excel 2007):http://www.microsoft.com/downloads/details.aspx?FamilyId=e7634cb5-9531-4284-9554-4168fc488e0c (http://www.microsoft.com/downloads/details.aspx?FamilyId=e7634cb5-9531-4284-9554-4168fc488e0c) Microsoft Office Excel Viewer 2003:

10.10.10.220 Confirmed 4/5/Patchable page 53 http://www.microsoft.com/downloads/details.aspx?FamilyId=280bb2ac-b21a-46b5-8751-5a50fbebf107 (http://www.microsoft.com/downloads/details.aspx?FamilyId=280bb2ac-b21a-46b5-8751-5a50fbebf107) Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats: http://www.microsoft.com/downloads/details.aspx?FamilyId=e9251d71-9098-4125-ae91-7d4c83ea58ad (http://www.microsoft.com/downloads/details.aspx?FamilyId=e9251d71-9098-4125-ae91-7d4c83ea58ad) Microsoft Office 2004 for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyId=95DCEB37-B35F-46DB-B280-DB0F3B298AA9 (http://www.microsoft.com/downloads/details.aspx?FamilyId=95DCEB37-B35F-46DB-B280-DB0F3B298AA9) Microsoft Office 2008 for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyId=8FE8C32A-6D7A-482B-97C6-42562F089EE4 (http://www.microsoft.com/downloads/details.aspx?FamilyId=8FE8C32A-6D7A-482B-97C6-42562F089EE4) Refer to Microsoft Security Bulletin MS08-014 (http://www.microsoft.com/technet/security/bulletin/MS08-014.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1002101: Microsoft Excel File Handling Code Execution Virtual Patch #1001938: Microsoft Excel Data Validation Record Vulnerability Virtual Patch #1002049: Microsoft Excel File Importing Code Execution Virtual Patch #1001937: Microsoft Excel Conditional Formatting Vulnerability

EXPLOITABILITY: Core Security Reference: CVE-2008-0081 Description: Microsoft Excel Macro Validation Exploit (MS08-014) - Core Security Category : Exploits/Client Side

RESULTS: Excel 2003 C:\Program Files\Microsoft Office\OFFICE11\\EXCEL.exe version is 11.0.6355.0 . C:\Program Files\Microsoft Office\OFFICE11\\EXCEL.exe version is 11.0.6355.0 . C:\Program Files\Microsoft Office\OFFICE11\\EXCEL.exe version is 11.0.6355.0 .

5 Microsoft Excel Header Parsing Remote Code Execution (MS08-014 and KB947563) CVSS: - Active QID: 110067 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 7.7 CVE ID: CVE-2008-0081 Vendor Reference: MS08-014, KB947563 Bugtraq ID: 27305 Service Modified: 07/08/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Refer to Microsoft Security Bulletin MS08-014 (http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx) for further details and patches.

Microsoft has rated this vulnerability as Critical.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1002101: Microsoft Excel File Handling Code Execution

10.10.10.220 Confirmed 4/5/Patchable page 54 EXPLOITABILITY: Core Security Reference: CVE-2008-0081 Description: Microsoft Excel Macro Validation Exploit (MS08-014) - Core Security Category : Exploits/Client Side

5 Microsoft Works File Converter Remote Code Execution Vulnerabilities (MS08-011) CVSS: - Active QID: 110071 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 7.3 CVE ID: CVE-2007-0216, CVE-2008-0105, CVE-2008-0108 Vendor Reference: MS08-011 Bugtraq ID: - Service Modified: 02/13/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office 2003 Service Pack 2 (Microsoft Works 6 File Converter):http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C3FE-FB85-43D9-BBC3-0B30D3A20286 (http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C3FE-FB85-43D9-BBC3-0B30D3A20286) Microsoft Office 2003 Service Pack 3 (Microsoft Works 6 File Converter):http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C3FE-FB85-43D9-BBC3-0B30D3A20286 (http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C3FE-FB85-43D9-BBC3-0B30D3A20286) Microsoft Works 8.0 (Microsoft Works 6 File Converter):http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C3FE-FB85-43D9-BBC3-0B30D3A20286 (http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C3FE-FB85-43D9-BBC3-0B30D3A20286) Microsoft Works Suite 2005 (Microsoft Works 6 File Converter):http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C3FE-FB85-43D9-BBC3-0B30D3A20286 (http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C3FE-FB85-43D9-BBC3-0B30D3A20286) Refer to Micrsoft Security Bulletin MS08-011 (http://www.microsoft.com/technet/security/bulletin/MS08-011.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1001688: Microsoft Works File Converter TEXT Section Stack Overflow Virtual Patch #1001770: Microsoft Works File Converter Field Length Stack Overflow

EXPLOITABILITY: Core Security Reference: CVE-2007-0216 Description: Microsoft Works File Parsing WPS Buffer Overflow Exploit - Core Security Category : Exploits/Client Side

RESULTS: %ProgramFiles%\Common Files\Microsoft Shared\Office11\mso.dll found %ProgramFiles%\Common Files\Microsoft Shared\TextConv\works632.cnv version is 7.3.616.0 .

10.10.10.220 Confirmed 4/5/Patchable page 55 5 Microsoft Media Decompression Remote Code Execution Vulnerability (MS10-033) CVSS: - Active QID: 90606 CVSS Base: 9.3 Category: Windows CVSS Temporal: 6.9 CVE ID: CVE-2010-1879, CVE-2010-1880 Vendor Reference: MS10-033 Bugtraq ID: 40464, 40432 Service Modified: 07/01/2010 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (Quartz.dll (DirectShow) (DirectX 9)) (http://www.microsoft.com/downloads/details.aspx?familyid=A51C53BD-F9C1-4D53-8ED2-034FD57BC75A)

Microsoft Windows 2000 Service Pack 4 (Windows Media Format Runtime 9) (http://www.microsoft.com/downloads/details.aspx?familyid=8417C0AC-BB6D-48F1-8237-77A4BDD8CCB2)

Microsoft Windows 2000 Service Pack 4 (Windows Media Encoder 9 x86) (http://www.microsoft.com/downloads/details.aspx?familyid=5B5398C1-5B30-4162-95B6-948D9BE103BF)

Microsoft Windows 2000 Service Pack 4 (Asycfilt.dll (COM component)) (http://www.microsoft.com/downloads/details.aspx?familyid=1F929739-08A1-4FAF-9CCF-5F1F43C5BB9E)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (Quartz.dll (DirectShow)) (http://www.microsoft.com/downloads/details.aspx?familyid=E77D5AF8-E8E0-425C-A809-4CF274E17CC5)

Windows XP Service Pack 2 (Windows Media Format Runtime 9, Windows Media Format Runtime 9.5 and Windows Media Format Runtime 11) (http://www.microsoft.com/downloads/details.aspx?familyid=BF8B9B46-BA28-4F48-9DAC-6A90B7D592D3)

Windows XP Service Pack 3 (Windows Media Format Runtime 9, Windows Media Format Runtime 9.5 and Windows Media Format Runtime 11) (http://www.microsoft.com/downloads/details.aspx?familyid=EBBCCD82-C637-4C88-86EA-D39AE713C085)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (Windows Media Encoder 9 x86) (http://www.microsoft.com/downloads/details.aspx?familyid=5B5398C1-5B30-4162-95B6-948D9BE103BF)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (Asycfilt.dll (COM component)) (http://www.microsoft.com/downloads/details.aspx?familyid=55C05CB8-AA6C-460B-9AA7-084842DAB280)

Windows XP Professional x64 Edition Service Pack 2 (Quartz.dll (DirectShow)) (http://www.microsoft.com/downloads/details.aspx?familyid=7914FDAE-9A7A-4A10-8CE7-C621EB903452)

Windows XP Professional x64 Edition Service Pack 2 (Windows Media Format Runtime 9.5) (http://www.microsoft.com/downloads/details.aspx?familyid=B56839E3-E7D3-48DA-B90C-D403D8DBEED2)

Windows XP Professional x64 Edition Service Pack 2 (Windows Media Format Runtime 9.5 x64 Edition[3]) (http://www.microsoft.com/downloads/details.aspx?familyid=80006082-55F2-4857-9D2C-276C758B5555)

10.10.10.220 Confirmed 4/5/Patchable page 56 Windows XP Professional x64 Edition Service Pack 2 (Windows Media Format Runtime 11) (http://www.microsoft.com/downloads/details.aspx?familyid=D2887448-9D3C-472F-A0BD-AB083A65EAFC)

Windows XP Professional x64 Edition Service Pack 2 (Windows Media Encoder 9 x86) (http://www.microsoft.com/downloads/details.aspx?familyid=94C654F0-F70F-4FBD-84DE-797BE20FC3B9)

For a complete list of patch download links, please refer to Microsoft Security Bulletin MS10-033 (http://www.microsoft.com/technet/security/bulletin/MS10-033.mspx).

Workaround: 1) Disable decoding of MJPEG content in Quartz.dll on Microsoft Windows 2000, Windows XP, and Windows Server 2003.

Impact of workaround #1: Disabling the decoding of MJPEG content will prevent playback.

2) Modify the Access Control List for Windows Media Format Runtime (wmvcore.dll).

Further information on applying the workarounds can be found in Microsoft Security Bulletin MS10-033 (http://www.microsoft.com/technet/security/bulletin/MS10-033.mspx).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1004223: Media Decompression Vulnerability Virtual Patch #1004217: MJPEG Media Decompression Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB979482 is missing %windir%\system32\Asycfilt.dll Version is 5.2.3790.0

5 EOL/Obsolete Operating System : Microsoft Windows Server 2003 RTM Detected CVSS: - Active QID: 105339 CVSS Base: 10 [1] Category: Security Policy CVSS Temporal: 7.4 CVE ID: - Vendor Reference: KB889100 Bugtraq ID: - Service Modified: 06/22/2010 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Update to the latest service pack. Refer to KB889100 (http://support.microsoft.com/kb/889100) for information on obtaining the latest service pack for Windows Server 2003.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS:

10.10.10.220 Confirmed 4/5/Patchable page 57 Windows Server 2003 RTM (SP0) detected

5 Vulnerability in Microsoft Word Could Allow Remote Code Execution (MS06-027) CVSS: - Active QID: 90312 CVSS Base: 7.6 Category: Windows CVSS Temporal: 6.6 CVE ID: CVE-2006-2492 Vendor Reference: MS06-027 Bugtraq ID: 18037 Service Modified: 06/09/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office 2000 Service Pack 3 (Microsoft Word 2000 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=507D97B5-8B20-41B2-AE8B-27F2BF5198CD (http://www.microsoft.com/downloads/details.aspx?FamilyId=507D97B5-8B20-41B2-AE8B-27F2BF5198CD) Microsoft Office XP Service Pack 3 (Microsoft Word 2002 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C (http://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C) Microsoft Office 2003 Service Pack 1 or Service Pack 2 (Microsoft Word 2003 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=ADEA09B4-481A-4908-8B77-0630AC679CAC (http://www.microsoft.com/downloads/details.aspx?FamilyId=ADEA09B4-481A-4908-8B77-0630AC679CAC) Microsoft Office 2003 Service Pack 1 or Service Pack 2 (Microsoft Word Viewer 2003 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=6089B843-61FF-469F-A38B-BD4FFEFF0552 (http://www.microsoft.com/downloads/details.aspx?FamilyId=6089B843-61FF-469F-A38B-BD4FFEFF0552) Microsoft Works Suites (Microsoft Works Suite 2000 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=507D97B5-8B20-41B2-AE8B-27F2BF5198CD (http://www.microsoft.com/downloads/details.aspx?FamilyId=507D97B5-8B20-41B2-AE8B-27F2BF5198CD) Microsoft Works Suites (Microsoft Works Suite 2001 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=507D97B5-8B20-41B2-AE8B-27F2BF5198CD (http://www.microsoft.com/downloads/details.aspx?FamilyId=507D97B5-8B20-41B2-AE8B-27F2BF5198CD) Microsoft Works Suites (Microsoft Works Suite 2002 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C (http://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C) Microsoft Works Suites (Microsoft Works Suite 2003 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C (http://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C) Microsoft Works Suites (Microsoft Works Suite 2004 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C (http://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C) Microsoft Works Suites (Microsoft Works Suite 2005 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C (http://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C) Microsoft Works Suites (Microsoft Works Suite 2006 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C (http://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C) Refer to Micrsoft Security Bulletin MS06-027 (http://www.microsoft.com/technet/security/bulletin/MS06-027.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1000468: Microsoft Word Malformed Object Pointer Remote Code Execution

EXPLOITABILITY: Core Security

10.10.10.220 Confirmed 4/5/Patchable page 58 Reference: CVE-2006-2492 Description: Microsoft Word Malformed Object Pointer Exploit (MS06-027) - Core Security Category : Exploits/Client Side

Immunity Reference: CVE-2006-2492 Description: smartag_word (MS06-027) - Immunity Ref : smartag_word Link: http://qualys.immunityinc.com/home/exploitpack/CANVAS/smartag_word/qualys_user

RESULTS: Word 2003 C:\Program Files\Microsoft Office\OFFICE11\\WinWord.exe version is 11.0.6502.0 .

5 Microsoft Word Remote Code Execution Vulnerability (MS08-026) CVSS: - Active QID: 110080 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 7.3 CVE ID: CVE-2008-1091, CVE-2008-1434 Vendor Reference: MS08-026 Bugtraq ID: 29104, 29105 Service Modified: 05/14/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office 2000 Service Pack 3 (Microsoft Word 2000 Service Pack 3):http://www.microsoft.com/downloads/details.aspx?FamilyId=9215ff71-38c0-416a-b89a-fe3474160f41 (http://www.microsoft.com/downloads/details.aspx?FamilyId=9215ff71-38c0-416a-b89a-fe3474160f41) Microsoft Office XP Service Pack 3 (Microsoft Word 2002 Service Pack 3):http://www.microsoft.com/downloads/details.aspx?FamilyId=b348a518-221e-4567-a797-999715a8b2ef (http://www.microsoft.com/downloads/details.aspx?FamilyId=b348a518-221e-4567-a797-999715a8b2ef) Microsoft Office 2003 Service Pack 2 (Microsoft Word 2003 Service Pack 2):http://www.microsoft.com/downloads/details.aspx?FamilyId=bc33d144-f917-47b8-961f-744ca847e14c (http://www.microsoft.com/downloads/details.aspx?FamilyId=bc33d144-f917-47b8-961f-744ca847e14c) Microsoft Office 2003 Service Pack 3 (Microsoft Word 2003 Service Pack 3):http://www.microsoft.com/downloads/details.aspx?FamilyId=bc33d144-f917-47b8-961f-744ca847e14c (http://www.microsoft.com/downloads/details.aspx?FamilyId=bc33d144-f917-47b8-961f-744ca847e14c) 2007 Microsoft Office System (Microsoft Word 2007):http://www.microsoft.com/downloads/details.aspx?FamilyId=071ceaa2-12e3-4401-9331-2a54a93e2550 (http://www.microsoft.com/downloads/details.aspx?FamilyId=071ceaa2-12e3-4401-9331-2a54a93e2550) Microsoft Outlook 2007: http://www.microsoft.com/downloads/details.aspx?FamilyId=071ceaa2-12e3-4401-9331-2a54a93e2550 (http://www.microsoft.com/downloads/details.aspx?FamilyId=071ceaa2-12e3-4401-9331-2a54a93e2550) 2007 Microsoft Office System Service Pack 1 (Microsoft Word 2007 Service Pack 1):http://www.microsoft.com/downloads/details.aspx?FamilyId=071ceaa2-12e3-4401-9331-2a54a93e2550 (http://www.microsoft.com/downloads/details.aspx?FamilyId=071ceaa2-12e3-4401-9331-2a54a93e2550) Microsoft Outlook 2007 Service Pack 1: http://www.microsoft.com/downloads/details.aspx?FamilyId=071ceaa2-12e3-4401-9331-2a54a93e2550 (http://www.microsoft.com/downloads/details.aspx?FamilyId=071ceaa2-12e3-4401-9331-2a54a93e2550) Microsoft Word Viewer 2003: http://www.microsoft.com/downloads/details.aspx?FamilyId=bce7ea31-2bf0-4930-aff9-837bcc82a682 (http://www.microsoft.com/downloads/details.aspx?FamilyId=bce7ea31-2bf0-4930-aff9-837bcc82a682) Microsoft Word Viewer 2003 Service Pack 3: http://www.microsoft.com/downloads/details.aspx?FamilyId=bce7ea31-2bf0-4930-aff9-837bcc82a682 (http://www.microsoft.com/downloads/details.aspx?FamilyId=bce7ea31-2bf0-4930-aff9-837bcc82a682)

10.10.10.220 Confirmed 4/5/Patchable page 59 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats: http://www.microsoft.com/downloads/details.aspx?FamilyId=2d718f37-c5d1-4e15-a7e1-5a15fedef52f (http://www.microsoft.com/downloads/details.aspx?FamilyId=2d718f37-c5d1-4e15-a7e1-5a15fedef52f) Microsoft Office 2004 for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyId=99F54471-CCF9-4D94-A882-A05ECD128ADC (http://www.microsoft.com/downloads/details.aspx?FamilyId=99F54471-CCF9-4D94-A882-A05ECD128ADC) For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS08-026 (http://www.microsoft.com/technet/security/bulletin/MS08-026.mspx).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1002497: Microsoft Word Object Parsing Vulnerability Virtual Patch #1002496: Microsoft Word Cascading Style Sheet (CSS) Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: C:\Program Files\Microsoft Office\OFFICE11\\WINWORD.exe version is 11.0.6502.0 . C:\Program Files\Microsoft Office\OFFICE11\\WINWORD.exe version is 11.0.6502.0 .

5 Microsoft Office PowerPoint Could Allow Remote Code Execution (MS09-017) CVSS: - Active QID: 110094 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 7.3 CVE ID: CVE-2009-0556, CVE-2009-0220, CVE-2009-0221, CVE-2009-0222, CVE-2009-0223, CVE-2009-0224, CVE-2009-0225, CVE-2009-0226, CVE-2009-0227, CVE-2009-1128, CVE-2009-1129, CVE-2009-1130, CVE-2009-1131, CVE-2009-1137 Vendor Reference: MS09-017 Bugtraq ID: 34351 Service Modified: 01/13/2010 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office 2000 Service Pack 3 (Microsoft Office PowerPoint 2000 Service Pack 3) (http://www.microsoft.com/downloads/details.aspx?familyid=f443312a-ac74-4ebc-a4ac-7a756aa67894)

Microsoft Office XP Service Pack 3 (Microsoft Office PowerPoint 2002 Service Pack 3) (http://www.microsoft.com/downloads/details.aspx?familyid=a24ec7ab-c1c7-4ddb-8b6e-107f1af67f49)

Microsoft Office 2003 Service Pack 3 (Microsoft Office PowerPoint 2003 Service Pack 3) (http://www.microsoft.com/downloads/details.aspx?familyid=ccfa978b-3340-40db-a45d-c880ba36b106)

2007 Microsoft Office System Service Pack 1 (Microsoft Office PowerPoint 2007 Service Pack 1) (http://www.microsoft.com/downloads/details.aspx?familyid=11f8380f-ffb6-4c22-a89c-3dc55d0f9834)

2007 Microsoft Office System Service Pack 2 (Microsoft Office PowerPoint 2007 Service Pack 2) (http://www.microsoft.com/downloads/details.aspx?familyid=11f8380f-ffb6-4c22-a89c-3dc55d0f9834)

PowerPoint Viewer 2003 (http://www.microsoft.com/downloads/details.aspx?familyid=6a57e6ed-bd24-406f-87bb-117391e083e0)

PowerPoint Viewer 2007 Service Pack 1 and PowerPoint Viewer 2007 Service Pack 2

10.10.10.220 Confirmed 4/5/Patchable page 60 (http://www.microsoft.com/downloads/details.aspx?familyid=141b8338-5c52-4326-a9e4-d2f2d8940d9c)

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 (http://www.microsoft.com/downloads/details.aspx?familyid=e1d3a4c3-538a-4f98-8d60-250803a80e2a)

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=e1d3a4c3-538a-4f98-8d60-250803a80e2a)

Refer to Microsoft Security Bulletin MS09-017 (http://www.microsoft.com/technet/security/bulletin/MS09-017.mspx) for further details.

Workarounds: Workaround for all CVE-IDs: Avoid opening Office files received from un-trusted sources.

Workarounds for CVE-2009-0221, CVE-2009-0224, CVE-2009-0556, CVE-2009-1130: 1) Use the Microsoft Office Isolated Conversion Environment (MOICE) when opening files from unknown or un-trusted sources because it protects Office 2003 installations by more securely opening Word, Excel, and PowerPoint binary format files.

Impact of workaround: Office 2003 and earlier formatted documents that are converted to the 2007 Microsoft Office System Open XML format by MOICE lose their macro functionality. Documents protected with passwords and Digital Rights Management cannot be converted.

2) Microsoft Office File Block policy should be used to block the opening of Office 2003 and earlier documents from unknown or untrusted sources.

Impact of workaround: If File Block policy is configured without special "exempt directory" configuration (see KB922848 (http://support.microsoft.com/kb/922848)), Office 2003 files or earlier versions will not open in Office 2003 or 2007 Microsoft Office System.

Workaround for CVE-2009-0220, CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, CVE-2009-1137: Restrict access to pp4x322.dll in Microsoft Office PowerPoint 2000 or Microsoft Office PowerPoint 2002

Impact of workaround: It will prevent PowerPoint 4.0 files from being opened

Workaround for CVE-2009-0225, CVE-2009-1128, CVE-2009-1129: Restrict access to pp7x32.dll in Microsoft Office PowerPoint 2000 or Microsoft Office PowerPoint 2002

Impact of workaround: It will prevent PowerPoint 95 files from being opened

Details on the workarounds can be found at MS09-017 (http://www.microsoft.com/technet/security/bulletin/MS09-017.mspx).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003491: Microsoft PowerPoint Integer Overflow Vulnerability Virtual Patch #1003490: Microsoft PowerPoint Memory Corruption Vulnerability Virtual Patch #1003417: Microsoft PowerPoint Unspecified Code Execution Vulnerability Virtual Patch #1003493: PowerPoint 7 Memory Corruption Vulnerability Virtual Patch #1003492: PP7 Memory Corruption Remote Code Execution Vulnerability Virtual Patch #1003494: Microsoft PowerPoint Heap Corruption Vulnerability Virtual Patch #1003496: Microsoft PowerPoint Data Out Of Bounds Vulnerability

EXPLOITABILITY: Core Security Reference: CVE-2009-1129 Description: Microsoft Office PowerPoint PPT 7 Memory Corruption Exploit (MS09-017) - Core Security Category : Exploits/Client Side

Reference: CVE-2009-0220 Description: Microsoft Office Powerpoint PPT 4 Importer Exploit (MS09-017) - Core Security Category : Exploits/Client Side

Reference: CVE-2009-1128 Description: Microsoft Office PowerPoint Sound Data Exploit (MS09-017) - Core Security Category : Exploits/Client Side

RESULTS: C:\Program Files\Microsoft Office\OFFICE11\\Powerpnt.exe version is 11.0.6361.0 .

5 Microsoft Office Project Could Allow Remote Code Execution (MS09-074) CVSS: - Active

10.10.10.220 Confirmed 4/5/Patchable page 61 QID: 110112 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 6.9 CVE ID: CVE-2009-0102 Vendor Reference: MS09-074 Bugtraq ID: 37211 Service Modified: 12/09/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Project 2000 Service Release 1 (http://www.microsoft.com/downloads/details.aspx?familyid=135c010a-55f4-4385-b67d-96ea06ef881a)

Microsoft Project 2002 Service Pack 1 (http://www.microsoft.com/downloads/details.aspx?familyid=c55ef8fe-8f66-42fc-a298-de6f8886b3e4)

Microsoft Office Project 2003 Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?familyid=2ea8ca39-f130-439a-92d5-77e9ef050105)

Refer to Microsoft Security Bulletin MS09-074 (http://www.microsoft.com/technet/security/bulletin/MS09-074.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003873: Microsoft Project Memory Validation Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: Project 2003 C:\Program Files\Microsoft Office\OFFICE11\\WINPROJ.exe found C:\Program Files\Microsoft Office\OFFICE11\\WINPROJ.exe version is 11.1.2004.1707 .

5 EOL/Obsolete Software : Microsoft Office 2003 Service Pack 1 (SP1) Detected CVSS: - Active QID: 105343 CVSS Base: 7.5 [1] Category: Security Policy CVSS Temporal: 5.5 CVE ID: - Vendor Reference: KB870924 Bugtraq ID: - Service Modified: 06/22/2010 User Modified: - Edited: No PCI Vuln: Yes

First Detected: 07/27/2011 at 19:27:53 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 25 CVSS Environment: Asset Group: - Collateral Damage Potential: -

10.10.10.220 Confirmed 4/5/Patchable page 62 Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: Update to the latest service pack. Refer to KB870924 (http://support.microsoft.com/kb/870924) for information on obtaining the latest service pack for Office 2003.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: Microsoft Office 2003 SP1 Detected

5 EOL/Obsolete Software: Microsoft Outlook 2003 Service Pack 2 (SP2) Detected CVSS: - Active QID: 105381 CVSS Base: 10 [1] Category: Security Policy CVSS Temporal: 7.4 CVE ID: - Vendor Reference: Outlook 2003 Life Cycle Support Bugtraq ID: - Service Modified: 01/10/2011 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Customer can update to the latest Outlook or update to the latest currently supported service pack. Please refer to Outlook Site. (http://office.microsoft.com/en-us/outlook/)

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: Microsoft Outlook 2003 Service Pack 2 Detected

5 Adobe Acrobat Reader Format String Vulnerability CVSS: - Active QID: 38385 CVSS Base: 10 Category: General remote services CVSS Temporal: 6.7 CVE ID: CVE-2004-1153 Vendor Reference: ADOBE-6-0-3 Bugtraq ID: 11923 Service Modified: 03/27/2008 User Modified: - Edited: No PCI Vuln: Yes

First Detected: 07/27/2011 at 19:27:53 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 25

10.10.10.220 Confirmed 4/5/Patchable page 63 CVSS Environment: Asset Group: - Collateral Damage Potential: - Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: Adobe released a patch to address this issue. Download the latest Adobe Acrobat Reader update from the Adobe Support Download site (http://www.adobe.com/support/downloads/main.html).

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Adobe\Acrobat Reader\6.0 exists HKLM\SOFTWARE\Adobe\Acrobat Reader\6.0\603Update is missing

5 EOL/Obsolete Software: Microsoft SQL Server 2000 SP0 through SP3a Detected CVSS: - Active

QID: 105374 CVSS Base: 10 [1] Category: Security Policy CVSS Temporal: 7.4 CVE ID: - Vendor Reference: SQL Server 2000 Lifecycle Support Bugtraq ID: - Service Modified: 01/14/2011 User Modified: - Edited: No PCI Vuln: No

SOLUTION: Update to the latest version of SQL Server.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe Version is 2000.80.818.0 C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlservr.exe Version is 2000.80.884.0

5 EOL/Obsolete Software: Microsoft Windows SharePoint Services 2.0 Detected CVSS: - Active QID: 105388 CVSS Base: 10 [1] Category: Security Policy CVSS Temporal: 7.4 CVE ID: - Vendor Reference: SharePoint Service 2.0 Life Cycle Support Bugtraq ID: - Service Modified: 01/10/2011 User Modified: - Edited: No PCI Vuln: Yes

10.10.10.220 Confirmed 4/5/Patchable page 64 First Detected: 07/27/2011 at 19:27:53 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 25 CVSS Environment: Asset Group: - Collateral Damage Potential: - Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: Update to SharePoint Service 3.0. Please refer to SharePoint Service Site. (http://technet.microsoft.com/en-us/windowsserver/sharepoint/bb400747)

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: SharePoint Services 2.0 Detected %programfiles%\Common Files\Microsoft Shared\web server extensions\60\ISAPI\Microsoft.SharePoint.dll found

5 Adobe Acrobat and Adobe Reader Remote Buffer Overflow Vulnerability CVSS: - Active QID: 38461 CVSS Base: 7.5 Category: General remote services CVSS Temporal: 6.2 CVE ID: CVE-2005-2470 Vendor Reference: Adobe Security Advisory Bugtraq ID: 14603 Service Modified: 01/11/2010 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Adobe has released updates to address this issue. Please install the latest version of the affected software.

Adobe Reader (Windows or Mac OS):Update to version 7.0.3 or 6.0.4.

Adobe Reader (Linux or Solaris):Update to version 7.0.1.

Adobe Acrobat (Windows or Mac OS):Update to version 7.0.3, 6.0.4, or 5.0.10.

The update is available for download from the Adobe's Web site (http://www.adobe.com/support/downloads/).

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Adobe\Acrobat Reader\6.0 exists HKLM\SOFTWARE\Adobe\Acrobat Reader\6.0\604Update is missing

10.10.10.220 Confirmed 4/5/Patchable page 65 5 Mozilla Firefox, SeaMonkey and Thunderbird Security Advisory Feb 23, 2007 (MFSA 2007-01 to MFS CVSS: - Active A 2007-08)

QID: 115521 CVSS Base: 9.3 Category: Local CVSS Temporal: 7.3 CVE ID: CVE-2007-1092, CVE-2007-0775, CVE-2007-0776, CVE-2007-0777, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0008, CVE-2007-0780, CVE-2007-0800, CVE-2007-0006, CVE-2007-0981 Vendor Reference: MFSA 2007-02, MFSA 2007-01, MFSA 2007-03, MFSA 2007-04, MFSA 2007-05, MFSA 2007-06, MFSA 2007-07, MFSA 2007-08 Bugtraq ID: 22694, 22688, 22679 Service Modified: 11/19/2007 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Mozilla has released the following versions which fix these issues. Upgrade to the fixed or latest version as indicated below:

Firefox Version 1.5.0.10 (http://www.mozilla.com/firefox/) or later

Firefox2 Version 2.0.0.2 (http://www.mozilla.com/firefox/) or later

SeaMonkey Version 1.0.8 (http://www.mozilla.org/projects/seamonkey/) or later

Thunderbird Version 1.5.0.10 (http://www.mozilla.com/thunderbird/) or later

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1001046: Mozilla Firefox _cairo_pen_init Buffer Overflow Virtual Patch #1001107: Mozilla Firefox Popup Blocker Cross Zone Security Bypass Virtual Patch #1000971: Mozilla Firefox Location.Hostname DOM Property Cookie Theft Virtual Patch #1000957: Mozilla Firefox OnUnload + Document.write() Memory Corruption Vulnerability

EXPLOITABILITY: The Exploit-DB Reference: CVE-2007-0981 Description: Mozilla Firefox Link: http://www.exploit-db.com/exploits/3340

RESULTS: %ProgramFiles%\mozilla.org\SeaMonkey\seamonkey.exe found %ProgramFiles%\mozilla.org\SeaMonkey\seamonkey.exe Version is 1.0.0.0

5 Oracle Java SE Critical Patch Update - February 2011 CVSS: - Active QID: 118972 CVSS Base: 10

10.10.10.220 Confirmed 4/5/Patchable page 66 Category: Local CVSS Temporal: 7.8 CVE ID: CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4467, CVE-2010-4469, CVE-2010-4473, CVE-2010-4422, CVE-2010-4451, CVE-2010-4466, CVE-2010-4470, CVE-2010-4471, CVE-2010-4476, CVE-2010-4447, CVE-2010-4475, CVE-2010-4468, CVE-2010-4450, CVE-2010-4448, CVE-2010-4472, CVE-2010-4474 Vendor Reference: Oracle JAVA CPU FEB2011 Bugtraq ID: - Service Modified: 02/15/2011 User Modified: - Edited: No PCI Vuln: No

SOLUTION: The vendor released an update to resolve these issues. Refer to vendor advisory Oracle javacpufeb2011 (http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html) to obtain more details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1004621: 1004621 - Oracle Java 'Applet2ClassLoader' Class Unsigned Applet Remote Code Execution Vulnerability Virtual Patch #1004610: 1004610 - Oracle Java SE And Java For Business Remote Security Vulnerability (CVE-2010-4476)

EXPLOITABILITY: Core Security Reference: CVE-2010-4452 Description: Oracle Java Applet2ClassLoader Remote Code Execution Exploit - Core Security Category : Exploits/Client Side

Metasploit Reference: CVE-2010-4452 Description: Sun Java Applet2ClassLoader Remote Code Execution - Metasploit Ref : /modules/exploit/windows/browser/java_codebase_trust Link: http://www.metasploit.com/modules/exploit/windows/browser/java_codebase_trust

The Exploit-DB Reference: CVE-2010-4452 Description: Sun Java Applet2ClassLoader Remote Code Execution Exploit - The Exploit-DB Ref : 16990 Link: http://www.exploit-db.com/exploits/16990

ExploitKits Reference: CVE-2010-4452 Description: Sun Java Applet2ClassLoader Remote Code Execution Exploit

Link: http://contagiodump.blogspot.com/2010/06/overview-of-exploit-packs-update.html

RESULTS: C:\Program Files\Java\jre1.5.0_06\bin\client\jvm.dll found HKLM\Software\JavaSoft\Java Runtime Environment\1.5.0_06 Key found

5 Mozilla Firefox, SeaMonkey, Thunderbird Multiple Vulnerabilities (MFSA 2011-01 through MFSA 2011-10) CVSS: - Active QID: 119017 CVSS Base: 10 Category: Local CVSS Temporal: 7.4

10.10.10.220 Confirmed 4/5/Patchable page 67 CVE ID: CVE-2010-1585, CVE-2011-0051, CVE-2011-0053, CVE-2011-0054, CVE-2011-0055, CVE-2011-0056, CVE-2011-0057, CVE-2011-0058, CVE-2011-0059, CVE-2011-0061, CVE-2011-0062 Vendor Reference: mfsa2011-01, mfsa2011-02, mfsa2011-03, mfsa2011-04, mfsa2011-05, mfsa2011-06, mfsa2011-07, mfsa2011-08, mfsa2011-09, mfsa2011-10 Bugtraq ID: - Service Modified: 11/21/2011 User Modified: - Edited: No PCI Vuln: No

SOLUTION: The vendor has released advisories and updates to fix these vulnerabilities. Refer to the following Mozilla Foundation security advisories for further details: MFSA 2011-01 (http://www.mozilla.org/security/announce/2011/mfsa2011-01.html), MFSA 2011-02 (http://www.mozilla.org/security/announce/2011/mfsa2011-02.html), MFSA2011-03 (http://www.mozilla.org/security/announce/2011/mfsa2011-03.html), MFSA2011-04 (http://www.mozilla.org/security/announce/2011/mfsa2011-04.html), MFSA2011-05 (http://www.mozilla.org/security/announce/2011/mfsa2011-05.html), MFSA2011-06 (http://www.mozilla.org/security/announce/2011/mfsa2011-06.html), MFSA2011-07 (http://www.mozilla.org/security/announce/2011/mfsa2011-07.html), MFSA2011-08 (http://www.mozilla.org/security/announce/2011/mfsa2011-08.html), MFSA2011-09 (http://www.mozilla.org/security/announce/2011/mfsa2011-09.html) and MFSA2011-10 (http://www.mozilla.org/security/announce/2011/mfsa2011-10.html).

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: C:\Program Files\Mozilla Firefox\firefox.exe Version is 2.0.0.4

5 Oracle Java SE Critical Patch Update - June 2011 CVSS: - Active QID: 119319 CVSS Base: 10 Category: Local CVSS Temporal: 7.8 CVE ID: CVE-2011-0862, CVE-2011-0873, CVE-2011-0815, CVE-2011-0817, CVE-2011-0863, CVE-2011-0864, CVE-2011-0802, CVE-2011-0814, CVE-2011-0871, CVE-2011-0786, CVE-2011-0788, CVE-2011-0866, CVE-2011-0868, CVE-2011-0872, CVE-2011-0867, CVE-2011-0865, CVE-2011-0869 Vendor Reference: Oracle JAVA CPU JUN2011 Bugtraq ID: - Service Modified: 06/07/2011 User Modified: - Edited: No PCI Vuln: No

SOLUTION:

10.10.10.220 Confirmed 4/5/Patchable page 68 The vendor released an update to resolve these issues. Refer to vendor advisory Oracle javacpujun2011 (http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html) to obtain more details.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: C:\Program Files\Java\jre1.5.0_06\bin\client\jvm.dll found HKLM\Software\JavaSoft\Java Runtime Environment\1.5.0_06 Key found

5 Microsoft Windows Server 2003 Service Pack 1 Not Installed CVSS: - Active QID: 90237 CVSS Base: 7.5 [1] Category: Windows CVSS Temporal: 5.5 CVE ID: - Vendor Reference: KB824721 Bugtraq ID: 12972 Service Modified: 03/12/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Refer to the Windows Server 2003 Service Pack 1 (SP1) (http://www.microsoft.com/technet/prodtechnol/windowsserver2003/servicepack/default.mspx) page for more details about this service pack, including instructions for downloading and installing it.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion is missing HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP2\R2-In-band is missing HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion CSDVersion is missing. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion exists

5 Microsoft Windows HTML Converter HR Align Buffer Overflow Vulnerability (MS03-023) CVSS: - Active QID: 90192 CVSS Base: 7.5 Category: Windows CVSS Temporal: 6.5 CVE ID: CVE-2003-0469 Vendor Reference: MS03-023 Bugtraq ID: 8016 Service Modified: 03/17/2009 User Modified: - Edited: No PCI Vuln: Yes

10.10.10.220 Confirmed 4/5/Patchable page 69 Integrity Requirement: - Availability Requirement: -

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Windows 98 and Windows 98 Second Edition: http://www.microsoft.com/downloads/details.aspx?FamilyID=71ec81dd-9e86-4956-94f5-b6e020348569&DisplayLang=en (http://www.microsoft.com/downloads/details.aspx?FamilyID=71ec81dd-9e86-4956-94f5-b6e020348569&DisplayLang=en) Windows Me: http://windowsupdate.microsoft.com/ (http://windowsupdate.microsoft.com/) Windows NT Workstation 4.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=8849D376-D7C1-4040-BC83-FEA67AE57F5F&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=8849D376-D7C1-4040-BC83-FEA67AE57F5F&displaylang=en) Windows NT Server 4.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=8849D376-D7C1-4040-BC83-FEA67AE57F5F&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=8849D376-D7C1-4040-BC83-FEA67AE57F5F&displaylang=en) Windows NT Server 4.0, Terminal Server Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=A64F5EEF-A3F5-466C-94D0-5EBF6231A612&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=A64F5EEF-A3F5-466C-94D0-5EBF6231A612&displaylang=en) Windows 2000: http://www.microsoft.com/downloads/details.aspx?FamilyId=FF84E1A5-C90D-40F2-8CF5-23DA3AB296B4&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=FF84E1A5-C90D-40F2-8CF5-23DA3AB296B4&displaylang=en) Windows XP 32 bit Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=11CDD153-65EC-4851-886C-5A412438D6D4&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=11CDD153-65EC-4851-886C-5A412438D6D4&displaylang=en) Windows XP 64 bit Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=EE42EDF4-DEB2-450D-9F1A-90E41E908ECB&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=EE42EDF4-DEB2-450D-9F1A-90E41E908ECB&displaylang=en) Windows Server 2003 32 bit Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=1C9914AB-25F8-462E-ADC0-5AC6BD0116DE&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=1C9914AB-25F8-462E-ADC0-5AC6BD0116DE&displaylang=en) Windows Server 2003 64 bit Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=F9697DE0-488D-4CBA-996B-7ACEC50992CE&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=F9697DE0-488D-4CBA-996B-7ACEC50992CE&displaylang=en) Refer to Micrsoft Security Bulletin MS03-023 (http://www.microsoft.com/technet/security/bulletin/MS03-023.mspx) for further details.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

5 Microsoft ActiveX Authenticode Verification Bypass Vulnerability (MS03-041) CVSS: - Active QID: 90070 CVSS Base: 7.5 Category: Windows CVSS Temporal: 5 CVE ID: CVE-2003-0660 Vendor Reference: MS03-041 Bugtraq ID: 8830 Service Modified: 06/17/2009 User Modified: - Edited: No PCI Vuln: Yes

10.10.10.220 Confirmed 4/5/Patchable page 70 SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows NT Workstation 4.0, Service Pack 6a : http://www.microsoft.com/downloads/details.aspx?FamilyId=921466F5-BC40-4E8E-BB57-6B81B57C21B6&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=921466F5-BC40-4E8E-BB57-6B81B57C21B6&displaylang=en) Microsoft Windows NT Server 4.0, Service Pack 6a : http://www.microsoft.com/downloads/details.aspx?FamilyId=21F64FF0-9175-42BE-A8E4-BDC59A98BDF2&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=21F64FF0-9175-42BE-A8E4-BDC59A98BDF2&displaylang=en) Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6 : http://www.microsoft.com/downloads/details.aspx?FamilyId=C6688576-4682-4A30-BBD7-1817F2944890&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=C6688576-4682-4A30-BBD7-1817F2944890&displaylang=en) Microsoft Windows 2000, Service Pack 2 : http://www.microsoft.com/downloads/details.aspx?FamilyId=C862E049-58B2-4486-8D98-23183D7EE17D&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=C862E049-58B2-4486-8D98-23183D7EE17D&displaylang=en) Microsoft Windows 2000, Service Pack 3, Service Pack 4 : http://www.microsoft.com/downloads/details.aspx?FamilyId=90D27AEC-7D2A-45FD-B85A-E98E574338F1&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=90D27AEC-7D2A-45FD-B85A-E98E574338F1&displaylang=en) Microsoft Windows XP Gold, Service Pack 1 : http://www.microsoft.com/downloads/details.aspx?FamilyId=6CDF5303-D767-4D68-9BA7-055E93E87847&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=6CDF5303-D767-4D68-9BA7-055E93E87847&displaylang=en) Microsoft Windows XP 64 bit Edition : http://www.microsoft.com/downloads/details.aspx?FamilyId=D92EF2E8-C03A-43C0-B428-D76C4B669151&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=D92EF2E8-C03A-43C0-B428-D76C4B669151&displaylang=en) Microsoft Windows XP 64 bit Edition Version 2003 : http://www.microsoft.com/downloads/details.aspx?FamilyId=4DFF5AAB-FA62-4B81-9C08-5C9FCB905E11&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=4DFF5AAB-FA62-4B81-9C08-5C9FCB905E11&displaylang=en) Microsoft Windows Server 2003 : http://www.microsoft.com/downloads/details.aspx?FamilyId=135D8C00-7B4B-4C21-8EAA-D58814635E0D&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=135D8C00-7B4B-4C21-8EAA-D58814635E0D&displaylang=en) Microsoft Windows Server 2003 64 bit Edition : http://www.microsoft.com/downloads/details.aspx?FamilyId=4DFF5AAB-FA62-4B81-9C08-5C9FCB905E11&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=4DFF5AAB-FA62-4B81-9C08-5C9FCB905E11&displaylang=en) Refer to Microsoft Security Bulletin MS03-041 (http://www.microsoft.com/technet/security/bulletin/MS03-041.mspx) for further details.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

5 Microsoft Jet Database Engine Buffer Overflow Vulnerability (MS04-014) CVSS: - Active QID: 19089 CVSS Base: 7.5 Category: Database CVSS Temporal: 5 CVE ID: CVE-2004-0197 Vendor Reference: MS04-014 Bugtraq ID: - Service Modified: 06/17/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch:

10.10.10.220 Confirmed 4/5/Patchable page 71 Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows NT? Workstation 4.0 Service Pack 6a : http://www.microsoft.com/downloads/details.aspx?FamilyId=7678462A-52EC-48D5-9AEB-46EC4CC053C7&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=7678462A-52EC-48D5-9AEB-46EC4CC053C7&displaylang=en) Microsoft Windows NT Server 4.0 Service Pack 6a : http://www.microsoft.com/downloads/details.aspx?FamilyId=7678462A-52EC-48D5-9AEB-46EC4CC053C7&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=7678462A-52EC-48D5-9AEB-46EC4CC053C7&displaylang=en) Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 : http://www.microsoft.com/downloads/details.aspx?FamilyId=7678462A-52EC-48D5-9AEB-46EC4CC053C7&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=7678462A-52EC-48D5-9AEB-46EC4CC053C7&displaylang=en) Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, and Microsoft Windows 2000 Service Pack 4 : http://www.microsoft.com/downloads/details.aspx?FamilyId=5813346A-7EC2-4F57-A199-8375DA0AD816&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=5813346A-7EC2-4F57-A199-8375DA0AD816&displaylang=en) Microsoft Windows XP and Microsoft Windows XP Service Pack 1 : http://www.microsoft.com/downloads/details.aspx?FamilyId=EA17D1CB-075E-4B63-BC45-06EBBF41C6B5&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=EA17D1CB-075E-4B63-BC45-06EBBF41C6B5&displaylang=en) Microsoft Windows XP 64 Bit Edition Service Pack 1 : http://www.microsoft.com/downloads/details.aspx?FamilyId=B487610D-806C-4289-BE70-92F7D2337E17&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=B487610D-806C-4289-BE70-92F7D2337E17&displaylang=en) Microsoft Windows XP 64 Bit Edition Version 2003 : http://www.microsoft.com/downloads/details.aspx?FamilyId=E4E0EB80-7395-4C07-BC1D-B187DE541BC2&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=E4E0EB80-7395-4C07-BC1D-B187DE541BC2&displaylang=en) Microsoft Windows Server 2003 : http://www.microsoft.com/downloads/details.aspx?FamilyId=216D708B-3A55-4B50-8AD2-BFF06B668CBB&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=216D708B-3A55-4B50-8AD2-BFF06B668CBB&displaylang=en) Microsoft Windows Server 2003 64 Bit Edition : http://www.microsoft.com/downloads/details.aspx?FamilyId=E4E0EB80-7395-4C07-BC1D-B187DE541BC2&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=E4E0EB80-7395-4C07-BC1D-B187DE541BC2&displaylang=en) Refer to Microsoft Security Bulletin MS04-014 (http://www.microsoft.com/technet/security/bulletin/MS04-014.mspx) for further details.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Jet\4.0 exists HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion is missing HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP2\R2-In-band is missing HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion CSDVersion is missing. HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP1\KB837001 is missing %windir%\system32\Msjet40.dll Version is 4.0.6807.0

5 Microsoft XML Core Services Remote Code Execution Vulnerability (MS06-061) CVSS: - Active QID: 90356 CVSS Base: 7.5 Category: Windows CVSS Temporal: 5.5 CVE ID: CVE-2006-4685, CVE-2006-4686 Vendor Reference: MS06-061 Bugtraq ID: - Service Modified: 06/18/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Windows 2000 Service Pack 4 : http://www.microsoft.com/downloads/details.aspx?FamilyId=f9d16d74-1785-4c33-b1fc-df5258dd1089 (http://www.microsoft.com/downloads/details.aspx?FamilyId=f9d16d74-1785-4c33-b1fc-df5258dd1089)

10.10.10.220 Confirmed 4/5/Patchable page 72 Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows XP Service Pack 1 : http://www.microsoft.com/downloads/details.aspx?FamilyId=8a455c3b-213c-4395-87e9-9895f2b9a6ed (http://www.microsoft.com/downloads/details.aspx?FamilyId=8a455c3b-213c-4395-87e9-9895f2b9a6ed) Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows XP Service Pack 2 : http://www.microsoft.com/downloads/details.aspx?FamilyId=8a455c3b-213c-4395-87e9-9895f2b9a6ed (http://www.microsoft.com/downloads/details.aspx?FamilyId=8a455c3b-213c-4395-87e9-9895f2b9a6ed) Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows XP Professional x64 Edition : http://www.microsoft.com/downloads/details.aspx?FamilyId=5593333f-bcd5-4750-a23d-4f7fccda6493 (http://www.microsoft.com/downloads/details.aspx?FamilyId=5593333f-bcd5-4750-a23d-4f7fccda6493) Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003 : http://www.microsoft.com/downloads/details.aspx?FamilyId=09b77b2a-a4fd-46e2-af15-2385790c9ee7 (http://www.microsoft.com/downloads/details.aspx?FamilyId=09b77b2a-a4fd-46e2-af15-2385790c9ee7) Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003 Service Pack 1 : http://www.microsoft.com/downloads/details.aspx?FamilyId=09b77b2a-a4fd-46e2-af15-2385790c9ee7 (http://www.microsoft.com/downloads/details.aspx?FamilyId=09b77b2a-a4fd-46e2-af15-2385790c9ee7) Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003 for Itanium based Systems and Microsoft Windows Server 2003 with SP1 for Itanium based Systems : http://www.microsoft.com/downloads/details.aspx?FamilyId=31c88513-29df-475b-b9ae-a2f5c1f32a8c (http://www.microsoft.com/downloads/details.aspx?FamilyId=31c88513-29df-475b-b9ae-a2f5c1f32a8c) Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003 x64 Edition : http://www.microsoft.com/downloads/details.aspx?FamilyId=6183a9d2-89f5-4b25-be8b-090c6e050740 (http://www.microsoft.com/downloads/details.aspx?FamilyId=6183a9d2-89f5-4b25-be8b-090c6e050740) Microsoft Office 2003 Service Pack 1 or Service Pack 2 with Microsoft XML Core Services 5.0 Service Pack 1 : http://www.microsoft.com/downloads/details.aspx?FamilyId=8A37C111-D8E9-4C2E-9674-169B3331491C (http://www.microsoft.com/downloads/details.aspx?FamilyId=8A37C111-D8E9-4C2E-9674-169B3331491C) Refer to Microsoft Security Bulletin MS06-061 (http://www.microsoft.com/technet/security/bulletin/MS06-061.mspx) for further details.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion is missing %windir%\System32\msxml3.dll version is 8.50.2162.0 . %ProgramFiles%\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL version is 5.10.2925.0 . HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB936021\Filelist is missing HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB936021\Filelist is missing %windir%\System32\msxml6.dll is missing

5 Microsoft SQL Server 2000 Service Pack 4 Missing CVSS: - Active QID: 19124 CVSS Base: 7.5 [1] Category: Database CVSS Temporal: 5.5 CVE ID: - Vendor Reference: KB884525 Bugtraq ID: - Service Modified: 05/11/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Read Microsoft article KB290211 (http://support.microsoft.com/kb/290211) for details on obtaining the latest service pack..

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: %programfiles%\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe Version is 2000.80.818.0 %programfiles%\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlservr.exe Version is 2000.80.884.0

10.10.10.220 Confirmed 4/5/Patchable page 73 5 Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (MS09-029) CVSS: - Active QID: 90511 CVSS Base: 9.3 Category: Windows CVSS Temporal: 6.9 CVE ID: CVE-2009-0231, CVE-2009-0232 Vendor Reference: MS09-029 Bugtraq ID: - Service Modified: 09/04/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (http://www.microsoft.com/downloads/details.aspx?familyid=1efbbd95-cd72-43df-b1ce-7e2b0c0cb9e2)

Windows XP Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=6914167b-6961-480c-a4d4-808cd58a035b)

Windows XP Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?familyid=6914167b-6961-480c-a4d4-808cd58a035b)

Windows XP Professional x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=3b8b019e-e6d8-4ce2-8f1f-3a6399b252d1)

Windows Server 2003 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=018ef53d-f78e-4084-940d-7c86bf59d83c)

Windows Server 2003 x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=7f5fc902-f5d8-4a87-a73f-68632f9a0935)

Windows Server 2003 with SP2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=7df0fce2-543c-4e82-85e6-012bfc8bf130)

Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=c67d85c4-25c5-4821-8db9-91764888f893)

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=91f6ee68-0e39-4ec3-b4cd-45f05404e2fb)

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=5cdc3014-97b3-47b5-a6b7-cd0e12ec60e4)

Refer to Microsoft Security Bulletin MS09-029 (http://www.microsoft.com/technet/security/bulletin/MS09-029.mspx) for further details.

10.10.10.220 Confirmed 4/5/Patchable page 74 Workaround: 1) Disable support for parsing embedded fonts in Internet Explorer. This can be done using the Interactive Method, Group Policy or Using a Managed Deployment Script.

Impact of workaround. Web sites making use of embedded font technology will fail to display properly.

2) Deny Access to T2EMBED.DLL

Impact of workaround. Applications that rely on embedded font technology will fail to display properly.

For detailed steps on enabling and disabling the workarounds, please refer to Microsoft Security Bulletin MS09-029 (http://www.microsoft.com/technet/security/bulletin/MS09-029.mspx).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003623: Embedded OpenType Font Heap Overflow Vulnerability Virtual Patch #1003624: Embedded OpenType Font Integer Overflow Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB961371 is missing %windir%\system32\Fontsub.dll Version is 5.2.3790.426

5 Microsoft Windows Vector Markup Language Remote Code Execution Vulnerability (MS07-004) CVSS: - Active QID: 90377 CVSS Base: 9.3 Category: Windows CVSS Temporal: 7.7 CVE ID: CVE-2007-0024 Vendor Reference: MS07-004 Bugtraq ID: - Service Modified: 07/15/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows XP Service Pack 2 : http://www.microsoft.com/downloads/details.aspx?FamilyId=81FB6A72-AC8A-4B28-905F-A44691D69432 (http://www.microsoft.com/downloads/details.aspx?FamilyId=81FB6A72-AC8A-4B28-905F-A44691D69432) Microsoft Windows XP Professional x64 Edition : http://www.microsoft.com/downloads/details.aspx?FamilyId=D06FD167-4F3E-4A2C-B52C-7426DDAD6828 (http://www.microsoft.com/downloads/details.aspx?FamilyId=D06FD167-4F3E-4A2C-B52C-7426DDAD6828) Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 : http://www.microsoft.com/downloads/details.aspx?FamilyId=4FEE481F-DACE-4EAC-9AFE-BC28ADD70CC5 (http://www.microsoft.com/downloads/details.aspx?FamilyId=4FEE481F-DACE-4EAC-9AFE-BC28ADD70CC5) Microsoft Windows Server 2003 for Itanium based Systems and Microsoft Windows Server 2003 with SP1 for Itanium based Systems : http://www.microsoft.com/downloads/details.aspx?FamilyId=C517FB85-128E-43DB-A659-38AF32283716 (http://www.microsoft.com/downloads/details.aspx?FamilyId=C517FB85-128E-43DB-A659-38AF32283716)

10.10.10.220 Confirmed 4/5/Patchable page 75 Microsoft Windows Server 2003 x64 Edition : http://www.microsoft.com/downloads/details.aspx?FamilyId=FF4A1F24-C1E9-4223-965B-14C4793AAF96 (http://www.microsoft.com/downloads/details.aspx?FamilyId=FF4A1F24-C1E9-4223-965B-14C4793AAF96) Refer to Micrsoft Security Bulletin MS07-004 (http://www.microsoft.com/technet/security/bulletin/MS07-004.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1000905: Microsoft Internet Explorer VML Buffer Overflow Virtual Patch #1001268: Microsoft Outlook VML Buffer Overflow.

EXPLOITABILITY: Immunity Reference: CVE-2007-0024 Description: Microsoft Windows VML recolorinfo Bug - Immunity Ref : ms07_004 Link: http://qualys.immunityinc.com/home/exploitpack/CANVAS/ms07_004/qualys_user

ExploitKits Reference: CVE-2007-0024 Description: Vector Markup Language Vulnerability (IE)

Link: http://contagiodump.blogspot.com/2010/06/overview-of-exploit-packs-update.html

RESULTS: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion is missing HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP2\KB929969 is missing HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP0\KB929969 is missing %ProgramFiles%\Common Files\Microsoft Shared\VGX\Vgx.dll Version is 6.0.3790.593

5 Windows DNS RPC Interface Remote Code Execution Vulnerability (MS07-029) CVSS: - Active QID: 90394 CVSS Base: 10 Category: Windows CVSS Temporal: 8.3 CVE ID: CVE-2007-1748 Vendor Reference: MS07-029 Bugtraq ID: - Service Modified: 09/18/2007 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Server Service Pack 4 : http://www.microsoft.com/downloads/details.aspx?FamilyId=d9de0480-5fa9-4974-a82f-5d89056484c4 (http://www.microsoft.com/downloads/details.aspx?FamilyId=d9de0480-5fa9-4974-a82f-5d89056484c4) Microsoft Windows Server 2003 Service Pack 1 and Microsoft Windows Server 2003 Service Pack 2 : http://www.microsoft.com/downloads/details.aspx?FamilyId=dfb5eaca-788b-475c-9817-491f0b7cf295 (http://www.microsoft.com/downloads/details.aspx?FamilyId=dfb5eaca-788b-475c-9817-491f0b7cf295) Microsoft Windows Server 2003 with SP1 for Itanium based Systems and Microsoft Windows Server 2003 with SP2 for Itanium based Systems : http://www.microsoft.com/downloads/details.aspx?FamilyId=d4ce0aa8-46ac-446c-b1e3-ff76f1311610 (http://www.microsoft.com/downloads/details.aspx?FamilyId=d4ce0aa8-46ac-446c-b1e3-ff76f1311610) Microsoft Windows Server 2003 x64 Edition and Microsoft Windows Server 2003 x64 Edition Service Pack 2 : http://www.microsoft.com/downloads/details.aspx?FamilyId=e7a7b46b-775d-4912-8119-3ab9a95d775a

10.10.10.220 Confirmed 4/5/Patchable page 76 (http://www.microsoft.com/downloads/details.aspx?FamilyId=e7a7b46b-775d-4912-8119-3ab9a95d775a) Refer to Micrsoft Security Bulletin MS07-029 (http://www.microsoft.com/technet/security/bulletin/MS07-029.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1000986: Microsoft Windows DNS Server RPC Buffer Overflow Virtual Patch #1001925: Port Mapper Decoder DNS RPC Service

EXPLOITABILITY: Core Security Reference: CVE-2007-1748 Description: MSRPC DNS Server exploit - Core Security Category : Exploits/Remote

Immunity Reference: CVE-2007-1748 Description: Microsoft DNS Server RPC Interface Overflow - Immunity Ref : ms07_029 Link: http://qualys.immunityinc.com/home/exploitpack/CANVAS/ms07_029/qualys_user

Metasploit Reference: CVE-2007-1748 Description: Microsoft DNS RPC Service extractQuotedChar() Overflow (TCP) - Metasploit Ref : /modules/exploit/windows/dcerpc/ms07_029_msdns_zonename Link: http://www.metasploit.com/modules/exploit/windows/dcerpc/ms07_029_msdns_zonename

Reference: CVE-2007-1748 Description: Microsoft DNS RPC Service extractQuotedChar() Overflow (SMB) - Metasploit Ref : /modules/exploit/windows/smb/ms07_029_msdns_zonename Link: http://www.metasploit.com/modules/exploit/windows/smb/ms07_029_msdns_zonename

The Exploit-DB Reference: CVE-2007-1748 Description: MS Windows DNS RPC Remote Buffer Overflow Exploit (win2k SP4) - The Exploit-DB Ref : 3737 Link: http://www.exploit-db.com/exploits/3737

Reference: CVE-2007-1748 Description: MS Windows DNS DnssrvQuery Remote Stack Overflow Exploit - The Exploit-DB Ref : 3740 Link: http://www.exploit-db.com/exploits/3740

Reference: CVE-2007-1748 Description: Microsoft DNS RPC Service extractQuotedChar() Overflow (SMB) - The Exploit-DB Ref : 16366 Link: http://www.exploit-db.com/exploits/16366

Reference: CVE-2007-1748 Description: Microsoft DNS RPC Service extractQuotedChar() Overflow (TCP) - The Exploit-DB Ref : 16748 Link: http://www.exploit-db.com/exploits/16748

RESULTS: HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters exists HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB941672 is missing %windir%\system32\dns.exe File Version is 5.2.3790.0 %windir%\system32\dns.exe version is 5.2.3790.0 . HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP1\KB935966 is missing HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB935966 is missing %windir%\system32\dns.exe File Version is 5.2.3790.0 %windir%\system32\dns.exe File Version is 5.2.3790.0

5 Microsoft Exchange Multiple Remote Code Execution Vulnerabilities (MS07-026) CVSS: - Active QID: 90395 CVSS Base: 10 Category: Windows CVSS Temporal: 7 CVE ID: CVE-2007-0220, CVE-2007-0039, CVE-2007-0213, CVE-2007-0221 Vendor Reference: MS07-026

10.10.10.220 Confirmed 4/5/Patchable page 77 Bugtraq ID: 23806, 23808, 23809, 23810 Service Modified: 11/19/2007 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Exchange 2000 Server Service Pack 3 with the Exchange 2000 Post Service Pack 3 Update Rollup of August 2004 : http://www.microsoft.com/downloads/details.aspx?FamilyId=21968843-4A81-4F1D-8207-5B0A710E3157 (http://www.microsoft.com/downloads/details.aspx?FamilyId=21968843-4A81-4F1D-8207-5B0A710E3157) Microsoft Exchange Server 2003 Service Pack 1 : http://www.microsoft.com/downloads/details.aspx?FamilyId=5E7939BE-73D1-461C-8C79-EDDB0F1459FC (http://www.microsoft.com/downloads/details.aspx?FamilyId=5E7939BE-73D1-461C-8C79-EDDB0F1459FC) Microsoft Exchange Server 2003 Service Pack 2 : http://www.microsoft.com/downloads/details.aspx?FamilyId=1ABF93DA-D765-4876-96B5-ACB2D2A48F8F (http://www.microsoft.com/downloads/details.aspx?FamilyId=1ABF93DA-D765-4876-96B5-ACB2D2A48F8F) Microsoft Exchange Server 2007 : http://www.microsoft.com/downloads/details.aspx?FamilyId=356874EF-C9C0-4842-99F0-E449E9940358 (http://www.microsoft.com/downloads/details.aspx?FamilyId=356874EF-C9C0-4842-99F0-E449E9940358) Refer to Micrsoft Security Bulletin MS07-026 (http://www.microsoft.com/technet/security/bulletin/MS07-026.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1000993: Microsoft Exchange Malformed iCal Denial of Service Virtual Patch #1000996: Microsoft Exchange MIME Type Code Execution Virtual Patch #1000992: Microsoft Exchange IMAP Literal Processing Denial of Service

EXPLOITABILITY: There is no exploitability information for this vulnerability.

5 Windows Active Directory Multiple Remote Code Execution Vulnerabilities (MS07-039) CVSS: - Active QID: 90403 CVSS Base: 10 Category: Windows CVSS Temporal: 7.4 CVE ID: CVE-2007-0040, CVE-2007-3028 Vendor Reference: MS07-039 Bugtraq ID: - Service Modified: 01/19/2010 User Modified: - Edited: No PCI Vuln: Yes

First Detected: 07/27/2011 at 19:27:53 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 25 CVSS Environment: Asset Group: -

10.10.10.220 Confirmed 4/5/Patchable page 78 Collateral Damage Potential: - Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Server Service Pack 4: http://www.microsoft.com/downloads/details.aspx?FamilyId=812e62c5-6e19-4b3b-8a10-861b871e1b41 (http://www.microsoft.com/downloads/details.aspx?FamilyId=812e62c5-6e19-4b3b-8a10-861b871e1b41) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyId=28e84603-8159-4429-aaff-a1020531e84f (http://www.microsoft.com/downloads/details.aspx?FamilyId=28e84603-8159-4429-aaff-a1020531e84f) Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyId=107902f9-be94-457f-a936-519efbd64779 (http://www.microsoft.com/downloads/details.aspx?FamilyId=107902f9-be94-457f-a936-519efbd64779) Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?FamilyId=e5e5b425-fe7d-49d5-973f-f3fd7a1e04eb (http://www.microsoft.com/downloads/details.aspx?FamilyId=e5e5b425-fe7d-49d5-973f-f3fd7a1e04eb) Refer to Micrsoft Security Bulletin MS07-039 (http://www.microsoft.com/technet/security/bulletin/MS07-039.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1001031: Microsoft Windows Active Directory Modify Request Remote Code Execution Virtual Patch #1001030: Microsoft Windows Active Directory Malformed LDAP Request DoS

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB981550 is missing %windir%\System32\ntdsa.dll Version is 5.2.3790.0 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB973037 is missing %windir%\System32\ntdsa.dll Version is 5.2.3790.0 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB969805 is missing %windir%\System32\ntdsa.dll Version is 5.2.3790.0 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB949014 is missing %windir%\System32\ntdsa.dll Version is 5.2.3790.0 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB943484\Filelist is missing %windir%\System32\ntdsa.dll Version is 5.2.3790.0 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB926122\Filelist is missing %windir%\System32\ntdsa.dll found %windir%\system32\ntdsa.dll File Version is 5.2.3790.0 %windir%\System32\ntdsa.dll found %windir%\system32\ntdsa.dll File Version is 5.2.3790.0 %windir%\System32\ntdsa.dll found %windir%\system32\ntdsa.dll version is 5.2.3790.0 .

5 Microsoft XML Core Services Could Allow Remote Code Execution (MS07-042) CVSS: - Active QID: 90405 CVSS Base: 9.3 Category: Windows CVSS Temporal: 6.9 CVE ID: CVE-2007-1749 Vendor Reference: MS07-042 Bugtraq ID: - Service Modified: 06/10/2009 User Modified: - Edited: No PCI Vuln: Yes

First Detected: 07/27/2011 at 19:27:53 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 25 CVSS Environment: Asset Group: -

10.10.10.220 Confirmed 4/5/Patchable page 79 Collateral Damage Potential: - Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: Refer to Microsoft Security Bulletin MS07-042 (http://www.microsoft.com/technet/security/Bulletin/MS07-042.mspx) for further information and patch instructions.

Microsoft has rated this issue as Critical.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1001082: Generic VML File Blocker

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB936021\Filelist is missing %windir%\System32\msxml3.dll version is 8.50.2162.0 . %windir%\System32\msxml4.dll version is 4.20.9841.0 .

5 Vector Markup Language Vulnerability Could Allow Remote Code Execution (MS07-050) CVSS: - Active QID: 100051 CVSS Base: 9.3 Category: Internet Explorer CVSS Temporal: 6.9 CVE ID: CVE-2007-1749 Vendor Reference: MS07-050 Bugtraq ID: - Service Modified: 09/26/2007 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 5.01 Service Pack 4):http://www.microsoft.com/downloads/details.aspx?FamilyId=31E63D6F-B6B7-41D7-8AE6-DD7FCF89D477 (http://www.microsoft.com/downloads/details.aspx?FamilyId=31E63D6F-B6B7-41D7-8AE6-DD7FCF89D477) Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 6 Service Pack 1):http://www.microsoft.com/downloads/details.aspx?FamilyId=7099D33A-0EF6-423F-824E-757482517612 (http://www.microsoft.com/downloads/details.aspx?FamilyId=7099D33A-0EF6-423F-824E-757482517612) Windows XP Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=4447D74F-09EA-4BE0-9DAE-C243CE657FB7 (http://www.microsoft.com/downloads/details.aspx?FamilyId=4447D74F-09EA-4BE0-9DAE-C243CE657FB7) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=98CCD207-F4D0-4625-AEAB-0EBF1643A5FD (http://www.microsoft.com/downloads/details.aspx?FamilyId=98CCD207-F4D0-4625-AEAB-0EBF1643A5FD) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Microsoft Internet Explorer

10.10.10.220 Confirmed 4/5/Patchable page 80 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=463535AA-E04E-4A30-B3AB-8CD6D8CDD13C (http://www.microsoft.com/downloads/details.aspx?FamilyId=463535AA-E04E-4A30-B3AB-8CD6D8CDD13C) Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=9D4375D4-FB9B-4771-BD6F-E5D23EEDBC6B (http://www.microsoft.com/downloads/details.aspx?FamilyId=9D4375D4-FB9B-4771-BD6F-E5D23EEDBC6B) Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=C7BE313B-3405-42E1-9E4B-0CB6BF3D2CB1 (http://www.microsoft.com/downloads/details.aspx?FamilyId=C7BE313B-3405-42E1-9E4B-0CB6BF3D2CB1) Windows XP Service Pack 2 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?FamilyId=9F5DA816-194C-478E-8A96-9421A0C52C9F (http://www.microsoft.com/downloads/details.aspx?FamilyId=9F5DA816-194C-478E-8A96-9421A0C52C9F) Windows XP Service Pack 3 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?FamilyId=9F5DA816-194C-478E-8A96-9421A0C52C9F (http://www.microsoft.com/downloads/details.aspx?FamilyId=9F5DA816-194C-478E-8A96-9421A0C52C9F) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?FamilyId=1C3168A9-D959-4137-868A-EC70DA737C21 (http://www.microsoft.com/downloads/details.aspx?FamilyId=1C3168A9-D959-4137-868A-EC70DA737C21) For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS07-050 (http://www.microsoft.com/technet/security/bulletin/MS07-050.mspx).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1001082: Generic VML File Blocker

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB938127\Filelist is missing HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP0\KB938127-IE7\Filelist is missing %ProgramFiles%\Common Files\Microsoft Shared\VGX\Vgx.dll Version is 6.0.3790.593

5 TCP/IP Vulnerabilities on Windows Could Allow Remote Code Execution (MS08-001) CVSS: - Active QID: 90423 CVSS Base: 9.3 Category: Windows CVSS Temporal: 7.3 CVE ID: CVE-2007-0069, CVE-2007-0066 Vendor Reference: MS08-001 Bugtraq ID: 27139, 27100 Service Modified: 06/10/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4: http://www.microsoft.com/downloads/details.aspx?FamilyID=980f5457-c7b5-421c-8643-0e57429ec156 (http://www.microsoft.com/downloads/details.aspx?FamilyID=980f5457-c7b5-421c-8643-0e57429ec156) Windows XP Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyID=0a766242-2342-4fa0-9b66-8953c54a2211 (http://www.microsoft.com/downloads/details.aspx?FamilyID=0a766242-2342-4fa0-9b66-8953c54a2211) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyID=2e8bc7d5-fe81-4ed5-9efa-360738d160ee (http://www.microsoft.com/downloads/details.aspx?FamilyID=2e8bc7d5-fe81-4ed5-9efa-360738d160ee)

10.10.10.220 Confirmed 4/5/Patchable page 81 Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyID=fda060a5-9a1e-4036-9899-13eb61fdd8be (http://www.microsoft.com/downloads/details.aspx?FamilyID=fda060a5-9a1e-4036-9899-13eb61fdd8be) Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyID=19d993f9-06dd-4dc4-b0cc-c59e822eb8fa (http://www.microsoft.com/downloads/details.aspx?FamilyID=19d993f9-06dd-4dc4-b0cc-c59e822eb8fa) Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?FamilyID=2c2264f7-ebbb-40ab-9dbf-9b4e313665a7 (http://www.microsoft.com/downloads/details.aspx?FamilyID=2c2264f7-ebbb-40ab-9dbf-9b4e313665a7) Windows Small Business Server 2003 Service Pack 1, Windows Small Business Server 2003 R2, Windows Small Business Server 2003 R2 Service Pack 2, and Windows Home Server: http://www.microsoft.com/downloads/details.aspx?FamilyID=fda060a5-9a1e-4036-9899-13eb61fdd8be (http://www.microsoft.com/downloads/details.aspx?FamilyID=fda060a5-9a1e-4036-9899-13eb61fdd8be) Windows Vista: http://www.microsoft.com/downloads/details.aspx?FamilyID=23c0e03a-db66-4618-bce0-af55e5c1b067 (http://www.microsoft.com/downloads/details.aspx?FamilyID=23c0e03a-db66-4618-bce0-af55e5c1b067) Windows Vista x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyID=5f6a37b1-c604-47c9-932f-485db2eda133 (http://www.microsoft.com/downloads/details.aspx?FamilyID=5f6a37b1-c604-47c9-932f-485db2eda133) Refer to Microsoft Security Bulletin MS08-001 (http://www.microsoft.com/technet/security/bulletin/MS08-001.mspx) for further details.

EXPLOITABILITY: Core Security Reference: CVE-2007-0069 Description: Microsoft IGMPv3 Exploit (MS08-001) - Core Security Category : Exploits/Remote

Immunity Reference: CVE-2007-0069 Description: Windows TCP/IP IGMPv3 Overflow - Immunity Ref : ms08_001 Link: http://qualys.immunityinc.com/home/exploitpack/CANVAS/ms08_001/qualys_user

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB941644\Filelist is missing %windir%\system32\drivers\tcpip.sys Version is 5.2.3790.537

5 WebDAV Mini-Redirector Remote Code Execution Vulnerability (MS08-007) CVSS: - Active QID: 90425 CVSS Base: 10 Category: Windows CVSS Temporal: 7.4 CVE ID: CVE-2008-0080 Vendor Reference: MS08-007 Bugtraq ID: 27670 Service Modified: 02/13/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Windows XP Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyId=afeef3ec-6160-4c1d-94bd-0bfce641d0a2 (http://www.microsoft.com/downloads/details.aspx?FamilyId=afeef3ec-6160-4c1d-94bd-0bfce641d0a2) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyID=15b7d1c4-4ef4-47b2-9e3b-22eafbdb90d8 (http://www.microsoft.com/downloads/details.aspx?FamilyID=15b7d1c4-4ef4-47b2-9e3b-22eafbdb90d8) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyID=b7e725bf-7248-4119-aca5-b7d502c09cfc

10.10.10.220 Confirmed 4/5/Patchable page 82 (http://www.microsoft.com/downloads/details.aspx?FamilyID=b7e725bf-7248-4119-aca5-b7d502c09cfc) Windows Server 2003 x64 Edition and Windows 2003 Server x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyID=8af82f86-731c-46a0-a025-b62447e2af38 (http://www.microsoft.com/downloads/details.aspx?FamilyID=8af82f86-731c-46a0-a025-b62447e2af38) Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium based Systems: http://www.microsoft.com/downloads/details.aspx?FamilyID=bca224db-fe0e-411d-a948-1c776ce974f3 (http://www.microsoft.com/downloads/details.aspx?FamilyID=bca224db-fe0e-411d-a948-1c776ce974f3) Windows Vista: http://www.microsoft.com/downloads/details.aspx?FamilyID=ba7a2b42-1c89-45e5-b8a6-049fa500c03a (http://www.microsoft.com/downloads/details.aspx?FamilyID=ba7a2b42-1c89-45e5-b8a6-049fa500c03a) Windows Vista x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyID=45962232-af78-42cb-bfa0-9ce7de199585 (http://www.microsoft.com/downloads/details.aspx?FamilyID=45962232-af78-42cb-bfa0-9ce7de199585) Refer to Micrsoft Security Bulletin MS08-007 (http://www.microsoft.com/technet/security/bulletin/MS08-007.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1001637: WebDAV Mini-Redirector Remote Code Execution

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB946026 is missing %windir%\System32\drivers\mrxdav.sys Version is 5.2.3790.316

5 VBScript and JScript Scripting Engines Could Allow Remote Code Execution (MS08-022) CVSS: - Active QID: 90431 CVSS Base: 9.3 Category: Windows CVSS Temporal: 7.3 CVE ID: CVE-2008-0083 Vendor Reference: MS08-022 Bugtraq ID: - Service Modified: 04/10/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (VBScript 5.1 and JScript 5.1):http://www.microsoft.com/downloads/details.aspx?FamilyID=8e3ff44f-145b-4a68-9ad4-4a55d74b216e (http://www.microsoft.com/downloads/details.aspx?FamilyID=8e3ff44f-145b-4a68-9ad4-4a55d74b216e) Microsoft Windows 2000 Service Pack 4 (VBScript 5.6 and JScript 5.6):http://www.microsoft.com/downloads/details.aspx?FamilyID=8e3ff44f-145b-4a68-9ad4-4a55d74b216e (http://www.microsoft.com/downloads/details.aspx?FamilyID=8e3ff44f-145b-4a68-9ad4-4a55d74b216e) Windows XP Service Pack 2 (VBScript 5.6 and JScript 5.6):http://www.microsoft.com/downloads/details.aspx?FamilyID=c0124698-3b94-4474-9473-22a2f39a4a56 (http://www.microsoft.com/downloads/details.aspx?FamilyID=c0124698-3b94-4474-9473-22a2f39a4a56) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (VBScript 5.6 and JScript 5.6):http://www.microsoft.com/downloads/details.aspx?FamilyID=87b80ae3-e299-4d15-a135-3b1bcf943652 (http://www.microsoft.com/downloads/details.aspx?FamilyID=87b80ae3-e299-4d15-a135-3b1bcf943652) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (VBScript 5.6 and JScript 5.6):http://www.microsoft.com/downloads/details.aspx?FamilyID=88518aa6-e334-4529-aa63-0bf2ef417ce3 (http://www.microsoft.com/downloads/details.aspx?FamilyID=88518aa6-e334-4529-aa63-0bf2ef417ce3)

10.10.10.220 Confirmed 4/5/Patchable page 83 Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (VBScript 5.6 and JScript 5.6):http://www.microsoft.com/downloads/details.aspx?FamilyID=12cefefc-8553-4dca-9850-c653371de61e (http://www.microsoft.com/downloads/details.aspx?FamilyID=12cefefc-8553-4dca-9850-c653371de61e) Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium based Systems (VBScript 5.6 and JScript 5.6):http://www.microsoft.com/downloads/details.aspx?FamilyID=fe22a828-cca4-4b51-bbd5-995c65fead21 (http://www.microsoft.com/downloads/details.aspx?FamilyID=fe22a828-cca4-4b51-bbd5-995c65fead21) Refer to Micrsoft Security Bulletin MS08-022 (http://www.microsoft.com/technet/security/bulletin/MS08-022.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1002375: Microsoft Internet Explorer VBScript And JScript Scripting Engines Remote Code Execution

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB944338\Filelist is missing %windir%\system32\Jscript.dll Version is 5.6.0.8831

5 Microsoft WINS Remote Code Execution Vulnerability (MS11-035) CVSS: - Active

QID: 119248 CVSS Base: 9.3 Category: Local CVSS Temporal: 7.3 CVE ID: CVE-2011-1248 Vendor Reference: MS11-035 Bugtraq ID: - Service Modified: 04/30/2012 User Modified: - Edited: No PCI Vuln: Yes

First Detected: 07/29/2011 at 16:12:07 (GMT) Last Detected: 01/14/2012 at 15:03:07 (GMT) Times Detected: 50 CVSS Environment: Asset Group: - Collateral Damage Potential: - Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Windows Server 2003 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=0D289146-8470-45DD-A886-D1B35A2C6D4B)

Windows Server 2003 x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=0D3E85A9-42FF-447B-AB8C-095A1C0B224C)

Windows Server 2003 with SP2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=4C388FE8-883A-4118-A7FF-50F1E9D0A071)

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=9019A3FF-D953-4B0B-8C7A-05AA9CF65C92)

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=841130FA-4522-4079-B7EB-F8466AC3EF12)

Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1 (http://www.microsoft.com/downloads/details.aspx?familyid=8732B41E-2F25-4EE1-A8B7-A8B8B9E22D08)

10.10.10.220 Confirmed 4/5/Patchable page 84 Refer to Microsoft Security Bulletin MS11-035 (http://www.microsoft.com/technet/security/bulletin/MS11-035.mspx) for further details.

Workaround: Block TCP port 42 and UDP port 42 at your firewall.

EXPLOITABILITY: Core Security Reference: CVE-2011-1248 Description: Microsoft WINS Service Failed Response Vulnerability DoS (MS11-035) - Core Security Category : Denial of Service/Remote

RESULTS: Detected through WINS Service

5 EOL/Obsolete Software: Oracle/Sun Java Runtime Environment 1.5.x Detected CVSS: - Active

QID: 105413 CVSS Base: 9.3 [1] Category: Security Policy CVSS Temporal: 6.9 CVE ID: - Vendor Reference: J2SE 5.0 End of Life Bugtraq ID: - Service Modified: 02/28/2012 User Modified: - Edited: No PCI Vuln: No

First Detected: 09/03/2011 at 07:25:15 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 18 CVSS Environment: Asset Group: - Collateral Damage Potential: - Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: Update to the latest free release available at Java Download site (http://www.oracle.com/technetwork/java/javase/downloads/index.html).

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: C:\Program Files\Java\jre1.5.0_06\bin\client\jvm.dll found HKLM\Software\JavaSoft\Java Runtime Environment\1.5.0_06 Key found

4 Mozilla Firefox, SeaMonkey, Thunderbird Multiple Vulnerabilities (MFSA 2011-29 through MFSA 2011-33) CVSS: - Active QID: 119516 CVSS Base: 10 Category: Local CVSS Temporal: 7.8 CVE ID: CVE-2011-2993, CVE-2011-2992, CVE-2011-2991, CVE-2011-2990, CVE-2011-2989, CVE-2011-2988, CVE-2011-2987, CVE-2011-2986, CVE-2011-2985, CVE-2011-2984, CVE-2011-2983, CVE-2011-2982, CVE-2011-2981, CVE-2011-2980, CVE-2011-2978, CVE-2011-0084 Vendor Reference: MFSA2011-29, MFSA2011-30, MFSA2011-31, MFSA2011-32, MFSA2011-33 Bugtraq ID: 49166 Service Modified: 08/18/2011 User Modified: - Edited: No

10.10.10.220 Confirmed 4/5/Patchable page 85 PCI Vuln: No

First Detected: 08/20/2011 at 08:00:11 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 20 CVSS Environment: Asset Group: - Collateral Damage Potential: - Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: C:\Program Files\Mozilla Firefox\firefox.exe Version is 2.0.0.4

4 Cumulative Security Update for Internet Explorer (MS07-033) CVSS: - Active QID: 100047 CVSS Base: 9.3 Category: Internet Explorer CVSS Temporal: 7.3 CVE ID: CVE-2007-0218, CVE-2007-1750, CVE-2007-3027, CVE-2007-1751, CVE-2007-1499, CVE-2007-2222 Vendor Reference: MS07-033 Bugtraq ID: 24426 Service Modified: 11/19/2007 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 5.01 Service Pack 4):http://www.microsoft.com/downloads/details.aspx?FamilyId=3B49F1ED-ABE3-4DBD-A91D-973415658F6B (http://www.microsoft.com/downloads/details.aspx?FamilyId=3B49F1ED-ABE3-4DBD-A91D-973415658F6B) Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 6 Service Pack 1):http://www.microsoft.com/downloads/details.aspx?FamilyId=5C958650-28D2-4DD0-96A8-DBFE79CE3F68 (http://www.microsoft.com/downloads/details.aspx?FamilyId=5C958650-28D2-4DD0-96A8-DBFE79CE3F68) Windows XP Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=60FB294E-A8E1-405E-A289-2D2723EDF7EE (http://www.microsoft.com/downloads/details.aspx?FamilyId=60FB294E-A8E1-405E-A289-2D2723EDF7EE) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=086D6D6E-4703-4C6C-A7AF-B6DAFEEEDE5D (http://www.microsoft.com/downloads/details.aspx?FamilyId=086D6D6E-4703-4C6C-A7AF-B6DAFEEEDE5D) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=7ED19127-5C2D-48E4-A8D1-090DC69FD68B

10.10.10.220 Confirmed 4/5/Patchable page 86 (http://www.microsoft.com/downloads/details.aspx?FamilyId=7ED19127-5C2D-48E4-A8D1-090DC69FD68B) Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=1449EB5D-6E4C-4332-8CB6-AB9EE59C9A95 (http://www.microsoft.com/downloads/details.aspx?FamilyId=1449EB5D-6E4C-4332-8CB6-AB9EE59C9A95) Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=B628A3CC-A70C-478A-A10C-EEE254EE34AB (http://www.microsoft.com/downloads/details.aspx?FamilyId=B628A3CC-A70C-478A-A10C-EEE254EE34AB) Windows XP Service Pack 2 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?FamilyId=C2191703-8CBD-4959-9F84-E13F21173926 (http://www.microsoft.com/downloads/details.aspx?FamilyId=C2191703-8CBD-4959-9F84-E13F21173926) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?FamilyId=69C526B8-8B07-42BC-9BED-E18DEAE21C8E (http://www.microsoft.com/downloads/details.aspx?FamilyId=69C526B8-8B07-42BC-9BED-E18DEAE21C8E) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?FamilyId=A074D9C0-1FED-4753-845E-073CFCE99F45 (http://www.microsoft.com/downloads/details.aspx?FamilyId=A074D9C0-1FED-4753-845E-073CFCE99F45) For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS07-033 (http://www.microsoft.com/technet/security/bulletin/MS07-033.mspx).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1000103: Microsoft Internet Explorer COM Object Instantiation Memory Corruption Vulnerability (Group 1) Virtual Patch #1001027: Microsoft Internet Explorer Urlmon COM Object Instantiation Memory Corruption Vulnerability Virtual Patch #1000968: Microsoft Internet Explorer NavCancel.htm Cross Site Scripting Virtual Patch #1001008: Microsoft Internet Explorer CSS Tag Memory Corruption

EXPLOITABILITY: Core Security Reference: CVE-2007-2222 Description: Microsoft Speech API ActiveX control Exploit - Core Security Category : Exploits/Client Side

Immunity Reference: CVE-2007-2222 Description: Microsoft Speech API 4v (MS07-033) - Immunity Ref : speech Link: http://qualys.immunityinc.com/home/exploitpack/CANVAS/speech/qualys_user

The Exploit-DB Reference: CVE-2007-2222 Description: Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4) - The Exploit-DB Ref : 4065 Link: http://www.exploit-db.com/exploits/4065

Reference: CVE-2007-2222 Description: Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2) - The Exploit-DB Ref : 4066 Link: http://www.exploit-db.com/exploits/4066

ExploitKits Reference: CVE-2007-2222 Description: IE -buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls

Link: http://contagiodump.blogspot.com/2010/06/overview-of-exploit-packs-update.html

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB933566 is missing HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP0\KB933566-IE7 is missing %windir%\System32\wininet.dll Version is 6.0.3790.630

4 Cumulative Security Update for Internet Explorer (MS07-045) CVSS: - Active QID: 100050 CVSS Base: 9.3 Category: Internet Explorer CVSS Temporal: 7.3 CVE ID: CVE-2007-0943, CVE-2007-2216, CVE-2007-3041 Vendor Reference: MS07-045 Bugtraq ID: - Service Modified: 09/26/2007

10.10.10.220 Confirmed 4/5/Patchable page 87 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 5.01 Service Pack 4):http://www.microsoft.com/downloads/details.aspx?FamilyId=FCF9440F-BB36-4ED1-9B6B-74A4F055650B (http://www.microsoft.com/downloads/details.aspx?FamilyId=FCF9440F-BB36-4ED1-9B6B-74A4F055650B) Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 6 Service Pack 1):http://www.microsoft.com/downloads/details.aspx?FamilyId=8DB75461-4DCA-43DB-AA30-C7E67CE954AD (http://www.microsoft.com/downloads/details.aspx?FamilyId=8DB75461-4DCA-43DB-AA30-C7E67CE954AD) Windows XP Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=5D31D916-867F-4DBF-B8A4-C75EA83F4F51 (http://www.microsoft.com/downloads/details.aspx?FamilyId=5D31D916-867F-4DBF-B8A4-C75EA83F4F51) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=B15B2442-D6DA-41DD-A424-11C9893BE595 (http://www.microsoft.com/downloads/details.aspx?FamilyId=B15B2442-D6DA-41DD-A424-11C9893BE595) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=F2F9FB69-0399-4DF0-9F5B-8F42A130C581 (http://www.microsoft.com/downloads/details.aspx?FamilyId=F2F9FB69-0399-4DF0-9F5B-8F42A130C581) Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=D0BD886D-2C80-4DD7-82B7-1BD1F8D398CC (http://www.microsoft.com/downloads/details.aspx?FamilyId=D0BD886D-2C80-4DD7-82B7-1BD1F8D398CC) Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=BF41033A-D6F0-451E-9B69-4CBE2BB3F804 (http://www.microsoft.com/downloads/details.aspx?FamilyId=BF41033A-D6F0-451E-9B69-4CBE2BB3F804) Windows XP Service Pack 2 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?FamilyId=7A2B4395-EABA-45EC-8D0C-932EBCC3D344 (http://www.microsoft.com/downloads/details.aspx?FamilyId=7A2B4395-EABA-45EC-8D0C-932EBCC3D344) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?FamilyId=CD7ED4D5-7790-41DB-8B68-CFD59105CA36 (http://www.microsoft.com/downloads/details.aspx?FamilyId=CD7ED4D5-7790-41DB-8B68-CFD59105CA36) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?FamilyId=4F8DAED8-9925-494D-B2F5-1E29F4040F6A (http://www.microsoft.com/downloads/details.aspx?FamilyId=4F8DAED8-9925-494D-B2F5-1E29F4040F6A) For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS07-045 (http://www.microsoft.com/technet/security/bulletin/MS07-045.mspx).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1001064: Microsoft Internet Explorer TLIApplication ActiveX Object Remote Code Execution Virtual Patch #1001067: Microsoft Internet Explorer PDWizard ActiveX Object Memory Corruption

EXPLOITABILITY: Core Security Reference: CVE-2007-2216 Description: IE TLI.TLIApplication Exploit - Core Security Category : Exploits/Client Side

RESULTS: HKLM\Software\Microsoft\Internet Explorer Version = 6.0.3790.0 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB937143\Filelist is missing %windir%\System32\wininet.dll Version is 6.0.3790.630

4 Cumulative Security Update for Internet Explorer (MS07-057) CVSS: - Active

10.10.10.220 Confirmed 4/5/Patchable page 88 QID: 100052 CVSS Base: 9.3 Category: Internet Explorer CVSS Temporal: 7.3 CVE ID: CVE-2007-3892, CVE-2007-3893, CVE-2007-1091, CVE-2007-3826 Vendor Reference: MS07-057 Bugtraq ID: 25915, 25916, 22680, 24911 Service Modified: 06/10/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 5.01 Service Pack 4):http://www.microsoft.com/downloads/details.aspx?FamilyId=95827F3F-A984-4E34-A949-D16A0614121A (http://www.microsoft.com/downloads/details.aspx?FamilyId=95827F3F-A984-4E34-A949-D16A0614121A) Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 6 Service Pack 1):http://www.microsoft.com/downloads/details.aspx?FamilyId=DF3BA596-7C5B-4151-9884-6957AA884AAB (http://www.microsoft.com/downloads/details.aspx?FamilyId=DF3BA596-7C5B-4151-9884-6957AA884AAB) Windows XP Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=513A8320-6D36-4FC9-A38A-867192B55B53 (http://www.microsoft.com/downloads/details.aspx?FamilyId=513A8320-6D36-4FC9-A38A-867192B55B53) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=AE8A26D8-1910-4B8C-8A73-6E2FA6B5B29F (http://www.microsoft.com/downloads/details.aspx?FamilyId=AE8A26D8-1910-4B8C-8A73-6E2FA6B5B29F) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=4AEFAA38-8757-4E6E-8924-57CABD1C2FC3 (http://www.microsoft.com/downloads/details.aspx?FamilyId=4AEFAA38-8757-4E6E-8924-57CABD1C2FC3) Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=88ABA9DD-653B-4CDF-A513-CCA32A7D7E41 (http://www.microsoft.com/downloads/details.aspx?FamilyId=88ABA9DD-653B-4CDF-A513-CCA32A7D7E41) Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=309A8F10-C7EA-4961-A969-092B0C4D7BBC (http://www.microsoft.com/downloads/details.aspx?FamilyId=309A8F10-C7EA-4961-A969-092B0C4D7BBC) Windows XP Service Pack 2 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?FamilyId=4CA0AC93-BF51-40FE-A1BA-CB3E0A36D8B5 (http://www.microsoft.com/downloads/details.aspx?FamilyId=4CA0AC93-BF51-40FE-A1BA-CB3E0A36D8B5) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?FamilyId=DBD284D0-2664-42A4-AD16-A0535244C81C (http://www.microsoft.com/downloads/details.aspx?FamilyId=DBD284D0-2664-42A4-AD16-A0535244C81C) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?FamilyId=0A31C451-32F4-4551-AE45-D600F8B3B11B (http://www.microsoft.com/downloads/details.aspx?FamilyId=0A31C451-32F4-4551-AE45-D600F8B3B11B) For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS07-057 (http://www.microsoft.com/technet/security/bulletin/MS07-057.mspx).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1000958: Microsoft Internet Explorer OnUnload + Document.write() Memory Corruption Vulnerability Virtual Patch #1000960: Microsoft Internet Explorer Onunload Event Spoofing Vulnerability Virtual Patch #1001132: Microsoft Internet Explorer Address Bar Spoofing Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\Software\Microsoft\Internet Explorer Version = 6.0.3790.0

10.10.10.220 Confirmed 4/5/Patchable page 89 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB939653\Filelist is missing %windir%\System32\wininet.dll Version is 6.0.3790.630

4 Internet Explorer Cumulative Security Update (MS08-024) CVSS: - Active QID: 100056 CVSS Base: 9.3 Category: Internet Explorer CVSS Temporal: 6.9 CVE ID: CVE-2008-1085 Vendor Reference: MS08-024 Bugtraq ID: - Service Modified: 04/10/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 5.01 Service Pack 4):http://www.microsoft.com/downloads/details.aspx?FamilyId=B051AE04-FE81-440D-9136-D6B239CA954E (http://www.microsoft.com/downloads/details.aspx?FamilyId=B051AE04-FE81-440D-9136-D6B239CA954E) Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 6 Service Pack 1):http://www.microsoft.com/downloads/details.aspx?FamilyId=75D2DC78-E3A4-4FF6-9E2D-BF1935003E8E (http://www.microsoft.com/downloads/details.aspx?FamilyId=75D2DC78-E3A4-4FF6-9E2D-BF1935003E8E) Windows XP Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=36C641AD-953F-4B09-BA1C-9C383295E180 (http://www.microsoft.com/downloads/details.aspx?FamilyId=36C641AD-953F-4B09-BA1C-9C383295E180) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=85BEACC0-8CA2-4DED-9C24-23348D05C735 (http://www.microsoft.com/downloads/details.aspx?FamilyId=85BEACC0-8CA2-4DED-9C24-23348D05C735) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=0444B76E-93FA-43C2-B1BC-A5C054529EB5 (http://www.microsoft.com/downloads/details.aspx?FamilyId=0444B76E-93FA-43C2-B1BC-A5C054529EB5) Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=5EBB5EF9-615F-4CAB-BAC5-6F45F1B94952 (http://www.microsoft.com/downloads/details.aspx?FamilyId=5EBB5EF9-615F-4CAB-BAC5-6F45F1B94952) Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=63DA8040-FDA2-42C7-8543-26AD6F9811F2 (http://www.microsoft.com/downloads/details.aspx?FamilyId=63DA8040-FDA2-42C7-8543-26AD6F9811F2) Windows XP Service Pack 2 and Windows XP Service Pack 3 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?FamilyId=E771EFE8-8881-4F23-B5B0-15651A390BA9 (http://www.microsoft.com/downloads/details.aspx?FamilyId=E771EFE8-8881-4F23-B5B0-15651A390BA9) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?FamilyId=9364BF81-6505-4788-958D-A4BD29DC98AD (http://www.microsoft.com/downloads/details.aspx?FamilyId=9364BF81-6505-4788-958D-A4BD29DC98AD) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?FamilyId=9ACD2A03-5530-49C8-9EA1-0BFAF259700D (http://www.microsoft.com/downloads/details.aspx?FamilyId=9ACD2A03-5530-49C8-9EA1-0BFAF259700D) For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS08-024 (http://www.microsoft.com/technet/security/bulletin/MS08-024.mspx).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1002382: Microsoft Internet Explorer Data Stream Handling Memory Corruption

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: 10.10.10.220 Confirmed 4/5/Patchable page 90 HKLM\Software\Microsoft\Internet Explorer Version = 6.0.3790.0 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB947864 is missing %windir%\System32\wininet.dll Version is 6.0.3790.630

4 Microsoft Internet Explorer Cumulative Security Update (MS08-031) CVSS: - Active QID: 100058 CVSS Base: 9.3 Category: Internet Explorer CVSS Temporal: 7.3 CVE ID: CVE-2008-1442, CVE-2008-1544 Vendor Reference: MS08-031 Bugtraq ID: - Service Modified: 06/13/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 5.01 Service Pack 4):http://www.microsoft.com/downloads/details.aspx?FamilyId=88990B23-D37F-4D02-A5A3-2EE389ADE53C (http://www.microsoft.com/downloads/details.aspx?FamilyId=88990B23-D37F-4D02-A5A3-2EE389ADE53C) Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 6 Service Pack 1):http://www.microsoft.com/downloads/details.aspx?FamilyId=4C47CF8A-8100-4D43-855A-F225A3492B19 (http://www.microsoft.com/downloads/details.aspx?FamilyId=4C47CF8A-8100-4D43-855A-F225A3492B19) Windows XP Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=CC325017-3A48-4475-90E4-0C79A002FCE3 (http://www.microsoft.com/downloads/details.aspx?FamilyId=CC325017-3A48-4475-90E4-0C79A002FCE3) Windows XP Service Pack 3 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=CC325017-3A48-4475-90E4-0C79A002FCE3 (http://www.microsoft.com/downloads/details.aspx?FamilyId=CC325017-3A48-4475-90E4-0C79A002FCE3) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=C8783CFE-9DA5-4842-AB3A-1E2BE4FAFC47 (http://www.microsoft.com/downloads/details.aspx?FamilyId=C8783CFE-9DA5-4842-AB3A-1E2BE4FAFC47) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=286AADA6-A358-41F1-B81A-8DE39B9F908A (http://www.microsoft.com/downloads/details.aspx?FamilyId=286AADA6-A358-41F1-B81A-8DE39B9F908A) Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=6604569A-3DB0-47E7-BD30-7DFBA8145386 (http://www.microsoft.com/downloads/details.aspx?FamilyId=6604569A-3DB0-47E7-BD30-7DFBA8145386) Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=0262BEB8-1EB5-4C2D-A50A-0C6C6E0C1F61 (http://www.microsoft.com/downloads/details.aspx?FamilyId=0262BEB8-1EB5-4C2D-A50A-0C6C6E0C1F61) Windows XP Service Pack 2 and Windows XP Service Pack 3 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?FamilyId=FBC31BDE-0BF5-490C-96A8-071310D9464A (http://www.microsoft.com/downloads/details.aspx?FamilyId=FBC31BDE-0BF5-490C-96A8-071310D9464A) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?FamilyId=19C0CCDC-95C9-4151-96B6-4F49B594EBE0 (http://www.microsoft.com/downloads/details.aspx?FamilyId=19C0CCDC-95C9-4151-96B6-4F49B594EBE0) For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS08-031 (http://www.microsoft.com/technet/security/bulletin/MS08-031.mspx).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1002573: HTML Objects Memory Corruption Virtual Patch #1002224: Microsoft Internet Explorer Request Splitting and Smuggling Vulnerability Virtual Patch #1002574: Request Header Cross-Domain Information Disclosure

10.10.10.220 Confirmed 4/5/Patchable page 91 EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\Software\Microsoft\Internet Explorer Version = 6.0.3790.0 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB950759 is missing %windir%\System32\wininet.dll Version is 6.0.3790.630

4 Microsoft Internet Explorer Cumulative Security Update (MS08-045) CVSS: - Active QID: 100059 CVSS Base: 9.3 Category: Internet Explorer CVSS Temporal: 7.3 CVE ID: CVE-2008-2254, CVE-2008-2255, CVE-2008-2256, CVE-2008-2257, CVE-2008-2258, CVE-2008-2259 Vendor Reference: MS08-045 Bugtraq ID: - Service Modified: 10/10/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 5.01 Service Pack 4):http://www.microsoft.com/downloads/details.aspx?familyid=1557B93B-ECBA-4F42-B89D-DB0EE067D65B (http://www.microsoft.com/downloads/details.aspx?familyid=1557B93B-ECBA-4F42-B89D-DB0EE067D65B) Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 6 Service Pack 1):http://www.microsoft.com/downloads/details.aspx?familyid=AA780735-5928-4C46-89A4-63A814954796 (http://www.microsoft.com/downloads/details.aspx?familyid=AA780735-5928-4C46-89A4-63A814954796) Windows XP Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?familyid=69AF2F30-138E-4B15-AB8D-4FCE44CC0BC2 (http://www.microsoft.com/downloads/details.aspx?familyid=69AF2F30-138E-4B15-AB8D-4FCE44CC0BC2) Windows XP Service Pack 3 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?familyid=69AF2F30-138E-4B15-AB8D-4FCE44CC0BC2 (http://www.microsoft.com/downloads/details.aspx?familyid=69AF2F30-138E-4B15-AB8D-4FCE44CC0BC2) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?familyid=4780B89E-9735-4D3F-8DEF-34E7337FF604 (http://www.microsoft.com/downloads/details.aspx?familyid=4780B89E-9735-4D3F-8DEF-34E7337FF604) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?familyid=0617A5DD-DCE9-4DE0-B0A0-CE38EFE13524 (http://www.microsoft.com/downloads/details.aspx?familyid=0617A5DD-DCE9-4DE0-B0A0-CE38EFE13524) Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?familyid=32A63F52-9FE6-48E3-BB4E-7D4DDA5E0A90 (http://www.microsoft.com/downloads/details.aspx?familyid=32A63F52-9FE6-48E3-BB4E-7D4DDA5E0A90) Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?familyid=1855997E-A3BE-46B1-A0BC-BB55EB0045FE (http://www.microsoft.com/downloads/details.aspx?familyid=1855997E-A3BE-46B1-A0BC-BB55EB0045FE) Windows XP Service Pack 2 and Windows XP Service Pack 3 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?familyid=8E2125C7-52CB-4052-82A3-2D3C6A953752 (http://www.microsoft.com/downloads/details.aspx?familyid=8E2125C7-52CB-4052-82A3-2D3C6A953752) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?familyid=39B41E4B-3237-409D-A818-AB0517C5E7CF (http://www.microsoft.com/downloads/details.aspx?familyid=39B41E4B-3237-409D-A818-AB0517C5E7CF) For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS08-045 (http://www.microsoft.com/technet/security/bulletin/MS08-045.mspx).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1002700: Microsoft Internet Explorer HTML Objects Memory Corruption 10.10.10.220 Confirmed 4/5/PatchableVirtual Patch #1002701: Microsoft HTML Objects Memory Corruption Vulnerability page 92 Virtual Patch #1002702: Microsoft Uninitialized Memory Corruption Vulnerability Virtual Patch #1002696: Microsoft HTML Object Memory Corruption Vulnerability Virtual Patch #1002695: Microsoft HTML Component Handling Vulnerability Virtual Patch #1002093: Microsoft Internet Explorer CreateTextRange.text DoS EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\Software\Microsoft\Internet Explorer Version = 6.0.3790.0 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB953838 is missing %windir%\System32\wininet.dll Version is 6.0.3790.630

4 Microsoft Internet Explorer Cumulative Security Update (MS08-058) CVSS: - Active QID: 100063 CVSS Base: 9.3 Category: Internet Explorer CVSS Temporal: 6.9 CVE ID: CVE-2008-2947, CVE-2008-3472, CVE-2008-3473, CVE-2008-3474, CVE-2008-3475, CVE-2008-3476 Vendor Reference: MS08-058 Bugtraq ID: - Service Modified: 10/14/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 5.01 Service Pack 4):http://www.microsoft.com/downloads/details.aspx?familyid=257C0478-56DD-42EB-A90E-607D01613DB7 (http://www.microsoft.com/downloads/details.aspx?familyid=257C0478-56DD-42EB-A90E-607D01613DB7) Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 6 Service Pack 1):http://www.microsoft.com/downloads/details.aspx?familyid=02390258-08E9-4B75-960D-BE081B749558 (http://www.microsoft.com/downloads/details.aspx?familyid=02390258-08E9-4B75-960D-BE081B749558) Windows XP Service Pack 2 and Windows XP Service Pack 3 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?familyid=A7F0F47B-B1EE-4516-9FBF-BF8E579963D0 (http://www.microsoft.com/downloads/details.aspx?familyid=A7F0F47B-B1EE-4516-9FBF-BF8E579963D0) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?familyid=234C05FB-988B-4E02-AAB6-BB23E447DF3D (http://www.microsoft.com/downloads/details.aspx?familyid=234C05FB-988B-4E02-AAB6-BB23E447DF3D) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?familyid=AE8D22D5-20AA-471D-A423-F54C9D75FEBE (http://www.microsoft.com/downloads/details.aspx?familyid=AE8D22D5-20AA-471D-A423-F54C9D75FEBE) Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?familyid=07FC88C4-2571-4A4D-B573-AE576798AB4C (http://www.microsoft.com/downloads/details.aspx?familyid=07FC88C4-2571-4A4D-B573-AE576798AB4C) Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?familyid=B68937AF-F04A-4D1E-9D7F-EC92AF5194DE (http://www.microsoft.com/downloads/details.aspx?familyid=B68937AF-F04A-4D1E-9D7F-EC92AF5194DE) Windows XP Service Pack 2 and Windows XP Service Pack 3 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?familyid=4E73DE2B-05E6-4901-9BAC-46D8F469E635 (http://www.microsoft.com/downloads/details.aspx?familyid=4E73DE2B-05E6-4901-9BAC-46D8F469E635) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?familyid=CCF7A3E3-EC30-4B95-9A86-00032301513C (http://www.microsoft.com/downloads/details.aspx?familyid=CCF7A3E3-EC30-4B95-9A86-00032301513C) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?familyid=FEAF2ADF-7892-4DBF-A147-DB4D5DBE52F3 (http://www.microsoft.com/downloads/details.aspx?familyid=FEAF2ADF-7892-4DBF-A147-DB4D5DBE52F3) For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS08-058 (http://www.microsoft.com/technet/security/bulletin/MS08-058.mspx).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1002598: "Internet Explorer 6 Window ""location"" Handling Vulnerability" 10.10.10.220 Confirmed 4/5/PatchableVirtual Patch #1002927: Microsoft Internet Explorer Window Location Property Cross-Domain Vulnerability page 93 Virtual Patch #1002930: Microsoft Internet Explorer HTML Element Cross-Domain Vulnerability Virtual Patch #1002935: Microsoft Internet Explorer Event Handling Cross-Domain Vulnerability Virtual Patch #1002932: Microsoft Internet Explorer Cross-Domain Information Disclosure Virtual Patch #1002933: Microsoft Internet Explorer Uninitialized Memory Corruption Remote Code Execution Virtual Patch #1002934: Microsoft Internet Explorer HTML Objects Memory Corruption Remote Code Execution EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\Software\Microsoft\Internet Explorer Version = 6.0.3790.0 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB956390 is missing %windir%\System32\wininet.dll Version is 6.0.3790.630

4 Microsoft Internet Explorer Cumulative Security Update (MS08-073) CVSS: - Active QID: 100064 CVSS Base: 9.3 Category: Internet Explorer CVSS Temporal: 6.9 CVE ID: CVE-2008-4258, CVE-2008-4259, CVE-2008-4260, CVE-2008-4261 Vendor Reference: MS08-073 Bugtraq ID: 32586, 32595, 32593, 32596 Service Modified: 12/10/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 5.01 Service Pack 4):http://www.microsoft.com/downloads/details.aspx?familyid=c242ba42-556b-4c87-bf33-9d99166ff096 (http://www.microsoft.com/downloads/details.aspx?familyid=c242ba42-556b-4c87-bf33-9d99166ff096) Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 6 Service Pack 1):http://www.microsoft.com/downloads/details.aspx?familyid=c0583745-7e57-4265-9429-c3415cb8465f (http://www.microsoft.com/downloads/details.aspx?familyid=c0583745-7e57-4265-9429-c3415cb8465f) Windows XP Service Pack 2 and Windows XP Service Pack 3 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?familyid=af9a6cb0-725d-490c-9858-16ec40e98560 (http://www.microsoft.com/downloads/details.aspx?familyid=af9a6cb0-725d-490c-9858-16ec40e98560) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?familyid=60bf9851-24fe-4658-8333-d353e82063c7 (http://www.microsoft.com/downloads/details.aspx?familyid=60bf9851-24fe-4658-8333-d353e82063c7) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?familyid=d53adf6f-9501-4862-a1ca-57eb4d40cd75 (http://www.microsoft.com/downloads/details.aspx?familyid=d53adf6f-9501-4862-a1ca-57eb4d40cd75) Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?familyid=5e37cb34-32be-4bbe-87f3-c4e1974e4d00 (http://www.microsoft.com/downloads/details.aspx?familyid=5e37cb34-32be-4bbe-87f3-c4e1974e4d00) Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft Internet Explorer 6):http://www.microsoft.com/downloads/details.aspx?familyid=0da4e424-4682-4401-a226-7d8f1be19d44 (http://www.microsoft.com/downloads/details.aspx?familyid=0da4e424-4682-4401-a226-7d8f1be19d44) Windows XP Service Pack 2 and Windows XP Service Pack 3 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?familyid=1b582695-b3cc-4c65-bc4b-d673c9a6d82a (http://www.microsoft.com/downloads/details.aspx?familyid=1b582695-b3cc-4c65-bc4b-d673c9a6d82a) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?familyid=107cf54b-29d4-4c54-b091-2b5b3ffbf49d (http://www.microsoft.com/downloads/details.aspx?familyid=107cf54b-29d4-4c54-b091-2b5b3ffbf49d) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Windows Internet Explorer 7):http://www.microsoft.com/downloads/details.aspx?familyid=9cdd4f9e-c578-405c-af9e-628f2d77fdf4 (http://www.microsoft.com/downloads/details.aspx?familyid=9cdd4f9e-c578-405c-af9e-628f2d77fdf4) For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS08-073 (http://www.microsoft.com/technet/security/bulletin/MS08-073.mspx).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003117: Parameter Validation Memory Corruption Vulnerability 10.10.10.220 Confirmed 4/5/PatchableVirtual Patch #1003127: Microsoft Internet Explorer HTML Objects Memory Corruption Vulnerability page 94 Virtual Patch #1003110: HTML Rendering Memory Corruption Vulnerability EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\Software\Microsoft\Internet Explorer Version = 6.0.3790.0 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB958215 is missing %windir%\System32\wininet.dll Version is 6.0.3790.630

4 Mozilla Firefox, SeaMonkey, Thunderbird Multiple Vulnerabilities (MFSA-2011-36 through MFSA-2011-45) CVSS: - Active QID: 119622 CVSS Base: 10 Category: Local CVSS Temporal: 7.4 CVE ID: CVE-2011-2372, CVE-2011-2995, CVE-2011-2997, CVE-2011-2999, CVE-2011-3000, CVE-2011-3001, CVE-2011-3005, CVE-2011-3232 Vendor Reference: MFSA2011-36, MFSA2011-37, MFSA2011-38, MFSA2011-39, MFSA2011-40, MFSA2011-41, MFSA2011-42, MFSA2011-43, MFSA2011-44, MFSA2011-45 Bugtraq ID: - Service Modified: 10/03/2011 User Modified: - Edited: No PCI Vuln: No

First Detected: 10/08/2011 at 07:59:07 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 14 CVSS Environment: Asset Group: - Collateral Damage Potential: - Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: The vendor has released advisories and updates to fix these vulnerabilities. Refer to the following Mozilla Foundation security advisories for further details: MFSA 2011-36 (http://www.mozilla.org/security/announce/2011/mfsa2011-36.html), MFSA 2011-37 (http://www.mozilla.org/security/announce/2011/mfsa2011-37.html), MFSA2011-38 (http://www.mozilla.org/security/announce/2011/mfsa2011-38.html), MFSA2011-39 (http://www.mozilla.org/security/announce/2011/mfsa2011-39.html), MFSA2011-40 (http://www.mozilla.org/security/announce/2011/mfsa2011-40.html), MFSA2011-41 (http://www.mozilla.org/security/announce/2011/mfsa2011-41.html), MFSA2011-42 (http://www.mozilla.org/security/announce/2011/mfsa2011-42.html), MFSA2011-43 (http://www.mozilla.org/security/announce/2011/mfsa2011-43.html), MFSA2011-44 (http://www.mozilla.org/security/announce/2011/mfsa2011-44.html), MFSA2011-45 (http://www.mozilla.org/security/announce/2011/mfsa2011-45.html)

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: C:\Program Files\Mozilla Firefox\firefox.exe Version is 2.0.0.4

4 Wireshark Multiple Vulnerabilities (wnpa-sec-2011-13, wnpa-sec-2011-14, wnpa-sec-2011-15, wnpa-s CVSS: - Active ec-2011-16)

QID: 119482 CVSS Base: 2.6 Category: Local CVSS Temporal: 2 CVE ID: CVE-2011-3266 Vendor Reference: wnpa-sec-2011-13, wnpa-sec-2011-14, wnpa-sec-2011-15, wnpa-sec-2011-16 Bugtraq ID: - Service Modified: 09/09/2011 User Modified: - Edited: No PCI Vuln: No

10.10.10.220 Confirmed 4/5/Patchable page 95 First Detected: 08/13/2011 at 07:43:08 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 21 CVSS Environment: Asset Group: - Collateral Damage Potential: - Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: Update to Version 1.6.2 or 1.4.9 to resolve this issue. The latest version is available for download from Wireshark Web site (http://www.wireshark.org/download.html).

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: C:\Program Files\Wireshark\\wireshark.exe Version is 0.99.3.0

4 Microsoft WINS Elevation of Privilege Vulnerability (MS08-034) CVSS: - Active QID: 90439 CVSS Base: 7.2 Category: Windows CVSS Temporal: 5.6 CVE ID: CVE-2008-1451 Vendor Reference: MS08-034 Bugtraq ID: - Service Modified: 01/13/2010 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Server Service Pack 4: http://www.microsoft.com/downloads/details.aspx?familyid=aa8aa79f-c2cc-440c-9e5c-089143e6f814 (http://www.microsoft.com/downloads/details.aspx?familyid=aa8aa79f-c2cc-440c-9e5c-089143e6f814) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=08fc90d5-23aa-4327-8aef-16bc5170769d (http://www.microsoft.com/downloads/details.aspx?familyid=08fc90d5-23aa-4327-8aef-16bc5170769d) Windows Server 2003 x64 Edition: http://www.microsoft.com/downloads/details.aspx?familyid=71675ae8-d60a-4834-b358-2d8e761e62fc (http://www.microsoft.com/downloads/details.aspx?familyid=71675ae8-d60a-4834-b358-2d8e761e62fc) Windows Server 2003 x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=71675ae8-d60a-4834-b358-2d8e761e62fc (http://www.microsoft.com/downloads/details.aspx?familyid=71675ae8-d60a-4834-b358-2d8e761e62fc) Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=87affdc9-d9fe-413c-af30-f3d3b671ec72 (http://www.microsoft.com/downloads/details.aspx?familyid=87affdc9-d9fe-413c-af30-f3d3b671ec72) Refer to Micrsoft Security Bulletin MS08-034 (http://www.microsoft.com/technet/security/bulletin/MS08-034.mspx) for further details.

EXPLOITABILITY: Core Security Reference: CVE-2008-1451

10.10.10.220 Confirmed 4/5/Patchable page 96 Description: Microsoft WINS Remote Exploit (MS08-034) - Core Security Category : Exploits/Remote

Immunity Reference: CVE-2008-1451 Description: Microsoft WINS Server Vulnerability - Immunity Ref : ms08_034 Link: http://qualys.immunityinc.com/home/exploitpack/CANVAS/ms08_034/qualys_user

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB2571621 is missing %windir%\system32\wins.exe Version is 5.2.3790.239 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB2524426\Filelist is missing %windir%\system32\wins.exe Version is 5.2.3790.239 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB969883 is missing %windir%\system32\wins.exe Version is 5.2.3790.239 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB961064 is missing %windir%\System32\wins.exe Version is 5.2.3790.239 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB948745 is missing %windir%\System32\wins.exe Version is 5.2.3790.239

4 Cumulative Security Update of ActiveX Kill Bits (MS08-032) CVSS: - Active

QID: 90441 CVSS Base: 7.6 Category: Windows CVSS Temporal: 5.6 CVE ID: CVE-2007-0675 Vendor Reference: MS08-032 Bugtraq ID: - Service Modified: 06/13/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4: http://www.microsoft.com/downloads/details.aspx?FamilyId=CEDFD988-232C-4CBA-AC65-BEB54B8946E0 (http://www.microsoft.com/downloads/details.aspx?FamilyId=CEDFD988-232C-4CBA-AC65-BEB54B8946E0) Windows XP Service Pack 2 : http://www.microsoft.com/downloads/details.aspx?FamilyId=2D8957C2-E473-4DCA-8D68-19FDAEA36E26 (http://www.microsoft.com/downloads/details.aspx?FamilyId=2D8957C2-E473-4DCA-8D68-19FDAEA36E26) Windows XP Service Pack 3: http://www.microsoft.com/downloads/details.aspx?FamilyId=2D8957C2-E473-4DCA-8D68-19FDAEA36E26 (http://www.microsoft.com/downloads/details.aspx?FamilyId=2D8957C2-E473-4DCA-8D68-19FDAEA36E26) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyId=62874096-7D17-4116-9795-4756E2FB6DAE (http://www.microsoft.com/downloads/details.aspx?FamilyId=62874096-7D17-4116-9795-4756E2FB6DAE) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyId=DADEAD99-09CB-4F2B-850D-E98A627CB9F8 (http://www.microsoft.com/downloads/details.aspx?FamilyId=DADEAD99-09CB-4F2B-850D-E98A627CB9F8) Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyId=84F9B533-B0CB-46D1-B4A8-5C9469ABBD22 (http://www.microsoft.com/downloads/details.aspx?FamilyId=84F9B533-B0CB-46D1-B4A8-5C9469ABBD22) Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?FamilyId=AC35CE19-D761-4529-9F55-1E1B5B2447AD (http://www.microsoft.com/downloads/details.aspx?FamilyId=AC35CE19-D761-4529-9F55-1E1B5B2447AD) Windows Vista and Windows Vista Service Pack 1: http://www.microsoft.com/downloads/details.aspx?FamilyId=4AF6575E-B061-45A6-B3D8-ECB32D76B2D3 (http://www.microsoft.com/downloads/details.aspx?FamilyId=4AF6575E-B061-45A6-B3D8-ECB32D76B2D3)

10.10.10.220 Confirmed 4/5/Patchable page 97 Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1: http://www.microsoft.com/downloads/details.aspx?FamilyId=67576ACB-9CB6-4C76-9A72-DC5E5556B658 (http://www.microsoft.com/downloads/details.aspx?FamilyId=67576ACB-9CB6-4C76-9A72-DC5E5556B658) Windows Server 2008 for 32-bit Systems: http://www.microsoft.com/downloads/details.aspx?FamilyId=8A507FBA-8C93-4952-91E4-98E9E7AFFBD2 (http://www.microsoft.com/downloads/details.aspx?FamilyId=8A507FBA-8C93-4952-91E4-98E9E7AFFBD2) Windows Server 2008 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?FamilyId=1A11499D-A008-407F-9084-A5189FA27015 (http://www.microsoft.com/downloads/details.aspx?FamilyId=1A11499D-A008-407F-9084-A5189FA27015) Windows Server 2008 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?FamilyId=59B1689C-E723-4D87-973E-4BEAC107A6F7 (http://www.microsoft.com/downloads/details.aspx?FamilyId=59B1689C-E723-4D87-973E-4BEAC107A6F7) Refer to Micrsoft Security Bulletin MS08-032 (http://www.microsoft.com/technet/security/bulletin/MS08-032.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1002572: Windows Speech API Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{47206204-5eca-11d2-960f-00c04f8ee628} Compatibility Flags is missing. HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3bee4890-4fe9-4a37-8c1e-5e7e12791c1f} Compatibility Flags is missing.

4 Microsoft Outlook Web Access for Exchange Server Elevation of Privilege (MS08-039) CVSS: - Active QID: 90444 CVSS Base: 4.3 Category: Windows CVSS Temporal: 3.2 CVE ID: CVE-2008-2247, CVE-2008-2248 Vendor Reference: MS08-039 Bugtraq ID: 30130 Service Modified: 07/11/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Exchange Server 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=E099C1D1-5AF6-4D6C-B735-9599412B3131 (http://www.microsoft.com/downloads/details.aspx?familyid=E099C1D1-5AF6-4D6C-B735-9599412B3131) Microsoft Exchange Server 2007: http://www.microsoft.com/downloads/details.aspx?familyid=086A2A13-A1DE-4B1D-BD12-B148BFD2DAFA (http://www.microsoft.com/downloads/details.aspx?familyid=086A2A13-A1DE-4B1D-BD12-B148BFD2DAFA) Microsoft Exchange Server 2007 Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=63E7F26C-92A8-4264-882D-F96B348C96AB (http://www.microsoft.com/downloads/details.aspx?familyid=63E7F26C-92A8-4264-882D-F96B348C96AB) Refer to Micrsoft Security Bulletin MS08-039 (http://www.microsoft.com/technet/security/bulletin/MS08-039.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1002629: Microsoft Outlook Web Access For Exchange Server Cross Site Scripting Virtual Patch #1002632: Microsoft Outlook Web Access For Exchange Server HTML Validating Cross Site Scripting 10.10.10.220 Confirmed 4/5/Patchable page 98 EXPLOITABILITY: There is no exploitability information for this vulnerability.

4 Microsoft Windows Image Color Management System Could Allow Remote Code Execution (MS08-046) CVSS: - Active QID: 90450 CVSS Base: 9.3 Category: Windows CVSS Temporal: 7.3 CVE ID: CVE-2008-2245 Vendor Reference: MS08-046 Bugtraq ID: 30594 Service Modified: 08/13/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4: http://www.microsoft.com/downloads/details.aspx?familyid=db455d17-435f-46d7-b2dd-5babb5a1eeb3 (http://www.microsoft.com/downloads/details.aspx?familyid=db455d17-435f-46d7-b2dd-5babb5a1eeb3) Windows XP Service Pack 2 and Windows XP Service Pack 3: http://www.microsoft.com/downloads/details.aspx?familyid=d313f42c-f43f-48ea-82ef-3bc33077c7fa (http://www.microsoft.com/downloads/details.aspx?familyid=d313f42c-f43f-48ea-82ef-3bc33077c7fa) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=3150c6b8-f50b-4b84-a7ce-c8daf77c080c (http://www.microsoft.com/downloads/details.aspx?familyid=3150c6b8-f50b-4b84-a7ce-c8daf77c080c) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=828d8fdc-8534-4621-85a5-08aec255496f (http://www.microsoft.com/downloads/details.aspx?familyid=828d8fdc-8534-4621-85a5-08aec255496f) Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=0a13776f-d543-41df-b904-d51e368c81cc (http://www.microsoft.com/downloads/details.aspx?familyid=0a13776f-d543-41df-b904-d51e368c81cc) Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=9566493f-4260-4072-947a-527887d2cd63 (http://www.microsoft.com/downloads/details.aspx?familyid=9566493f-4260-4072-947a-527887d2cd63) Refer to Micrsoft Security Bulletin MS08-046 (http://www.microsoft.com/technet/security/bulletin/MS08-046.mspx) for further details.

EXPLOITABILITY: Core Security Reference: CVE-2008-2245 Description: Microsoft Windows Image Color Managment Exploit (MS08-046) - Core Security Category : Exploits/Client Side

The Exploit-DB Reference: CVE-2008-2245 Description: MS Windows InternalOpenColorProfile Heap Overflow PoC (MS08-046) - The Exploit-DB Ref : 6732 Link: http://www.exploit-db.com/exploits/6732

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB952954 is missing %windir%\System32\mscms.dll Version is 5.2.3790.359

10.10.10.220 Confirmed 4/5/Patchable page 99 4 Microsoft Ancillary Function Driver Elevation of Privileges Vulnerability (MS08-066) CVSS: - Active QID: 90462 CVSS Base: 7.2 Category: Windows CVSS Temporal: 5.6 CVE ID: CVE-2008-3464 Vendor Reference: MS08-066 Bugtraq ID: - Service Modified: 10/15/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Windows XP Service Pack 2 and Windows XP Service Pack 3: http://www.microsoft.com/downloads/details.aspx?familyid=b16d9dac-c430-4dd8-a1e5-9a614801f1d9 (http://www.microsoft.com/downloads/details.aspx?familyid=b16d9dac-c430-4dd8-a1e5-9a614801f1d9) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=5b607efc-c6fb-4079-8478-e4f3262386d3 (http://www.microsoft.com/downloads/details.aspx?familyid=5b607efc-c6fb-4079-8478-e4f3262386d3) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=ee88ff2d-1b12-4f4c-a081-9f27a6fba074 (http://www.microsoft.com/downloads/details.aspx?familyid=ee88ff2d-1b12-4f4c-a081-9f27a6fba074) Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=ab4d94d3-458c-4946-ab7f-03a279629d25 (http://www.microsoft.com/downloads/details.aspx?familyid=ab4d94d3-458c-4946-ab7f-03a279629d25) Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=63234f85-6e5d-4ef6-b7cf-d1d2c78a5517 (http://www.microsoft.com/downloads/details.aspx?familyid=63234f85-6e5d-4ef6-b7cf-d1d2c78a5517) Refer to Micrsoft Security Bulletin MS08-066 (http://www.microsoft.com/technet/security/bulletin/MS08-066.mspx) for further details.

EXPLOITABILITY: Core Security Reference: CVE-2008-3464 Description: Microsoft Windows AFD Driver Local Privilege Escalation Exploit (MS08-0566) - Core Security Category : Exploits/Local

Immunity - Dsquare Reference: CVE-2008-3464 Description: Microsoft Windows AFD Driver Local Privilege Escalation - Immunity - Dsquare Ref : d2sec_ms08_066 Link: http://qualys.immunityinc.com/home/exploitpack/D2ExploitPack/d2sec_ms08_066/qualys_user

The Exploit-DB Reference: CVE-2008-3464 Description: MS Windows XP/2003 AFD.sys Privilege Escalation Exploit (K-plugin) - The Exploit-DB Ref : 6757 Link: http://www.exploit-db.com/exploits/6757

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB956803 is missing %windir%\System32\drivers\afd.sys Version is 5.2.3790.0

4 Windows Kernel Elevation of Privileges Vulnerability (MS08-061) CVSS: - Active QID: 90463 CVSS Base: 7.2 Category: Windows CVSS Temporal: 5.6 CVE ID: CVE-2008-2250, CVE-2008-2251, CVE-2008-2252

10.10.10.220 Confirmed 4/5/Patchable page 100 Vendor Reference: MS08-061 Bugtraq ID: - Service Modified: 07/14/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4: http://www.microsoft.com/downloads/details.aspx?familyid=3a6165a6-d7e7-4526-9291-290caf0639b4 (http://www.microsoft.com/downloads/details.aspx?familyid=3a6165a6-d7e7-4526-9291-290caf0639b4) Windows XP Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=7718bf14-c26c-43f3-be67-4c79ab5b2607 (http://www.microsoft.com/downloads/details.aspx?familyid=7718bf14-c26c-43f3-be67-4c79ab5b2607) Windows XP Service Pack 3: http://www.microsoft.com/downloads/details.aspx?familyid=7718bf14-c26c-43f3-be67-4c79ab5b2607 (http://www.microsoft.com/downloads/details.aspx?familyid=7718bf14-c26c-43f3-be67-4c79ab5b2607) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=b06d3a02-b6e4-4d40-913a-3759a31f20f3 (http://www.microsoft.com/downloads/details.aspx?familyid=b06d3a02-b6e4-4d40-913a-3759a31f20f3) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=6e696762-d652-4a8f-ab8f-622f9746c320 (http://www.microsoft.com/downloads/details.aspx?familyid=6e696762-d652-4a8f-ab8f-622f9746c320) Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=57ca28ea-e5e1-4191-a3d6-84aa90a3d668 (http://www.microsoft.com/downloads/details.aspx?familyid=57ca28ea-e5e1-4191-a3d6-84aa90a3d668) Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=1e6c3f81-85bb-48e6-a5af-635a7e540c93 (http://www.microsoft.com/downloads/details.aspx?familyid=1e6c3f81-85bb-48e6-a5af-635a7e540c93) Windows Vista and Windows Vista Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=3483b400-cedc-441f-ba8e-594e3df89190 (http://www.microsoft.com/downloads/details.aspx?familyid=3483b400-cedc-441f-ba8e-594e3df89190) Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=905ab030-14a5-4a3d-aa11-e8f957f6a1ea (http://www.microsoft.com/downloads/details.aspx?familyid=905ab030-14a5-4a3d-aa11-e8f957f6a1ea) Windows Server 2008 for 32-bit Systems: http://www.microsoft.com/downloads/details.aspx?familyid=8b97114a-71aa-47a2-b9e7-f4e158c18c80 (http://www.microsoft.com/downloads/details.aspx?familyid=8b97114a-71aa-47a2-b9e7-f4e158c18c80) Windows Server 2008 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=6e641db2-90c8-458f-9795-3e46b70a5203 (http://www.microsoft.com/downloads/details.aspx?familyid=6e641db2-90c8-458f-9795-3e46b70a5203) Windows Server 2008 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=b6546e1c-bf7b-4354-8574-6c16fa707de0 (http://www.microsoft.com/downloads/details.aspx?familyid=b6546e1c-bf7b-4354-8574-6c16fa707de0) Refer to Microsoft Security Bulletin MS08-061 (http://www.microsoft.com/technet/security/bulletin/MS08-061.mspx) for further details.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

10.10.10.220 Confirmed 4/5/Patchable page 101 %windir%\System32\Win32k.sys Version is 5.2.3790.651 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB968537 is missing %windir%\System32\Win32k.sys Version is 5.2.3790.651 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB958690 is missing %windir%\System32\Win32k.sys Version is 5.2.3790.651 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB954211 is missing %windir%\System32\Win32k.sys Version is 5.2.3790.651

4 Microsoft SMB Remote Code Execution Vulnerability (MS08-063) CVSS: - Active QID: 90458 CVSS Base: 10 Category: Windows CVSS Temporal: 7.8 CVE ID: CVE-2008-4038 Vendor Reference: MS08-063 Bugtraq ID: - Service Modified: 10/16/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4: http://www.microsoft.com/downloads/details.aspx?familyid=9ED29C3A-0682-4586-BBC2-A73DEAA18E4C (http://www.microsoft.com/downloads/details.aspx?familyid=9ED29C3A-0682-4586-BBC2-A73DEAA18E4C) Windows XP Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=2F7E5981-6EEF-4F08-86C0-C6A7607EA5D0 (http://www.microsoft.com/downloads/details.aspx?familyid=2F7E5981-6EEF-4F08-86C0-C6A7607EA5D0) Windows XP Service Pack 3: http://www.microsoft.com/downloads/details.aspx?familyid=2F7E5981-6EEF-4F08-86C0-C6A7607EA5D0 (http://www.microsoft.com/downloads/details.aspx?familyid=2F7E5981-6EEF-4F08-86C0-C6A7607EA5D0) Windows XP Professional x64 Edition: http://www.microsoft.com/downloads/details.aspx?familyid=4E1675EB-6B06-48E9-9765-23A2C7737BDC (http://www.microsoft.com/downloads/details.aspx?familyid=4E1675EB-6B06-48E9-9765-23A2C7737BDC) Windows XP Professional x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=4E1675EB-6B06-48E9-9765-23A2C7737BDC (http://www.microsoft.com/downloads/details.aspx?familyid=4E1675EB-6B06-48E9-9765-23A2C7737BDC) Windows Server 2003 Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=DBBEBB3F-F1C7-402C-BD16-6F88DA0D042C (http://www.microsoft.com/downloads/details.aspx?familyid=DBBEBB3F-F1C7-402C-BD16-6F88DA0D042C) Windows Server 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=DBBEBB3F-F1C7-402C-BD16-6F88DA0D042C (http://www.microsoft.com/downloads/details.aspx?familyid=DBBEBB3F-F1C7-402C-BD16-6F88DA0D042C) Windows Server 2003 x64 Edition: http://www.microsoft.com/downloads/details.aspx?familyid=989AC6F1-515C-467D-A200-2AABE66D9319 (http://www.microsoft.com/downloads/details.aspx?familyid=989AC6F1-515C-467D-A200-2AABE66D9319) Windows Server 2003 x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=989AC6F1-515C-467D-A200-2AABE66D9319 (http://www.microsoft.com/downloads/details.aspx?familyid=989AC6F1-515C-467D-A200-2AABE66D9319) Windows Server 2003 with SP1 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=91589CFB-15BA-4DD2-9E3B-107899FBCBA6 (http://www.microsoft.com/downloads/details.aspx?familyid=91589CFB-15BA-4DD2-9E3B-107899FBCBA6) Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=91589CFB-15BA-4DD2-9E3B-107899FBCBA6 (http://www.microsoft.com/downloads/details.aspx?familyid=91589CFB-15BA-4DD2-9E3B-107899FBCBA6) Windows Vista and Windows Vista Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=72DD6015-25D1-45F4-A769-88AC43074B44 (http://www.microsoft.com/downloads/details.aspx?familyid=72DD6015-25D1-45F4-A769-88AC43074B44) For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS08-063 (http://www.microsoft.com/technet/security/bulletin/MS08-063.mspx).

Virtual Patches: 10.10.10.220 Confirmed 4/5/Patchable page 102 Trend Micro Virtual Patching Virtual Patch #1002931: Microsoft Windows SMB Buffer Underflow Vulnerability

EXPLOITABILITY: Core Security Reference: CVE-2008-4038 Description: Microsoft Windows SMB Buffer Underflow Exploit (MS08-063) - Core Security Category : Exploits/Remote

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB957095 is missing %windir%\System32\drivers\srv.sys Version is 5.2.3790.588

4 Microsoft Virtual Address Descriptor Manipulation Could Allow Elevation of Privileges (MS08-064) CVSS: - Active QID: 90459 CVSS Base: 7.2 Category: Windows CVSS Temporal: 5.3 CVE ID: CVE-2008-4036 Vendor Reference: MS08-064 Bugtraq ID: - Service Modified: 10/13/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Windows XP Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=25997b73-a640-49c1-b19e-768a18bbe22c (http://www.microsoft.com/downloads/details.aspx?familyid=25997b73-a640-49c1-b19e-768a18bbe22c) Windows XP Service Pack 3: http://www.microsoft.com/downloads/details.aspx?familyid=25997b73-a640-49c1-b19e-768a18bbe22c (http://www.microsoft.com/downloads/details.aspx?familyid=25997b73-a640-49c1-b19e-768a18bbe22c) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=50fae854-0bde-46f8-9444-b9e0d9bfecad (http://www.microsoft.com/downloads/details.aspx?familyid=50fae854-0bde-46f8-9444-b9e0d9bfecad) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=e8ef3d5f-dd8e-4945-92cd-9d3e30b16667 (http://www.microsoft.com/downloads/details.aspx?familyid=e8ef3d5f-dd8e-4945-92cd-9d3e30b16667) Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=c2e754f9-086a-494c-bc19-5feed7df8b65 (http://www.microsoft.com/downloads/details.aspx?familyid=c2e754f9-086a-494c-bc19-5feed7df8b65) Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=5a3832ec-3f8f-42c1-a603-b1330d527547 (http://www.microsoft.com/downloads/details.aspx?familyid=5a3832ec-3f8f-42c1-a603-b1330d527547) Windows Vista: http://www.microsoft.com/downloads/details.aspx?familyid=b4212db5-093e-497d-b999-2e3780f9f7c2 (http://www.microsoft.com/downloads/details.aspx?familyid=b4212db5-093e-497d-b999-2e3780f9f7c2) Windows Vista Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=b4212db5-093e-497d-b999-2e3780f9f7c2 (http://www.microsoft.com/downloads/details.aspx?familyid=b4212db5-093e-497d-b999-2e3780f9f7c2) Windows Vista x64 Edition: http://www.microsoft.com/downloads/details.aspx?familyid=c20808cb-c30a-4b53-91e5-810eb6b4b2e3 (http://www.microsoft.com/downloads/details.aspx?familyid=c20808cb-c30a-4b53-91e5-810eb6b4b2e3) Windows Vista x64 Edition Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=c20808cb-c30a-4b53-91e5-810eb6b4b2e3

10.10.10.220 Confirmed 4/5/Patchable page 103 (http://www.microsoft.com/downloads/details.aspx?familyid=c20808cb-c30a-4b53-91e5-810eb6b4b2e3) Windows Server 2008 for 32-bit Systems: http://www.microsoft.com/downloads/details.aspx?familyid=ec9eeb82-0497-4c55-94bb-9a47cb3521b4 (http://www.microsoft.com/downloads/details.aspx?familyid=ec9eeb82-0497-4c55-94bb-9a47cb3521b4) Windows Server 2008 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=0bc178b8-f8ae-4f41-8f88-fb6a75be1bca (http://www.microsoft.com/downloads/details.aspx?familyid=0bc178b8-f8ae-4f41-8f88-fb6a75be1bca) For a complete list of patch download links, please refer to Microsoft Security Bulletin MS08-064 (http://www.microsoft.com/technet/security/bulletin/MS08-064.mspx).

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB977165 is missing %windir%\system32\Ntoskrnl.exe Version is 5.2.3790.652 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB971486 is missing %windir%\system32\ntoskrnl.exe Version is 5.2.3790.652 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB956841\Filelist is missing %windir%\system32\Ntoskrnl.exe Version is 5.2.3790.652

4 Microsoft SMB Could Allow Remote Code Execution (MS08-068) CVSS: - Active

QID: 90467 CVSS Base: 9.3 Category: Windows CVSS Temporal: 7.3 CVE ID: CVE-2008-4037 Vendor Reference: MS08-068 Bugtraq ID: - Service Modified: 02/12/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4: http://www.microsoft.com/downloads/details.aspx?familyid=44c971e6-96fc-4bba-8f4a-f9d46bda2b6c (http://www.microsoft.com/downloads/details.aspx?familyid=44c971e6-96fc-4bba-8f4a-f9d46bda2b6c) Windows XP Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=6f8ae0aa-fd68-4156-9016-bba00149793c (http://www.microsoft.com/downloads/details.aspx?familyid=6f8ae0aa-fd68-4156-9016-bba00149793c) Windows XP Service Pack 3: http://www.microsoft.com/downloads/details.aspx?familyid=6f8ae0aa-fd68-4156-9016-bba00149793c (http://www.microsoft.com/downloads/details.aspx?familyid=6f8ae0aa-fd68-4156-9016-bba00149793c) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=9501b33b-d639-43e7-ad5a-9e76ed66effd (http://www.microsoft.com/downloads/details.aspx?familyid=9501b33b-d639-43e7-ad5a-9e76ed66effd) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=57a0606d-ea7a-4e5b-8b8b-7b77a444ef75 (http://www.microsoft.com/downloads/details.aspx?familyid=57a0606d-ea7a-4e5b-8b8b-7b77a444ef75) Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=915e001f-9aa0-4fb0-9c2a-0f0c72b4f056 (http://www.microsoft.com/downloads/details.aspx?familyid=915e001f-9aa0-4fb0-9c2a-0f0c72b4f056) Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=6abf7ba9-825f-4ee2-a2fe-6b1cd9fab622 (http://www.microsoft.com/downloads/details.aspx?familyid=6abf7ba9-825f-4ee2-a2fe-6b1cd9fab622) Windows Vista and Windows Vista Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=5612815f-8685-45d2-af4a-164c298a0869 (http://www.microsoft.com/downloads/details.aspx?familyid=5612815f-8685-45d2-af4a-164c298a0869)

10.10.10.220 Confirmed 4/5/Patchable page 104 Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=727ce9b6-827f-4350-b4ff-c08e8ac541a6 (http://www.microsoft.com/downloads/details.aspx?familyid=727ce9b6-827f-4350-b4ff-c08e8ac541a6) Windows Server 2008 for 32-bit Systems: http://www.microsoft.com/downloads/details.aspx?familyid=b305e894-61ec-46b4-91ee-4c9ac59bc47e (http://www.microsoft.com/downloads/details.aspx?familyid=b305e894-61ec-46b4-91ee-4c9ac59bc47e) Windows Server 2008 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=e8d26dfd-b347-4f10-b5b6-27dfff5e4f47 (http://www.microsoft.com/downloads/details.aspx?familyid=e8d26dfd-b347-4f10-b5b6-27dfff5e4f47) Windows Server 2008 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=d565467d-e10f-4ddc-a278-3f81a3798686 (http://www.microsoft.com/downloads/details.aspx?familyid=d565467d-e10f-4ddc-a278-3f81a3798686) Refer to Micrsoft Security Bulletin MS08-068 (http://www.microsoft.com/technet/security/bulletin/MS08-068.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003014: SMB Credential Reflection Vulnerability Virtual Patch #1003015: Microsoft SMB Credential Reflection Vulnerability

EXPLOITABILITY: Core Security Reference: CVE-2008-4037 Description: Microsoft Windows SMB Credential Reflection Exploit (MS08-068) - Core Security Category : Exploits/Client Side

Metasploit Reference: CVE-2008-4037 Description: Microsoft Windows SMB Relay Code Execution - Metasploit Ref : /modules/exploit/windows/smb/smb_relay Link: http://www.metasploit.com/modules/exploit/windows/smb/smb_relay

The Exploit-DB Reference: CVE-2008-4037 Description: MS Windows SMB Authentication Remote Exploit - The Exploit-DB Ref : 20 Link: http://www.exploit-db.com/exploits/20

Reference: CVE-2008-4037 Description: SmbRelay3 NTLM Replay Attack Tool/Exploit (MS08-068) - The Exploit-DB Ref : 7125 Link: http://www.exploit-db.com/exploits/7125

Reference: CVE-2008-4037 Description: Microsoft Windows SMB Relay Code Execution - The Exploit-DB Ref : 16360 Link: http://www.exploit-db.com/exploits/16360

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB980232 is missing %windir%\System32\drivers\mrxsmb.sys Version is 5.2.3790.252 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB978251 is missing %windir%\System32\drivers\srv.sys Version is 5.2.3790.588 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB957097 is missing %windir%\system32\drivers\mrxsmb.sys Version is 5.2.3790.252

4 Microsoft Windows GDI+ Remote Code Execution Vulnerability (MS08-071) CVSS: - Active QID: 90469 CVSS Base: 9.3 Category: Windows CVSS Temporal: 7.3 CVE ID: CVE-2008-3465, CVE-2008-2249 Vendor Reference: MS08-071 Bugtraq ID: - Service Modified: 12/10/2008 User Modified: - Edited: No PCI Vuln: Yes

First Detected: 07/27/2011 at 19:27:53 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 25 CVSS Environment:

10.10.10.220 Confirmed 4/5/Patchable page 105 Asset Group: - Collateral Damage Potential: - Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4: http://www.microsoft.com/downloads/details.aspx?familyid=3B775FB1-1077-455D-AF4A-4CCB5237974F (http://www.microsoft.com/downloads/details.aspx?familyid=3B775FB1-1077-455D-AF4A-4CCB5237974F) Windows XP Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=2151FBBA-C464-4D1E-82D4-5B096E82BED0 (http://www.microsoft.com/downloads/details.aspx?familyid=2151FBBA-C464-4D1E-82D4-5B096E82BED0) Windows XP Service Pack 3: http://www.microsoft.com/downloads/details.aspx?familyid=2151FBBA-C464-4D1E-82D4-5B096E82BED0 (http://www.microsoft.com/downloads/details.aspx?familyid=2151FBBA-C464-4D1E-82D4-5B096E82BED0) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=2247F6A5-AA33-4C68-9EA8-A63488D126D3 (http://www.microsoft.com/downloads/details.aspx?familyid=2247F6A5-AA33-4C68-9EA8-A63488D126D3) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=0C396796-0929-4CD2-99E8-3C0F7075A89E (http://www.microsoft.com/downloads/details.aspx?familyid=0C396796-0929-4CD2-99E8-3C0F7075A89E) Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=6D5C7D2F-1A82-4CDF-B3F2-B2C2390C6A64 (http://www.microsoft.com/downloads/details.aspx?familyid=6D5C7D2F-1A82-4CDF-B3F2-B2C2390C6A64) Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=1EDB62B4-3D0F-4891-B4B3-8F8BC4E7BDFE (http://www.microsoft.com/downloads/details.aspx?familyid=1EDB62B4-3D0F-4891-B4B3-8F8BC4E7BDFE) Windows Vista and Windows Vista Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=CDDF9CF6-BDEB-4429-823A-879387A428D7 (http://www.microsoft.com/downloads/details.aspx?familyid=CDDF9CF6-BDEB-4429-823A-879387A428D7) Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=73DC3775-B6F0-40F1-BD36-6B5FB80EB2FA (http://www.microsoft.com/downloads/details.aspx?familyid=73DC3775-B6F0-40F1-BD36-6B5FB80EB2FA) Windows Server 2008 for 32-bit Systems: http://www.microsoft.com/downloads/details.aspx?familyid=BBED9E8B-E75E-44EF-BA1D-FD6F852C1F67 (http://www.microsoft.com/downloads/details.aspx?familyid=BBED9E8B-E75E-44EF-BA1D-FD6F852C1F67) Windows Server 2008 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=48AECF4C-1296-490D-BA37-A28E3EC19BD6 (http://www.microsoft.com/downloads/details.aspx?familyid=48AECF4C-1296-490D-BA37-A28E3EC19BD6) Windows Server 2008 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=9BFE15CD-02FF-45CF-85C8-5FF1E6C1A871 (http://www.microsoft.com/downloads/details.aspx?familyid=9BFE15CD-02FF-45CF-85C8-5FF1E6C1A871) Refer to Micrsoft Security Bulletin MS08-071 (http://www.microsoft.com/technet/security/bulletin/MS08-071.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003114: GDI Integer Overflow Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB956802 is missing %windir%\system32\gdi32.dll Version is 5.2.3790.651

4 Microsoft Windows Media Components Remote Code Execution Vulnerability (MS08-076) CVSS: - Active QID: 90470 CVSS Base: 10 Category: Windows CVSS Temporal: 7.4 CVE ID: CVE-2008-3009, CVE-2008-3010 Vendor Reference: MS08-076 Bugtraq ID: -

10.10.10.220 Confirmed 4/5/Patchable page 106 Service Modified: 12/10/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Server Service Pack 4 (Windows Media Player 6.4):http://www.microsoft.com/downloads/details.aspx?FamilyId=C33D558E-45F9-4E85-B48C-03BD0E8CB4BC (http://www.microsoft.com/downloads/details.aspx?FamilyId=C33D558E-45F9-4E85-B48C-03BD0E8CB4BC) Windows XP Service Pack 2 and Windows XP Service Pack 3 (Windows Media Player 6.4):http://www.microsoft.com/downloads/details.aspx?FamilyId=99241309-E644-4088-A8F3-38837FAB4037 (http://www.microsoft.com/downloads/details.aspx?FamilyId=99241309-E644-4088-A8F3-38837FAB4037) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Windows Media Player 6.4):http://www.microsoft.com/downloads/details.aspx?FamilyId=946D47C9-B208-4FAB-8EF6-774413D61BC8 (http://www.microsoft.com/downloads/details.aspx?FamilyId=946D47C9-B208-4FAB-8EF6-774413D61BC8) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Windows Media Player 6.4):http://www.microsoft.com/downloads/details.aspx?FamilyId=2315CE20-2F46-42C2-BB40-045F003409D7 (http://www.microsoft.com/downloads/details.aspx?FamilyId=2315CE20-2F46-42C2-BB40-045F003409D7) Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (Windows Media Player 6.4):http://www.microsoft.com/downloads/details.aspx?FamilyId=4C29BED9-1B88-4D2F-80A5-305C2BEDD89F (http://www.microsoft.com/downloads/details.aspx?FamilyId=4C29BED9-1B88-4D2F-80A5-305C2BEDD89F) Microsoft Windows 2000 Service Pack 4 (Windows Media Format Runtime 7.1 and Windows Media Format Runtime 9.0):http://www.microsoft.com/downloads/details.aspx?FamilyId=6A459497-0AB8-41CB-87D0-B551631D8D8A (http://www.microsoft.com/downloads/details.aspx?FamilyId=6A459497-0AB8-41CB-87D0-B551631D8D8A) Windows XP Service Pack 2 (Windows Media Format Runtime 9.0, Windows Media Format Runtime 9.5, and Windows Media Format Runtime 11):http://www.microsoft.com/downloads/details.aspx?FamilyId=504F816C-F554-4B93-AC28-B085574D9BAC (http://www.microsoft.com/downloads/details.aspx?FamilyId=504F816C-F554-4B93-AC28-B085574D9BAC) Windows XP Service Pack 3 (Windows Media Format Runtime 9.0, Windows Media Format Runtime 9.5, and Windows Media Format Runtime 11):http://www.microsoft.com/downloads/details.aspx?FamilyId=AD76FCF3-A2F9-4E36-BD1B-C1536749173C (http://www.microsoft.com/downloads/details.aspx?FamilyId=AD76FCF3-A2F9-4E36-BD1B-C1536749173C) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Windows Media Format Runtime 9.5):http://www.microsoft.com/downloads/details.aspx?FamilyId=644EF023-EE40-45B0-9C9D-C76D9FAB0005 (http://www.microsoft.com/downloads/details.aspx?FamilyId=644EF023-EE40-45B0-9C9D-C76D9FAB0005) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Windows Media Format Runtime 9.5 x64 Edition):http://www.microsoft.com/downloads/details.aspx?FamilyId=AE9E8B07-5354-42F3-A226-BA2193244524 (http://www.microsoft.com/downloads/details.aspx?FamilyId=AE9E8B07-5354-42F3-A226-BA2193244524) For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS08-076 (http://www.microsoft.com/technet/security/bulletin/MS08-076.mspx).

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB952069 is missing %windir%\System32\wmvcore.dll Version is 9.0.0.3265 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB972554\Filelist is missing %windir%\system32\windows media\server\wmsserver.dll Version is 9.0.0.3372 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB952068 is missing %windir%\System32\windows media\server\wmsserver.dll Version is 9.0.0.3372

4 Microsoft SQL Server Remote Memory Corruption Vulnerability (MS09-004) CVSS: - Active QID: 90475 CVSS Base: 9 Category: Windows CVSS Temporal: 7.4 CVE ID: CVE-2008-5416 Vendor Reference: MS09-004 Bugtraq ID: -

10.10.10.220 Confirmed 4/5/Patchable page 107 Service Modified: 01/20/2010 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Workaround: Deny permissions on the "sp_replwritetovarbin" extended stored procedure.

Patch: Following are links for downloading patches to fix the vulnerabilities:

(GDR Software Update) SQL Server 2000 Service Pack 4: http://www.microsoft.com/downloads/details.aspx?familyid=d5bb816a-6e1a-47cb-92be-51c565ee184c (http://www.microsoft.com/downloads/details.aspx?familyid=d5bb816a-6e1a-47cb-92be-51c565ee184c)

(QFE Software Update) SQL Server 2000 Service Pack 4: http://www.microsoft.com/downloads/details.aspx?familyid=a93f3cfe-18c9-4218-a551-13bf415e418a (http://www.microsoft.com/downloads/details.aspx?familyid=a93f3cfe-18c9-4218-a551-13bf415e418a)

(GDR Software Update) SQL Server 2000 Itanium-based Edition Service Pack 4: http://www.microsoft.com/downloads/details.aspx?familyid=d5bb816a-6e1a-47cb-92be-51c565ee184c (http://www.microsoft.com/downloads/details.aspx?familyid=d5bb816a-6e1a-47cb-92be-51c565ee184c)

(QFE Software Update) SQL Server 2000 Itanium-based Edition Service Pack 4: http://www.microsoft.com/downloads/details.aspx?familyid=a93f3cfe-18c9-4218-a551-13bf415e418a (http://www.microsoft.com/downloads/details.aspx?familyid=a93f3cfe-18c9-4218-a551-13bf415e418a)

(GDR Software Update) SQL Server 2005 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=5dfb7998-0316-40e5-9fc5-7a1afc18e15e (http://www.microsoft.com/downloads/details.aspx?familyid=5dfb7998-0316-40e5-9fc5-7a1afc18e15e)

(QFE Software Update) SQL Server 2005 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=aa2b82ca-e94e-4491-8639-f0749b1a0f3a (http://www.microsoft.com/downloads/details.aspx?familyid=aa2b82ca-e94e-4491-8639-f0749b1a0f3a)

(GDR Software Update) SQL Server 2005 x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=5dfb7998-0316-40e5-9fc5-7a1afc18e15e (http://www.microsoft.com/downloads/details.aspx?familyid=5dfb7998-0316-40e5-9fc5-7a1afc18e15e)

(QFE Software Update) SQL Server 2005 x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=aa2b82ca-e94e-4491-8639-f0749b1a0f3a (http://www.microsoft.com/downloads/details.aspx?familyid=aa2b82ca-e94e-4491-8639-f0749b1a0f3a)

(GDR Software Update) SQL Server 2005 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=5dfb7998-0316-40e5-9fc5-7a1afc18e15e (http://www.microsoft.com/downloads/details.aspx?familyid=5dfb7998-0316-40e5-9fc5-7a1afc18e15e)

(QFE Software Update) SQL Server 2005 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=aa2b82ca-e94e-4491-8639-f0749b1a0f3a (http://www.microsoft.com/downloads/details.aspx?familyid=aa2b82ca-e94e-4491-8639-f0749b1a0f3a)

10.10.10.220 Confirmed 4/5/Patchable page 108 (GDR Software Update) Microsoft SQL Server 2000 Desktop Engine : http://www.microsoft.com/downloads/details.aspx?familyid=d5bb816a-6e1a-47cb-92be-51c565ee184c (http://www.microsoft.com/downloads/details.aspx?familyid=d5bb816a-6e1a-47cb-92be-51c565ee184c)

(QFE Software Update) Microsoft SQL Server 2000 Desktop Engine : http://www.microsoft.com/downloads/details.aspx?familyid=a93f3cfe-18c9-4218-a551-13bf415e418a (http://www.microsoft.com/downloads/details.aspx?familyid=a93f3cfe-18c9-4218-a551-13bf415e418a)

For a complete list of patch download links, refer to Microsoft Security Bulletin MS09-004 (http://www.microsoft.com/technet/security/bulletin/MS09-004.mspx).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003135: Microsoft SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability

EXPLOITABILITY: Core Security Reference: CVE-2008-5416 Description: Microsoft SQL Server sp_replwritetovarbin Remote Heap Overflow Exploit - Core Security Category : Agents

Immunity Reference: CVE-2008-5416 Description: replwritetovarbin stored procedure overflow. - Immunity Ref : mssql_replwritetovarbin Link: http://qualys.immunityinc.com/home/exploitpack/CANVAS/mssql_replwritetovarbin/qualys_user

Metasploit Reference: CVE-2008-5416 Description: Microsoft SQL Server sp_replwritetovarbin Memory Corruption - Metasploit Ref : /modules/exploit/windows/mssql/ms09_004_sp_replwritetovarbin Link: http://www.metasploit.com/modules/exploit/windows/mssql/ms09_004_sp_replwritetovarbin

Reference: CVE-2008-5416 Description: Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection - Metasploit Ref : /modules/exploit/windows/mssql/ms09_004_sp_replwritetovarbin_sqli Link: http://www.metasploit.com/modules/exploit/windows/mssql/ms09_004_sp_replwritetovarbin_sqli

The Exploit-DB Reference: CVE-2008-5416 Description: Microsoft SQL Server sp_replwritetovarbin() Heap Overflow Exploit - The Exploit-DB Ref : 7501 Link: http://www.exploit-db.com/exploits/7501

Reference: CVE-2008-5416 Description: Microsoft SQL Server sp_replwritetovarbin Memory Corruption - The Exploit-DB Ref : 16392 Link: http://www.exploit-db.com/exploits/16392

Reference: CVE-2008-5416 Description: Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection - The Exploit-DB Ref : 16396 Link: http://www.exploit-db.com/exploits/16396

4 Microsoft Exchange Could Allow Remote Code Execution (MS09-003) CVSS: - Active QID: 90478 CVSS Base: 9.3 Category: Windows CVSS Temporal: 6.9 CVE ID: CVE-2009-0099, CVE-2009-0098 Vendor Reference: MS09-003 Bugtraq ID: - Service Modified: 07/09/2009

10.10.10.220 Confirmed 4/5/Patchable page 109 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Workaround: CVE-2009-0098: The "application/ms-tnef" MIME content type should be blocked to help protect against attempts to exploit this vulnerability through SMTP email.

Impact of workaround: Email messages that are formatted as RTF will not be received correctly if TNEF attachments are blocked.

Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Exchange 2000 Server Service Pack 3 with the Update Rollup of August 2004: http://www.microsoft.com/downloads/details.aspx?familyid=805dc856-ea60-477d-be40-6ac535a7e7e5 (http://www.microsoft.com/downloads/details.aspx?familyid=805dc856-ea60-477d-be40-6ac535a7e7e5)

Microsoft Exchange Server 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=1d9f0956-88bd-4e13-a86b-b1c8d4782f71 (http://www.microsoft.com/downloads/details.aspx?familyid=1d9f0956-88bd-4e13-a86b-b1c8d4782f71)

Microsoft Exchange Server 2007 Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=93cb3f66-ae72-4356-bdbf-35029cff6df1 (http://www.microsoft.com/downloads/details.aspx?familyid=93cb3f66-ae72-4356-bdbf-35029cff6df1)

Refer to Microsoft Security Bulletin MS09-003 (http://www.microsoft.com/technet/security/bulletin/MS09-003.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003270: Literal Processing Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

4 Windows Schannel Security Package Could Allow Spoofing Vulnerability (MS09-007) CVSS: - Active QID: 116281 CVSS Base: 7.1 Category: Local CVSS Temporal: 5.3 CVE ID: CVE-2009-0085 Vendor Reference: MS09-007 Bugtraq ID: - Service Modified: 07/30/2009 User Modified: -

10.10.10.220 Confirmed 4/5/Patchable page 110 Edited: No PCI Vuln: Yes

SOLUTION: Workaround: - Implement Active Directory certificate mapping which enables a user with a trusted public key to access domain resources without typing a user name and a password. A client certificate can be directly mapped to an Active Directory user account.

Impact of the workaround: Implementing the workaround will not fix the vulnerability, but will help in blocking attack vectors until the update is applied.

Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4: http://www.microsoft.com/downloads/details.aspx?familyid=bf7065bc-c183-4a78-8d46-72fe7385c07c (http://www.microsoft.com/downloads/details.aspx?familyid=bf7065bc-c183-4a78-8d46-72fe7385c07c)

Windows XP Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=942d87f6-3cb1-4d36-a70a-70d9c34488f3 (http://www.microsoft.com/downloads/details.aspx?familyid=942d87f6-3cb1-4d36-a70a-70d9c34488f3)

Windows XP Service Pack 3: http://www.microsoft.com/downloads/details.aspx?familyid=942d87f6-3cb1-4d36-a70a-70d9c34488f3 (http://www.microsoft.com/downloads/details.aspx?familyid=942d87f6-3cb1-4d36-a70a-70d9c34488f3)

Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=6d02306e-9e2e-4ae8-bd21-8a2c1a229472 (http://www.microsoft.com/downloads/details.aspx?familyid=6d02306e-9e2e-4ae8-bd21-8a2c1a229472)

Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=0b3f6fdd-276e-4267-99d8-8f00d91ad6a2 (http://www.microsoft.com/downloads/details.aspx?familyid=0b3f6fdd-276e-4267-99d8-8f00d91ad6a2)

Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=ce98ff55-f565-469d-bbd2-32b681faf908 (http://www.microsoft.com/downloads/details.aspx?familyid=ce98ff55-f565-469d-bbd2-32b681faf908)

Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=5ca3c72c-cadb-4b0a-b3a3-fb81d0bfd7b3 (http://www.microsoft.com/downloads/details.aspx?familyid=5ca3c72c-cadb-4b0a-b3a3-fb81d0bfd7b3)

Windows Vista and Windows Vista Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=21086a04-402a-4940-8358-7fa63508102b (http://www.microsoft.com/downloads/details.aspx?familyid=21086a04-402a-4940-8358-7fa63508102b)

Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=c75a2ea9-b42f-457b-be09-5c8fa0339388 (http://www.microsoft.com/downloads/details.aspx?familyid=c75a2ea9-b42f-457b-be09-5c8fa0339388)

Windows Server 2008 for 32-bit Systems: http://www.microsoft.com/downloads/details.aspx?familyid=47b361ce-624b-466c-b5c5-8703f6532615

10.10.10.220 Confirmed 4/5/Patchable page 111 (http://www.microsoft.com/downloads/details.aspx?familyid=47b361ce-624b-466c-b5c5-8703f6532615)

Windows Server 2008 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=5c81ac45-60e6-4121-ab6b-d3b3179aacc4 (http://www.microsoft.com/downloads/details.aspx?familyid=5c81ac45-60e6-4121-ab6b-d3b3179aacc4)

For a complete list of patch download links, please refer to Microsoft Security Bulletin MS09-007 (http://www.microsoft.com/technet/security/bulletin/MS09-007.mspx) for further details.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB960225 is missing %windir%\system32\schannel.dll Version is 5.2.3790.132

4 Vulnerabilities in DNS and WINS Server Could Allow Spoofing (MS09-008) CVSS: - Active QID: 90481 CVSS Base: 6.4 Category: Windows CVSS Temporal: 4.7 CVE ID: CVE-2009-0233, CVE-2009-0234, CVE-2009-0093, CVE-2009-0094 Vendor Reference: MS09-008 Bugtraq ID: - Service Modified: 03/10/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Workaround:

CVE-2009-0093, CVE-2009-0094: Create a WPAD.DAT proxy auto configuration file: 1) Create a WPAD.DAT file that adheres to the Proxy auto-config specification. 2) Place the WPAD.DAT file in the root directory of a Web server in the organization and ensure the file can be requested anonymously. 3) Create a MIME type for the WPAD.DAT file on the Web server of "application/x-ns-proxy-autoconfig". 4) Create the appropriate entries in the DHCP or DNS server to allow discovery of the WPAD server. For detailed steps, please refer to the advisory.

Patch: Following are links for downloading patches to fix the vulnerabilities:

DNS server on Microsoft Windows 2000 Server Service Pack 4: http://www.microsoft.com/downloads/details.aspx?familyid=110354f7-5ece-4c4d-b563-3adba6ac0116 (http://www.microsoft.com/downloads/details.aspx?familyid=110354f7-5ece-4c4d-b563-3adba6ac0116)

WINS server on Microsoft Windows 2000 Server Service Pack 4: http://www.microsoft.com/downloads/details.aspx?familyid=4319abb3-1ea2-466a-a815-c0b3b86b4462 (http://www.microsoft.com/downloads/details.aspx?familyid=4319abb3-1ea2-466a-a815-c0b3b86b4462)

DNS server on Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=6cc42c9e-c34e-4577-8b23-9e07e2369878 (http://www.microsoft.com/downloads/details.aspx?familyid=6cc42c9e-c34e-4577-8b23-9e07e2369878)

WINS server on Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:

10.10.10.220 Confirmed 4/5/Patchable page 112 http://www.microsoft.com/downloads/details.aspx?familyid=049e5db5-7315-4188-99fd-4a54833e6bf2 (http://www.microsoft.com/downloads/details.aspx?familyid=049e5db5-7315-4188-99fd-4a54833e6bf2)

DNS server on Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=b1f81fd2-0099-4450-8543-0459561d22d0 (http://www.microsoft.com/downloads/details.aspx?familyid=b1f81fd2-0099-4450-8543-0459561d22d0)

WINS server on Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=4a393c63-eff5-4c8c-9c3f-33ce45c32428 (http://www.microsoft.com/downloads/details.aspx?familyid=4a393c63-eff5-4c8c-9c3f-33ce45c32428)

DNS server on Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=d3ed7d9a-d652-4bd0-aecc-5a415bec6c59 (http://www.microsoft.com/downloads/details.aspx?familyid=d3ed7d9a-d652-4bd0-aecc-5a415bec6c59)

WINS server on Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=37e3a75e-0a5d-4df0-881f-cdb87efa4dcf (http://www.microsoft.com/downloads/details.aspx?familyid=37e3a75e-0a5d-4df0-881f-cdb87efa4dcf)

DNS server on Windows Server 2008 for 32-bit Systems: http://www.microsoft.com/downloads/details.aspx?familyid=92e89882-d656-4b61-a05c-3afb44895f08 (http://www.microsoft.com/downloads/details.aspx?familyid=92e89882-d656-4b61-a05c-3afb44895f08)

DNS server on Windows Server 2008 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=be068d06-5939-4ad8-8191-e85931ed610f (http://www.microsoft.com/downloads/details.aspx?familyid=be068d06-5939-4ad8-8191-e85931ed610f)

Refer to Microsoft Security Bulletin MS09-008 (http://www.microsoft.com/technet/security/bulletin/MS09-008.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1001251: Disallow Web Proxy Autodiscovery Protocol Virtual Patch #1003325: WINS Server Vulnerability In WPAD Registration Virtual Patch #1003326: Microsoft DNS Server WPAD Registration Spoofing Virtual Patch #1003328: Disallow Intra-Site Automatic Tunnel Addressing Protocol Virtual Patch #1003330: DNS Server Vulnerability In WPAD Registration Virtual Patch #1003329: DNS Server Response Validation Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB2571621 is missing %windir%\system32\wins.exe Version is 5.2.3790.239 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB2524426\Filelist is missing %windir%\system32\wins.exe Version is 5.2.3790.239 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB969883 is missing %windir%\system32\wins.exe Version is 5.2.3790.239 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB961064 is missing %windir%\System32\wins.exe Version is 5.2.3790.239 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB961063 is missing %windir%\system32\dns.exe Version is 5.2.3790.0

4 Microsoft Internet Explorer Cumulative Security Update (MS09-019) CVSS: - Active QID: 100073 CVSS Base: 9.3 Category: Internet Explorer CVSS Temporal: 7.3 CVE ID: CVE-2007-3091, CVE-2009-1140, CVE-2009-1141, CVE-2009-1528, CVE-2009-1529, CVE-2009-1530, CVE-2009-1531, CVE-2009-1532 Vendor Reference: MS09-019 Bugtraq ID: - Service Modified: 07/30/2009 User Modified: -

10.10.10.220 Confirmed 4/5/Patchable page 113 Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 5.01 Service Pack 4) (http://www.microsoft.com/downloads/details.aspx?FamilyID=d645ad82-13c3-4030-808b-834e86ed3298)

Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 6 Service Pack 1) (http://www.microsoft.com/downloads/details.aspx?FamilyID=fe8b3796-a407-4f41-89eb-35b4bcc24ff6)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (Microsoft Internet Explorer 6) (http://www.microsoft.com/downloads/details.aspx?FamilyID=3d7f63ee-d7c3-48a5-902e-60625405e97d)

Windows XP Professional x64 Edition Service Pack 2 (Microsoft Internet Explorer 6) (http://www.microsoft.com/downloads/details.aspx?FamilyID=088f70eb-c5c5-426a-880a-18ed386d0b56)

Windows Server 2003 Service Pack 2 (Microsoft Internet Explorer 6) (http://www.microsoft.com/downloads/details.aspx?FamilyID=72a23752-86fb-4cc9-ab8e-63ffdfae5bec)

Windows Server 2003 x64 Edition Service Pack 2 (Microsoft Internet Explorer 6) (http://www.microsoft.com/downloads/details.aspx?FamilyID=2a03d3c4-e39d-43a3-8d42-216e9551be96)

Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft Internet Explorer 6) (http://www.microsoft.com/downloads/details.aspx?FamilyID=58efde2c-e0b8-4259-b19e-80564b834882)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (Windows Internet Explorer 7) (http://www.microsoft.com/downloads/details.aspx?FamilyID=827b735c-660b-4723-b688-3297e107153a)

Windows XP Professional x64 Edition Service Pack 2 (Windows Internet Explorer 7) (http://www.microsoft.com/downloads/details.aspx?FamilyID=e5d2c81e-ffab-4e3b-a59a-a55000597213)

Windows Server 2003 Service Pack 2 (Windows Internet Explorer 7) (http://www.microsoft.com/downloads/details.aspx?FamilyID=a980b867-c67f-4c61-b6db-e55c2ca68dc0)

Windows Server 2003 x64 Edition Service Pack 2 (Windows Internet Explorer 7) (http://www.microsoft.com/downloads/details.aspx?FamilyID=5e7d6372-9c8c-449d-88fd-afd4f92ad9e6)

Windows Server 2003 with SP2 for Itanium-based Systems (Windows Internet Explorer 7) (http://www.microsoft.com/downloads/details.aspx?FamilyID=a2d2907e-67ae-44a4-a805-8670e659ea57)

Windows Vista and Windows Vista Service Pack 1 (Windows Internet Explorer 7) (http://www.microsoft.com/downloads/details.aspx?FamilyID=e60215c3-b8b9-4e45-9d9f-b3fb0b47cce1)

Windows Vista Service Pack 2 (Windows Internet Explorer 7) (http://www.microsoft.com/downloads/details.aspx?FamilyID=e60215c3-b8b9-4e45-9d9f-b3fb0b47cce1)

For a complete list of patch download links, please refer to Microsoft Security Bulletin MS09-019

10.10.10.220 Confirmed 4/5/Patchable page 114 (http://www.microsoft.com/technet/security/bulletin/MS09-019.mspx).

Workaround: - Set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting. - Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone.

Detailed steps on applying the workarounds can be found at Microsoft Security Bulletin MS09-019 (http://www.microsoft.com/technet/security/bulletin/MS09-019.mspx).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003558: Detected Too Many Outbound HTTP Requests With Cookie Header Virtual Patch #1003570: Microsoft Internet Explorer Race Condition Cross-Domain Information Disclosure Vulnerability Virtual Patch #1003567: Microsoft Internet Explorer Security Zone Bypass Vulnerability Virtual Patch #1003554: DHTML Object Memory Corruption Virtual Patch #1003566: Microsoft Internet Explorer Uninitialized Memory Corruption Remote Vulnerability Virtual Patch #1003555: Microsoft Internet Explorer HTML Objects Memory Corruption Remote Vulnerability Virtual Patch #1003581: Microsoft Internet Explorer HTML Object Memory Corruption Remote Code Execution Vulnerability Virtual Patch #1003562: Microsoft Internet Explorer HTML Object Memory Corruption Remote Code Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

4 Internet Information Services (IIS) Could Allow Elevation of Privilege (MS09-020) CVSS: - Active QID: 86837 CVSS Base: 7.6 Category: Web server CVSS Temporal: 6 CVE ID: CVE-2009-1535, CVE-2009-1122 Vendor Reference: MS09-020 Bugtraq ID: 34993 Service Modified: 07/02/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

10.10.10.220 Confirmed 4/5/Patchable page 115 Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Information Services 5.0) (http://www.microsoft.com/downloads/details.aspx?familyid=8515a294-4f25-4dc5-860a-e7ad9b6c1c01)

Windows XP Professional Service Pack 2 and Windows XP Professional Service Pack 3 (Microsoft Internet Information Services 5.1) (http://www.microsoft.com/downloads/details.aspx?familyid=97da589f-4534-42f6-9f29-967b5a33c542)

Windows XP Professional x64 Edition Service Pack 2 (Microsoft Internet Information Services 6.0) (http://www.microsoft.com/downloads/details.aspx?familyid=8982e6d2-e1f7-4208-88e3-80b159a8e21a)

Windows Server 2003 Service Pack 2 (Microsoft Internet Information Services 6.0) (http://www.microsoft.com/downloads/details.aspx?familyid=2bd4e410-dbd8-431a-b316-e1e2f1825c3a)

Windows Server 2003 x64 Edition Service Pack 2 (Microsoft Internet Information Services 6.0) (http://www.microsoft.com/downloads/details.aspx?familyid=ea363223-535d-4142-9aba-3890960c6259)

Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft Internet Information Services 6.0) (http://www.microsoft.com/downloads/details.aspx?familyid=e6b806eb-e2c4-4436-8964-720db593055d)

Refer to Microsoft Security Bulletin MS09-020 (http://www.microsoft.com/technet/security/bulletin/MS09-020.mspx) for further details.

This security update addresses the vulnerability listed in Microsoft Security Advisory 971492 (http://www.microsoft.com/technet/security/advisory/971492.mspx).

Workarounds: A: Disabling WebDAV will mitigate this issue, but this may not be possible for sites using Web applications that depend on WebDAV, such as SharePoint.

For IIS 5.0 and IIS 5.1, instructions on disabling WebDav can be found at KB241520 (http://support.microsoft.com/kb/241520)

For IIS 6.0, WebDAV can be disabled using the following steps: 1) Launch the IIS Manager MMC snap-in. 2) In the left-hand pane, expand the local computer icon. 3) Click on Web Service Extensions beneath this item. 4) In the right-hand pane, select WebDAV and click the Prohibit button.

Impact of workaround: WebDAV requests will not be served by IIS.

B: Use the IIS Lockdown Tool 2.1 to disable WebDAV on IIS 5.0 and IIS 5.1: Instructions on downloading and installing the tool can be found at KB325864 (http://support.microsoft.com/kb/325864).

Impact of workaround. This method achieves its results by installing UrlScan. By default, UrlScan blocks requests to WebDAV by detecting either HTTP verbs or headers that would be mapped to WebDAV.

C: Use Microsoft UrlScan Filter v3.1 to disable WebDAV on IIS 5.1 and IIS 6.0: Download Microsoft UrlScan Filter v3.1 from one of the following: 32-bit systems (http://www.microsoft.com/downloads/details.aspx?FamilyId=EE41818F-3363-4E24-9940-321603531989&displaylang=en) 64-based systems (http://www.microsoft.com/downloads/details.aspx?familyid=361E5598-C1BD-46B8-B3E7-3980E8BDF0DE&displaylang=en)

Impact of workaround. This method achieves its results by installing UrlScan. By default, UrlScan blocks requests to WebDAV by detecting either HTTP verbs or headers that would be mapped to WebDAV.

D: If WebDAV functionality is required, change file system ACLs to deny access to the anonymous user account. Detailed information on setting ACLs for IIS content can be found at Article ID 271071 (http://support.microsoft.com/?id=271071) or KB812614 (http://support.microsoft.com/kb/812614/).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1000128: HTTP Protocol Decoding Virtual Patch #1003557: Microsoft IIS Hex Encoded WebDAV Requests Authentication Bypass Vulnerability Virtual Patch #1003506: Microsoft IIS Unicode Requests To WebDAV Multiple Authentication Bypass Vulnerabilities Virtual Patch #1003508: Microsoft IIS Unicode Requests To WebDAV Authentication Bypass Vulnerability 10.10.10.220 Confirmed 4/5/PatchableVirtual Patch #1004132: Microsoft IIS Unicode Requests To WebDAV Authentication Bypass page 116 EXPLOITABILITY: Metasploit Reference: CVE-2009-1535 Description: MS09-020 IIS6 WebDAV Unicode Auth Bypass Directory Scanner - Metasploit Ref : /modules/auxiliary/scanner/http/dir_webdav_unicode_bypass Link: http://www.metasploit.com/modules/auxiliary/scanner/http/dir_webdav_unicode_bypass

Reference: CVE-2009-1122 Description: MS09-020 IIS6 WebDAV Unicode Auth Bypass Directory Scanner - Metasploit Ref : /modules/auxiliary/scanner/http/dir_webdav_unicode_bypass Link: http://www.metasploit.com/modules/auxiliary/scanner/http/dir_webdav_unicode_bypass

Reference: CVE-2009-1535 Description: MS09-020 IIS6 WebDAV Unicode Auth Bypass - Metasploit Ref : /modules/auxiliary/scanner/http/ms09_020_webdav_unicode_bypass Link: http://www.metasploit.com/modules/auxiliary/scanner/http/ms09_020_webdav_unicode_bypass

Reference: CVE-2009-1122 Description: MS09-020 IIS6 WebDAV Unicode Auth Bypass - Metasploit Ref : /modules/auxiliary/scanner/http/ms09_020_webdav_unicode_bypass Link: http://www.metasploit.com/modules/auxiliary/scanner/http/ms09_020_webdav_unicode_bypass

The Exploit-DB Reference: CVE-2009-1535 Description: Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Vulnerability - The Exploit-DB Ref : 8704 Link: http://www.exploit-db.com/exploits/8704

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB970483 is missing %windir%\system32\inetsrv\Httpext.dll Version is 6.0.3790.212

4 Microsoft Telnet Remote Code Execution Vulnerability (MS09-042) CVSS: - Active QID: 42020 CVSS Base: 10 Category: General remote services CVSS Temporal: 7.8 CVE ID: CVE-2009-1930 Vendor Reference: MS09-042 Bugtraq ID: - Service Modified: 09/09/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (http://www.microsoft.com/downloads/details.aspx?familyid=240977d6-3581-4058-b9f1-7847e4edcf8a)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?familyid=b3331388-1e52-4924-b512-23275a8fde84)

10.10.10.220 Confirmed 4/5/Patchable page 117 Windows XP Professional x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=a6ee7af3-3e39-4866-a893-92bf1c786cd4)

Windows Server 2003 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=3fe9c745-d87c-43b0-9b2a-356fb34282b4)

Windows Server 2003 x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=e2a788e7-a9d1-4574-b106-f8ab44c6c4a2)

Windows Server 2003 with SP2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=4f625d39-29d4-44f9-b4bd-cd99f1ea422d)

Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=d77f406d-11cb-4d19-94ec-938b356c3427)

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=62f2e0a6-5e68-41c7-a851-d99bcff6ff3e)

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=6e5d1db9-efef-4112-8138-62f14670cf0d)

Refer to Microsoft Security Bulletin MS09-042 (http://www.microsoft.com/technet/security/bulletin/MS09-042.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003687: Telnet Credential Reflection Vulnerability

EXPLOITABILITY: Core Security Reference: CVE-2009-1930 Description: Microsoft Windows Telnet Credential Reflection Exploit (MS09-042) - Core Security Category : Exploits/Tools

RESULTS: %windir%\System32\telnet.exe Version is 5.2.3790.329

4 Microsoft DHTML Editing Component ActiveX Control Remote Code Execution Vulnerability (MS09-046) CVSS: - Active QID: 90523 CVSS Base: 9.3 Category: Windows CVSS Temporal: 6.9 CVE ID: CVE-2009-2519 Vendor Reference: MS09-046 Bugtraq ID: 36280 Service Modified: 11/05/2009 User Modified: - Edited: No PCI Vuln: Yes

10.10.10.220 Confirmed 4/5/Patchable page 118 Availability Requirement: -

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (http://www.microsoft.com/downloads/details.aspx?familyid=6dd4b0f8-6b54-49a6-a6df-9420f9fd3333)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?familyid=8523d5be-88a2-4124-9b02-660f612e2a12)

Windows XP Professional x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=dbc33f6b-61bf-409a-89b5-60002192e0e0)

Windows Server 2003 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=7478f73f-dd20-4cfa-a650-4c84f37ada2f)

Windows Server 2003 x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=88bf502d-1a7c-447a-ac4c-401e1698669b)

Windows Server 2003 with SP2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=8d881ff8-f51f-4476-8cb6-2bebd5b2047f)

Refer to Microsoft Security Bulletin MS09-046 (http://www.microsoft.com/technet/security/bulletin/MS09-046.mspx) for further details.

Workarounds: 1) Prevent the DHTML ActiveX control COM object from running in Internet Explorer by setting the kill bit for the control in the registry. Refer to Microsoft article KB240797 (http://support.microsoft.com/kb/240797) for information on setting the kill bit.

Impact of workaround #1: There is no impact because the DHTML ActiveX control COM object is not intended to be used in Internet Explorer.

2) Set Internet and Local Intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting.

3) Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local Intranet security zones.

Impact of workarounds #2 and #3: On visiting Web sites on the Internet or Intranet that use ActiveX or Active Scripting to provide additional functionality, you will be prompted frequently when you enable this workaround.

Detailed instructions on applying the workarounds can be found at Microsoft Security Bulletin MS09-046 (http://www.microsoft.com/technet/security/bulletin/MS09-046.mspx).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003709: DHTML Editing Component ActiveX Control Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB956844 is missing %ProgramFiles%\Common Files\Microsoft Shared\Triedit\TRIEDIT.DLL Version is 6.1.0.9212

4 Microsoft Windows TCP/IP Remote Code Execution Vulnerabilities (Windows 2003, 2008, Vista) (MS09-048) CVSS: - Active QID: 90525 CVSS Base: 10 Category: Windows CVSS Temporal: 7.8

10.10.10.220 Confirmed 4/5/Patchable page 119 CVE ID: CVE-2008-4609, CVE-2009-1925, CVE-2009-1926 Vendor Reference: MS09-048 Bugtraq ID: 36265 Service Modified: 11/04/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Windows Server 2003 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=48d82036-2fde-4bb0-a60e-92eed83ddc3f)

Windows Server 2003 x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=e0298ddf-026e-4137-8197-ed9d9b889825)

Windows Server 2003 with SP2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=c948c4d8-5788-4c1a-9fb6-a969b06a888d)

Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=7d72f845-9feb-4685-a669-f9d6ab54f9ed)

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=35c1d5a9-a953-4fc6-90c0-d2358c7b89e6)

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=6e46822e-f79d-492d-ad01-ee680ad324f5)

Refer to Microsoft Security Bulletin MS09-048 (http://www.microsoft.com/technet/security/bulletin/MS09-048.mspx) for further details.

Workarounds: - To help protect from network-based attempts to exploit this vulnerability the following workarounds can be applied.

1) Enable advanced TCP/IP filtering on systems that support this feature to block all unsolicited inbound traffic. Additional information on configuring TCP/IP filtering can be found in the Microsoft Knowledge Base Article 309798 (http://support.microsoft.com/kb/309798).

2) Use a personal firewall, such as the Internet Connection Firewall.

To obtain additional details on applying the workarounds, please refer to Microsoft Security Bulletin MS09-048 (http://www.microsoft.com/technet/security/bulletin/MS09-048.mspx).

EXPLOITABILITY: Core Security Reference: CVE-2009-1925

10.10.10.220 Confirmed 4/5/Patchable page 120 Description: Microsoft Windows TCPIP Timestamp Remote DoS (MS09-048) - Core Security Category : Denial of Service/Remote

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB967723 is missing %windir%\system32\DRIVERS\tcpip.sys Version is 5.2.3790.537

4 Microsoft JScript Scripting Engine Remote Code Execution Vulnerability (MS09-045) CVSS: - Active QID: 90522 CVSS Base: 9.3 Category: Windows CVSS Temporal: 7.3 CVE ID: CVE-2009-1920 Vendor Reference: MS09-045 Bugtraq ID: - Service Modified: 11/11/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (JScript 5.1 and JScript 5.6) (http://www.microsoft.com/downloads/details.aspx?familyid=2bb3af8d-f36c-4497-9f48-fc59bcff2583)

Microsoft Windows 2000 Service Pack 4 (JScript 5.7) (http://www.microsoft.com/downloads/details.aspx?familyid=b2773db5-b17d-4b98-b4e2-219b23854abd&displaylang=en)

Windows XP Service Pack 2 (JScript 5.6) (http://www.microsoft.com/downloads/details.aspx?familyid=0af373b2-2240-4079-a748-a38d1bc06f39)

Windows XP Service Pack 2 (JScript 5.7) (http://www.microsoft.com/downloads/details.aspx?familyid=c933377d-e0bc-4334-bc75-029045d7a62a)

Windows XP Service Pack 3 (JScript 5.7) (http://www.microsoft.com/downloads/details.aspx?familyid=c933377d-e0bc-4334-bc75-029045d7a62a)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (JScript 5.8) (http://www.microsoft.com/downloads/details.aspx?familyid=992602d8-d857-41cf-b7b1-527afdc1dc0f)

Windows XP Professional x64 Edition Service Pack 2 (JScript 5.6) (http://www.microsoft.com/downloads/details.aspx?familyid=0d671004-da4e-4dbd-a066-861b53b0c59c)

Windows XP Professional x64 Edition Service Pack 2 (JScript 5.7) (http://www.microsoft.com/downloads/details.aspx?familyid=9aae426d-ee9a-4736-b0a2-e0f8890a6895)

Windows XP Professional x64 Edition Service Pack 2 (JScript 5.8) (http://www.microsoft.com/downloads/details.aspx?familyid=00bae02a-64eb-4b91-965f-da2dc987a2ff)

Windows Server 2003 Service Pack 2 (JScript 5.6) (http://www.microsoft.com/downloads/details.aspx?familyid=6acc9d2d-b71f-4b5c-9aea-b217b6ae240b)

10.10.10.220 Confirmed 4/5/Patchable page 121 Windows Server 2003 Service Pack 2 (JScript 5.7) (http://www.microsoft.com/downloads/details.aspx?familyid=6af5d034-fd89-42e2-bc18-d44b7a6b0a85)

Windows Server 2003 Service Pack 2 (JScript 5.8) (http://www.microsoft.com/downloads/details.aspx?familyid=ecf9f7e2-3104-4de2-8b3d-99dcdcae6e62)

Windows Server 2003 x64 Edition Service Pack 2 (JScript 5.6) (http://www.microsoft.com/downloads/details.aspx?familyid=d0de3ab1-73e9-4a09-841f-81ade41a8c81)

Windows Server 2003 x64 Edition Service Pack 2 (JScript 5.7) (http://www.microsoft.com/downloads/details.aspx?familyid=8f48bc05-ffac-4a21-8d21-dd20355cda8a)

Windows Server 2003 x64 Edition Service Pack 2 (JScript 5.8) (http://www.microsoft.com/downloads/details.aspx?familyid=643f9e2f-2e5b-48dd-b1a0-22ccb633ed18)

Windows Server 2003 with SP2 for Itanium-based Systems (JScript 5.6) (http://www.microsoft.com/downloads/details.aspx?familyid=e78cf021-54f5-4526-b5f0-f781aebf9d72)

For a complete list of patch download links, please refer to Microsoft Security Bulletin MS09-045 (http://www.microsoft.com/technet/security/bulletin/MS09-045.mspx).

Workaround: - Set Internet and Local Intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting. - Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local Intranet security zones.

Detailed steps on applying the workarounds can be found at Microsoft Security Bulletin MS09-045 (http://www.microsoft.com/technet/security/bulletin/MS09-045.mspx).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003708: JScript Remote Code Execution Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\Software\Microsoft\Internet Explorer Version = 6.0.3790.0 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB971961 is missing HKLM\Software\Microsoft\Internet Explorer Version = 6.0.3790.0 %windir%\system32\Jscript.dll Version is 5.6.0.8831

4 Microsoft Windows Media Format Remote Code Execution Vulnerability (MS09-047) CVSS: - Active QID: 90524 CVSS Base: 9.3 Category: Windows CVSS Temporal: 7.7 CVE ID: CVE-2009-2498, CVE-2009-2499 Vendor Reference: MS09-047 Bugtraq ID: 36225, 36228 Service Modified: 08/26/2010 User Modified: - Edited: No PCI Vuln: Yes

First Detected: 07/27/2011 at 19:27:53 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 25 CVSS Environment: Asset Group: -

10.10.10.220 Confirmed 4/5/Patchable page 122 Collateral Damage Potential: - Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (Windows Media Format Runtime 9.0) (http://www.microsoft.com/downloads/details.aspx?familyid=02b9dc42-38c2-44b1-a77c-34854f4a86c4)

Windows XP Service Pack 2 (Windows Media Format Runtime 9.0, Windows Media Format Runtime 9.5, and Windows Media Format Runtime 11) (http://www.microsoft.com/downloads/details.aspx?familyid=6ffc081e-f892-4818-acb9-6d79e15d473c)

Windows XP Service Pack 3 (Windows Media Format Runtime 9.0, Windows Media Format Runtime 9.5, and Windows Media Format Runtime 11) (http://www.microsoft.com/downloads/details.aspx?familyid=31585f5a-9aaa-40da-b15a-11284b4b800c)

Windows XP Professional x64 Edition Service Pack 2 (Windows Media Format Runtime 9.5) (http://www.microsoft.com/downloads/details.aspx?familyid=3780d565-d027-4f54-8fc0-05f5c3c6ba1a)

Windows XP Professional x64 Edition Service Pack 2 (Windows Media Format Runtime 9.5 x64 Edition) (http://www.microsoft.com/downloads/details.aspx?familyid=ce515188-db3c-4694-85da-177c8f76b68c)

Windows XP Professional x64 Edition Service Pack 2 (Windows Media Format Runtime 11) (http://www.microsoft.com/downloads/details.aspx?familyid=9a465f92-3067-4a5a-9882-1fc2cf796c99)

Windows Server 2003 Service Pack 2 (Windows Media Format Runtime 9.5) (http://www.microsoft.com/downloads/details.aspx?familyid=4ab34e3d-34cb-4e35-a2da-b348ace8a8f7)

Windows Server 2003 x64 Edition Service Pack 2 (Windows Media Format Runtime 9.5) (http://www.microsoft.com/downloads/details.aspx?familyid=8654ee33-6083-447f-ae5b-43ef8d8b613d)

Windows Server 2003 x64 Edition Service Pack 2 (Windows Media Format Runtime 9.5 x64 Edition) (http://www.microsoft.com/downloads/details.aspx?familyid=ce515188-db3c-4694-85da-177c8f76b68c)

Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2 (Windows Media Format Runtime 11 and Microsoft Media Foundation) (http://www.microsoft.com/downloads/details.aspx?familyid=d2bdefcc-f6b9-47c3-a55d-a4f33f967828)

Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2 (Windows Media Format Runtime 11 and Microsoft Media Foundation) (http://www.microsoft.com/downloads/details.aspx?familyid=97f00b25-fb8f-4300-80c0-c63179f32182)

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Media Format Runtime 11 and Microsoft Media Foundation) (http://www.microsoft.com/downloads/details.aspx?familyid=9c111bff-aff6-4ff7-81f6-e736cfcbe3ed)

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Media Format Runtime 11 and Microsoft Media Foundation) (http://www.microsoft.com/downloads/details.aspx?familyid=59615c8b-a07f-4326-836d-f17b2fcc4695)

For a complete list of patch download links, please refer to Microsoft Security Bulletin MS09-047 (http://www.microsoft.com/technet/security/bulletin/MS09-047.mspx).

Workaround: - Restrict access to wmvcore.dll and mf.dll

Impact of workaround: Media files cannot be played in Windows Explorer or in Windows Media Player. Windows Media Player may exit with an error.

Detailed information on enabling and disabling the workarounds can be found at Microsoft Security Bulletin MS09-047

10.10.10.220 Confirmed 4/5/Patchable page 123 (http://www.microsoft.com/technet/security/bulletin/MS09-047.mspx).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003711: Windows Media Header Parsing Invalid Free Vulnerability Virtual Patch #1003710: Windows Media Playback Memory Corruption Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB972554\Filelist is missing %windir%\system32\windows media\server\wmsserver.dll Version is 9.0.0.3372

4 Microsoft Windows Kernel Privilege Escalation Vulnerability (MS09-058) CVSS: - Active QID: 90550 CVSS Base: 7.2 Category: Windows CVSS Temporal: 5.6 CVE ID: CVE-2009-2515, CVE-2009-2516, CVE-2009-2517 Vendor Reference: MS09-058 Bugtraq ID: 36625 Service Modified: 11/05/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (http://www.microsoft.com/downloads/details.aspx?familyid=bdfa6583-28a2-4d6b-91d2-157a8518b664)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?familyid=cece4c55-0756-4357-9d2d-6709e8426068)

Windows XP Professional x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=5459b7d4-1fab-4a04-ab9d-b8323505c1e2)

Windows Server 2003 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=1e3f3842-f8fd-4969-a2cf-706db38d7580)

Windows Server 2003 x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=95286b8d-4b53-4e6c-af59-e9e18fad3559)

Windows Server 2003 with SP2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=faef714b-5f46-47f2-bea7-881df05a1bc0)

Windows Vista and Windows Vista Service Pack 1 (http://www.microsoft.com/downloads/details.aspx?familyid=acf6f3e6-282e-4f05-9060-8d0ebb874b97)

10.10.10.220 Confirmed 4/5/Patchable page 124 Windows Vista Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=acf6f3e6-282e-4f05-9060-8d0ebb874b97)

Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1 (http://www.microsoft.com/downloads/details.aspx?familyid=13a3fe0b-e300-4568-aa08-d586ab8d5434)

Windows Vista x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=13a3fe0b-e300-4568-aa08-d586ab8d5434)

Windows Server 2008 for 32-bit Systems (http://www.microsoft.com/downloads/details.aspx?familyid=71aec6f6-a36b-465e-8885-b094dfd30423)

Windows Server 2008 for 32-bit Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=71aec6f6-a36b-465e-8885-b094dfd30423)

Windows Server 2008 for x64-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=88f4189f-71fe-404a-869e-3f76692acf94)

Windows Server 2008 for x64-based Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=88f4189f-71fe-404a-869e-3f76692acf94)

Windows Server 2008 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=3e0f0b1c-ca5d-43fc-9770-73396a5f191c)

Windows Server 2008 for Itanium-based Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=3e0f0b1c-ca5d-43fc-9770-73396a5f191c)

Refer to Microsoft Security Bulletin MS09-058 (http://www.microsoft.com/technet/security/bulletin/MS09-058.mspx) for further details.

EXPLOITABILITY: Core Security Reference: CVE-2009-2515 Description: Microsoft Windows MiCreatePagingFileMap DoS (MS09-058) - Core Security Category : Denial of Service/Local

4 Microsoft Cumulative Security Update for ActiveX Kill Bits (MS09-055) CVSS: - Active QID: 90549 CVSS Base: 9.3 Category: Windows CVSS Temporal: 6.9 CVE ID: CVE-2009-2493 Vendor Reference: MS09-055 Bugtraq ID: 35828 Service Modified: 11/05/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

10.10.10.220 Confirmed 4/5/Patchable page 125 Microsoft Windows 2000 Service Pack 4 (http://www.microsoft.com/downloads/details.aspx?FamilyID=edfea805-9544-4dc0-a52c-d7594205657b)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?FamilyID=171d43d3-669c-4923-b266-e47591833c05)

Windows XP Professional x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?FamilyID=171d43d3-669c-4923-b266-e47591833c05)

Windows Server 2003 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?FamilyID=f3249c99-82e4-45dc-a254-28e647e822c8)

Windows Server 2003 x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?FamilyID=1ad3f7b3-58d5-4507-ae20-a265e47cee9c)

Windows Server 2003 with SP2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?FamilyID=575e75d9-e348-4fbb-9eaa-43240e4d715e)

Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?FamilyID=7313c03b-8844-4086-a0cc-43dfdb3ca48c)

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?FamilyID=51eb56fa-8204-45f3-86d7-6d03a2c8d78d)

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?FamilyID=131b047a-ae93-4a99-83e5-71d5a79e96ea)

Windows 7 for 32-bit Systems (http://www.microsoft.com/downloads/details.aspx?FamilyID=b64bcc14-38a7-45b9-8f85-acc573777506)

Windows 7 for x64-based Systems (http://www.microsoft.com/downloads/details.aspx?FamilyID=809e29f3-ec68-4a2b-b04e-11759dd16001)

Windows Server 2008 R2 for x64-based Systems (http://www.microsoft.com/downloads/details.aspx?FamilyID=bcd2b944-6852-48f2-820b-cce7d195e391)

Windows Server 2008 R2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?FamilyID=85e76e55-3766-4ffe-9a18-8655de935b7c)

Refer to Microsoft Security Bulletin MS09-055 (http://www.microsoft.com/technet/security/bulletin/MS09-055.mspx) for further details.

Workaround: - Prevent COM objects from running in Internet Explorer. Refer to Microsoft article KB240797 (http://support.microsoft.com/kb/240797) for information on setting the kill bit.

Impact of the workaround: There is no impact as long as the object is not intended to be used in Internet Explorer.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003764: ATL COM Initialization Vulnerability - ActiveX

EXPLOITABILITY:

10.10.10.220 Confirmed 4/5/Patchable page 126 There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB980195\Filelist is missing HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB978262\Filelist is missing HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB973525 is missing

4 Microsoft Windows Media Player Remote Code Execution Vulnerability (MS09-052) CVSS: - Active QID: 90544 CVSS Base: 9.3 Category: Windows CVSS Temporal: 7.3 CVE ID: CVE-2009-2527 Vendor Reference: MS09-052 Bugtraq ID: 36644 Service Modified: 11/10/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (Microsoft Windows Media Player 6.4) (http://www.microsoft.com/downloads/details.aspx?familyid=13035ef7-7e47-487c-8b7c-7795d33ce7de)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (Microsoft Windows Media Player 6.4) (http://www.microsoft.com/downloads/details.aspx?familyid=b2efe1ac-d8d7-41bb-b87d-fc5e22afef0f)

Windows XP Professional x64 Edition Service Pack 2 (Microsoft Windows Media Player 6.4) (http://www.microsoft.com/downloads/details.aspx?familyid=a9e7dfd8-7ba1-4f14-8e60-92ef00d91467)

Windows Server 2003 Service Pack 2 (Microsoft Windows Media Player 6.4) (http://www.microsoft.com/downloads/details.aspx?familyid=5f82d01c-573e-425e-b9f2-86a54f377b19)

Windows Server 2003 x64 Edition Service Pack 2 (Microsoft Windows Media Player 6.4) (http://www.microsoft.com/downloads/details.aspx?familyid=65e9036e-2e1b-40ff-a84b-c507107bcce8)

Refer to Microsoft Security Bulletin MS09-052 (http://www.microsoft.com/technet/security/bulletin/MS09-052.mspx) for further details.

Workarounds: 1) Modify the Access Control List (ACL) on strmdll.dll

Impact of workaround #1: Windows Media Player 6.4 will not be able to play media files.

2) For Windows 2000, upgrade to the latest version of Windows Media Player 9

3) For non-multimedia folder types, the Windows shell attack vector can be mitigated by using Windows Classic Folders.

Additional details on the workarounds can be obtained at Microsoft Security Bulletin MS09-052 (http://www.microsoft.com/technet/security/bulletin/MS09-052.mspx).

Virtual Patches: 10.10.10.220 Confirmed 4/5/Patchable page 127 Trend Micro Virtual Patching Virtual Patch #1003769: WMP Heap Overflow Vulnerability

EXPLOITABILITY: Core Security Reference: CVE-2009-2527 Description: Microsoft Windows Media Player ASF Buffer Overflow Exploit (MS09-052) - Core Security Category : Exploits/Client Side

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB974112\Filelist is missing %windir%\System32\strmdll.dll Version is 4.1.0.3928

4 Microsoft Internet Authentication Service Could Allow Remote Code Execution (MS09-071) CVSS: - Active QID: 116750 CVSS Base: 10 Category: Local CVSS Temporal: 7.4 CVE ID: CVE-2009-2505, CVE-2009-3677 Vendor Reference: MS09-071 Bugtraq ID: - Service Modified: 12/28/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (http://www.microsoft.com/downloads/details.aspx?familyid=5b02d10d-1abd-4d68-826b-71dad543657a)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?familyid=4d294be6-19d1-43b5-9c75-f9d30699a2e7)

Windows XP Professional x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=17b5206d-61e9-4663-afc7-80e98bf4d618)

Windows Server 2003 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=3d49b386-133a-4d51-b6f0-cec0c70ef93e)

Windows Server 2003 x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=5a273b47-8a18-4778-9b60-8b560a1ce089)

Windows Server 2003 with SP2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=498f5eeb-d03e-42ee-ad6a-9d6f98c66acb)

Windows Vista and Windows Vista Service Pack 1 (http://www.microsoft.com/downloads/details.aspx?familyid=3e4ae4d0-1060-4867-82c5-7e20ea93c2c6)

Windows Vista Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=3e4ae4d0-1060-4867-82c5-7e20ea93c2c6)

10.10.10.220 Confirmed 4/5/Patchable page 128 Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1 (http://www.microsoft.com/downloads/details.aspx?familyid=2ca62ea8-67cb-40da-8a65-db6f3607bbab)

Windows Vista x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=2ca62ea8-67cb-40da-8a65-db6f3607bbab)

Windows Server 2008 for 32-bit Systems (http://www.microsoft.com/downloads/details.aspx?familyid=582a1b15-214e-4f5e-bb5b-95677f4d5968)

Windows Server 2008 for 32-bit Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=582a1b15-214e-4f5e-bb5b-95677f4d5968)

Windows Server 2008 for x64-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=77e774b4-ec0c-481c-9e93-eee9f44ec71b)

Windows Server 2008 for x64-based Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=77e774b4-ec0c-481c-9e93-eee9f44ec71b)

Windows Server 2008 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=89defe77-7e82-4bfa-9693-66c93b930da1)

Windows Server 2008 for Itanium-based Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=89defe77-7e82-4bfa-9693-66c93b930da1)

Refer to Microsoft Security Bulletin MS09-071 (http://www.microsoft.com/technet/security/bulletin/MS09-071.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003871: MS-CHAP Authentication Bypass Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB974318\Filelist is missing %windir%\System32\rastls.dll Version is 5.2.3790.0

4 Microsoft Windows Indeo Codec Could Allow Remote Code Execution (KB954157) CVSS: - Active QID: 116751 CVSS Base: 9.3 Category: Local CVSS Temporal: 6.9 CVE ID: CVE-2009-4210 Vendor Reference: MS Security Advisory 954157 Bugtraq ID: - Service Modified: 12/11/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch:

10.10.10.220 Confirmed 4/5/Patchable page 129 Microsoft released two patches to help mitigate the risks associated with the Indeo codec by blocking the Indeo codec from being launched in Internet Explorer or Windows Media player, and by removing the ability to load this codec from Internet zone by other applications.

Windows XP and Windows 2003 - Microsoft AppCompat Update (http://support.microsoft.com/kb/955759/) Windows 2000 There are two separate updates for Windows 2000 computers. Both patches are required to mitigate the risks associated with the Indeo codec. - Microsoft AppCompat Update (http://support.microsoft.com/kb/955759/) - Microsoft Quartz Update (http://support.microsoft.com/kb/976138/)

Workaround for all operating systems: Deregistering the Indeo codec.

Impact of workaround: Deregistering the Indeo codec will prevent any application or media content from using this codec.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: %windir%\AppPatch\aclayers.dll Version is 5.2.3790.0

4 Microsoft Local Security Authority Subsystem Denial of Service Vulnerability (MS09-069) CVSS: - Active QID: 90571 CVSS Base: 6.8 Category: Windows CVSS Temporal: 5.3 CVE ID: CVE-2009-3675 Vendor Reference: MS09-069 Bugtraq ID: - Service Modified: 12/28/2009 User Modified: - Edited: No PCI Vuln: No

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (http://www.microsoft.com/downloads/details.aspx?familyid=560e01db-5f59-4ef1-9406-f5d7e0fd4128)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?familyid=5448b168-6bf7-4bae-9627-b88d76c4d5c5)

Windows XP Professional x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=c2bbf515-f81a-436b-947b-cbf2db85fdd9)

Windows Server 2003 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=a779aae1-7724-4458-94fb-a2343356ecae)

Windows Server 2003 x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=a8a9bf12-4ad6-49fd-b2b7-f379dc3309d2)

Windows Server 2003 with SP2 for Itanium-based Systems

10.10.10.220 Confirmed 4/5/Patchable page 130 (http://www.microsoft.com/downloads/details.aspx?familyid=f5b003ad-af25-488a-91fb-98835a0bfeac)

Refer to Microsoft Security Bulletin MS09-069 (http://www.microsoft.com/technet/security/bulletin/MS09-069.mspx) for further details.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB974392 is missing %windir%\System32\oakley.dll Version is 5.2.3790.0

4 Microsoft SMB Client Remote Code Execution Vulnerability (MS10-020) CVSS: - Active QID: 90592 CVSS Base: 10 Category: Windows CVSS Temporal: 7.8 CVE ID: CVE-2009-3676, CVE-2010-0269, CVE-2010-0270, CVE-2010-0476, CVE-2010-0477 Vendor Reference: MS10-020 Bugtraq ID: 36989, 39312, 39339, 39336, 39340 Service Modified: 07/08/2010 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (http://www.microsoft.com/downloads/details.aspx?familyid=67CCAC04-E5C8-4381-9D1A-9B676DD516A6)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?familyid=DEC38C02-3D4A-41C5-8954-E57F56B8FA5B)

Windows XP Professional x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=C5A21239-A9A3-4EC5-9DE8-7D2FC16FC6B8)

Windows Server 2003 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=1189304F-D626-426D-960C-A86DC2D2B528)

Windows Server 2003 x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=52E4F66B-B76C-46A1-AEFF-74EFA21FC743)

Windows Server 2003 with SP2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=B2B6D8B1-63CC-459C-B5FA-1355386273C8)

Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=25EEAEB3-C0A3-4A02-9912-ACD0342648BA)

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2

10.10.10.220 Confirmed 4/5/Patchable page 131 (http://www.microsoft.com/downloads/details.aspx?familyid=51C9C420-4507-4911-A8F5-82331A696882)

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=61C26A1F-C885-4474-9843-204C41628889)

Windows 7 for 32-bit Systems (http://www.microsoft.com/downloads/details.aspx?familyid=389184C5-9001-497D-BDF4-81F97ECB617F)

Windows 7 for x64-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=F3495DAE-71F3-421D-A191-D26965F26AD1)

Windows Server 2008 R2 for x64-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=CD1A046E-915D-4904-B753-5A24BE10C504)

Windows Server 2008 R2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=541E9E2F-EC1D-42B2-AAE5-481C0D435169)

Refer to Microsoft Security Bulletin MS10-020 (http://www.microsoft.com/technet/security/bulletin/MS10-020.mspx) for further details.

Workaround: Block TCP ports 139 and 445 at the firewall. These ports are used to initiate a connection with the affected component. Blocking them at the enterprise firewall, both inbound and outbound, will help prevent systems that are behind that firewall from attempts to exploit this vulnerability.

Impact of the workaround: Blocking the ports can cause several windows services or applications using those ports to stop functioning.

Further details on applying the workarounds can be found at Microsoft Security Bulletin MS10-020 (http://www.microsoft.com/technet/security/bulletin/MS10-020.mspx).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003832: Microsoft Windows 'KeAccumulateTicks()' SMB2 Packet Remote Denial Of Service Vulnerability Virtual Patch #1004094: SMB Client Memory Allocation Vulnerability Virtual Patch #1004095: SMB Client Transaction Vulnerability Virtual Patch #1004096: SMB Client Response Parsing Vulnerability Virtual Patch #1004100: SMB Client Message Size Vulnerability

EXPLOITABILITY: Core Security Reference: CVE-2009-3676 Description: Microsoft Windows SMB Client Incomplete Response Vulnerability Dos (MS10-020) - Core Security Category : Denial of Service/Client Side Reference: CVE-2010-0270 Description: Microsoft Windows SMB Client Transaction DoS (MS10-020) - Core Security Category : Denial of Service/Client Side

The Exploit-DB Reference: CVE-2010-0269 Description: Windows 7/2008R2 SMB Client Trans2 Stack Overflow 10-020 PoC - The Exploit-DB Ref : 12273 Link: http://www.exploit-db.com/exploits/12273

Reference: CVE-2010-0476 Description: Windows 7/2008R2 SMB Client Trans2 Stack Overflow 10-020 PoC - The Exploit-DB Ref : 12273 Link: http://www.exploit-db.com/exploits/12273

Reference: CVE-2010-0477 Description: Windows 7/2008R2 SMB Client Trans2 Stack Overflow 10-020 PoC - The Exploit-DB Ref : 12273 Link: http://www.exploit-db.com/exploits/12273

Reference: CVE-2010-0270 Description:

10.10.10.220 Confirmed 4/5/Patchable page 132 Windows 7/2008R2 SMB Client Trans2 Stack Overflow 10-020 PoC - The Exploit-DB Ref : 12273 Link: http://www.exploit-db.com/exploits/12273

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB980232 is missing %windir%\System32\drivers\mrxsmb.sys Version is 5.2.3790.252

4 Microsoft Windows Paint Remote Code Execution Vulnerability (MS10-005) CVSS: - Active QID: 90581 CVSS Base: 9.3 Category: Windows CVSS Temporal: 7.3 CVE ID: CVE-2010-0028 Vendor Reference: MS10-005 Bugtraq ID: - Service Modified: 02/09/2010 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (http://www.microsoft.com/downloads/details.aspx?familyid=e5861705-8f49-45cb-8a92-cf052ccf4134)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?familyid=b2e70df6-7728-4fc3-8df7-8ddb9ba5202f)

Windows XP Professional x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=f8c4acc8-c2f4-41f7-9b32-e7bd791e0155)

Windows Server 2003 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=c1efbe73-fc87-4e6a-8b36-81f125a27aec)

Windows Server 2003 x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=9143e435-f0d6-464b-9273-4d1f38f8ff3a)

Windows Server 2003 with SP2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=ee603435-26af-4ab9-9f22-92734346dc0a)

Refer to Microsoft Security Bulletin MS10-005 (http://www.microsoft.com/technet/security/bulletin/MS10-005.mspx) for further details.

Workarounds: - Disable Microsoft Paint - On Windows XP and Windows Server 2003, remove Microsoft Paint.

Impact of the workarounds: Users will not be able to run Microsoft Paint.

Refer to the advisory for further details on enabling and disabling the workarounds.

Virtual Patches:

10.10.10.220 Confirmed 4/5/Patchable page 133 Trend Micro Virtual Patching Virtual Patch #1003972: 1003972 - MS Paint Integer Overflow Vulnerability

EXPLOITABILITY: The Exploit-DB Reference: CVE-2010-0028 Description: Microsoft Paint Integer Overflow Vulnerability (DoS) MS10-005 - The Exploit-DB Ref : 12518 Link: http://www.exploit-db.com/exploits/12518

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB978706 is missing %windir%\system32\Mspaint.exe Version is 5.2.3790.0

4 Microsoft Windows Kernel Elevation Privilege Vulnerability (MS10-015 and KB977165) CVSS: - Active QID: 90576 CVSS Base: 7.2 Category: Windows CVSS Temporal: 5.6 CVE ID: CVE-2010-0232, CVE-2010-0233 Vendor Reference: MS10-015 Bugtraq ID: 37864 Service Modified: 07/08/2010 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (http://www.microsoft.com/downloads/details.aspx?familyid=ed8ac6a5-c8bb-4ed4-8994-810e9a1863c3)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?familyid=e2b348f5-ec8d-4782-bb03-5de550adea77)

Windows XP Professional x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=e534d00c-6ddc-4eb3-9464-5db6e90afa3e)

Windows Server 2003 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=defd8603-ed9b-42f9-a539-2b6a690e9575)

Windows Server 2003 x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=9873c962-9d3d-46ef-b54b-2a50696fb6b2)

Windows Server 2003 with SP2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=c3c21225-8534-4c7f-96b6-20a743dcea74)

Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=2761c7b4-d472-4f00-949b-af3ebafdc08d)

Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2

10.10.10.220 Confirmed 4/5/Patchable page 134 (http://www.microsoft.com/downloads/details.aspx?familyid=38b40dab-6b4d-434b-9997-12ef70d6bbcc)

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=21e87558-9bd2-4aa9-aaa5-7fd26a5b60e6)

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=0b93047d-f2c6-403b-9200-c251898bc1e0)

Windows 7 for 32-bit Systems (http://www.microsoft.com/downloads/details.aspx?familyid=66f14bb4-40fc-4ae3-9baf-429b7106cd91)

Refer to Microsoft Security Bulletin MS10-015 (http://www.microsoft.com/technet/security/bulletin/MS10-015.mspx) for further details. Also refer to Microsoft Security Advisory (979682) (http://www.microsoft.com/technet/security/advisory/979682.mspx) to obtain additional details on one of the vulnerabilities that was resolved by MS10-015.

Workaround: - Disable the NTVDM subsystem

See Microsoft Knowledge Base Article 979682 (http://support.microsoft.com/kb/979682) to use the automated Microsoft Fix it solution to enable or disable this workaround.

Manual Instructions are as follows: 1. Click Start, click Run, type gpedit.msc in the Open box, and then click OK. This opens the Group Policy console. 1. Expand the Administrative Templates folder and then click Windows Components. 2. Click the Application Compatibility folder. 3. In the details pane, double click the Prevent access to 16-bit applications policy setting. By default, this is set to Not Configured. 4. Change the policy setting to Enabled and then click OK.

Impact of Workaround: Users will not be able to run 16-bit applications.

There are reports of MS10-015 causing a blue screen in some systems due to presence of a rootkit. To determine whether the system is compatible with security update 977165, please refer to KB980966 (http://support.microsoft.com/kb/980966) for further information.

EXPLOITABILITY: Core Security Reference: CVE-2010-0232 Description: Microsoft Windows GP Trap Handler Privilege Escalation Exploit - Core Security Category : Exploits/Local

Immunity Reference: CVE-2010-0232 Description: NtVdmControl()->KiTrap0d local - Immunity Ref : ms_ntvdm Link: http://qualys.immunityinc.com/home/exploitpack/CANVAS/ms_ntvdm/qualys_user

The Exploit-DB Reference: CVE-2010-0232 Description: Windows NT User Mode to Ring 0 Escalation Vulnerability - The Exploit-DB Ref : 11199 Link: http://www.exploit-db.com/exploits/11199

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB977165 is missing %windir%\system32\Ntoskrnl.exe Version is 5.2.3790.652

4 Microsoft Windows Kerberos Denial of Service Vulnerability (MS10-014) CVSS: - Active QID: 90582 CVSS Base: 6.3 Category: Windows CVSS Temporal: 4.7 CVE ID: CVE-2010-0035 Vendor Reference: MS10-014 Bugtraq ID: 38110 Service Modified: 02/26/2010 User Modified: -

10.10.10.220 Confirmed 4/5/Patchable page 135 Edited: No PCI Vuln: No

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Server Service Pack 4 (http://www.microsoft.com/downloads/details.aspx?familyid=56a9afba-a6ee-4fb9-ba85-e51d9f94de27)

Windows Server 2003 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=738e2fda-96fc-413d-a5c7-74b1fac1d6b3)

Windows Server 2003 x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=f8ad539d-8191-4864-977b-ad4e31c04ba0)

Windows Server 2003 with SP2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=d549c927-add7-4d83-bfc7-15dc35663dfb)

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=75327470-0f14-4cdd-bcb7-64684c61c267)

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=7d0f8f81-fc10-450a-a653-06f89acba9fa)

Refer to Microsoft Security Bulletin MS10-014 (http://www.microsoft.com/technet/security/bulletin/MS10-014.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003977: Kerberos Null Pointer Dereference Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB2478971\Filelist is missing %windir%\System32\Kerberos.dll Version is 5.2.3790.347 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB977290\Filelist is missing %windir%\System32\kdcsvc.dll Version is 5.2.3790.347 HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions ProductType = LanmanNT

4 Microsoft MPEG Layer-3 Codecs Remote Code Execution Vulnerability (MS10-026) CVSS: - Active QID: 90593 CVSS Base: 9.3 Category: Windows CVSS Temporal: 7.3 CVE ID: CVE-2010-0480 Vendor Reference: MS10-026 Bugtraq ID: 39303 Service Modified: 08/26/2010 User Modified: - Edited: No

10.10.10.220 Confirmed 4/5/Patchable page 136 PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (MPEG Layer-3 codecs) (http://www.microsoft.com/downloads/details.aspx?familyid=F6394FC2-B9D0-46CF-9265-A0D4AEB1448F)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (MPEG Layer-3 codecs) (http://www.microsoft.com/downloads/details.aspx?familyid=B1582A74-4A7B-4540-BEB1-7C89C86EAE87)

Windows XP Professional x64 Edition Service Pack 2 (MPEG Layer-3 codecs) (http://www.microsoft.com/downloads/details.aspx?familyid=8AFCA317-A647-44AA-A771-5D85CD5D62EA)

Windows Server 2003 Service Pack 2 (MPEG Layer-3 codecs) (http://www.microsoft.com/downloads/details.aspx?familyid=9F89746C-181E-4177-A851-EC1826E78B6D)

Windows Server 2003 x64 Edition Service Pack 2 (MPEG Layer-3 codecs) (http://www.microsoft.com/downloads/details.aspx?familyid=B97E7EA1-A163-4CE4-8CBC-5F933773C4B2)

Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2 (MPEG Layer-3 codecs) (http://www.microsoft.com/downloads/details.aspx?familyid=0E7140BB-42D3-48B3-9F4B-D55B17770DE8)

Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2 (MPEG Layer-3 codecs) (http://www.microsoft.com/downloads/details.aspx?familyid=B885AEF4-3A5D-4C3E-BEF6-5EFEF2965752)

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (MPEG Layer-3 codecs) (http://www.microsoft.com/downloads/details.aspx?familyid=8E9C04C9-898F-4ED2-949D-F4343CC0D9F6)

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (MPEG Layer-3 codecs) (http://www.microsoft.com/downloads/details.aspx?familyid=D6F2E1AE-48D3-4D2C-B329-32CFF00AFEE5)

Refer to Microsoft Security Bulletin MS10-026 (http://www.microsoft.com/technet/security/bulletin/MS10-026.mspx) for further details.

Workaround: Restrict Access to the MPEG Layer-3 audio codecs to ensure that they can no longer be loaded. This effectively prevents exploitation of the vulnerability using this attack vector.

Impact of the workaround: MPEG Layer-3 audio encoded files will not play.

Further details on applying the workarounds can be found at Microsoft Security Bulletin MS10-026 (http://www.microsoft.com/technet/security/bulletin/MS10-026.mspx).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1004093: MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability Virtual Patch #1004421: Microsoft MPEG Layer-3 Audio Decoder Divide-By-Zero Denial Of Service Vulnerability

10.10.10.220 Confirmed 4/5/Patchable page 137 EXPLOITABILITY: Core Security Reference: CVE-2010-0480 Description: Microsoft MPEG Layer-3 Codecs Buffer Overflow Exploit (MS10-026) - Core Security Category : Exploits/Client Side

Immunity Reference: CVE-2010-0480 Description: MPEG Layer-3 codecs stack overflow - Immunity Ref : ms10_026 Link: http://qualys.immunityinc.com/home/exploitpack/CANVAS/ms10_026/qualys_user

Metasploit Reference: CVE-2010-0480 Description: MS10-026 Microsoft MPEG Layer-3 Audio Stack Based Overflow - Metasploit Ref : /modules/exploit/windows/browser/ms10_026_avi_nsamplespersec Link: http://www.metasploit.com/modules/exploit/windows/browser/ms10_026_avi_nsamplespersec

The Exploit-DB Reference: CVE-2010-0480 Description: MOAUB #5 - Microsoft MPEG Layer-3 Remote Command Execution Exploit - The Exploit-DB Ref : 14895 Link: http://www.exploit-db.com/exploits/14895

Reference: CVE-2010-0480 Description: MOAUB #24 - Microsoft MPEG Layer-3 Audio Decoder Division By Zero - The Exploit-DB Ref : 15096 Link: http://www.exploit-db.com/exploits/15096

Reference: CVE-2010-0480 Description: MS10-026 Microsoft MPEG Layer-3 Audio Stack Based Overflow - The Exploit-DB Ref : 17659 Link: http://www.exploit-db.com/exploits/17659

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB977816 is missing %windir%\System32\L3codeca.acm Version is 1.9.0.305

4 Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (MS06-039) CVSS: - Active QID: 110036 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 6.9 CVE ID: CVE-2006-0007, CVE-2006-0033 Vendor Reference: MS06-039 Bugtraq ID: - Service Modified: 06/09/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office 2003 Service Pack 1 or Service Pack 2 : http://www.microsoft.com/downloads/details.aspx?FamilyId=66C15CD1-A33B-4EB4-9D90-87DECF053768 (http://www.microsoft.com/downloads/details.aspx?FamilyId=66C15CD1-A33B-4EB4-9D90-87DECF053768) Microsoft Works Suites (Microsoft Works Suite 2004

10.10.10.220 Confirmed 4/5/Patchable page 138 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=1506FE89-1753-40AC-BB3E-A053B3EB6260 (http://www.microsoft.com/downloads/details.aspx?FamilyId=1506FE89-1753-40AC-BB3E-A053B3EB6260) Microsoft Works Suites (Microsoft Works Suite 2005 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=1506FE89-1753-40AC-BB3E-A053B3EB6260 (http://www.microsoft.com/downloads/details.aspx?FamilyId=1506FE89-1753-40AC-BB3E-A053B3EB6260) Microsoft Works Suites (Microsoft Works Suite 2006 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=1506FE89-1753-40AC-BB3E-A053B3EB6260 (http://www.microsoft.com/downloads/details.aspx?FamilyId=1506FE89-1753-40AC-BB3E-A053B3EB6260) Microsoft Office XP Service Pack 3 : http://www.microsoft.com/downloads/details.aspx?FamilyId=1506FE89-1753-40AC-BB3E-A053B3EB6260 (http://www.microsoft.com/downloads/details.aspx?FamilyId=1506FE89-1753-40AC-BB3E-A053B3EB6260) Microsoft Office 2000 Service Pack 3 : http://www.microsoft.com/downloads/details.aspx?FamilyId=9B0A1795-DA76-4935-AA90-E6AEDC0CDE6B (http://www.microsoft.com/downloads/details.aspx?FamilyId=9B0A1795-DA76-4935-AA90-E6AEDC0CDE6B) Microsoft Project 2002 : http://www.microsoft.com/downloads/details.aspx?FamilyId=2194EC63-582E-4E64-B71F-99918BF14FFA (http://www.microsoft.com/downloads/details.aspx?FamilyId=2194EC63-582E-4E64-B71F-99918BF14FFA) Microsoft Project 2000 : http://www.microsoft.com/downloads/details.aspx?FamilyId=42493E0C-91DE-49B0-B5B7-2214D55DE079 (http://www.microsoft.com/downloads/details.aspx?FamilyId=42493E0C-91DE-49B0-B5B7-2214D55DE079) Refer to Microsoft Security Bulletin MS06-039 (http://www.microsoft.com/technet/security/bulletin/MS06-039.mspx) for further details.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKCR\Installer\Patches\BB38B80DA31C8A04B9CBC685A1CFBAC2 is missing %ProgramFiles%\Common Files\Microsoft Shared\GRPHFLT\gifimp32.flt Version is 2003.1100.5510.0 %ProgramFiles%\Common Files\Microsoft Shared\GRPHFLT\png32.flt Version is 2003.1100.5510.0

4 Microsoft PowerPoint Remote Code Execution Vulnerabilities (MS06-048) CVSS: - Active QID: 110038 CVSS Base: 7.5 Category: Office Application CVSS Temporal: 6.5 CVE ID: CVE-2006-3449, CVE-2006-3590 Vendor Reference: MS06-048 Bugtraq ID: - Service Modified: 06/09/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office 2000 Service Pack 3 : http://www.microsoft.com/downloads/details.aspx?FamilyId=B7B5615B-7C20-4C49-892F-7F4CCC2D6006 (http://www.microsoft.com/downloads/details.aspx?FamilyId=B7B5615B-7C20-4C49-892F-7F4CCC2D6006) Microsoft Office XP Service Pack 3 : http://www.microsoft.com/downloads/details.aspx?FamilyId=A9C7E43B-A0A6-4C81-87ED-3F4DED78EAEA (http://www.microsoft.com/downloads/details.aspx?FamilyId=A9C7E43B-A0A6-4C81-87ED-3F4DED78EAEA) Microsoft Office 2003 Service Pack 1 or Service Pack 2 : http://www.microsoft.com/downloads/details.aspx?FamilyId=DE1CB2A7-5D4C-44B8-BC40-7E0A88CC3081 (http://www.microsoft.com/downloads/details.aspx?FamilyId=DE1CB2A7-5D4C-44B8-BC40-7E0A88CC3081) Microsoft Office 2004 for Mac : http://www.microsoft.com/mac (http://www.microsoft.com/mac) Microsoft Office v. X for Mac :

http://www.microsoft.com/mac/downloads.aspx?pid=download&location=/mac/download/ officex/OfficeX_1018.xml&secid=5&ssid=32&flgnosysreq=True

10.10.10.220 Confirmed 4/5/Patchable page 139 (http://www.microsoft.com/mac/downloads.aspx?pid=download&location=/mac/download /officex/OfficeX_1018.xml&secid=5&ssid=32&flgnosysreq=True) Refer to Micrsoft Security Bulletin MS06-048 (http://www.microsoft.com/technet/security/bulletin/MS06-048.mspx) for further details.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: C:\Program Files\Microsoft Office\OFFICE11\\POWERPNT.exe version is 11.0.6361.0 . HKCR\Installer\Patches\90BE2A871471E3C45A55744126CEA248 is missing %ProgramFiles%\Common Files\Microsoft Shared\Smart Tag\IETAG.DLL version is 11.0.6255.0 .

4 Microsoft Office Remote Code Execution Vulnerabilities (MS06-062) CVSS: - Active QID: 110044 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 6.9 CVE ID: CVE-2006-3434, CVE-2006-3650, CVE-2006-3864, CVE-2006-3868 Vendor Reference: MS06-062 Bugtraq ID: - Service Modified: 06/09/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office 2000 Service Pack 3 : http://www.microsoft.com/downloads/details.aspx?FamilyId=E0C7E1E4-7859-4C7E-898E-1CF05014885B (http://www.microsoft.com/downloads/details.aspx?FamilyId=E0C7E1E4-7859-4C7E-898E-1CF05014885B) Microsoft Office XP Service Pack 3 : http://www.microsoft.com/downloads/details.aspx?FamilyId=958EE063-D88D-4E45-8555-4D1C4730F5C8 (http://www.microsoft.com/downloads/details.aspx?FamilyId=958EE063-D88D-4E45-8555-4D1C4730F5C8) Microsoft Office 2003 Service Pack 1 or Service Pack 2 : http://www.microsoft.com/downloads/details.aspx?FamilyId=0D399F68-EC0D-4768-9846-B16B3DADF247 (http://www.microsoft.com/downloads/details.aspx?FamilyId=0D399F68-EC0D-4768-9846-B16B3DADF247) Microsoft Project 2000 Service Release 1 : http://www.microsoft.com/downloads/details.aspx?FamilyId=266A9870-CD03-45CA-877B-B5AD2C873FE5 (http://www.microsoft.com/downloads/details.aspx?FamilyId=266A9870-CD03-45CA-877B-B5AD2C873FE5) Microsoft Project 2002 Service Pack 1 : http://www.microsoft.com/downloads/details.aspx?FamilyId=A77DEA18-D237-4BB0-9464-CE31B6AE52D6 (http://www.microsoft.com/downloads/details.aspx?FamilyId=A77DEA18-D237-4BB0-9464-CE31B6AE52D6) Microsoft Visio 2002 Service Pack 2 : http://www.microsoft.com/downloads/details.aspx?FamilyId=FD4B7660-0FC5-43E5-9683-B6DAE96136BB (http://www.microsoft.com/downloads/details.aspx?FamilyId=FD4B7660-0FC5-43E5-9683-B6DAE96136BB) Microsoft Office 2004 for Mac : http://www.microsoft.com/mac/ (http://www.microsoft.com/mac/) Microsoft Office v. X for Mac : http://www.microsoft.com/mac/ (http://www.microsoft.com/mac/) Refer to Microsoft Security Bulletin MS06-062 (http://www.microsoft.com/technet/security/bulletin/MS06-062.mspx) for further details.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: %ProgramFiles%\Common Files\Microsoft Shared\Office11\mso.dll version is 11.0.6360.0 .

10.10.10.220 Confirmed 4/5/Patchable page 140 4 Microsoft Excel Remote Code Execution Vulnerabilities (MS07-002) CVSS: - Active QID: 110050 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 7.3 CVE ID: CVE-2007-0027, CVE-2007-0028, CVE-2007-0029, CVE-2007-0030, CVE-2007-0031 Vendor Reference: MS07-002 Bugtraq ID: - Service Modified: 06/10/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office 2000 Service Pack 3 (Microsoft Excel 2000 ):http://www.microsoft.com/downloads/details.aspx?familyid=5CCF4455-6B22-4249-93D7-661D12839292 (http://www.microsoft.com/downloads/details.aspx?familyid=5CCF4455-6B22-4249-93D7-661D12839292) Microsoft Office XP Service Pack 3 (Microsoft Excel 2002 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=EE7278EA-3AEE-4994-9657-66019961D63C (http://www.microsoft.com/downloads/details.aspx?FamilyId=EE7278EA-3AEE-4994-9657-66019961D63C) Microsoft Office 2003 Service Pack 2 (Microsoft Excel 2003 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=79B88CE8-5C56-462F-AC1A-4BCE04C8F543 (http://www.microsoft.com/downloads/details.aspx?FamilyId=79B88CE8-5C56-462F-AC1A-4BCE04C8F543) Microsoft Office 2003 Service Pack 2 (Microsoft Office Excel Viewer 2003 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=99AE7653-F0FD-4DBA-A151-098FD03E6EA4 (http://www.microsoft.com/downloads/details.aspx?FamilyId=99AE7653-F0FD-4DBA-A151-098FD03E6EA4) Microsoft Works Suites (Microsoft Works Suite 2004 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=EE7278EA-3AEE-4994-9657-66019961D63C (http://www.microsoft.com/downloads/details.aspx?FamilyId=EE7278EA-3AEE-4994-9657-66019961D63C) Microsoft Works Suites (Microsoft Works Suite 2005 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=EE7278EA-3AEE-4994-9657-66019961D63C (http://www.microsoft.com/downloads/details.aspx?FamilyId=EE7278EA-3AEE-4994-9657-66019961D63C) Microsoft Office 2004 for Mac : http://www.microsoft.com/mac/ (http://www.microsoft.com/mac/) Microsoft Office v. X for Mac : http://www.microsoft.com/mac/ (http://www.microsoft.com/mac/) Refer to Micrsoft Security Bulletin MS07-002 (http://www.microsoft.com/technet/security/bulletin/MS07-002.mspx) for further details.

EXPLOITABILITY: The Exploit-DB Reference: CVE-2007-0031 Description: Microsoft Excel Malformed Palette Record DoS PoC (MS07-002) - The Exploit-DB Ref : 3193 Link: http://www.exploit-db.com/exploits/3193

RESULTS: Excel 2003 C:\Program Files\Microsoft Office\OFFICE11\\EXCEL.exe version is 11.0.6355.0 . C:\Program Files\Microsoft Office\OFFICE11\\EXCEL.exe version is 11.0.6355.0 .

4 Microsoft Word Remote Code Execution Vulnerabilities (MS07-024) CVSS: - Active QID: 110055 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 6.9 CVE ID: CVE-2007-0035, CVE-2007-0870, CVE-2007-1202 Vendor Reference: MS07-024 Bugtraq ID: -

10.10.10.220 Confirmed 4/5/Patchable page 141 Service Modified: 06/05/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office 2000 Service Pack 3 (Microsoft Word 2000 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=F25020F5-17C7-4A60-9088-944FFACB5F19 (http://www.microsoft.com/downloads/details.aspx?FamilyId=F25020F5-17C7-4A60-9088-944FFACB5F19) Microsoft Office XP Service Pack 3 (Microsoft Word 2002 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=0FE4F405-A568-4F15-B2C6-02D4A4B58E43 (http://www.microsoft.com/downloads/details.aspx?FamilyId=0FE4F405-A568-4F15-B2C6-02D4A4B58E43) Microsoft Office 2003 Service Pack 2 (Microsoft Word 2003 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=6870245D-4618-4504-BFFC-878635267059 (http://www.microsoft.com/downloads/details.aspx?FamilyId=6870245D-4618-4504-BFFC-878635267059) Microsoft Office 2003 Service Pack 2 (Microsoft Word Viewer 2003 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=24547C65-C29A-4D0A-A015-F3F08B24331F (http://www.microsoft.com/downloads/details.aspx?FamilyId=24547C65-C29A-4D0A-A015-F3F08B24331F) Microsoft Works Suites (Microsoft Works Suite 2004 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=0FE4F405-A568-4F15-B2C6-02D4A4B58E43 (http://www.microsoft.com/downloads/details.aspx?FamilyId=0FE4F405-A568-4F15-B2C6-02D4A4B58E43) Microsoft Works Suites (Microsoft Works Suite 2005 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=0FE4F405-A568-4F15-B2C6-02D4A4B58E43 (http://www.microsoft.com/downloads/details.aspx?FamilyId=0FE4F405-A568-4F15-B2C6-02D4A4B58E43) Microsoft Works Suites (Microsoft Works Suite 2006 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=0FE4F405-A568-4F15-B2C6-02D4A4B58E43 (http://www.microsoft.com/downloads/details.aspx?FamilyId=0FE4F405-A568-4F15-B2C6-02D4A4B58E43) Microsoft Office 2004 for Mac : http://www.microsoft.com/mac (http://www.microsoft.com/mac) Refer to Micrsoft Security Bulletin MS07-024 (http://www.microsoft.com/technet/security/bulletin/MS07-024.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1000995: Microsoft Word RTF Documents Parsing Remote Code Execution Virtual Patch #1001193: Microsoft Word RTF Documents Parsing Remote Code Execution.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: C:\Program Files\Microsoft Office\OFFICE11\\WinWord.exe version is 11.0.6502.0 .

4 Microsoft Windows Kernel Elevation Privilege Vulnerability (MS10-021) CVSS: - Active QID: 90594 CVSS Base: 6.9 Category: Windows CVSS Temporal: 5.4 CVE ID: CVE-2010-0234, CVE-2010-0235, CVE-2010-0236, CVE-2010-0237, CVE-2010-0238, CVE-2010-0810, CVE-2010-0481, CVE-2010-0482 Vendor Reference: MS10-021 Bugtraq ID: 39297, 39309, 39323, 39324, 39318, 39322, 39319, 39320 Service Modified: 07/08/2010 User Modified: - Edited: No

10.10.10.220 Confirmed 4/5/Patchable page 142 PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (http://www.microsoft.com/downloads/details.aspx?familyid=C5F4577E-7546-40E9-8BCD-BE11C1B260A6)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?familyid=142710FD-9CD4-4DD0-AABA-2AACE03C008F)

Windows XP Professional x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=3C0CB02E-3484-4CDF-8C64-C697AD3E2889)

Windows Server 2003 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=0A7EA2D0-61CE-4B68-AD82-D917B1A56F9D)

Windows Server 2003 x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=1FC66F54-260A-4219-A0B4-056BA9DD0ABE)

Windows Server 2003 with SP2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=8DCB8BE8-FB78-4518-AA7E-F8B17F7DFB86)

Windows Vista (http://www.microsoft.com/downloads/details.aspx?familyid=86D7B054-AF4F-4D8A-9873-CB5246466374)

Windows Vista Service Pack 1 and Windows Vista Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=86D7B054-AF4F-4D8A-9873-CB5246466374)

Windows Vista x64 Edition (http://www.microsoft.com/downloads/details.aspx?familyid=7C84AA24-6331-427A-969C-27F7D39DB3D7)

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=7C84AA24-6331-427A-969C-27F7D39DB3D7)

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=25E3CE7F-53A0-4049-A65C-011D2143C4C2)

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=8B99E54D-955B-4A06-9A04-B2F4596EFD72)

Windows 7 for 32-bit Systems (http://www.microsoft.com/downloads/details.aspx?familyid=FF58D80C-33CE-4D9E-AAA5-0B1841458931)

Windows 7 for x64-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=7F1DC055-2EC9-407A-9E69-DA12338587E3)

Windows Server 2008 R2 for x64-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=28389C1D-2A12-4BEF-A59B-726BB6449C8B)

10.10.10.220 Confirmed 4/5/Patchable page 143 Windows Server 2008 R2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=D4EA3984-5183-47F1-814E-29CB6C90AE06)

Refer to Microsoft Security Bulletin MS10-021 (http://www.microsoft.com/technet/security/bulletin/MS10-021.mspx) for further details.

EXPLOITABILITY: Core Security Reference: CVE-2010-0810 Description: Microsoft Windows Exception Handler DoS (MS10-021) - Core Security Category : Denial of Service/Local

Reference: CVE-2010-0235 Description: Microsoft Windows Registry SymLink DoS (MS010-021) - Core Security Category : Denial of Service/Local

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB979683\Filelist is missing %windir%\system32\Ntoskrnl.exe Version is 5.2.3790.652

4 Microsoft Outlook Express and Windows Mail Remote Code Execution Vulnerability (MS10-030) CVSS: - Active QID: 90602 CVSS Base: 9.3 Category: Windows CVSS Temporal: 7.3 CVE ID: CVE-2010-0816 Vendor Reference: MS10-030 Bugtraq ID: - Service Modified: 07/08/2010 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch:Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (Microsoft Outlook Express 5.5 Service Pack 2) (http://www.microsoft.com/downloads/details.aspx?familyid=661F5DE3-A593-4961-8E8D-2777797EB5C5)

Microsoft Windows 2000 Service Pack 4 (Microsoft Outlook Express 6 Service Pack 1) (http://www.microsoft.com/downloads/details.aspx?familyid=CDA75174-B535-4559-A52D-B5EC3A1DF349)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (Microsoft Outlook Express 6) (http://www.microsoft.com/downloads/details.aspx?familyid=99707C3D-A3CB-47DA-B38E-8AE0227FD703)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (Windows Live Mail) (http://www.microsoft.com/downloads/details.aspx?familyid=99707C3D-A3CB-47DA-B38E-8AE0227FD703)

Windows XP Professional x64 Edition Service Pack 2 (Microsoft Outlook Express 6) (http://www.microsoft.com/downloads/details.aspx?familyid=44BC97BB-6F76-4C96-AF72-69DAAEA80FFF)

Windows XP Professional x64 Edition Service Pack 2 (Windows Live Mail) (http://www.microsoft.com/downloads/details.aspx?familyid=44BC97BB-6F76-4C96-AF72-69DAAEA80FFF)

Windows Server 2003 Service Pack 2 (Microsoft Outlook Express 6) (http://www.microsoft.com/downloads/details.aspx?familyid=EB9742FC-0934-4B38-9EC4-3597FC71EC00)

Windows Server 2003 x64 Edition Service Pack 2 (Microsoft Outlook Express 6) (http://www.microsoft.com/downloads/details.aspx?familyid=5678515A-97EA-4E00-8700-D3F2FCDC0EFC)

Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft Outlook Express 6) (http://www.microsoft.com/downloads/details.aspx?familyid=60EF635B-CB6D-402F-B904-E69B519D797F)

10.10.10.220 Confirmed 4/5/Patchable page 144 Windows Vista Service Pack 1 and Windows Vista Service Pack 2 (Windows Mail) (http://www.microsoft.com/downloads/details.aspx?familyid=A970C869-24FE-4EF4-B189-7A6BAC2411F1)

Windows Vista Service Pack 1 and Windows Vista Service Pack 2 (Windows Live Mail) (http://www.microsoft.com/downloads/details.aspx?familyid=A970C869-24FE-4EF4-B189-7A6BAC2411F1)

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2 (Windows Mail) (http://www.microsoft.com/downloads/details.aspx?familyid=9A7853B5-4F9F-4467-9530-EEA2EFD504A5)

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2 (Windows Live Mail) (http://www.microsoft.com/downloads/details.aspx?familyid=9A7853B5-4F9F-4467-9530-EEA2EFD504A5)

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Mail) (http://www.microsoft.com/downloads/details.aspx?familyid=5F77A640-247C-4ED2-9FCA-4B7344F4DC7C)

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Live Mail) (http://www.microsoft.com/downloads/details.aspx?familyid=5F77A640-247C-4ED2-9FCA-4B7344F4DC7C)

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Mail) (http://www.microsoft.com/downloads/details.aspx?familyid=B0EAB011-5847-44E4-BC0D-5C5355E1E8D0)

For a complete list of patch download links, please refer to Microsoft Security Bulletin MS10-030 (http://www.microsoft.com/technet/security/bulletin/MS10-030.mspx).

Workaround:Use web-based email instead of IMAP or POP3 to check email.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1004156: Outlook Express And Windows Mail Integer Overflow Vulnerability

EXPLOITABILITY: The Exploit-DB Reference: CVE-2010-0816 Description: Microsoft Windows Outlook Express and Windows Mail Integer Overflow - The Exploit-DB Ref : 12564 Link: http://www.exploit-db.com/exploits/12564

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB978542\Filelist is missing %ProgramFiles%\Outlook Express\Msoe.dll Version is 6.0.3790.607

4 Microsoft Windows Cumulative Security Update of ActiveX Kill Bits (MS10-034) CVSS: - Active QID: 90604 CVSS Base: 9.3 Category: Windows CVSS Temporal: 6.9 CVE ID: CVE-2010-0252, CVE-2010-0811 Vendor Reference: MS10-034 Bugtraq ID: 38045, 40490 Service Modified: 07/01/2010 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

10.10.10.220 Confirmed 4/5/Patchable page 145 Microsoft Windows 2000 Service Pack 4 (http://www.microsoft.com/downloads/details.aspx?FamilyID=d3955983-0079-476e-a488-99713097259c)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?FamilyID=8c3f2e81-c0ea-494a-a47c-4f8982effb49)

Windows XP Professional x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?FamilyId=f3e462fb-df95-4b79-a8bc-5359c2967503)

Windows Server 2003 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?FamilyID=3c0bd349-aa77-47de-ba1d-1fcc72dcad28)

Windows Server 2003 x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?FamilyID=4aa0ec4f-5502-4f2a-9732-975518c34444)

Windows Server 2003 with SP2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?FamilyID=55d9d7f0-f9d9-4833-b5cc-eb87a62da6a8)

Windows Vista Service Pack 1 and Windows Vista Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?FamilyID=2ddaa4b3-1a98-4183-94af-ebdae4e7b76a)

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?FamilyID=ddf55e74-dbaa-45f7-ac5b-ae3da24e0e33)

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?FamilyID=a06b9f42-47ac-4ff2-ac32-e4958cdb611e)

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?FamilyID=6d0a3f7c-2617-4bc6-a4c7-cda26c6471e1)

Windows 7 for 32-bit Systems (http://www.microsoft.com/downloads/details.aspx?FamilyID=5bce87fe-dcbb-4638-b248-3f0755537b00)

Windows 7 for x64-based Systems (http://www.microsoft.com/downloads/details.aspx?FamilyID=ee68ecd0-5b8a-4c1e-bdee-bd8616558d43)

Windows Server 2008 R2 for x64-based Systems (http://www.microsoft.com/downloads/details.aspx?FamilyID=901f7c89-02af-4f87-8592-dad318997d77)

Windows Server 2008 R2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?FamilyID=4958b221-2776-43d7-9e1c-1e1cb318a694)

Refer to Microsoft Security Bulletin MS10-034 (http://www.microsoft.com/technet/security/bulletin/MS10-034.mspx) for further details.

Workarounds: 1) Enable or disable ActiveX Controls in Office 2007.

Impact of workaround #1: ActiveX controls will not be instantiated in Microsoft Office applications.

2) Prevent COM objects from running in Internet Explorer.

Impact of workaround #2: There is no impact as long as the object is not intended to be used in Internet Explorer.

3) Set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting.

4) Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone.

10.10.10.220 Confirmed 4/5/Patchable page 146 Impact of workarounds #3 and #4: On visiting Web sites on the Internet or Intranet that use ActiveX or Active Scripting to provide additional functionality, you will be prompted frequently when you enable this workaround.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003971: Cumulative Security Update of ActiveX Kill Bits - February 2010 Virtual Patch #1004205: Cumulative Security Updates of ActiveX Kill Bits - June 2010 Virtual Patch #1004643: 1004643 - Cumulative Security Updates of ActiveX Kill Bits - April 2011

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB980195\Filelist is missing HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F6A56D95-A3A3-11D2-AC26-400000058481} Compatibility Flags is missing. HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{56393399-041A-4650-94C7-13DFCB1F4665} Compatibility Flags is missing. HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6f750200-1362-4815-a476-88533de61d0c} Compatibility Flags is missing. HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6f750201-1362-4815-a476-88533de61d0c} Compatibility Flags is missing. HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7F14A9EE-6989-11D5-8152-00C04F191FCA} Compatibility Flags is missing.

4 Microsoft Windows OpenType Font Format Driver Could Allow Elevation of Privilege (MS10-078) CVSS: - Active QID: 90654 CVSS Base: 7.2 Category: Windows CVSS Temporal: 5.6 CVE ID: CVE-2010-2740, CVE-2010-2741 Vendor Reference: MS10-078 Bugtraq ID: - Service Modified: 11/05/2010 User Modified: - Edited: No PCI Vuln: No

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Windows XP Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?familyid=0553FC7C-DEED-4594-A133-D621551310DC)

Windows XP Professional x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=1AD30596-BAC6-4D48-8B15-0245960C443B)

Windows Server 2003 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=F94763E7-B1DB-4043-AA79-D5BE1A42307D)

Windows Server 2003 x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=6FCA5CAB-7E11-4911-A6A8-F73F113B2963)

Windows Server 2003 with SP2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=E8F297E2-0DFD-421A-B598-A78199AD6BAA)

Refer to Microsoft Security Bulletin MS10-078 (http://www.microsoft.com/technet/security/bulletin/MS10-078.mspx) for further details.

Virtual Patches:

10.10.10.220 Confirmed 4/5/Patchable page 147 Trend Micro Virtual Patching Virtual Patch #1004485: OpenType Font Parsing Vulnerability

EXPLOITABILITY: Core Security Reference: CVE-2010-2741 Description: Microsoft Windows OpenType Font Validation DoS (MS10-078) - Core Security Category : Denial of Service/Local

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB2485376 is missing %windir%\system32\Atmfd.dll Version is 5.1.2.225 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB2296199 is missing %windir%\system32\Atmfd.dll Version is 5.1.2.225 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB2279986\Filelist is missing %windir%\system32\Atmfd.dll Version is 5.1.2.225

4 Microsoft Windows Kernel-Mode Drivers Elevation of Privilege Vulnerabilities (MS10-032) CVSS: - Active QID: 90605 CVSS Base: 6.8 Category: Windows CVSS Temporal: 5.6 CVE ID: CVE-2010-0484, CVE-2010-0485, CVE-2010-1255 Vendor Reference: MS10-032 Bugtraq ID: 40508 Service Modified: 07/01/2010 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (http://www.microsoft.com/downloads/details.aspx?familyid=60C8579B-1540-40D8-80A0-956EDADD63CE)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?familyid=023A777A-3D83-4A4E-8029-DA8B095B074B)

Windows XP Professional x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=8E3AAC9D-7747-435F-9678-F621E314E070)

Windows Server 2003 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=79A11DCD-5D88-4D83-BEAE-6580EF6FC2C0)

Windows Server 2003 x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=F42CC5D4-1BEA-4A4A-8A08-B3EB92503588)

Windows Server 2003 with SP2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=50EFB1CF-9D89-4522-929D-F87FD98D6FE8)

Windows Vista Service Pack 1 and Windows Vista Service Pack 2

10.10.10.220 Confirmed 4/5/Patchable page 148 (http://www.microsoft.com/downloads/details.aspx?familyid=7CB64633-D2A0-4E38-BE35-EC32EA655A04)

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=BBFC4D80-67EB-4DEB-9595-CB67942A0DF2)

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=22D550FE-BA35-4750-A9D6-624858B67C94)

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=09025626-4116-4A31-8700-215382898EE2)

Windows 7 for 32-bit Systems (http://www.microsoft.com/downloads/details.aspx?familyid=3E0FF389-4612-4C92-BBFF-BB45B5BDFC6A)

Windows 7 for x64-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=2B1E4AFF-605A-4E94-88F9-135CE35F0646)

Windows Server 2008 R2 for x64-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=4272277F-B2DD-4406-8BBD-BC461C9923B8)

Windows Server 2008 R2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=7D636F82-E828-468C-AC36-808FF9D37C7F)

Refer to Microsoft Security Bulletin MS10-032 (http://www.microsoft.com/technet/security/bulletin/MS10-032.mspx) for further details.

EXPLOITABILITY: Core Security Reference: CVE-2010-0485 Description: Microsoft Windows CreateWindow Function Callback Exploit (MS10-032) - Core Security Category : Exploits/Local

Immunity Reference: CVE-2010-0485 Description: ms10_032 - Immunity Ref : ms10_032 Link: http://qualys.immunityinc.com/home/exploitpack/CANVAS/ms10_032/qualys_user

4 Microsoft Windows Netlogon Service Denial of Service Vulnerability (MS10-101) CVSS: - Active QID: 90666 CVSS Base: 5.4 Category: Windows CVSS Temporal: 4.2 CVE ID: CVE-2010-2742 Vendor Reference: MS10-101 Bugtraq ID: - Service Modified: 12/14/2010 User Modified: - Edited: No PCI Vuln: No

First Detected: 07/27/2011 at 19:27:53 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 25 CVSS Environment:

10.10.10.220 Confirmed 4/5/Patchable page 149 Asset Group: - Collateral Damage Potential: - Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Windows Server 2003 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=AD843B97-2F6E-4406-A17A-627B7DB8A926)

Windows Server 2003 x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=0B0A06E7-0AE5-41F4-9FF5-D524FC0AFBFA)

Windows Server 2003 with SP2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=7C0C2850-E81D-4347-AEB3-47036CAA7C1B)

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=6793F75B-CDF4-42EF-A53E-A1ACB5B662D1)

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=85ADD876-CA5A-4A92-984E-188A72E349FC)

Windows Server 2008 R2 for x64-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=D7307AFD-84A0-434E-9658-BF9F8AE4B938)

Refer to Microsoft Security Bulletin MS10-101 (http://www.microsoft.com/technet/security/bulletin/MS10-101.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1004542: Windows Netlogon Service Denial Of Service (CVE-2010-2742)

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB2207559 is missing %windir%\System32\netlogon.dll Version is 5.2.3790.0 HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions ProductType = LanmanNT Netlogon = RUNNING

4 Microsoft Project Could Allow Remote Code Execution (MS08-018) CVSS: - Active QID: 110077 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 6.9 CVE ID: CVE-2008-1088 Vendor Reference: MS08-018 Bugtraq ID: 28607 Service Modified: 06/03/2008 User Modified: - Edited: No PCI Vuln: Yes

First Detected: 07/27/2011 at 19:27:53 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 25 CVSS Environment: Asset Group: - Collateral Damage Potential: -

10.10.10.220 Confirmed 4/5/Patchable page 150 Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Project 2000 Service Release 1: http://www.microsoft.com/downloads/details.aspx?FamilyId=fbe46241-b9da-40c6-803d-42eb6234be77 (http://www.microsoft.com/downloads/details.aspx?FamilyId=fbe46241-b9da-40c6-803d-42eb6234be77) Microsoft Project 2002 Service Pack 1: http://www.microsoft.com/downloads/details.aspx?FamilyId=07a90718-6597-426d-9dca-a336d60c01b8 (http://www.microsoft.com/downloads/details.aspx?FamilyId=07a90718-6597-426d-9dca-a336d60c01b8) Microsoft Project 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyId=aaba07d6-e972-4e85-bccd-406aa2c4a4f4 (http://www.microsoft.com/downloads/details.aspx?FamilyId=aaba07d6-e972-4e85-bccd-406aa2c4a4f4) Refer to Micrsoft Security Bulletin MS08-018 (http://www.microsoft.com/technet/security/bulletin/MS08-018.mspx) for further details.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: Project 2003 C:\Program Files\Microsoft Office\OFFICE11\\WINPROJ.exe found C:\Program Files\Microsoft Office\OFFICE11\\WINPROJ.exe version is 11.1.2004.1707 . C:\Program Files\Microsoft Office\OFFICE11\\WINPROJ.exe version is 11.1.2004.1707 .

4 Microsoft Word Could Allow Remote Code Execution (MS08-042) CVSS: - Active QID: 110082 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 7.3 CVE ID: CVE-2008-2244 Vendor Reference: MS08-042 Bugtraq ID: 30124 Service Modified: 06/10/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office XP Service Pack 3 (Microsoft Word 2002 Service Pack 3):http://www.microsoft.com/downloads/details.aspx?FamilyId=c7146dfc-e1be-4d13-877b-1d9bcacc4a64 (http://www.microsoft.com/downloads/details.aspx?FamilyId=c7146dfc-e1be-4d13-877b-1d9bcacc4a64) Microsoft Office 2003 Service Pack 2 (Microsoft Word 2003 Service Pack 2):http://www.microsoft.com/downloads/details.aspx?FamilyId=13a37b76-9fec-426f-8176-3c95f934efe0 (http://www.microsoft.com/downloads/details.aspx?FamilyId=13a37b76-9fec-426f-8176-3c95f934efe0) Microsoft Office 2003 Service Pack 3 (Microsoft Word 2003 Service Pack 3):http://www.microsoft.com/downloads/details.aspx?FamilyId=13a37b76-9fec-426f-8176-3c95f934efe0 (http://www.microsoft.com/downloads/details.aspx?FamilyId=13a37b76-9fec-426f-8176-3c95f934efe0) Refer to Micrsoft Security Bulletin MS08-042 (http://www.microsoft.com/technet/security/bulletin/MS08-042.mspx) for further details.

EXPLOITABILITY: Core Security

10.10.10.220 Confirmed 4/5/Patchable page 151 Reference: CVE-2008-2244 Description: Microsoft Office Word Memory Corruption Exploit - Core Security Category : Exploits/Client Side

RESULTS: C:\Program Files\Microsoft Office\OFFICE11\\WINWORD.exe version is 11.0.6502.0 .

4 Microsoft Excel Could Allow Remote Code Execution (MS08-043) CVSS: - Active QID: 110084 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 8.1 CVE ID: CVE-2008-3003, CVE-2008-3004, CVE-2008-3005, CVE-2008-3006 Vendor Reference: MS08-043 Bugtraq ID: - Service Modified: 08/13/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office 2000 Service Pack 3 (Excel 2000 Service Pack 3):http://www.microsoft.com/downloads/details.aspx?FamilyId=4bf8688e-e5b9-4e53-a1a1-8cf1acfdb80b (http://www.microsoft.com/downloads/details.aspx?FamilyId=4bf8688e-e5b9-4e53-a1a1-8cf1acfdb80b) Microsoft Office XP Service Pack 3 (Excel 2002 Service Pack 3):http://www.microsoft.com/downloads/details.aspx?FamilyId=9BBF7550-F5C4-4B9B-BD86-1E7BE6C42EB5 (http://www.microsoft.com/downloads/details.aspx?FamilyId=9BBF7550-F5C4-4B9B-BD86-1E7BE6C42EB5) Microsoft Office 2003 Service Pack 2 (Excel 2003 Service Pack 2):http://www.microsoft.com/downloads/details.aspx?FamilyId=fc612e9a-bdf3-4952-8ada-0de5a50973f0 (http://www.microsoft.com/downloads/details.aspx?FamilyId=fc612e9a-bdf3-4952-8ada-0de5a50973f0) Microsoft Office 2003 Service Pack 3 (Excel 2003 Service Pack 3):http://www.microsoft.com/downloads/details.aspx?FamilyId=fc612e9a-bdf3-4952-8ada-0de5a50973f0 (http://www.microsoft.com/downloads/details.aspx?FamilyId=fc612e9a-bdf3-4952-8ada-0de5a50973f0) 2007 Microsoft Office System (Excel 2007):http://www.microsoft.com/downloads/details.aspx?FamilyId=2753e8d6-e156-49ef-af2d-4c521c808ffd (http://www.microsoft.com/downloads/details.aspx?FamilyId=2753e8d6-e156-49ef-af2d-4c521c808ffd) 2007 Microsoft Office System Service Pack 1 (Excel 2007 Service Pack 1):http://www.microsoft.com/downloads/details.aspx?FamilyId=2753e8d6-e156-49ef-af2d-4c521c808ffd (http://www.microsoft.com/downloads/details.aspx?FamilyId=2753e8d6-e156-49ef-af2d-4c521c808ffd) Microsoft Office Excel Viewer 2003: http://www.microsoft.com/downloads/details.aspx?FamilyId=d7ed9e75-15f2-4950-98b3-93023ba0f4c1 (http://www.microsoft.com/downloads/details.aspx?FamilyId=d7ed9e75-15f2-4950-98b3-93023ba0f4c1) Microsoft Office Excel Viewer 2003 Service Pack 3: http://www.microsoft.com/downloads/details.aspx?FamilyId=d7ed9e75-15f2-4950-98b3-93023ba0f4c1 (http://www.microsoft.com/downloads/details.aspx?FamilyId=d7ed9e75-15f2-4950-98b3-93023ba0f4c1) Microsoft Office Excel Viewer: http://www.microsoft.com/downloads/details.aspx?FamilyId=b574d906-7f09-49b0-80bf-e84dee8c4583 (http://www.microsoft.com/downloads/details.aspx?FamilyId=b574d906-7f09-49b0-80bf-e84dee8c4583) Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats: http://www.microsoft.com/downloads/details.aspx?FamilyId=7afdae9b-9c74-4af7-9844-0e54221ea3b9 (http://www.microsoft.com/downloads/details.aspx?FamilyId=7afdae9b-9c74-4af7-9844-0e54221ea3b9) Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1: http://www.microsoft.com/downloads/details.aspx?FamilyId=7afdae9b-9c74-4af7-9844-0e54221ea3b9 (http://www.microsoft.com/downloads/details.aspx?FamilyId=7afdae9b-9c74-4af7-9844-0e54221ea3b9) Microsoft Office SharePoint Server 2007: http://www.microsoft.com/downloads/details.aspx?FamilyId=a7731749-b026-4765-808a-e151b990f0e1 (http://www.microsoft.com/downloads/details.aspx?FamilyId=a7731749-b026-4765-808a-e151b990f0e1) For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS08-043 (http://www.microsoft.com/technet/security/bulletin/MS08-043.mspx).

Virtual Patches:

10.10.10.220 Confirmed 4/5/Patchable page 152 Trend Micro Virtual Patching Virtual Patch #1002704: Microsoft Excel Indexing Validation Vulnerability

EXPLOITABILITY: Core Security Reference: CVE-2008-3005 Description: Microsoft Office Excel Exploit (MS08-043) - Core Security Category : Exploits/Client Side

RESULTS: C:\Program Files\Microsoft Office\OFFICE11\\EXCEL.exe version is 11.0.6355.0 . C:\Program Files\Microsoft Office\OFFICE11\\EXCEL.exe version is 11.0.6355.0 .

4 Microsoft Office Filters Could Allow Remote Code Execution (MS08-044) CVSS: - Active QID: 110085 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 6.9 CVE ID: CVE-2008-3019, CVE-2008-3018, CVE-2008-3020, CVE-2008-3021, CVE-2008-3460 Vendor Reference: MS08-044 Bugtraq ID: - Service Modified: 08/13/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office 2000 Service Pack 3: http://www.microsoft.com/downloads/details.aspx?familyid=3ab323ec-9f92-453c-b7c7-9a95a9efcaea (http://www.microsoft.com/downloads/details.aspx?familyid=3ab323ec-9f92-453c-b7c7-9a95a9efcaea) Microsoft Office XP Service Pack 3: http://www.microsoft.com/downloads/details.aspx?familyid=bf566ce6-23da-45e5-9c2b-c47331d30e79 (http://www.microsoft.com/downloads/details.aspx?familyid=bf566ce6-23da-45e5-9c2b-c47331d30e79) Microsoft Office 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=e0df2f6e-1102-461d-829f-5f3e2d7eb4b3 (http://www.microsoft.com/downloads/details.aspx?familyid=e0df2f6e-1102-461d-829f-5f3e2d7eb4b3) Microsoft Office Project 2002 Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=bf566ce6-23da-45e5-9c2b-c47331d30e79 (http://www.microsoft.com/downloads/details.aspx?familyid=bf566ce6-23da-45e5-9c2b-c47331d30e79) Microsoft Office Converter Pack: http://www.microsoft.com/downloads/details.aspx?familyid=199b08c7-6d79-4930-8f0c-31034629c485 (http://www.microsoft.com/downloads/details.aspx?familyid=199b08c7-6d79-4930-8f0c-31034629c485) Microsoft Works 8: http://www.microsoft.com/downloads/details.aspx?familyid=458985C3-9C6F-4049-81CD-0D0389C81F11 (http://www.microsoft.com/downloads/details.aspx?familyid=458985C3-9C6F-4049-81CD-0D0389C81F11) Refer to Micrsoft Security Bulletin MS08-044 (http://www.microsoft.com/technet/security/bulletin/MS08-044.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1002699: Microsoft Malformed PICT Filter Vulnerability Virtual Patch #1002694: Microsoft Malformed BMP Filter Vulnerability Virtual Patch #1002697: Microsoft PICT Filter Parsing Vulnerability

10.10.10.220 Confirmed 4/5/Patchable page 153 EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: %ProgramFiles%\Common Files\Microsoft Shared\GRPHFLT\gifimp32.flt Version is 2003.1100.5510.0

4 Microsoft Excel Remote Code Execution Vulnerability (MS08-057) CVSS: - Active QID: 110088 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 6.9 CVE ID: CVE-2008-3477, CVE-2008-3471, CVE-2008-4019 Vendor Reference: MS08-057 Bugtraq ID: 31706, 31705, 31702 Service Modified: 06/29/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office 2000 Service Pack 3 (Excel 2000 Service Pack 3):http://www.microsoft.com/downloads/details.aspx?FamilyId=1b2740e0-ecdd-48ca-84e0-eb187c31eb16 (http://www.microsoft.com/downloads/details.aspx?FamilyId=1b2740e0-ecdd-48ca-84e0-eb187c31eb16) Microsoft Office XP Service Pack 3 (Excel 2002 Service Pack 3):http://www.microsoft.com/downloads/details.aspx?FamilyId=27cedef1-c47c-472c-a343-cd9b4ebc2bba (http://www.microsoft.com/downloads/details.aspx?FamilyId=27cedef1-c47c-472c-a343-cd9b4ebc2bba) Microsoft Office 2003 Service Pack 2 (Excel 2003 Service Pack 2):http://www.microsoft.com/downloads/details.aspx?FamilyId=4df27e8a-d803-483b-a700-0177d71bf368 (http://www.microsoft.com/downloads/details.aspx?FamilyId=4df27e8a-d803-483b-a700-0177d71bf368) Microsoft Office 2003 Service Pack 3 (Excel 2003 Service Pack 3):http://www.microsoft.com/downloads/details.aspx?FamilyId=4df27e8a-d803-483b-a700-0177d71bf368 (http://www.microsoft.com/downloads/details.aspx?FamilyId=4df27e8a-d803-483b-a700-0177d71bf368) 2007 Microsoft Office System (Excel 2007):http://www.microsoft.com/downloads/details.aspx?FamilyId=2765bbc0-ea2e-4b6e-822c-222ee8e5021f (http://www.microsoft.com/downloads/details.aspx?FamilyId=2765bbc0-ea2e-4b6e-822c-222ee8e5021f) 2007 Microsoft Office System Service Pack 1 (Excel 2007 Service Pack 1):http://www.microsoft.com/downloads/details.aspx?FamilyId=2765bbc0-ea2e-4b6e-822c-222ee8e5021f (http://www.microsoft.com/downloads/details.aspx?FamilyId=2765bbc0-ea2e-4b6e-822c-222ee8e5021f) Microsoft Office Excel Viewer 2003: http://www.microsoft.com/downloads/details.aspx?FamilyId=9769ce08-5207-4c63-b7b9-536266ad6b2b (http://www.microsoft.com/downloads/details.aspx?FamilyId=9769ce08-5207-4c63-b7b9-536266ad6b2b) Microsoft Office Excel Viewer 2003 Service Pack 3: http://www.microsoft.com/downloads/details.aspx?FamilyId=9769ce08-5207-4c63-b7b9-536266ad6b2b (http://www.microsoft.com/downloads/details.aspx?FamilyId=9769ce08-5207-4c63-b7b9-536266ad6b2b) Microsoft Office Excel Viewer: http://www.microsoft.com/downloads/details.aspx?FamilyId=83c88444-75b8-44d1-b280-3671394ade45 (http://www.microsoft.com/downloads/details.aspx?FamilyId=83c88444-75b8-44d1-b280-3671394ade45) Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats: http://www.microsoft.com/downloads/details.aspx?FamilyId=9a7be004-5903-4101-90c5-c0d5f8722af9 (http://www.microsoft.com/downloads/details.aspx?FamilyId=9a7be004-5903-4101-90c5-c0d5f8722af9) Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1: http://www.microsoft.com/downloads/details.aspx?FamilyId=9a7be004-5903-4101-90c5-c0d5f8722af9 (http://www.microsoft.com/downloads/details.aspx?FamilyId=9a7be004-5903-4101-90c5-c0d5f8722af9) Microsoft Office SharePoint Server 2007: http://www.microsoft.com/downloads/details.aspx?FamilyId=5c29e646-504c-4455-9d35-9a1bed6d7535 (http://www.microsoft.com/downloads/details.aspx?FamilyId=5c29e646-504c-4455-9d35-9a1bed6d7535) For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS08-057 (http://www.microsoft.com/technet/security/bulletin/MS08-057.mspx).

Virtual Patches:

10.10.10.220 Confirmed 4/5/Patchable page 154 Trend Micro Virtual Patching Virtual Patch #1002928: Microsoft Excel File Format Parsing Vulnerability Virtual Patch #1002929: Microsoft Excel Calendar Object Validation Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: C:\Program Files\Microsoft Office\OFFICE11\\EXCEL.exe version is 11.0.6355.0 .

4 Microsoft Excel Multiple Remote Code Execution Vulnerabilities (MS08-074) CVSS: - Active QID: 110090 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 6.9 CVE ID: CVE-2008-4264, CVE-2008-4265, CVE-2008-4266 Vendor Reference: MS08-074 Bugtraq ID: - Service Modified: 12/10/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office 2000 Service Pack 3 (Microsoft Office Excel 2000 Service Pack 3):http://www.microsoft.com/downloads/details.aspx?FamilyId=f39d2a49-f861-4f2d-bf91-94a8a85af40c (http://www.microsoft.com/downloads/details.aspx?FamilyId=f39d2a49-f861-4f2d-bf91-94a8a85af40c) Microsoft Office XP Service Pack 3 (Microsoft Office Excel 2002 Service Pack 3):http://www.microsoft.com/downloads/details.aspx?FamilyId=72076e21-2aa3-48e8-883a-c3cb756fc72a (http://www.microsoft.com/downloads/details.aspx?FamilyId=72076e21-2aa3-48e8-883a-c3cb756fc72a) Microsoft Office 2003 Service Pack 3 (Microsoft Office Excel 2003 Service Pack 3):http://www.microsoft.com/downloads/details.aspx?FamilyId=6c0771e5-fcd4-4365-b903-1a3bd95d9e66 (http://www.microsoft.com/downloads/details.aspx?FamilyId=6c0771e5-fcd4-4365-b903-1a3bd95d9e66) 2007 Microsoft Office System (Microsoft Office Excel 2007):http://www.microsoft.com/downloads/details.aspx?FamilyId=68bb8d99-f28b-4efd-9314-3eee0bb00ccf (http://www.microsoft.com/downloads/details.aspx?FamilyId=68bb8d99-f28b-4efd-9314-3eee0bb00ccf) 2007 Microsoft Office System Service Pack 1 (Microsoft Office Excel 2007 Service Pack 1):http://www.microsoft.com/downloads/details.aspx?FamilyId=68bb8d99-f28b-4efd-9314-3eee0bb00ccf (http://www.microsoft.com/downloads/details.aspx?FamilyId=68bb8d99-f28b-4efd-9314-3eee0bb00ccf) Microsoft Office Excel Viewer 2003: http://www.microsoft.com/downloads/details.aspx?FamilyId=4b3989ef-02b8-4bd2-b2ab-c3716079936e (http://www.microsoft.com/downloads/details.aspx?FamilyId=4b3989ef-02b8-4bd2-b2ab-c3716079936e) Microsoft Office Excel Viewer 2003 Service Pack 3: http://www.microsoft.com/downloads/details.aspx?FamilyId=4b3989ef-02b8-4bd2-b2ab-c3716079936e (http://www.microsoft.com/downloads/details.aspx?FamilyId=4b3989ef-02b8-4bd2-b2ab-c3716079936e) Microsoft Office Excel Viewer: http://www.microsoft.com/downloads/details.aspx?FamilyId=9dbb35c1-aa7a-481b-a330-8ba916ddd443 (http://www.microsoft.com/downloads/details.aspx?FamilyId=9dbb35c1-aa7a-481b-a330-8ba916ddd443) Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats: http://www.microsoft.com/downloads/details.aspx?FamilyId=99cca4ed-f1f9-4cfd-a986-edbec82ced4f (http://www.microsoft.com/downloads/details.aspx?FamilyId=99cca4ed-f1f9-4cfd-a986-edbec82ced4f) Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1: http://www.microsoft.com/downloads/details.aspx?FamilyId=99cca4ed-f1f9-4cfd-a986-edbec82ced4f (http://www.microsoft.com/downloads/details.aspx?FamilyId=99cca4ed-f1f9-4cfd-a986-edbec82ced4f) Microsoft Office 2004 for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyId=ECA13AD8-62AE-41A8-B308-41E2D1773820

10.10.10.220 Confirmed 4/5/Patchable page 155 (http://www.microsoft.com/downloads/details.aspx?FamilyId=ECA13AD8-62AE-41A8-B308-41E2D1773820) For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS08-074 (http://www.microsoft.com/technet/security/bulletin/MS08-074.mspx).

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: Excel 2003 C:\Program Files\Microsoft Office\OFFICE11\\EXCEL.exe version is 11.0.6355.0 .

4 Microsoft Word Multiple Remote Code Execution Vulnerabilities (MS08-072) CVSS: - Active QID: 110092 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 7.7 CVE ID: CVE-2008-4024, CVE-2008-4025, CVE-2008-4026, CVE-2008-4027, CVE-2008-4028, CVE-2008-4030, CVE-2008-4031, CVE-2008-4837 Vendor Reference: MS08-072 Bugtraq ID: - Service Modified: 12/10/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office 2000 Service Pack 3 (Microsoft Office Word 2000 Service Pack 3):http://www.microsoft.com/downloads/details.aspx?FamilyId=43e8c4d8-307b-48f6-ac99-a9617421d40a (http://www.microsoft.com/downloads/details.aspx?FamilyId=43e8c4d8-307b-48f6-ac99-a9617421d40a) Microsoft Office XP Service Pack 3 (Microsoft Office Word 2002 Service Pack 3):http://www.microsoft.com/downloads/details.aspx?FamilyId=3ef41412-50b3-4077-b0e3-9a3704d2f876 (http://www.microsoft.com/downloads/details.aspx?FamilyId=3ef41412-50b3-4077-b0e3-9a3704d2f876) Microsoft Office 2003 Service Pack 3 (Microsoft Office Word 2003 Service Pack 3):http://www.microsoft.com/downloads/details.aspx?FamilyId=45c81c60-4b1b-4246-839b-198ebc4eeae2 (http://www.microsoft.com/downloads/details.aspx?FamilyId=45c81c60-4b1b-4246-839b-198ebc4eeae2) 2007 Microsoft Office System (Microsoft Office Word 2007):http://www.microsoft.com/downloads/details.aspx?FamilyId=5b51cb5e-3899-4257-82cf-7e92fa619c37 (http://www.microsoft.com/downloads/details.aspx?FamilyId=5b51cb5e-3899-4257-82cf-7e92fa619c37) 2007 Microsoft Office System (Microsoft Office Outlook 2007):http://www.microsoft.com/downloads/details.aspx?FamilyId=5b51cb5e-3899-4257-82cf-7e92fa619c37 (http://www.microsoft.com/downloads/details.aspx?FamilyId=5b51cb5e-3899-4257-82cf-7e92fa619c37) 2007 Microsoft Office System Service Pack 1 (Microsoft Office Word 2007 Service Pack 1):http://www.microsoft.com/downloads/details.aspx?FamilyId=5b51cb5e-3899-4257-82cf-7e92fa619c37 (http://www.microsoft.com/downloads/details.aspx?FamilyId=5b51cb5e-3899-4257-82cf-7e92fa619c37) 2007 Microsoft Office System Service Pack 1 (Microsoft Office Outlook 2007 Service Pack 1):http://www.microsoft.com/downloads/details.aspx?FamilyId=5b51cb5e-3899-4257-82cf-7e92fa619c37 (http://www.microsoft.com/downloads/details.aspx?FamilyId=5b51cb5e-3899-4257-82cf-7e92fa619c37) Microsoft Office Word Viewer 2003 Service Pack 3: http://www.microsoft.com/downloads/details.aspx?FamilyId=70de7c3c-519f-4f4a-a03f-027f80b5415c (http://www.microsoft.com/downloads/details.aspx?FamilyId=70de7c3c-519f-4f4a-a03f-027f80b5415c) Microsoft Office Word Viewer: http://www.microsoft.com/downloads/details.aspx?FamilyId=70de7c3c-519f-4f4a-a03f-027f80b5415c (http://www.microsoft.com/downloads/details.aspx?FamilyId=70de7c3c-519f-4f4a-a03f-027f80b5415c) Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats: http://www.microsoft.com/downloads/details.aspx?FamilyId=55430121-4476-48b8-9f6f-4a60fa0b2970 (http://www.microsoft.com/downloads/details.aspx?FamilyId=55430121-4476-48b8-9f6f-4a60fa0b2970) Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1: http://www.microsoft.com/downloads/details.aspx?FamilyId=55430121-4476-48b8-9f6f-4a60fa0b2970

10.10.10.220 Confirmed 4/5/Patchable page 156 (http://www.microsoft.com/downloads/details.aspx?FamilyId=55430121-4476-48b8-9f6f-4a60fa0b2970) For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS08-072 (http://www.microsoft.com/technet/security/bulletin/MS08-072.mspx).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003176: Word Memory Corruption Vulnerability Virtual Patch #1003121: Word RTF Object Parsing Vulnerability Virtual Patch #1003118: Microsoft Word RTF Object Parsing Remote Code Execution Virtual Patch #1003119: Microsoft Word RTF Object Parsing Remote Code Execution Vulnerability Virtual Patch #1003120: Microsoft Word Rich Text Format Object Parsing Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: Word 2003 C:\Program Files\Microsoft Office\OFFICE11\\winword.exe version is 11.0.6502.0 .

4 Microsoft Visual Basic Runtime Extended Files Remote Code Execution Vulnerability (MS08-070) CVSS: - Active QID: 90473 CVSS Base: 9.3 Category: Windows CVSS Temporal: 7.3 CVE ID: CVE-2008-4252, CVE-2008-4253, CVE-2008-4254, CVE-2008-4255, CVE-2008-4256, CVE-2008-3704 Vendor Reference: MS08-070 Bugtraq ID: - Service Modified: 12/10/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

10.10.10.220 Confirmed 4/5/Patchable page 157 Microsoft Office Project 2003 Service Pack 3: http://www.microsoft.com/downloads/details.aspx?familyid=89a44042-a629-40f3-800a-0bb45fc36591 (http://www.microsoft.com/downloads/details.aspx?familyid=89a44042-a629-40f3-800a-0bb45fc36591) Microsoft Office Project 2007: http://www.microsoft.com/downloads/details.aspx?familyid=2fbf6a5b-ff35-4a2d-9fa0-4e62b6486fe6 (http://www.microsoft.com/downloads/details.aspx?familyid=2fbf6a5b-ff35-4a2d-9fa0-4e62b6486fe6) Microsoft Office Project 2007 Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=2fbf6a5b-ff35-4a2d-9fa0-4e62b6486fe6 (http://www.microsoft.com/downloads/details.aspx?familyid=2fbf6a5b-ff35-4a2d-9fa0-4e62b6486fe6) Refer to Micrsoft Security Bulletin MS08-070 (http://www.microsoft.com/technet/security/bulletin/MS08-070.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1002708: Microsoft Visual Studio 'Msmask32.ocx' ActiveX Control Remote Buffer Overflow Virtual Patch #1003126: Masked Edit Control Memory Corruption Vulnerability Virtual Patch #1003109: DataGrid ActiveX Control Memory Corruption Virtual Patch #1003111: FlexGrid ActiveX Control Memory Corruption Virtual Patch #1003112: Restrict IE ActiveX Controls For MS08-070 Virtual Patch #1003125: Hierarchical FlexGrid Control Memory Corruption Vulnerability Virtual Patch #1003123: Windows Common AVI Parsing Overflow Virtual Patch #1003122: Charts Control Memory Corruption Vulnerability

EXPLOITABILITY: Core Security Reference: CVE-2008-3704 Description: Microsoft Visual Studio Masked Edit Control Buffer Overflow Exploit - Core Security Category : Exploits/Client Side

Metasploit Reference: CVE-2008-3704 Description: Microsoft Visual Studio Mdmask32.ocx ActiveX Buffer Overflow - Metasploit Ref : /modules/exploit/windows/browser/ms08_070_visual_studio_msmask Link: http://www.metasploit.com/modules/exploit/windows/browser/ms08_070_visual_studio_msmask

The Exploit-DB Reference: CVE-2008-3704 Description: Microsoft Visual Studio (Msmask32.ocx) ActiveX Remote BOF PoC - The Exploit-DB Ref : 6244 Link: http://www.exploit-db.com/exploits/6244

Reference: CVE-2008-3704 Description: Microsoft Visual Studio (Msmask32.ocx) ActiveX Remote BOF Exploit - The Exploit-DB Ref : 6317 Link: http://www.exploit-db.com/exploits/6317

Reference: CVE-2008-4255 Description: MS Visual Basic ActiveX Controls mscomct2.ocx Buffer Overflow PoC - The Exploit-DB Ref : 7431 Link: http://www.exploit-db.com/exploits/7431

Reference: CVE-2008-3704 Description: Microsoft Visual Studio Msmask32.ocx ActiveX Buffer Overflow - The Exploit-DB Ref : 16507 Link: http://www.exploit-db.com/exploits/16507

RESULTS: Office Project 2003 C:\Program Files\Microsoft Office\OFFICE11\\WINPROJ.exe found %windir%\System32\Mscomct2.ocx version is 6.0.88.4 .

4 Microsoft Visual Studio "Msmask32.ocx" ActiveX Control Remote Buffer Overflow Vulnerability (MS08-070) CVSS: - Active QID: 90452 CVSS Base: 9.3 Category: Windows CVSS Temporal: 6.6 CVE ID: CVE-2008-3704 Vendor Reference: MS08-070 Bugtraq ID: 30674 Service Modified: 12/15/2009

10.10.10.220 Confirmed 4/5/Patchable page 158 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Visual Basic 6.0 Runtime Extended Files: http://www.microsoft.com/downloads/details.aspx?familyid=E27EEBCB-095D-43EC-A19E-4A46E591715C (http://www.microsoft.com/downloads/details.aspx?familyid=E27EEBCB-095D-43EC-A19E-4A46E591715C) Microsoft Visual Studio .NET 2002 Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=AFAD980D-7F27-49D9-AA23-B762C7B94CD6 (http://www.microsoft.com/downloads/details.aspx?familyid=AFAD980D-7F27-49D9-AA23-B762C7B94CD6) Microsoft Visual Studio .NET 2003 Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=6AC7CF8F-D046-43A8-B4EF-253153D65AED (http://www.microsoft.com/downloads/details.aspx?familyid=6AC7CF8F-D046-43A8-B4EF-253153D65AED) Microsoft Visual FoxPro 8.0 Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=A6977F81-F7F6-486B-96AD-8D296D79F205 (http://www.microsoft.com/downloads/details.aspx?familyid=A6977F81-F7F6-486B-96AD-8D296D79F205) Microsoft Visual FoxPro 9.0 Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=386D27A6-B2C7-4ACC-BF3E-EDCBC7358172 (http://www.microsoft.com/downloads/details.aspx?familyid=386D27A6-B2C7-4ACC-BF3E-EDCBC7358172) Microsoft Visual FoxPro 9.0 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=5B1F28A9-DA8D-463A-8AE4-DFC8FCC6C41A (http://www.microsoft.com/downloads/details.aspx?familyid=5B1F28A9-DA8D-463A-8AE4-DFC8FCC6C41A) Microsoft Office FrontPage 2002 Service Pack 3: http://www.microsoft.com/downloads/details.aspx?familyid=0a6130ae-c5b4-43cb-afe3-ab6a55b9d9ea (http://www.microsoft.com/downloads/details.aspx?familyid=0a6130ae-c5b4-43cb-afe3-ab6a55b9d9ea) Microsoft Office Project 2003 Service Pack 3: http://www.microsoft.com/downloads/details.aspx?familyid=89a44042-a629-40f3-800a-0bb45fc36591 (http://www.microsoft.com/downloads/details.aspx?familyid=89a44042-a629-40f3-800a-0bb45fc36591) Microsoft Office Project 2007: http://www.microsoft.com/downloads/details.aspx?familyid=2fbf6a5b-ff35-4a2d-9fa0-4e62b6486fe6 (http://www.microsoft.com/downloads/details.aspx?familyid=2fbf6a5b-ff35-4a2d-9fa0-4e62b6486fe6) Microsoft Office Project 2007 Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=2fbf6a5b-ff35-4a2d-9fa0-4e62b6486fe6 (http://www.microsoft.com/downloads/details.aspx?familyid=2fbf6a5b-ff35-4a2d-9fa0-4e62b6486fe6) Refer to Micrsoft Security Bulletin MS08-070 (http://www.microsoft.com/technet/security/bulletin/MS08-070.mspx) for further details.

Virtual Patches:

EXPLOITABILITY: Core Security Reference: CVE-2008-3704 Description: Microsoft Visual Studio Masked Edit Control Buffer Overflow Exploit - Core Security Category : Exploits/Client Side

The Exploit-DB Reference: CVE-2008-3704

10.10.10.220 Confirmed 4/5/Patchable page 159 Description: Microsoft Visual Studio (Msmask32.ocx) ActiveX Remote BOF PoC - The Exploit-DB Ref : 6244 Link: http://www.exploit-db.com/exploits/6244

Reference: CVE-2008-3704 Description: Microsoft Visual Studio (Msmask32.ocx) ActiveX Remote BOF Exploit - The Exploit-DB Ref : 6317 Link: http://www.exploit-db.com/exploits/6317

Reference: CVE-2008-3704 Description: Microsoft Visual Studio Msmask32.ocx ActiveX Buffer Overflow - The Exploit-DB Ref : 16507 Link: http://www.exploit-db.com/exploits/16507

RESULTS: Office Project 2003 C:\Program Files\Microsoft Office\OFFICE11\\WINPROJ.exe found %windir%\System32\Mscomct2.ocx version is 6.0.88.4 .

4 Microsoft Excel Remote Code Execution Vulnerability (MS09-009) CVSS: - Active QID: 110093 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 7.3 CVE ID: CVE-2009-0238, CVE-2009-0100 Vendor Reference: MS09-009 Bugtraq ID: 33870 Service Modified: 01/28/2010 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Workaround: 1) Use the Microsoft Office Isolated Conversion Environment (MOICE) when opening files from unknown or un-trusted sources because it protects Office 2003 installations by more securely opening Word, Excel, and PowerPoint binary format files. Information on MOICE can be found at KB935865 (http://support.microsoft.com/kb/935865).

Impact of the workaround: Office 2003 and earlier formatted documents that are converted to the 2007 Microsoft Office System Open XML format by MOICE lose their macro functionality. Documents protected with passwords and Digital Rights Management cannot be converted.

2) Microsoft Office File Block policy should be used to block the opening of Office 2003 and earlier documents from unknown or untrusted sources. The following registry scripts can be used to set the File Block policy.

For Office 2003: Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Office.0\Excel\Security\FileOpenBlock] "BinaryFiles"=dword:00000001

For 2007 Office system: Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Office.0\Excel\Security\FileOpenBlock] "BinaryFiles"=dword:00000001

Impact of the workaround:

10.10.10.220 Confirmed 4/5/Patchable page 160 If File Block policy is configured without special "exempt directory" configuration (see KB922848 (http://support.microsoft.com/kb/922848)), Office 2003 files or earlier versions will not open in Office 2003 or 2007 Microsoft Office System.

Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office 2000 Service Pack 3 (Microsoft Office Excel 2000 Service Pack 3) (http://www.microsoft.com/downloads/details.aspx?familyid=3dc8b670-25a5-4f46-b7de-12bc693b628a)

Microsoft Office XP Service Pack 3 (Microsoft Office Excel 2002 Service Pack 3) (http://www.microsoft.com/downloads/details.aspx?familyid=9a52bf4b-05f6-4b73-94b9-28ed7e20f86c)

Microsoft Office 2003 Service Pack 3 (Microsoft Office Excel 2003 Service Pack 3) (http://www.microsoft.com/downloads/details.aspx?familyid=d9dbfa63-c0cb-4c84-9b8a-6e52568045b0)

2007 Microsoft Office System Service Pack 1 (Microsoft Office Excel 2007 Service Pack 1) (http://www.microsoft.com/downloads/details.aspx?familyid=50d8630b-1365-4007-81a0-18c0d6d4b86e)

Microsoft Office 2004 for Mac (http://www.microsoft.com/downloads/details.aspx?familyid=52271140-89be-4b9c-baa2-cea09097d703)

Microsoft Office 2008 for Mac (http://www.microsoft.com/downloads/details.aspx?familyid=f6e407eb-11a5-433f-8006-4b822953ca98)

Microsoft Office Excel Viewer 2003 Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?familyid=c72e6087-b48f-4d2d-8366-01d9f5ff6b6c)

Microsoft Office Excel Viewer (http://www.microsoft.com/downloads/details.aspx?familyid=58b3929c-5373-47a4-aa97-66d179758792)

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 (http://www.microsoft.com/downloads/details.aspx?familyid=05f7c517-e551-4dcd-b24a-5d548f2d09cf)

Refer to Microsoft Security Bulletin MS09-009 (http://www.microsoft.com/technet/security/bulletin/MS09-009.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003309: Microsoft Excel Unspecified Remote Code Execution Vulnerability

EXPLOITABILITY: Core Security Reference: CVE-2009-0100 Description: Microsoft Office Excel Malformed Object Exploit (MS09-09) - Core Security Category : Exploits/Client Side

Reference: CVE-2009-0238 Description: Microsoft Office Excel Malformed Object Exploit (ms09-009) - Core Security Category : Exploits/Client Side

RESULTS: Excel 2003 C:\Program Files\Microsoft Office\OFFICE11\\EXCEL.exe version is 11.0.6355.0 .

4 Microsoft Word Remote Code Execution Vulnerability (MS09-027) CVSS: - Active QID: 110099 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 7.3 CVE ID: CVE-2009-0563, CVE-2009-0565 Vendor Reference: MS09-027 Bugtraq ID: - Service Modified: 07/30/2009 User Modified: - Edited: No PCI Vuln: Yes

10.10.10.220 Confirmed 4/5/Patchable page 161 First Detected: 07/27/2011 at 19:27:53 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 25 CVSS Environment: Asset Group: - Collateral Damage Potential: - Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office 2000 Service Pack 3 (Microsoft Office Word 2000 Service Pack 3) (http://www.microsoft.com/downloads/details.aspx?familyid=3663e9f2-a952-4238-b902-90b5b09feb38)

Microsoft Office XP Service Pack 3 (Microsoft Office Word 2002 Service Pack 3) (http://www.microsoft.com/downloads/details.aspx?familyid=f1323be1-15f2-491b-abae-c03ba1394398)

Microsoft Office 2003 Service Pack 3 (Microsoft Office Word 2003 Service Pack 3) (http://www.microsoft.com/downloads/details.aspx?familyid=7cbc2587-2c8c-49b4-9f40-e4cdccb61ecd)

2007 Microsoft Office System Service Pack 1 (Microsoft Office Word 2007 Service Pack 1) (http://www.microsoft.com/downloads/details.aspx?familyid=7e205108-4c28-4cab-a4d0-4ed3fd696473)

2007 Microsoft Office System Service Pack 2 (Microsoft Office Word 2007 Service Pack 2) (http://www.microsoft.com/downloads/details.aspx?familyid=7e205108-4c28-4cab-a4d0-4ed3fd696473)

Microsoft Office 2004 for Mac (http://www.microsoft.com/downloads/details.aspx?FamilyID=5557bfb7-ebb4-4c42-8042-41e830c4e550)

Microsoft Office 2008 for Mac (http://www.microsoft.com/downloads/details.aspx?FamilyID=58326da2-eb75-4b42-b1bc-e70319defb58)

Open XML File Format Converter for Mac (http://www.microsoft.com/downloads/details.aspx?FamilyID=9d6d9eaa-8442-4184-8886-faab2803bde6)

Microsoft Office Word Viewer 2003 Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?familyid=82980a40-f10c-4f02-b06c-3a12d4434a6b)

Microsoft Office Word Viewer (http://www.microsoft.com/downloads/details.aspx?familyid=82980a40-f10c-4f02-b06c-3a12d4434a6b)

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 (http://www.microsoft.com/downloads/details.aspx?familyid=63bd8f14-e736-46ce-af66-d30f17461e5a)

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=63bd8f14-e736-46ce-af66-d30f17461e5a)

Refer to Microsoft Security Bulletin MS09-027 (http://www.microsoft.com/technet/security/bulletin/MS09-027.mspx) for further details.

Workaround: - Microsoft Office File Block policy should be used to block the opening of Office 2003 and earlier documents from unknown or untrusted sources. The following registry scripts can be used to set the File Block policy.

For Office 2003: Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Office.0\Excel\Security\FileOpenBlock] "BinaryFiles"=dword:00000001

For 2007 Office system: Windows Registry Editor Version 5.00

10.10.10.220 Confirmed 4/5/Patchable page 162 [HKEY_CURRENT_USER\Software\Microsoft\Office.0\Excel\Security\FileOpenBlock] "BinaryFiles"=dword:00000001

Impact of the workaround: If File Block policy is configured without special "exempt directory" configuration (see KB922848 (http://support.microsoft.com/kb/922848)), Office 2003 files or earlier versions will not open in Office 2003 or 2007 Microsoft Office System.

- Avoid opening or saving Word files received from untrusted sources.

EXPLOITABILITY: Core Security Reference: CVE-2009-0565 Description: Microsoft Word Record Parsing Buffer Overflow Exploit (MS09-027) - Core Security Category : Exploits/Client Side

The Exploit-DB Reference: CVE-2009-0565 Description: MS Word Record Parsing Buffer Overflow (MS09-027) - The Exploit-DB Ref : 14693 Link: http://www.exploit-db.com/exploits/14693

Reference: CVE-2009-0565 Description: MS Word Record Parsing Buffer Overflow MS09-027 (meta) - The Exploit-DB Ref : 17177 Link: http://www.exploit-db.com/exploits/17177

RESULTS: Word 2003 %ProgramFiles%\Microsoft Office\Office11\winword.exe version is 11.0.6502.0 . C:\Program Files\Microsoft Office\OFFICE11\\winword.exe version is 11.0.6502.0 .

4 Microsoft Visual Basic for Applications Remote Code Execution Vulnerability (MS10-031) CVSS: - Active QID: 110121 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 6.9 CVE ID: CVE-2010-0815 Vendor Reference: MS10-031 Bugtraq ID: - Service Modified: 05/11/2010 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office XP Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?familyid=72c23b0f-4e24-4334-bc8a-334adc8bc42b)

Microsoft Office 2003 Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?familyid=f8eac9bc-8389-4ac8-8b29-9a8180d9fd34)

2007 Microsoft Office System Service Pack 1 and 2007 Microsoft Office System Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=160ad53e-6475-4550-90c2-444e4abea730)

Microsoft Visual Basic for Applications (http://www.microsoft.com/downloads/details.aspx?familyid=436a8a66-352e-44d1-a610-c825083ad24a)

10.10.10.220 Confirmed 4/5/Patchable page 163 Refer to Microsoft Security Bulletin MS10-031 (http://www.microsoft.com/technet/security/bulletin/MS10-031.mspx) for further details.

Workaround: 1) Disable ActiveX controls in the 2007 Microsoft Office System

Impact of workaround #1: Embedded ActiveX controls (such as macros) will not run in Office documents.

2) Restrict access to VBE6.dll

Impact of workaround #2: Embedded ActiveX controls (such as macros) will not run in Office documents. For instance, users will be unable to insert objects into Office documents.

3) Use the Microsoft Office Isolated Conversion Environment (MOICE) when opening files from unknown or un-trusted sources because it protects Office 2003 installations by more securely opening Word, Excel, and PowerPoint binary format files. Information on MOICE can be found at KB935865 (http://support.microsoft.com/kb/935865).

4) Do not open or save untursted Microsoft Office files

Detailed information on applying the workarounds is available at Microsoft Security Bulletin MS10-031 (http://www.microsoft.com/technet/security/bulletin/MS10-031.mspx).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1004155: VBE6.DLL Stack Memory Corruption Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

4 Microsoft Office Graphics Filters Remote Code Execution (MS10-105) CVSS: - Active QID: 110141 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 6.9 CVE ID: CVE-2010-3945, CVE-2010-3946, CVE-2010-3947, CVE-2010-3949, CVE-2010-3950, CVE-2010-3951, CVE-2010-3952 Vendor Reference: MS10-105 Bugtraq ID: - Service Modified: 12/14/2010 User Modified: - Edited: No PCI Vuln: No

10.10.10.220 Confirmed 4/5/Patchable page 164 SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office XP Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?familyid=724d0ad6-ba5f-4dbf-b280-3fb36335d33b)

Microsoft Office 2003 Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?familyid=976857e9-77fc-4667-88ca-7637e57536cd)

Microsoft Office 2007 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=676eeed6-f2b7-4265-afc7-a82ffdbeb290)

Microsoft Office 2010 (32-bit editions) (http://www.microsoft.com/downloads/details.aspx?familyid=6d644494-b530-4b37-bc37-8a8a7edefe53)

Microsoft Office 2010 (64-bit editions) (http://www.microsoft.com/downloads/details.aspx?familyid=58e54779-aa8f-41b3-9993-8cec12c49082)

Microsoft Office Converter Pack (http://www.microsoft.com/downloads/details.aspx?familyid=dcded2ee-0673-4afe-abe6-04941a2ad306)

Refer to Microsoft Security Bulletin MS10-105 (http://www.microsoft.com/technet/security/bulletin/MS10-105.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1004546: TIFF Image Converter Heap Overflow Vulnerability Virtual Patch #1004559: PICT Image Converter Integer Overflow Vulnerability (CVE-2010-3946) Virtual Patch #1004543: 1004543 - TIFF Image Converter Buffer Overflow Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: %programfiles%\Common Files\Microsoft Shared\GrphFlt\PNG32.FLT Version is 2003.1100.5510.0 C:\Program Files\Microsoft Office\OFFICE11\\EXCEL.exe found C:\Program Files\Microsoft Office\OFFICE11\\EXCEL.exe version is 11.0.6355.0 . C:\Program Files\Microsoft Office\OFFICE11\\OUTLOOK.exe found C:\Program Files\Microsoft Office\OFFICE11\\OutLLib.dll version is 11.0.8002.0 . C:\Program Files\Microsoft Office\OFFICE11\\POWERPNT.exe found C:\Program Files\Microsoft Office\OFFICE11\\POWERPNT.exe version is 11.0.6361.0 . C:\Program Files\Microsoft Office\OFFICE11\\WINWORD.exe found C:\Program Files\Microsoft Office\OFFICE11\\WINWORD.exe version is 11.0.6502.0 .

4 Microsoft Office Remote Code Execution Vulnerability (MS08-055) CVSS: - Active QID: 110086 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 7.3 CVE ID: CVE-2008-3007 Vendor Reference: MS08-055 Bugtraq ID: - Service Modified: 09/10/2008 User Modified: - Edited: No PCI Vuln: Yes

10.10.10.220 Confirmed 4/5/Patchable page 165 Availability Requirement: -

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office XP Service Pack 3: http://www.microsoft.com/downloads/details.aspx?familyid=ef3de64c-fc17-4500-9da4-a3bba97fda6d (http://www.microsoft.com/downloads/details.aspx?familyid=ef3de64c-fc17-4500-9da4-a3bba97fda6d) Microsoft Office 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=e670ad22-d3c1-41f7-ba30-6a67139feaa3 (http://www.microsoft.com/downloads/details.aspx?familyid=e670ad22-d3c1-41f7-ba30-6a67139feaa3) Microsoft Office 2003 Service Pack 3: http://www.microsoft.com/downloads/details.aspx?familyid=e670ad22-d3c1-41f7-ba30-6a67139feaa3 (http://www.microsoft.com/downloads/details.aspx?familyid=e670ad22-d3c1-41f7-ba30-6a67139feaa3) 2007 Microsoft Office System: http://www.microsoft.com/downloads/details.aspx?familyid=fb457536-26c5-428b-97e4-1fc13718266e (http://www.microsoft.com/downloads/details.aspx?familyid=fb457536-26c5-428b-97e4-1fc13718266e) 2007 Microsoft Office System Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=fb457536-26c5-428b-97e4-1fc13718266e (http://www.microsoft.com/downloads/details.aspx?familyid=fb457536-26c5-428b-97e4-1fc13718266e) Microsoft Office OneNote 2007: http://www.microsoft.com/downloads/details.aspx?familyid=8ac3576c-7873-4ac6-8bbc-033f6a7bb395 (http://www.microsoft.com/downloads/details.aspx?familyid=8ac3576c-7873-4ac6-8bbc-033f6a7bb395) Microsoft Office OneNote 2007 Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=8ac3576c-7873-4ac6-8bbc-033f6a7bb395 (http://www.microsoft.com/downloads/details.aspx?familyid=8ac3576c-7873-4ac6-8bbc-033f6a7bb395) Refer to Micrsoft Security Bulletin MS08-055 (http://www.microsoft.com/technet/security/bulletin/MS08-055.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1002759: Uniform Resource Locator Validation Error Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: Office 2003 %ProgramFiles%\Common Files\Microsoft Shared\Office11\mso.dll version is 11.0.6360.0 .

4 Mozilla SeaMonkey Multiple Vulnerabilities CVSS: - Active QID: 115354 CVSS Base: 9.3 Category: Local CVSS Temporal: 6.5 CVE ID: CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, CVE-2006-1723, CVE-2006-1724, CVE-2006-1725, CVE-2006-1726, CVE-2006-1727, CVE-2006-1728, CVE-2006-1729, CVE-2006-1730, CVE-2006-1731 Vendor Reference: - Bugtraq ID: - Service Modified: 06/17/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: It is recommended that you upgrade to SeaMonkey 1.0.1 (http://www.mozilla.org/projects/seamonkey/).

Virtual Patches: 10.10.10.220 Confirmed 4/5/Patchable page 166 Trend Micro Virtual Patching Virtual Patch #1000757: CSS Letter-Spacing Heap Overflow Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Mozilla\SeaMonkey 1.0 exists

4 Mozilla Firefox, SeaMonkey and Thunderbird Multiple Remote Vulnerabilities CVSS: - Active QID: 115361 CVSS Base: 5.1 Category: Local CVSS Temporal: 4.2 CVE ID: CVE-2006-1942 Vendor Reference: - Bugtraq ID: 18228 Service Modified: 06/15/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Mozilla has released the following versions which fix these issues. Please upgrade to the fixed or latest version as indicated below:

Firefox Version 1.5.0.4 (http://www.mozilla.com/firefox/) or later

SeaMonkey Version 1.0.2 (http://www.mozilla.org/projects/seamonkey/) or later

Thunderbird Version 1.5.0.4 (http://www.mozilla.com/thunderbird/) or later

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Mozilla\SeaMonkey 1.0 exists

4 Mozilla Firefox, SeaMonkey and Thunderbird Security Advisory July 26, 2006 CVSS: - Active QID: 115382 CVSS Base: 7.5 Category: Local CVSS Temporal: 5.9 CVE ID: CVE-2006-3812, CVE-2006-3811, CVE-2006-3810, CVE-2006-3809, CVE-2006-3808, CVE-2006-3807, CVE-2006-3806, CVE-2006-3805, CVE-2006-3804, CVE-2006-3803, CVE-2006-3802, CVE-2006-3801, CVE-2006-3113, CVE-2006-3677 Vendor Reference: MFSA 2006-56, MFSA 2006-55, MFSA 2006-54, MFSA 2006-53, MFSA 2006-52, MFSA 2006-51, MFSA 2006-50, MFSA 2006-49, MFSA 2006-48, MFSA 2006-47, MFSA 2006-46, MFSA 2006-45, MFSA 2006-44 Bugtraq ID: - Service Modified: 06/18/2009

10.10.10.220 Confirmed 4/5/Patchable page 167 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Mozilla has released the following versions which fix these issues. Please upgrade to the fixed or latest version as indicated below:

Firefox Version 1.5.0.5 (http://www.mozilla.com/firefox/) or later

SeaMonkey Version 1.0.3 (http://www.mozilla.org/projects/seamonkey/) or later

Thunderbird Version 1.5.0.5 (http://www.mozilla.com/thunderbird/) or later

EXPLOITABILITY: Metasploit Reference: CVE-2006-3677 Description: Mozilla Suite/Firefox Navigator Object Code Execution - Metasploit Ref : /modules/exploit/multi/browser/mozilla_navigatorjava Link: http://www.metasploit.com/modules/exploit/multi/browser/mozilla_navigatorjava

The Exploit-DB Reference: CVE-2006-3677 Description: Mozilla Suite/Firefox Navigator Object Code Execution - The Exploit-DB Ref : 16300 Link: http://www.exploit-db.com/exploits/16300

ExploitKits Reference: CVE-2006-3677 Description: Firefox -js navigator Object Code

Link: http://contagiodump.blogspot.com/2010/06/overview-of-exploit-packs-update.html

RESULTS: %ProgramFiles%\mozilla.org\SeaMonkey\seamonkey.exe Version is 1.0.0.0

4 Mozilla Firefox, Seamonkey and Thunderbird Multiple Remote Vulnerabilities CVSS: - Active QID: 115413 CVSS Base: 10 Category: Local CVSS Temporal: 7.8 CVE ID: CVE-2006-4565, CVE-2006-4566, CVE-2006-4567, CVE-2006-4568, CVE-2006-4569, CVE-2006-4570, CVE-2006-4571 Vendor Reference: MSFA 2006-57, MSFA 2006-58, MSFA 2006-61, MSFA 2006-62, MSFA 2006-63, MSFA 2006-64 Bugtraq ID: 20042 Service Modified: 06/17/2009 User Modified: - Edited: No PCI Vuln: Yes

First Detected: 07/27/2011 at 19:27:53 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 25 CVSS Environment: Asset Group: - Collateral Damage Potential: -

10.10.10.220 Confirmed 4/5/Patchable page 168 Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: Mozilla has released the following versions which fix these issues. Upgrade to the fixed or latest version as indicated below.

Firefox Version 1.5.0.7 (http://www.mozilla.com/firefox/) or later

SeaMonkey Version 1.0.5 (http://www.mozilla.org/projects/seamonkey/) or later

Thunderbird Version 1.5.0.7 (http://www.mozilla.com/thunderbird/) or later

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1000821: Mozilla Firefox Regular Expressions Heap Corruption

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: %ProgramFiles%\mozilla.org\SeaMonkey\seamonkey.exe Version is 1.0.0.0

4 WinZip MIME Archive Parsing Buffer Overflow Vulnerability CVSS: - Active QID: 115431 CVSS Base: 10 Category: Local CVSS Temporal: 7.8 CVE ID: CVE-2004-0333 Vendor Reference: Winzip 9.0 Bugtraq ID: 9758 Service Modified: 08/29/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: The vendor released WinZip Version 9.0 SR-1 to address this issue. You can download 9.0 SR-1 from: http://www.winzip.com/dprob.htm (http://www.winzip.com/dprob.htm) The latest version can be found at http://www.winzip.com/ (http://www.winzip.com).

EXPLOITABILITY: The Exploit-DB Reference: CVE-2004-0333 Description: WinZIP MIME Parsing Overflow Proof of Concept Exploit - The Exploit-DB Ref : 272 Link: http://www.exploit-db.com/exploits/272

RESULTS:

10.10.10.220 Confirmed 4/5/Patchable page 169 %ProgramFiles%\WinZip\WINZIP32.exe found %ProgramFiles%\WinZip\WINZIP32.exe Version is 8.1.0.0

4 Mozilla Firefox, SeaMonkey and Thunderbird Multiple Vulnerabilities (MFSA2006-65 to MFSA2006-67) CVSS: - Active QID: 115454 CVSS Base: 7.5 Category: Local CVSS Temporal: 5.5 CVE ID: CVE-2006-5464, CVE-2006-5463, CVE-2006-5747, CVE-2006-5748, CVE-2006-5462 Vendor Reference: MSFA 2006-67 Bugtraq ID: 20957 Service Modified: 11/19/2007 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Update to Mozilla Firefox Version 1.5.0.8 and SeaMonkey Version 1.0.6. Refer to following Advisories for updates and further details:

mfsa2006-65 (http://www.mozilla.org/security/announce/2006/mfsa2006-65.html) mfsa2006-66 (http://www.mozilla.org/security/announce/2006/mfsa2006-66.html) mfsa2006-67 (http://www.mozilla.org/security/announce/2006/mfsa2006-67.html)

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1001071: Mozilla JavaScript Handling Remote Command Execution Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: %ProgramFiles%\mozilla.org\SeaMonkey\seamonkey.exe Version is 1.0.0.0

4 Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities (MSFA 2006-68) CVSS: - Active QID: 115483 CVSS Base: 9.3 Category: Local CVSS Temporal: 6.9 CVE ID: CVE-2006-6506, CVE-2006-6505, CVE-2006-6504, CVE-2006-6503, CVE-2006-6502, CVE-2006-6501, CVE-2006-6507, CVE-2006-6500, CVE-2006-6499, CVE-2006-6498, CVE-2006-6497 Vendor Reference: MSFA 2006-68 Bugtraq ID: 21668 Service Modified: 11/19/2007 User Modified: - Edited: No PCI Vuln: Yes

10.10.10.220 Confirmed 4/5/Patchable page 170 Integrity Requirement: - Availability Requirement: -

SOLUTION: Mozilla has released Firefox Versions 1.5.0.9 and 2.0.1, Thunderbird Version 1.5.0.9, and SeaMonkey Version 1.0.7 to address these issues. Refer to following advisories for updates and further details:

mfsa2006-68 (http://www.mozilla.org/security/announce/2006/mfsa2006-68.html) mfsa2006-69 (http://www.mozilla.org/security/announce/2006/mfsa2006-69.html) mfsa2006-70 (http://www.mozilla.org/security/announce/2006/mfsa2006-70.html) mfsa2006-71 (http://www.mozilla.org/security/announce/2006/mfsa2006-71.html) mfsa2006-72 (http://www.mozilla.org/security/announce/2006/mfsa2006-72.html) mfsa2006-73 (http://www.mozilla.org/security/announce/2006/mfsa2006-73.html) mfsa2006-74 (http://www.mozilla.org/security/announce/2006/mfsa2006-74.html) mfsa2006-75 (http://www.mozilla.org/security/announce/2006/mfsa2006-75.html) mfsa2006-76 (http://www.mozilla.org/security/announce/2006/mfsa2006-76.html)

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1001083: Mozilla Firefox SVG Scale Transform Integer Overflow

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: %ProgramFiles%\mozilla.org\SeaMonkey\seamonkey.exe Version is 1.0.0.0

4 Sun Java RunTime Environment GIF Images Buffer Overflow Vulnerability CVSS: - Active QID: 115501 CVSS Base: 6.8 Category: Local CVSS Temporal: 5.3 CVE ID: CVE-2007-0243 Vendor Reference: Sun Alert ID 102760 Bugtraq ID: 22085 Service Modified: 10/21/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: This issue is addressed in the following releases (for Windows, Solaris, and Linux): JDK and JRE 5.0 Update 10 or later SDK and JRE 1.4.2_13 or later SDK and JRE 1.3.1_19 or later

J2SE 5.0 is available for download at JDK Downloads (http://java.sun.com/javase/downloads/index_jdk5.jsp).

J2SE 5.0 Update 10 for Solaris is available in the following patches: J2SE 5.0: update 10 (as delivered in patch 118666-10) J2SE 5.0: update 10 (as delivered in patch 118667-10 (64bit)) J2SE 5.0_x86: update 10 (as delivered in patch 118668-10) J2SE 5.0_x86: update 10 (as delivered in patch 118669-10 (64bit))

10.10.10.220 Confirmed 4/5/Patchable page 171 J2SE 1.4.2 is available for download at J2SE 1.4.2 (http://java.sun.com/j2se/1.4.2/download.html).

J2SE 1.3.1 is available for download at J2SE 1.3 (http://java.sun.com/j2se/1.3/download.html).

Refer to Oracle ID 1000058.1 (https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1000058.1) for additional information on the vulnerabilities and patch details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1001020: Sun Microsystems Java GIF File Parsing Memory Corruption

EXPLOITABILITY: ExploitKits Reference: CVE-2007-0243 Description: Java GIF file parsing vulnerability

Link: http://contagiodump.blogspot.com/2010/06/overview-of-exploit-packs-update.html

RESULTS: C:\Program Files\Java\jre1.5.0_06\bin\client\jvm.dll found HKLM\Software\JavaSoft\Java Runtime Environment\1.5.0_06 Key found

4 Mozilla Firefox, SeaMonkey and Thunderbird Security Advisory May 30, 2007 (MFSA 2007-12 to MFS CVSS: - Active A 2007-17)

QID: 115564 CVSS Base: 9.3 Category: Local CVSS Temporal: 6.9 CVE ID: CVE-2007-2867 Vendor Reference: MFSA 2007-17, MFSA 2007-16, MFSA 2007-15, MFSA 2007-14, MFSA 2007-13, MFSA 2007-12 Bugtraq ID: - Service Modified: 12/10/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Mozilla has released the following versions which fix these issues. Upgrade to the fixed or latest version as indicated below:

Firefox Version 1.5.0.12 (http://www.mozilla.com/firefox/) or later

Firefox2 Version 2.0.0.4 (http://www.mozilla.com/firefox/) or later

SeaMonkey Version 1.0.9 (http://www.mozilla.org/projects/seamonkey/) or later

SeaMonkey Version 1.1.2 (http://www.mozilla.org/projects/seamonkey/) or later

10.10.10.220 Confirmed 4/5/Patchable page 172 Thunderbird Version 1.5.0.12 (http://www.mozilla.com/thunderbird/) or later

Thunderbird Version 2.0.0.4 (http://www.mozilla.com/thunderbird/) or later

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1001006: Mozilla Firefox Layout Engine pathSegList.getItem Memory Corruption

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: %ProgramFiles%\mozilla.org\SeaMonkey\seamonkey.exe found %ProgramFiles%\mozilla.org\SeaMonkey\seamonkey.exe Version is 1.0.0.0

4 Microsoft Internet Explorer FirefoxURL Protocol Handler Command Injection Vulnerability CVSS: - Active

QID: 115592 CVSS Base: 4.3 Category: Local CVSS Temporal: 3.7 CVE ID: CVE-2007-3670 Vendor Reference: MFSA 2007-23 Bugtraq ID: 24837 Service Modified: 08/19/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Mozilla released a fixed version which prevents Firefox from accepting bad data. Upgrade to Mozilla Firefox Version 2.0.0.5 or later, available for download from the Mozilla Web site (http://www.mozilla.com/firefox/).

Workaround:

Remove the "Firefox URL" URI handler.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1001032: Microsoft Windows URI Handler Registration Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: %ProgramFiles%\Mozilla Firefox\firefox.exe found %ProgramFiles%\Mozilla Firefox\firefox.exe Version is 2.0.0.4 HKCR\FirefoxURL exists

10.10.10.220 Confirmed 4/5/Patchable page 173 4 Mozilla Firefox 2.0.0.4 Multiple Remote Vulnerabilities (MFSA 2007-18 to MFSA 2007-21 and MFSA 2007-25) CVSS: - Active QID: 115597 CVSS Base: 9.3 Category: Local CVSS Temporal: 6.9 CVE ID: CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738, CVE-2007-3089 Vendor Reference: MFSA 2007-18, MFSA 2007-19, MFSA 2007-20, MFSA 2007-21, MFSA 2007-25 Bugtraq ID: 24946 Service Modified: 11/19/2007 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Refer to Firefox's Web site (http://www.mozilla.com/firefox/) to download the newest Firefox version.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: %ProgramFiles%\Mozilla Firefox\firefox.exe found %ProgramFiles%\Mozilla Firefox\firefox.exe Version is 2.0.0.4 %ProgramFiles%\Mozilla Firefox\firefox.exe Version is 2.0.0.4

4 Mozilla SeaMonkey Multiple Vulnerabilities CVSS: - Active QID: 115603 CVSS Base: 6.8 [1] Category: Local CVSS Temporal: 5 CVE ID: - Vendor Reference: SeaMonkey 1.1.3 Bugtraq ID: - Service Modified: 05/18/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Upgrade to SeaMonkey Version 1.1.3 or later which is available for download from Mozilla's Web site (http://www.mozilla.org/projects/seamonkey/).

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: %ProgramFiles%\mozilla.org\SeaMonkey\seamonkey.exe found %ProgramFiles%\mozilla.org\SeaMonkey\seamonkey.exe Version is 1.0.0.0

10.10.10.220 Confirmed 4/5/Patchable page 174 4 Mozilla Firefox, Thunderbird, SeaMonkey Multiple Vulnerabilities October 2007 (MFSA 2007-28 - MF CVSS: - Active SA 2007-36)

QID: 115649 CVSS Base: 9.3 Category: Local CVSS Temporal: 7.3 CVE ID: CVE-2007-1095, CVE-2007-2292, CVE-2007-4841, CVE-2007-5334, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340, CVE-2007-3511, CVE-2006-2894, CVE-2007-5337 Vendor Reference: Mozilla Security Bugtraq ID: 26132 Service Modified: 08/18/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Mozilla has released the following versions which fix these issues. Upgrade to the fixed or latest version as indicated below:

Firefox2 Version 2.0.0.8 (http://www.mozilla.com/firefox/) or later

Thunderbird2 Version 2.0.0.8 (http://www.mozilla.com/thunderbird/) or later

SeaMonkey Version 1.1.5 (http://www.mozilla.org/projects/seamonkey/) or later

Mozilla Foundation recommends that customers upgrade to the latest supported version of Mozilla products in order to obtain patches.

Firefox Version 1.0 and Thunderbird Version 1.0 are no longer supported. The last updates of these applications, Firefox Version 1.0.8 and Thunderbird Version 1.0.8, are affected by several vulnerabilities that are fixed in newer versions.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1000962: Mozilla Firefox Focus Vulnerability Virtual Patch #1001148: Mozilla Firefox OnUnload Javascript Browser Entrapment Vulnerability Virtual Patch #1001149: Multiple Web Browsers Digest Authentication HTTP Response Splitting Virtual Patch #1001032: Microsoft Windows URI Handler Registration Vulnerability Virtual Patch #1001171: Mozilla Firefox Arbitrary File Disclosure Virtual Patch #1001143: Mozilla Firefox XBL Event Handler Tags Removal Memory Corruption

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: %ProgramFiles%\Mozilla Firefox\firefox.exe found %ProgramFiles%\Mozilla Firefox\firefox.exe Version is 2.0.0.4 %ProgramFiles%\mozilla.org\SeaMonkey\seamonkey.exe found %ProgramFiles%\mozilla.org\SeaMonkey\seamonkey.exe Version is 1.0.0.0

4 Mozilla Firefox, SeaMonkey Multiple Vulnerabilities November 2007 (MFSA 2007-37 - MFSA 2007-39) CVSS: - Active QID: 115668 CVSS Base: 9.3 Category: Local CVSS Temporal: 6.9 CVE ID: CVE-2007-5960, CVE-2007-5959, CVE-2007-5947

10.10.10.220 Confirmed 4/5/Patchable page 175 Vendor Reference: RHSA-2007-1082, Mozilla Security Bugtraq ID: 26593, 26589 Service Modified: 06/09/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Mozilla has released the following versions which fix these issues. Upgrade to the fixed or latest version as indicated below:

Firefox2 Version 2.0.0.10 (http://www.mozilla.com/firefox/) or later

SeaMonkey Version 1.1.6 (http://www.mozilla.org/projects/seamonkey/) or later

Mozilla Foundation recommends that customers upgrade to the latest supported version of Mozilla products in order to obtain patches.

Red Hat users please refer to Red Hat security advisory RHSA-2007:1082 (http://rhn.redhat.com/errata/RHSA-2007-1082.html) for patches and further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1001178: Mozilla Firefox Jar URI Cross-Site Scripting Virtual Patch #1001230: Mozilla Firefox Layout Frame Constructor Memory Corruption Virtual Patch #1001254: Mozilla Firefox JavaScript Referer Spoofing

EXPLOITABILITY: There is no exploitability information for this vulnerability.

4 Mozilla Firefox, Thunderbird, SeaMonkey Multiple Vulnerabilities February 2008 Security Update CVSS: - Active QID: 115710 CVSS Base: 9.3 Category: Local CVSS Temporal: 6.9 CVE ID: CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0419, CVE-2008-0591, CVE-2008-0593 Vendor Reference: Mozilla Security Bugtraq ID: - Service Modified: 02/14/2008 User Modified: - Edited: No PCI Vuln: Yes

First Detected: 07/27/2011 at 19:27:53 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 25 CVSS Environment: Asset Group: -

10.10.10.220 Confirmed 4/5/Patchable page 176 Collateral Damage Potential: - Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: The Mozilla Foundation recommends that customers upgrade to the latest supported version of Mozilla products in order to obtain patches. Mozilla has released the following versions to address these issues. Upgrade to the fixed version shown below or a later version:

Firefox2 Version 2.0.0.12 (http://www.mozilla.com/firefox/) Thunderbird2 Version 2.0.0.12 (http://www.mozilla.com/thunderbird/) SeaMonkey Version 1.1.8 (http://www.mozilla.org/projects/seamonkey/)

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1001777: Mozilla Firefox Steal Navigation History Denial Of Service Virtual Patch #1001771: Mozilla Firefox File Action Dialog Refocus Vulnerability Virtual Patch #1001817: Mozilla Firefox Same Origin Policy Bypass Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

4 Mozilla Firefox, Thunderbird and SeaMonkey Multiple Vulnerabilities (March 2008) CVSS: - Active QID: 115763 CVSS Base: 9.3 Category: Local CVSS Temporal: 7.3 CVE ID: CVE-2007-4879, CVE-2008-1195, CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-1238, CVE-2008-1240, CVE-2008-1241 Vendor Reference: MFSA 2008-14, MFSA 2008-15, MFSA 2008-16, MFSA 2008-17, MFSA 2008-18, MFSA 2008-19 Bugtraq ID: - Service Modified: 03/28/2008 User Modified: - Edited: No PCI Vuln: Yes

Firefox2 Version 2.0.0.13 (http://www.mozilla.com/firefox/)

Thunderbird2 Version 2.0.0.13 (http://www.mozilla.com/thunderbird/)

SeaMonkey Version 1.1.9 (http://www.mozilla.org/projects/seamonkey/)

10.10.10.220 Confirmed 4/5/Patchable page 177 Firefox Version 1.0 and Thunderbird Version 1.0 are no longer supported. The last updates of these applications, Firefox Version 1.0.8 and Thunderbird Version 1.0.8, are affected by several vulnerabilities that are fixed in newer versions.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1002169: Mozilla Firefox IFRAME Style Change Handling Code Execution Virtual Patch #1002168: Mozilla Firefox HTTP Referer Spoofing Vulnerability Virtual Patch #1002225: Mozilla Firefox Cross-Tab Popup Spoofing Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: %ProgramFiles%\Mozilla Firefox\firefox.exe found %ProgramFiles%\Mozilla Firefox\firefox.exe Version is 2.0.0.4 %ProgramFiles%\Mozilla Firefox\firefox.exe Version is 2.0.0.4 %ProgramFiles%\mozilla.org\SeaMonkey\seamonkey.exe found %ProgramFiles%\mozilla.org\SeaMonkey\seamonkey.exe Version is 1.0.0.0

4 Mozilla Firefox Remote code execution by overflowing CSS reference counter (MFSA 2008-34) CVSS: - Active QID: 115836 CVSS Base: 9.3 Category: Local CVSS Temporal: 7.3 CVE ID: CVE-2008-2785 Vendor Reference: MFSA-2008-34 Bugtraq ID: 29802 Service Modified: 12/16/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: These vulnerabilities are fixed in Mozilla Firefox Version 3.0.1 and 2.0.0.16 or later. Firefox is available for download at Mozilla Firefox Download site (http://www.mozilla.com/en-US/firefox/firefox.html).

The vendor has released advisories for each of the vulnerabilities. Refer to the following Mozilla Foundation security advisories for further details: MFSA 2008-35 (http://www.mozilla.org/security/announce/2008/mfsa2008-35.html),

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1002682: Mozilla Firefox Code Execution Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: %ProgramFiles%\Mozilla Firefox\firefox.exe found %ProgramFiles%\Mozilla Firefox\firefox.exe Version is 2.0.0.4

10.10.10.220 Confirmed 4/5/Patchable page 178 %ProgramFiles%\Mozilla Firefox\firefox.exe Version is 2.0.0.4

4 Mozilla Firefox and SeaMonkey Multiple Vulnerabilities CVSS: - Active QID: 115851 CVSS Base: 10 Category: Local CVSS Temporal: 7.8 CVE ID: CVE-2008-2798, CVE-2008-2799, CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2806, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2810, CVE-2008-2811 Vendor Reference: Firefox Bugtraq ID: 30038 Service Modified: 07/11/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Update to the latest versions of Firefox (http://www.mozilla.com/en-US/firefox/) and SeaMonkey (http://www.seamonkey-project.org/).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1002619: Mozilla Firefox Signed JAR Tampering Vulnerability Virtual Patch #1002616: Mozilla Firefox mozIJSSubScriptLoader.loadSubScript() Arbitrary Code Execution Virtual Patch #1002618: Mozilla Firefox Block Reflow Code Execution Vulnerability

EXPLOITABILITY: Immunity Reference: CVE-2008-2798 Description: Firefox Link: http://qualys.immunityinc.com/home/exploitpack/CANVAS/firefox_definesetter/qualys_user

4 Mozilla Firefox URI Splitting Security Bypass Vulnerability CVSS: - Active QID: 115860 CVSS Base: 2.6 Category: Local CVSS Temporal: 2 CVE ID: CVE-2008-2933 Vendor Reference: - Bugtraq ID: 30242 Service Modified: 07/24/2008 User Modified: - Edited: No PCI Vuln: Yes

First Detected: 07/27/2011 at 19:27:53 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 25

10.10.10.220 Confirmed 4/5/Patchable page 179 CVSS Environment: Asset Group: - Collateral Damage Potential: - Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: Upgrade to the latest version of Mozilla Firefox (http://www.mozilla.com/en-US/firefox/).

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: %ProgramFiles%\Mozilla Firefox\firefox.exe Version is 1.8.20070.51502

4 Sun Java Web Start Multiple Vulnerabilities May Allow Elevation of Privileges(1019367.1) CVSS: - Active QID: 115932 CVSS Base: 10 Category: Local CVSS Temporal: 7.8 CVE ID: CVE-2008-3111, CVE-2008-3112, CVE-2008-3113, CVE-2008-3114 Vendor Reference: Sun Alert ID 238905 Bugtraq ID: - Service Modified: 06/10/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: The vendor has issued the following fixes: JDK and JRE 6 Update 7 or later JDK and JRE 5.0 Update 16 or later SDK and JRE 1.4.2_18 or later Note: Some of the vulnerabilities were fixed in earlier versions.

JDK and JRE 6 Update 7 is available for download at Java SE Downloads (http://java.sun.com/javase/downloads/index.jsp) and Java Web site (http://java.com/).

JRE 6 Updates are available through the Java Update tool (http://www.java.com/en/download/help/java_update.xml) for Microsoft Windows users.

JDK 6 Update 7 for Solaris is available in the following patches: Java SE 6 Update 7 (as delivered in patch 125136-09 or later) Java SE 6 Update 7 (as delivered in patch 125137-09 or later (64bit)) Java SE 6_x86 Update 7 (as delivered in patch 125138-09 or later) Java SE 6_x86 Update 7 (as delivered in patch 125139-09 or later (64bit))

JDK and JRE 5.0 Update 16 is available for download at JDK Downloads (http://java.sun.com/javase/downloads/index_jdk5.jsp).

JDK 5.0 Update 16 for Solaris is available in the following patches: J2SE 5.0 Update 16 (as delivered in patch 118666-17) J2SE 5.0 Update 16 (as delivered in patch 118667-17 (64bit))

10.10.10.220 Confirmed 4/5/Patchable page 180 J2SE 5.0_x86 Update 16 (as delivered in patch 118668-17) J2SE 5.0_x86 Update 16 (as delivered in patch 118669-17 (64bit))

SDK and JRE 1.4.2 is available for download at J2SE 1.4.2 (http://java.sun.com/j2se/1.4.2/download.html).

Refer to Oracle ID 1019367.1 (https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1019367.1) for additional information on vulnerabilities and patch details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1002649: Sun Java Web Start JNLP vm args Stack Overflow Virtual Patch #1002653: Sun Java Web Start JNLP java-vm-args Heap Buffer Overflow

EXPLOITABILITY: Immunity - Dsquare Reference: CVE-2008-3112 Description: Sun Java Web Start Sandbox Bypass Vulnerability - Immunity - Dsquare Ref : d2sec_javaws2 Link: http://qualys.immunityinc.com/home/exploitpack/D2ExploitPack/d2sec_javaws2/qualys_user

RESULTS: HKLM\SOFTWARE\JavaSoft\Java Web Start exists HKLM\Software\JavaSoft\Java Web Start CurrentVersion = 1.5.0_06

4 Java Runtime Environment Virtual Machine May Allow Elevation of Privileges (1019375.1) CVSS: - Active QID: 115940 CVSS Base: 10 Category: Local CVSS Temporal: 7.4 CVE ID: CVE-2008-3107 Vendor Reference: Sun Alert ID 238967 Bugtraq ID: 30141 Service Modified: 06/10/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: This issue is addressed in the following releases for Windows, Solaris, and Linux: JDK and JRE 6 Update 7 or later JDK and JRE 5.0 Update 16 or later SDK and JRE 1.4.2_18 or later

JDK and JRE 6 Update 7 is available for download at Java SE Downloads (http://java.sun.com/javase/downloads/index.jsp) and Java Web site (http://java.com/).

JRE 6 Updates are available through the Java Update tool (http://www.java.com/en/download/help/java_update.xml) for Microsoft Windows users.

10.10.10.220 Confirmed 4/5/Patchable page 181 JDK and JRE 5.0 Update 16 is available for download at JDK Downloads (http://java.sun.com/javase/downloads/index_jdk5.jsp).

JDK 5.0 Update 16 for Solaris is available in the following patches: J2SE 5.0 Update 16 (as delivered in patch 118666-17) J2SE 5.0 Update 16 (as delivered in patch 118667-17 (64bit)) J2SE 5.0_x86 Update 16 (as delivered in patch 118668-17) J2SE 5.0_x86 Update 16 (as delivered in patch 118669-17 (64bit))

SDK and JRE 1.4.2_18 is available for download at J2SE 1.4.2 (http://java.sun.com/j2se/1.4.2/download.html).

Refer to Oracle ID 1019375.1 (https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1019375.1) for additional information on vulnerabilities and patch details.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\JavaSoft\Java Web Start exists HKLM\Software\JavaSoft\Java Web Start CurrentVersion = 1.5.0_06

4 Wireshark 1.0.2 Multiple Vulnerabilities (WNPA-SEC-2008-05) CVSS: - Active QID: 115926 CVSS Base: 4.6 [1] Category: Local CVSS Temporal: 3.6 CVE ID: - Vendor Reference: WNPA-SEC-2008-05 Bugtraq ID: 31009 Service Modified: 09/22/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: The vendor has released an update. Upgrade to Wireshark Version 1.0.3. Refer to Wireshark advisory (WNPA-SEC-2008-05) (http://www.wireshark.org/security/wnpa-sec-2008-05.html) for more information.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: C:\Program Files\Wireshark\wireshark.exe found C:\Program Files\Wireshark\wireshark.exe Version is 0.99.3.0

4 Sun Java Runtime Environment Font Processing Privilege Escalation Vulnerability (1019342.1) CVSS: - Active QID: 115943 CVSS Base: 10 Category: Local CVSS Temporal: 7.4 CVE ID: CVE-2008-3108 Vendor Reference: Sun Alert ID 238666 Bugtraq ID: 30147 Service Modified: 09/03/2009

10.10.10.220 Confirmed 4/5/Patchable page 182 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: This issue is addressed in the following releases for Windows, Solaris, and Linux: JDK and JRE 5.0 Update 10 or later SDK and JRE 1.4.2_18 or later SDK and JRE 1.3.1_23 or later

JDK and JRE 5.0 Update 10 and later are available for download at JDK Downloads (http://java.sun.com/javase/downloads/index_jdk5.jsp).

SDK and JRE 1.4.2_18 is available for download at J2SE 1.4.2 (http://java.sun.com/j2se/1.4.2/download.html).

SDK and JRE 1.3.1_23 for Solaris 8 is available for download at J2SE 1.3 (http://java.sun.com/j2se/1.3/download.html).

Refer to Oracle ID 1019342.1 (https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1019342.1) for additional information on vulnerabilities and patch details.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\JavaSoft\Java Web Start exists HKLM\Software\JavaSoft\Java Web Start CurrentVersion = 1.5.0_06

4 Mozilla Firefox and SeaMonkey Multiple Vulnerabilities CVSS: - Active QID: 115963 CVSS Base: 10 Category: Local CVSS Temporal: 7.8 CVE ID: CVE-2008-0016, CVE-2008-3835, CVE-2008-3837, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064, CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069, CVE-2008-4070 Vendor Reference: MFSA2008-40, MFSA2008-41, MFSA2008-42, MFSA2008-43, MFSA2008-44, MFSA2008-37, MFSA2008-38, MFSA2008-45, MFSA2008-46 Bugtraq ID: - Service Modified: 10/02/2008 User Modified: - Edited: No PCI Vuln: Yes

First Detected: 07/27/2011 at 19:27:53 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 25 CVSS Environment: Asset Group: - Collateral Damage Potential: - Target Distribution: -

10.10.10.220 Confirmed 4/5/Patchable page 183 Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: Upgrade to the latest version of Mozilla Firefox (http://www.mozilla.com/firefox/).

Upgrade to the latest version of SeaMonkey (http://www.seamonkey-project.org/).

Refer to Red Hat Firefox advisory RHSA-2008-0879 (https://rhn.redhat.com/errata/RHSA-2008-0879.html) for patches and further details.

Refer to Red Hat Seamonkey advisory RHSA-2008-0882 (https://rhn.redhat.com/errata/RHSA-2008-0882.html) for patches and further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1002882: Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow Virtual Patch #1002884: Mozilla Firefox Mouse Drag Weakness Virtual Patch #1002885: Mozilla Firefox XSLT Remote Code Execution Virtual Patch #1002886: Mozilla Firefox MathML Integer Overflow DoS Virtual Patch #1002906: Mozilla Firefox JavaScript Engine Remote Code Execution Virtual Patch #1002892: Mozilla Firefox Layout Engine Remote Code Execution Virtual Patch #1002896: Mozilla Firefox Graphics Rendering Remote Code Execution Virtual Patch #1002919: Mozilla Firefox Animated PNG Processing Integer Overflow Virtual Patch #1002897: Mozilla Firefox Cross Site Scripting Attack Virtual Patch #1002895: "Mozilla Firefox ""HTML escaped low surrogates"" XSS Attack"

EXPLOITABILITY: Core Security Reference: CVE-2008-0016 Description: Mozilla Firefox UTF-8 Buffer Overflow Exploit - Core Security Category : Exploits/Client Side

Immunity Reference: CVE-2008-0016 Description: firefox_utf8 - Immunity Ref : firefox_utf8 Link: http://qualys.immunityinc.com/home/exploitpack/CANVAS/firefox_utf8/qualys_user

The Exploit-DB Reference: CVE-2008-0016 Description: Mozilla Firefox 2.0.0.16 UTF-8 URL Remote Buffer Overflow Exploit - The Exploit-DB Ref : 9663 Link: http://www.exploit-db.com/exploits/9663

RESULTS: %ProgramFiles%\Mozilla Firefox\firefox.exe Version is 1.8.20070.51502 %ProgramFiles%\mozilla.org\SeaMonkey\seamonkey.exe found %ProgramFiles%\mozilla.org\SeaMonkey\seamonkey.exe Version is 1.0.0.0

4 Mozilla Firefox, Seamonkey and Thunderbird Multiple Vulnerabilities CVSS: - Active QID: 116044 CVSS Base: 10 Category: Local CVSS Temporal: 7.8 CVE ID: CVE-2008-0017, CVE-2008-5015, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024, CVE-2008-5012, CVE-2008-5014, CVE-2008-4582, CVE-2008-5013 Vendor Reference: MFSA2008-51, MFSA2008-52, MFSA2008-53, MFSA2008-54, MFSA2008-55, MFSA2008-56, MFSA2008-57, MFSA2008-58, MFSA2008-47, MFSA2008-48, MFSA2008-49, MFSA2008-50 Bugtraq ID: - Service Modified: 11/22/2008 User Modified: - Edited: No

10.10.10.220 Confirmed 4/5/Patchable page 184 PCI Vuln: Yes

SOLUTION: Upgrade to the latest version of Mozilla Firefox (http://www.mozilla.com/firefox/).

Upgrade to the latest version of SeaMonkey (http://www.seamonkey-project.org/).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003051: "Mozilla Firefox ""200 header"" Code Execution Vulnerability" Virtual Patch #1003041: Mozilla Firefox .url Shortcut File Information Disclosure Virtual Patch #1003044: Mozilla Firefox Security Bypass Vulnerability Virtual Patch #1003053: Mozilla Firefox __proto__ mangling Assertion Failure Vulnerability Virtual Patch #1003043: Mozilla Firefox XUL Frame Tree Memory Corruption Virtual Patch #1003057: Mozilla Firefox Date Class Insufficient Validation Vulnerability Virtual Patch #1003047: Mozilla Firefox File Input Element Memory Corruption Virtual Patch #1003046: Mozilla Firefox nsXMLHttpRequest NotifyEventListeners Security Bypass Vulnerability Virtual Patch #1003029: Mozilla Firefox -moz-binding Property Privilege Escalation Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: %ProgramFiles%\Mozilla Firefox\firefox.exe Version is 1.8.20070.51502 %ProgramFiles%\mozilla.org\SeaMonkey\seamonkey.exe Version is 1.8.20060.13000

4 Mozilla Firefox 3.0.5/2.0.0.19 Not Installed/Multiple Vulnerabilities CVSS: - Active QID: 116089 CVSS Base: 10 Category: Local CVSS Temporal: 7.8 CVE ID: CVE-2008-5513, CVE-2008-5512, CVE-2008-5511, CVE-2008-5510, CVE-2008-5508, CVE-2008-5507, CVE-2008-5506, CVE-2008-5505, CVE-2008-5504, CVE-2008-5503, CVE-2008-5502, CVE-2008-5501, CVE-2008-5500 Vendor Reference: Firefox 3.0.5 Bugtraq ID: 32878 Service Modified: 12/19/2008 User Modified: - Edited: No PCI Vuln: Yes

10.10.10.220 Confirmed 4/5/Patchable page 185 SOLUTION: Upgrade to the latest version of Mozilla Firefox (http://www.mozilla.com/firefox/).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003153: Mozilla Firefox XUL Iframe Denial Of Service Virtual Patch #1003154: Mozilla Firefox Layout Engine Denial Of Service Vulnerability Virtual Patch #1003157: Mozilla Firefox GetXMLEntity And FastAppendChar Denial Of Service Virtual Patch #1003156: Mozilla Firefox URL Parsing Vulnerability Virtual Patch #1003155: Mozilla Firefox Escaped Null Character Security Bypass Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: %ProgramFiles%\Mozilla Firefox\firefox.exe Version is 1.8.20070.51502

4 Sun Java Multiple Vulnerabilities CVSS: - Active

QID: 116174 CVSS Base: 10 Category: Local CVSS Temporal: 7.8 CVE ID: CVE-2008-2086, CVE-2008-5339, CVE-2008-5340, CVE-2008-5341, CVE-2008-5342, CVE-2008-5343, CVE-2008-5344, CVE-2008-5345, CVE-2008-5348, CVE-2008-5350, CVE-2008-5351, CVE-2008-5353, CVE-2008-5354, CVE-2008-5356, CVE-2008-5357, CVE-2008-5359, CVE-2008-5360 Vendor Reference: Sun Alert ID 244988, Sun Alert ID 246387, Sun Alert ID 246346, Sun Alert ID 246266, Sun Alert ID 245246, Sun Alert ID 244991, Sun Alert ID 244990, Sun Alert ID 244987, Sun Alert ID 244986 Bugtraq ID: 32608, 32620, 32892 Service Modified: 01/27/2010 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: To resolve these vulnerabilities, update to the latest Java packages. - JDK and JRE 6 Update 11 or later - JDK and JRE 5.0 Update 17 or later - SDK and JRE 1.4.2_19 or later - SDK and JRE 1.3.1_24 or later

These packages are available from Java.sun.com (http://java.sun.com/).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003140: Sun Java Web Start Splashscreen GIF Decoding Buffer Overflow Virtual Patch #1003589: Sun Java Runtime Environment and Java Development Kit Security Vulnerability

EXPLOITABILITY: Core Security Reference: CVE-2008-5353 Description: Sun Java Calendar Deserialization Exploit - Core Security Category : Exploits/Client Side

10.10.10.220 Confirmed 4/5/Patchable page 186 Immunity Reference: CVE-2008-5353 Description: java_deserialize - Immunity Ref : java_deserialize Link: http://qualys.immunityinc.com/home/exploitpack/CANVAS/java_deserialize/qualys_user

Metasploit Reference: CVE-2008-5353 Description: Sun Java Calendar Deserialization Privilege Escalation - Metasploit Ref : /modules/exploit/multi/browser/java_calendar_deserialize Link: http://www.metasploit.com/modules/exploit/multi/browser/java_calendar_deserialize

The Exploit-DB Reference: CVE-2008-5353 Description: Sun Java Calendar Deserialization Exploit - The Exploit-DB Ref : 16293 Link: http://www.exploit-db.com/exploits/16293

ExploitKits Reference: CVE-2008-5353 Description: Javad0.JRECalendar Java Deserialize

Link: http://contagiodump.blogspot.com/2010/06/overview-of-exploit-packs-update.html

RESULTS: HKLM\SOFTWARE\JavaSoft\Java Web Start exists HKLM\Software\JavaSoft\Java Web Start CurrentVersion = 1.5.0_06

4 Mozilla Firefox/Thunderbird/SeaMonkey Multiple Remote Vulnerabilities (MFSA 2009-01 to -06 RHSA-2009-025 CVSS: - Active 6 RHSA-2009-0257)

QID: 116184 CVSS Base: 10 Category: Local CVSS Temporal: 7.8 CVE ID: CVE-2009-0352, CVE-2009-0353, CVE-2009-0354, CVE-2009-0355, CVE-2009-0356, CVE-2009-0357, CVE-2009-0358 Vendor Reference: MFSA 2009-01, MFSA 2009-02, MFSA 2009-03, MFSA 2009-04, MFSA 2009-05, MFSA 2009-06, RHSA-2009-0256, RHSA-2009-0257, SUSE-SA-2009-009 Bugtraq ID: 33598 Service Modified: 02/17/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Workaround: CVE-2009-0352, CVE-2009-0353: Disable JavaScript until a version containing the fixes is installed.

Patch: To resolve these vulnerabilities, upgrade to the latest supported version of Mozilla products (Thunderbird 2.0.0.21, SeaMonkey 1.1.15 and Firefox 3.0.6) in order to obtain patches.

Refer to the following Mozilla Foundation security advisories for further details: MFSA 2009-01 (http://www.mozilla.org/security/announce/2009/mfsa2009-01.html) ,

10.10.10.220 Confirmed 4/5/Patchable page 187 MFSA 2009-02 (http://www.mozilla.org/security/announce/2009/mfsa2009-02.html) , MFSA 2009-03 (http://www.mozilla.org/security/announce/2009/mfsa2009-03.html) , MFSA 2009-04 (http://www.mozilla.org/security/announce/2009/mfsa2009-04.html) , MFSA 2009-05 (http://www.mozilla.org/security/announce/2009/mfsa2009-05.html) , MFSA 2009-06 (http://www.mozilla.org/security/announce/2009/mfsa2009-06.html)

Refer to the following SuSe security advisory SUSE-SA:2009:009 (http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html)

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003274: Mozilla Firefox Memory Corruption Denial Of Service Virtual Patch #1003273: Mozilla Firefox JavaScript Engine Memory Corruption Denial Of Service

EXPLOITABILITY: ExploitKits Reference: CVE-2009-0355 Description: Firefox - Components/sessionstore/src/nsSessionStore.js

Link: http://contagiodump.blogspot.com/2010/06/overview-of-exploit-packs-update.html

4 Mozilla Firefox/Thunderbird/SeaMonkey Multiple Vulnerabilities (MFSA 2009-07, MFSA 2009-08,MFSA 2009 CVSS: - Active -09,MFSA 2009-10,MFSA 2009-11,RHSA-2009:0315-4)

QID: 116263 CVSS Base: 10 Category: Local CVSS Temporal: 7.8 CVE ID: CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0775, CVE-2009-0776, CVE-2009-0777, CVE-2009-0040 Vendor Reference: MFSA 2009-07, MFSA 2009-08, MFSA 2009-09, MFSA 2009-10, MFSA 2009-11, RHSA-2009-0315 Bugtraq ID: 33990 Service Modified: 03/12/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Workaround: CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0776: Disable JavaScript until a version containing the fixes is installed.

Patch: The vendor has released advisories and updates to fix these vulnerabilities. Refer to the following Mozilla Foundation security advisories for further details: MFSA 2009-07 (http://www.mozilla.org/security/announce/2009/mfsa2009-07.html), MFSA 2009-08 (http://www.mozilla.org/security/announce/2009/mfsa2009-08.html), MFSA 2009-09 (http://www.mozilla.org/security/announce/2009/mfsa2009-09.html), MFSA 2009-10 (http://www.mozilla.org/security/announce/2009/mfsa2009-10.html),

10.10.10.220 Confirmed 4/5/Patchable page 188 MFSA 2009-11 (http://www.mozilla.org/security/announce/2009/mfsa2009-11.html).

For Red Hat: Refer to Red Hat security advisory RHSA-2009-0315 (https://rhn.redhat.com/errata/RHSA-2009-0315.html) to address this issue and obtain further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003311: Mozilla Firefox Layout Engine Denial Of Service Virtual Patch #1003312: Mozilla Firefox Layout Engine nsCSSStyleSheet::GetOwnerNode Memory Corruption Vulnerability Virtual Patch #1003314: Mozilla Firefox JavaScript Engine Denial Of Service Virtual Patch #1003332: Mozilla Firefox ""cloned XUL DOM elements"" Arbitrary Code Execution Virtual Patch #1003324: Mozilla Firefox URI Invisible Control Characters Incorrect Decoding

EXPLOITABILITY: There is no exploitability information for this vulnerability.

4 Mozilla Firefox Fix Two Vulnerabilities (MFSA 2009-12, MFSA 2009-13,RHSA-2009-0397) CVSS: - Active QID: 116328 CVSS Base: 9.3 Category: Local CVSS Temporal: 7.3 CVE ID: CVE-2009-1044, CVE-2009-1169 Vendor Reference: MFSA 2009-12, MFSA 2009-13, RHSA-2009-0397, SUSE-SA:2009:022 Bugtraq ID: - Service Modified: 07/30/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: The vendor has released advisories and updates to fix these vulnerabilities. Update to Firefox Version 3.0.8 available at Firefox Download site (http://www.mozilla.com/en-US/firefox/3.0.8/releasenotes/).

Refer to the Mozilla Foundation security advisories MFSA 2009-12 (http://www.mozilla.org/security/announce/2009/mfsa2009-12.html) and MFSA 2009-13 (http://www.mozilla.org/security/announce/2009/mfsa2009-13.html) for additional information.

Red Hat patches are available from the Red Hat Network (https://www.redhat.com/wapps/sso/rhn/login.html?redirect=http%3A%2F%2Frhn.redhat.com%2Frhn%2FYourRhn.do).

Steps on using the Red Hat Network (RHN) to apply packages are listed as follows: For Red Hat Enterprise Linux Versions 2.1, 3, and 4, the interactive Update Agent can be launched with the "up2date" command.

For Red Hat Enterprise Linux Version 5, the graphical Update tool can be launched with the "pup" command.

10.10.10.220 Confirmed 4/5/Patchable page 189 To install packages using the command-line interface, use the command "yum update".

Refer to Red Hat security advisory RHSA-2009-0397 (https://rhn.redhat.com/errata/RHSA-2009-0397.html) to address this issue and obtain further details.

For Suse refer to security advisory SUSE-SA:2009:022 (http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00008.html).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003409: Mozilla Firefox '_moveToEdgeShift' Remote Code Execution Vulnerability Virtual Patch #1003402: Mozilla Firefox XSL Parsing 'root' XML Tag Remote Memory Corruption Vulnerability

EXPLOITABILITY: The Exploit-DB Reference: CVE-2009-1169 Description: Mozilla Firefox XSL Parsing Remote Memory Corruption PoC 0day - The Exploit-DB Ref : 8285 Link: http://www.exploit-db.com/exploits/8285

RESULTS: %ProgramFiles%\Mozilla Firefox\firefox.exe found %ProgramFiles%\Mozilla Firefox\firefox.exe Version is 2.0.0.4

4 Wireshark PROFINET DCP Format String Vulnerability CVSS: - Active QID: 116333 CVSS Base: 10 Category: Local CVSS Temporal: 7.8 CVE ID: CVE-2009-1210 Vendor Reference: wnpa-sec-2009-02 Bugtraq ID: 34291 Service Modified: 05/04/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Workaround: Disable support for the "PN-DCP" protocol. The PN-DCP protocol can be disabled in Wireshark by hitting "Shift-Ctrl-R" and then unchecking "PN-DCP".

Patch: Vendor has released an update (Wireshark version 1.0.7) to resolve this issue. Refer to vendor advisory wnpa-sec-2009-02 (http://www.wireshark.org/security/wnpa-sec-2009-02.html).

EXPLOITABILITY: Core Security Reference: CVE-2009-1210 Description: Wireshark PROFINET Dissector Format String Exploit - Core Security Category : Exploits/Remote

The Exploit-DB Reference: CVE-2009-1210 Description: Wireshark

10.10.10.220 Confirmed 4/5/Patchable page 190 Link: http://www.exploit-db.com/exploits/8308

RESULTS: %ProgramFiles%\Wireshark\wireshark.exe found %ProgramFiles%\Wireshark\wireshark.exe Version is 0.99.3.0

4 Sun Java JDK JRE Multiple Vulnerabilities (1020224.1, 1020225.1, 1020226.1, 1020228.1, 1020231.1 CVSS: - Active , 1020229.1, 1020230.1)

QID: 116345 CVSS Base: 10 Category: Local CVSS Temporal: 7.8 CVE ID: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102 Vendor Reference: Sun Alert ID 254569, Sun Alert ID 254570, Sun Alert ID 254608, Sun Alert ID 254611, Sun Alert ID 254610, Sun Alert ID 254571, Sun Alert ID 254609 Bugtraq ID: - Service Modified: 10/21/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Updates to fix these vulnerabilities are available. Links for downloading the updates are listed below:

JDK and JRE 6 Update 13: http://java.sun.com/javase/downloads/index.jsp (http://java.sun.com/javase/downloads/index.jsp)

JDK and JRE 5.0 Update 18: http://java.sun.com/javase/downloads/index_jdk5.jsp (http://java.sun.com/javase/downloads/index_jdk5.jsp)

Java SE for Business SDK and JRE 1.4.2_20: http://www.sun.com/software/javaseforbusiness/getit_download.jsp (http://www.sun.com/software/javaseforbusiness/getit_download.jsp)

SDK and JRE 1.3.1_25 (for customers with Solaris 8 and Vintage Support Offering support contracts): http://java.sun.com/j2se/1.3/download.html (http://java.sun.com/j2se/1.3/download.html)

Please refer to the following Sun advisories for additional details:

Oracle ID 1020224.1 (https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1020224.1)

Oracle ID 1020225.1 (https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1020225.1)

Oracle ID 1020228.1 (https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1020228.1)

Oracle ID 1020231.1 (https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1020231.1)

Oracle ID 1020230.1 (https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1020230.1)

Oracle ID 1020226.1 (https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1020226.1)

Oracle ID 1020229.1 (https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1020229.1)

Virtual Patches:

10.10.10.220 Confirmed 4/5/Patchable page 191 Trend Micro Virtual Patching Virtual Patch #1003411: Sun Java Web Start Splashscreen GIF Processing Buffer Overflow Virtual Patch #1003437: Sun Java Web Start Splashscreen PNG Processing Buffer Overflow Virtual Patch #1003412: Sun Java Runtime Environment GIF Parsing Memory Corruption

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\JavaSoft\Java Web Start exists HKLM\Software\JavaSoft\Java Web Start CurrentVersion = 1.5.0_06

4 Wireshark Prior to 1.0.7 Multiple Vulnerabilities (wnpa-sec-2009-02 ) CVSS: - Active QID: 116363 CVSS Base: 10 Category: Local CVSS Temporal: 7.8 CVE ID: CVE-2009-1210, CVE-2009-1267, CVE-2009-1268, CVE-2009-1269 Vendor Reference: WNPA-SEC-2009-02 Bugtraq ID: - Service Modified: 04/13/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Workarounds: The following workarounds can be applied until the fixed version is installed.

- For each user that will run Wireshark (including root if Wireshark is run as a privileged user), make sure the HOME environment variable does not contain any "%" characters.

- Avoid opening any Tektronix K12 text or NetScreen capture files.

Patch: The vendor has released an update to resolve these issues. Upgrade to Wireshark Version 1.0.7, which is available for download from the Wireshark Download site (http://www.wireshark.org/download.html).

Refer to Wireshark Security advisory WNPA-SEC-2009-02 (http://www.wireshark.org/security/wnpa-sec-2009-02.html) for more additional information.

EXPLOITABILITY: Core Security Reference: CVE-2009-1210 Description: Wireshark PROFINET Dissector Format String Exploit - Core Security Category : Exploits/Remote

The Exploit-DB Reference: CVE-2009-1210 Description: Wireshark Link: http://www.exploit-db.com/exploits/8308

RESULTS:

10.10.10.220 Confirmed 4/5/Patchable page 192 %ProgramFiles%\Wireshark\wireshark.exe found %ProgramFiles%\Wireshark\wireshark.exe Version is 0.99.3.0

4 Mozilla Firefox/Thunderbird/SeaMonkey Multiple Vulnerabilities (MFSA 2009 -14 through -22) CVSS: - Active QID: 116385 CVSS Base: 6.8 Category: Local CVSS Temporal: 5.3 CVE ID: CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1312, CVE-2009-1311, CVE-2009-0652 Vendor Reference: MFSA 2009-14, MFSA 2009-15, MFSA 2009-16, MFSA 2009-17, MFSA 2009-18, MFSA 2009-19, MFSA 2009-20, MFSA 2009-21, MFSA 2009-22 Bugtraq ID: 34656 Service Modified: 04/23/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Workaround: CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305: Disable JavaScript until a version containing the fixes is installed.

Patch: These vulnerabilities are fixed in Mozilla Thunderbird 2.0.0.22, Mozilla SeaMonkey 1.1.17 and Mozilla Firefox 3.0.9. Firefox 3.0.9 is available for download at Mozilla Firefox Download site (http://www.mozilla.com/en-US/products/download.html?product=firefox-3.0.9&os=win&lang=en-US).

The vendor has released advisories for each of the vulnerabilities. Refer to the following Mozilla Foundation security advisories for further details: MFSA 2009-14 (http://www.mozilla.org/security/announce/2009/mfsa2009-14.html), MFSA 2009-15 (http://www.mozilla.org/security/announce/2009/mfsa2009-15.html), MFSA 2009-16 (http://www.mozilla.org/security/announce/2009/mfsa2009-16.html), MFSA 2009-17 (http://www.mozilla.org/security/announce/2009/mfsa2009-17.html), MFSA 2009-18 (http://www.mozilla.org/security/announce/2009/mfsa2009-18.html), MFSA 2009-19 (http://www.mozilla.org/security/announce/2009/mfsa2009-19.html), MFSA 2009-20 (http://www.mozilla.org/security/announce/2009/mfsa2009-20.html), MFSA 2009-21 (http://www.mozilla.org/security/announce/2009/mfsa2009-21.html), MFSA 2009-22 (http://www.mozilla.org/security/announce/2009/mfsa2009-22.html)

EXPLOITABILITY: There is no exploitability information for this vulnerability.

4 Mozilla Security Update for Firefox (MFSA2009-23) CVSS: - Active QID: 116395 CVSS Base: 9.3 Category: Local CVSS Temporal: 6.9 CVE ID: CVE-2009-1313 Vendor Reference: MFSA 2009-23 Bugtraq ID: 34743 Service Modified: 04/29/2009 User Modified: - Edited: No

10.10.10.220 Confirmed 4/5/Patchable page 193 PCI Vuln: Yes

SOLUTION: The vendor has released an update (Firefox Version 3.0.10) to resolve this issue. The update is available at Mozilla Firefox Download site (http://www.mozilla.com/products/download.html?product=firefox-3.0.10&os=win&lang=en-US).

Refer to the vendor security advisory MFSA2009-23 (http://www.mozilla.org/security/announce/2009/mfsa2009-23.html) for additional information.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003460: Mozilla Firefox 'nsTextFrame::ClearTextRun()' Remote Memory Corruption Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: %ProgramFiles%\Mozilla Firefox\firefox.exe found %ProgramFiles%\Mozilla Firefox\firefox.exe Version is 2.0.0.4

4 Sun Java Runtime Environment ActiveX Control Multiple Remote Vulnerabilities CVSS: - Active QID: 116431 CVSS Base: 9.3 Category: Local CVSS Temporal: 7.3 CVE ID: CVE-2009-1671 Vendor Reference: - Bugtraq ID: 34931 Service Modified: 08/13/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Workarounds: 1) Disable the Java plugin in Internet Explorer, Firefox, Safari, Opera and Google Chrome.

2) Setting the kill-bit associated with CLSID CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA will prevent the ActiveX control from being loaded within Internet Explorer.

Refer to Microsoft article KB240797 (http://support.microsoft.com/kb/240797) for information on setting the kill bits.

10.10.10.220 Confirmed 4/5/Patchable page 194 Impact of the workaround: Setting the kill bit may prevent the control from working properly.

3) To prevent exploitation of ActiveX vulnerabilities, ActiveX controls should be disabled in any zone used by attackers.

Patch: Update to Sun Java Runtime Environment Version 6 Update 15 to resolve this issue. JDK and JRE 6 Update 15 is available for download at Java SE Downloads (http://java.sun.com/javase/downloads/index.jsp) and Java Web site (http://java.com/).

Refer to Update 15 Release Notes (http://java.sun.com/javase/6/webnotes/6u15.html) to obtain additional details on the bug fixes.

EXPLOITABILITY: The Exploit-DB Reference: CVE-2009-1671 Description: Java SE Runtime Environment - JRE 6 Update 13 Multiple Vulnerabilities - The Exploit-DB Ref : 8665 Link: http://www.exploit-db.com/exploits/8665

ExploitKits Reference: CVE-2009-1671 Description: Java buffer overflows in the Deployment Toolkit ActiveX control in deploytk.dll

Link: http://contagiodump.blogspot.com/2010/06/overview-of-exploit-packs-update.html

RESULTS: C:\Program Files\Java\jre1.5.0_06\bin\client\jvm.dll found HKLM\Software\JavaSoft\Java Runtime Environment\1.5.0_06 Key found

4 Mozilla Firefox/Thunderbird/SeaMonkey Multiple Remote Vulnerabilities (MFSA 2009-24 through 2009-32) CVSS: - Active QID: 116459 CVSS Base: 9.3 Category: Local CVSS Temporal: 7.3 CVE ID: CVE-2009-1841, CVE-2009-1840, CVE-2009-1839, CVE-2009-1838, CVE-2009-1837, CVE-2009-1836, CVE-2009-1835, CVE-2009-1834, CVE-2009-1833, CVE-2009-1832, CVE-2009-1392 Vendor Reference: MFSA 2009-24, MFSA 2009-25, MFSA 2009-26, MFSA 2009-27, MFSA 2009-28, MFSA 2009-29, MFSA 2009-30, MFSA 2009-31, MFSA 2009-32 Bugtraq ID: 35326 Service Modified: 07/02/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: These vulnerabilities are fixed in Mozilla Thunderbird Version 2.0.0.22, Mozilla SeaMonkey Version 1.1.17 and Mozilla Firefox Version 3.0.11. Firefox 3.0.11 is available for download at Mozilla Firefox Download site (http://www.mozilla.com/en-US/products/download.html?product=firefox-3.0.11&os=win&lang=en-US).

The vendor has released advisories for each of the vulnerabilities. Refer to the following Mozilla Foundation security advisories for further details: MFSA 2009-24 (http://www.mozilla.org/security/announce/2009/mfsa2009-24.html), MFSA 2009-25 (http://www.mozilla.org/security/announce/2009/mfsa2009-25.html), MFSA 2009-26 (http://www.mozilla.org/security/announce/2009/mfsa2009-26.html), MFSA 2009-27 (http://www.mozilla.org/security/announce/2009/mfsa2009-27.html), MFSA 2009-28 (http://www.mozilla.org/security/announce/2009/mfsa2009-28.html), MFSA 2009-29 (http://www.mozilla.org/security/announce/2009/mfsa2009-29.html), MFSA 2009-30 (http://www.mozilla.org/security/announce/2009/mfsa2009-30.html),

10.10.10.220 Confirmed 4/5/Patchable page 195 MFSA 2009-31 (http://www.mozilla.org/security/announce/2009/mfsa2009-31.html), MFSA 2009-32 (http://www.mozilla.org/security/announce/2009/mfsa2009-32.html)

Workaround: For CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1841: Disable JavaScript until a fixed version is installed.

For CVE-2009-1837: Disable Java until a fixed version is installed.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003579: Mozilla Firefox Memory Corruption Denial Of Service Vulnerability Virtual Patch #1003580: Mozilla Firefox Location Bar Spoofing Vulnerability Virtual Patch #1003578: Mozilla Firefox Cross Domain Scripting Vulnerability Virtual Patch #1003575: Mozilla Firefox SSL Tampering Vulnerability Virtual Patch #1003597: Restrict Download Of Files Using File:// Protocol

EXPLOITABILITY: The Exploit-DB Reference: CVE-2009-1839 Description: Mozilla Firefox Location Bar Spoofing Vulnerability - The Exploit-DB Ref : 10544 Link: http://www.exploit-db.com/exploits/10544

4 Mozilla Firefox/Thunderbird Multiple Remote Vulnerabilities (MFSA 2009-34, MFSA 2009-35, MFSA 2009-36, CVSS: - Active MFSA 2009-37, MFSA 2009-39, MFSA 2009-40)

QID: 116528 CVSS Base: 10 Category: Local CVSS Temporal: 7.8 CVE ID: CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466, CVE-2009-2467, CVE-2009-2468, CVE-2009-1194, CVE-2009-2469, CVE-2009-2471, CVE-2009-2472 Vendor Reference: MFSA 2009-34, MFSA 2009-35, MFSA 2009-36, MFSA 2009-37, MFSA 2009-39, MFSA 2009-40 Bugtraq ID: - Service Modified: 07/24/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: These vulnerabilities are fixed in Mozilla Firefox 3.0.12 and Firefox 3.5.1. Firefox 3.0.12 is available for download at Mozilla Firefox 3.0.x Download site (http://www.mozilla.com/en-US/products/download.html?product=firefox-3.0.12&os=win&lang=en-US) and Firefox 3.5.1 is available for download at Mozilla Firefox 3.5.x Download site (http://www.mozilla.com/en-US/products/download.html?product=firefox-3.5.1&os=win&lang=en-US).

The vendor has released advisories for each of the vulnerabilities. Refer to the following Mozilla Foundation security advisories for further details: MFSA 2009-34 (http://www.mozilla.org/security/announce/2009/mfsa2009-34.html),

10.10.10.220 Confirmed 4/5/Patchable page 196 MFSA 2009-35 (http://www.mozilla.org/security/announce/2009/mfsa2009-35.html), MFSA 2009-36 (http://www.mozilla.org/security/announce/2009/mfsa2009-36.html), MFSA 2009-37 (http://www.mozilla.org/security/announce/2009/mfsa2009-37.html), MFSA 2009-39 (http://www.mozilla.org/security/announce/2009/mfsa2009-39.html), MFSA 2009-40 (http://www.mozilla.org/security/announce/2009/mfsa2009-40.html).

Workaround: CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466, CVE-2009-2469, CVE-2009-2471, CVE-2009-2472: Disable JavaScript until a version containing these fixes is installed.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003657: Mozilla Firefox ConstructFrame With Floating First-letter Memory Corruption Virtual Patch #1003640: Mozilla Firefox nsXULTemplateQueryProcessorRDF::CheckIsSeparator Denial Of Service Virtual Patch #1003669: Mozilla Firefox 'watch()' And ' __defineSetter__ ()' Functions Remote Code Execution Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: %ProgramFiles%\Mozilla Firefox\firefox.exe found %ProgramFiles%\Mozilla Firefox\firefox.exe Product Version is 2.0.0.4 %ProgramFiles%\Mozilla Firefox\firefox.exe Version is 2.0.0.4

4 Firefox Security Update (MFSA 2009-42,MFSA 2009-43) CVSS: - Active QID: 116539 CVSS Base: 9.3 Category: Local CVSS Temporal: 7.3 CVE ID: CVE-2009-2408, CVE-2009-2404 Vendor Reference: MFSA 2009-42, MFSA 2009-43 Bugtraq ID: - Service Modified: 08/04/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: These vulnerabilities are fixed in Mozilla Firefox Version 3.5 or later. Firefox 3.5.1 is available for download at Mozilla Firefox Download site (http://www.mozilla.com/en-US/products/download.html?product=firefox-3.5.1&os=win&lang=en-US).

The vendor has released advisories for each of the vulnerabilities. Refer to the following Mozilla Foundation security advisories for further details: MFSA 2009-42 (http://www.mozilla.org/security/announce/2009/mfsa2009-42.html), MFSA 2009-43 (http://www.mozilla.org/security/announce/2009/mfsa2009-43.html).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003670: Multiple Browser Certificate Regexp Parsing Heap Overflow

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS:

10.10.10.220 Confirmed 4/5/Patchable page 197 %ProgramFiles%\Mozilla Firefox\firefox.exe found %ProgramFiles%\Mozilla Firefox\firefox.exe Version is 2.0.0.4

4 Firefox Update for 3.5.2 (MFSA 2009-38,MFSA 2009-44,MFSA 2009-45,MFSA 2009-46) CVSS: - Active QID: 116542 CVSS Base: 5.8 Category: Local CVSS Temporal: 4.5 CVE ID: CVE-2009-2654, CVE-2009-2470 Vendor Reference: MFSA 2009-38, MFSA 2009-44, MFSA 2009-45, MFSA 2009-46 Bugtraq ID: - Service Modified: 08/05/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: These vulnerabilities are fixed in Mozilla Firefox Version 3.5.2 or later and Version 3.0.13 or later. Firefox 3.5.2 is available for download at Mozilla Firefox 3.5.2 Download site (http://www.mozilla.com/en-US/products/download.html?product=firefox-3.5.2&os=win&lang=en-US).

The vendor has released advisories for each of the vulnerabilities. Refer to the following Mozilla Foundation security advisories for further details: MFSA 2009-38 (http://www.mozilla.org/security/announce/2009/mfsa2009-38.html), MFSA 2009-44 (http://www.mozilla.org/security/announce/2009/mfsa2009-44.html), MFSA 2009-45 (http://www.mozilla.org/security/announce/2009/mfsa2009-45.html), MFSA 2009-46 (http://www.mozilla.org/security/announce/2009/mfsa2009-46.html).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003659: Mozilla Firefox Location Bar And SSL Indicator Spoofing Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: %ProgramFiles%\Mozilla Firefox\firefox.exe found %ProgramFiles%\Mozilla Firefox\firefox.exe Version is 2.0.0.4

4 Security Vulnerability in the JRE With Parsing XML Data May Allow a Remote Client to Create a Denial CVSS: - Active of Service (1020713.1)

QID: 116556 CVSS Base: 5 Category: Local CVSS Temporal: 3.9 CVE ID: CVE-2009-2625 Vendor Reference: Sun Alert ID 263489 Bugtraq ID: - Service Modified: 10/25/2010 User Modified: - Edited: No PCI Vuln: No

First Detected: 07/27/2011 at 19:27:53 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 25 CVSS Environment:

10.10.10.220 Confirmed 4/5/Patchable page 198 Asset Group: - Collateral Damage Potential: - Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: This issue is addressed in the following Java SE and Java SE for Business releases for Windows, Solaris, and Linux:

JDK and JRE 6 Update 15 or later

JDK and JRE 5.0 Update 20 or later

JDK and JRE 6 Update 15 is available for download at Java Downloads (http://java.sun.com/javase/downloads/index.jsp) and Java Web site (http://java.com/).

JDK 6 Update 15 is also available for Solaris in the following patches:

Java SE 6 Update 15 (as delivered in patch 125136-16)

Java SE 6 Update 15 (as delivered in patch 125137-16 (64bit))

Java SE 6_x86 Update 15 (as delivered in patch 125138-16)

Java SE 6_x86 Update 15 (as delivered in patch 125139-16 (64bit))

JDK and JRE 5 Update 20 is available for download at Java SE Downloads (http://java.sun.com/javase/downloads/index_jdk5.jsp) and Java Web site (http://java.com/).

JDK 5 Update 20 is also available for Solaris in the following patches:

J2SE 5.0 Update 18 (as delivered in patch 118666-21)

J2SE 5.0 Update 18 (as delivered in patch 118667-21 (64bit))

J2SE 5.0_x86 Update 18 (as delivered in patch 118668-21)

J2SE 5.0_x86 Update 18 (as delivered in patch 118669-21 (64bit))

Java SE for Business Releases is available at Java for Business (http://www.sun.com/software/javaseforbusiness/getit_download.jsp).

Refer to Oracle ID 1020713.1 (https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1020713.1) to obtain additional details on this vulnerability.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: C:\Program Files\Java\jre1.5.0_06\bin\client\jvm.dll found HKLM\Software\JavaSoft\Java Runtime Environment\1.5.0_06 Key found

4 Mozilla Firefox Multiple Vulnerabilities (MFSA 2009-47, MFSA 2009-48, MFSA 2009-49, MFSA 2009- CVSS: - Active 50, MFSA 2009-51)

QID: 116608 CVSS Base: 10 Category: Local CVSS Temporal: 7.8 CVE ID: CVE-2009-3079, CVE-2009-3078, CVE-2009-3077, CVE-2009-3076, CVE-2009-3069, CVE-2009-3070, CVE-2009-3071, CVE-2009-3072, CVE-2009-3073, CVE-2009-3074, CVE-2009-3075 Vendor Reference: MFSA 2009-47, MFSA 2009-48, MFSA 2009-49, MFSA 2009-50, MFSA 2009-51

10.10.10.220 Confirmed 4/5/Patchable page 199 Bugtraq ID: - Service Modified: 09/16/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: These vulnerabilities are fixed in Mozilla Firefox Version 3.5.3 or later and Version 3.0.14 or later. Updates are available for download from the following sites: Firefox 3.0.14 (http://www.mozilla.com/en-US/firefox/all-older.html) Firefox 3.5 (http://www.mozilla.com/en-US/)

The vendor has released advisories for each of the vulnerabilities. Refer to the following Mozilla Foundation security advisories for further details: MFSA 2009-47 (http://www.mozilla.org/security/announce/2009/mfsa2009-47.html), MFSA 2009-48 (http://www.mozilla.org/security/announce/2009/mfsa2009-48.html), MFSA 2009-49 (http://www.mozilla.org/security/announce/2009/mfsa2009-49.html), MFSA 2009-50 (http://www.mozilla.org/security/announce/2009/mfsa2009-50.html), MFSA 2009-51 (http://www.mozilla.org/security/announce/2009/mfsa2009-51.html)

Workaround: For CVE-2009-3069, CVE-2009-3070, CVE-2009-3071, CVE-2009-3072, CVE-2009-3073, CVE-2009-3074, CVE-2009-3075, CVE-2009-3079: - Disable JavaScript until a version containing these fixes can be installed.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003734: Mozilla Firefox nsPropertyTable PropertyList Memory Corruption Virtual Patch #1003737: Mozilla Firefox Top-level Script Object Offset Calculation Memory Corruption Virtual Patch #1004051: Mozilla Multiple Products JavaScript String Replace Buffer Overflow Virtual Patch #1003719: Mozilla Firefox Multiplatform Remote Code Execution Via pkcs11 Module Virtual Patch #1003723: Mozilla Firefox TreeColumns Dangling Pointer Vulnerability Virtual Patch #1003720: Mozilla Firefox Location Bar Visual Truncation Vulnerabilities

EXPLOITABILITY: The Exploit-DB Reference: CVE-2009-3076 Description: Mozilla Firefox < 3.0.14 Multiplatform RCE via pkcs11.addmodule - The Exploit-DB Ref : 9651 Link: http://www.exploit-db.com/exploits/9651

RESULTS: %ProgramFiles%\Mozilla Firefox\firefox.exe found %ProgramFiles%\Mozilla Firefox\firefox.exe Product Version is 2.0.0.4 %ProgramFiles%\Mozilla Firefox\firefox.exe Version is 2.0.0.4

4 Sun Java JDK and JRE Multiple Vulnerabilities CVSS: - Active QID: 116678 CVSS Base: 9.3 Category: Local CVSS Temporal: 7.3 CVE ID: CVE-2009-3728, CVE-2009-3729, CVE-2009-3864, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884, CVE-2009-3886, CVE-2009-3885

10.10.10.220 Confirmed 4/5/Patchable page 200 Vendor Reference: Sun Java Update Bugtraq ID: 36881 Service Modified: 10/25/2010 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: The vendor has released an update (JDK and JRE 6 Update 17, JDK and JRE 5.0 Update 22, Java SE for Business SDK and JRE 1.4.2_24, SDK and JRE 1.3.1_27) to resolve these issues.

Refer to Vendor advisory Sun Java update (http://java.sun.com/javase/6/webnotes/6u17.html) to address this issue and obtain further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003813: Sun Java HsbParser.getSoundBank Stack Buffer Overflow Virtual Patch #1003830: Sun Java Runtime AWT setDifflCM Stack Buffer Overflow

EXPLOITABILITY: Core Security Reference: CVE-2009-3867 Description: Sun Java getSoundBank Buffer Overflow Exploit - Core Security Category : Exploits/Client Side

Reference: CVE-2009-3869 Description: Sun Java AWT Library setDiffICM Buffer Overflow Exploit - Core Security Category : Exploits/Client Side

Immunity Reference: CVE-2009-3867 Description: sun_java_hsbparser_linux - Immunity Ref : sun_java_hsbparser_linux Link: http://qualys.immunityinc.com/home/exploitpack/CANVAS/sun_java_hsbparser_linux/qualys_user

Immunity - Dsquare Reference: CVE-2009-3865 Description: Java Runtime Environment Deployment Toolkit Command Execution Vulnerability - Immunity - Dsquare Ref : d2sec_jretk Link: http://qualys.immunityinc.com/home/exploitpack/D2ExploitPack/d2sec_jretk/qualys_user

Metasploit Reference: CVE-2009-3867 Description: Sun Java JRE getSoundbank file:// URI Buffer Overflow - Metasploit Ref : /modules/exploit/multi/browser/java_getsoundbank_bof Link: http://www.metasploit.com/modules/exploit/multi/browser/java_getsoundbank_bof

Reference: CVE-2009-3869 Description: Sun Java JRE AWT setDiffICM Buffer Overflow - Metasploit Ref : /modules/exploit/multi/browser/java_setdifficm_bof Link: http://www.metasploit.com/modules/exploit/multi/browser/java_setdifficm_bof

The Exploit-DB Reference: CVE-2009-3867 Description: Sun Java JRE getSoundbank file:// URI Buffer Overflow - The Exploit-DB Ref : 16294 Link: http://www.exploit-db.com/exploits/16294

Reference: CVE-2009-3869

10.10.10.220 Confirmed 4/5/Patchable page 201 Description: Sun Java JRE AWT setDiffICM Buffer Overflow - The Exploit-DB Ref : 16298 Link: http://www.exploit-db.com/exploits/16298

ExploitKits Reference: CVE-2009-3867 Description: Java Runtime Env. getSoundBank Stack BOF

Link: http://contagiodump.blogspot.com/2010/06/overview-of-exploit-packs-update.html

Reference: CVE-2009-3869 Description: Sun Java JRE AWT SetDiff ICM Buffer Overflow

Link: http://contagiodump.blogspot.com/2010/06/overview-of-exploit-packs-update.html

RESULTS: C:\Program Files\Java\jre1.5.0_06\bin\client\jvm.dll found HKLM\Software\JavaSoft\Java Runtime Environment\1.5.0_06 Key found

4 Java Runtime Environment AWT ImageRep Heap Buffer Overflow Vulnerability CVSS: - Active

QID: 116598 CVSS Base: 9.3 Category: Local CVSS Temporal: 6.9 CVE ID: CVE-2009-3871 Vendor Reference: Sun Java Update Bugtraq ID: - Service Modified: 10/25/2010 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Workaround: - Disable the Java plug-in within the browser.

Patch: The vendor has released an update to resolve these issues.

Refer to Vendor advisory Sun Java update (http://java.sun.com/javase/6/webnotes/6u17.html) to address this issue and obtain further details.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: C:\Program Files\Java\jre1.5.0_06\bin\client\jvm.dll found HKLM\Software\JavaSoft\Java Runtime Environment\1.5.0_06 Key found

4 Mozilla Firefox/SeaMonkey Multiple Vulnerabilities (MFSA 2009-65 through MFSA 2009-71) CVSS: - Active QID: 116769 CVSS Base: 9.3 Category: Local CVSS Temporal: 7.3

10.10.10.220 Confirmed 4/5/Patchable page 202 CVE ID: CVE-2009-3987, CVE-2009-3986, CVE-2009-3985, CVE-2009-3984, CVE-2009-3389, CVE-2009-3388, CVE-2009-3979, CVE-2009-3980, CVE-2009-3981, CVE-2009-3982 Vendor Reference: MFSA 2009-65, MFSA 2009-66, MFSA 2009-67, MFSA 2009-68, MFSA 2009-69, MFSA 2009-70, MFSA 2009-71, RHSA-2009-1674 Bugtraq ID: - Service Modified: 02/11/2010 User Modified: - Edited: No PCI Vuln: Yes

First Detected: 07/27/2011 at 19:27:53 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 25

CVSS Environment: Asset Group: - Collateral Damage Potential: - Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: The vendor has released advisories and updates to fix these vulnerabilities. Refer to the following Mozilla Foundation security advisories for further details: MFSA 2009-65 (http://www.mozilla.org/security/announce/2009/mfsa2009-65.html), MFSA 2009-66 (http://www.mozilla.org/security/announce/2009/mfsa2009-66.html), MFSA 2009-67 (http://www.mozilla.org/security/announce/2009/mfsa2009-67.html), MFSA 2009-68 (http://www.mozilla.org/security/announce/2009/mfsa2009-68.html), MFSA 2009-69 (http://www.mozilla.org/security/announce/2009/mfsa2009-69.html), MFSA 2009-70 (http://www.mozilla.org/security/announce/2009/mfsa2009-70.html), MFSA 2009-71 (http://www.mozilla.org/security/announce/2009/mfsa2009-71.html).

For Red Hat: Refer to Red Hat security advisory RHSA-2009-1674 (https://rhn.redhat.com/errata/RHSA-2009-1674.html) to address this issue and obtain further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003953: Mozilla Firefox Content Injection Spoofing Vulnerability Virtual Patch #1003884: Mozilla Firefox GeckoActiveXObject Exception Message COM Object Enumeration Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: %ProgramFiles%\Mozilla Firefox\firefox.exe found %ProgramFiles%\Mozilla Firefox\firefox.exe Product Version is 2.0.0.4 %ProgramFiles%\Mozilla Firefox\firefox.exe Version is 2.0.0.4

4 Mozilla Firefox, Thunderbird, SeaMonkey Multiple Vulnerabilities (MFSA 2010-01,MFSA 2010-02,MFSA 2010- CVSS: - Active 03,MFSA 2010-04,MFSA 2010-05)

QID: 116903 CVSS Base: 10 Category: Local CVSS Temporal: 7.4 CVE ID: CVE-2009-1571, CVE-2009-3988, CVE-2010-0159, CVE-2010-0160, CVE-2010-0162 Vendor Reference: MFSA 2010-01, MFSA 2010-02, MFSA 2010-03, MFSA 2010-04, MFSA 2010-05 Bugtraq ID: - Service Modified: 02/19/2010 User Modified: - Edited: No PCI Vuln: Yes

First Detected: 07/27/2011 at 19:27:53 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 25

10.10.10.220 Confirmed 4/5/Patchable page 203 CVSS Environment: Asset Group: - Collateral Damage Potential: - Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1004002: Mozilla Firefox Multiple Remote Memory Corruption Vulnerabilities Virtual Patch #1004186: Mozilla Firefox Web Workers Array Data Type Remote Memory Corruption

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: %ProgramFiles%\Mozilla Firefox\firefox.exe found %ProgramFiles%\Mozilla Firefox\firefox.exe Product Version is 2.0.0.4 %ProgramFiles%\Mozilla Firefox\firefox.exe Version is 2.0.0.4

4 Java Runtime Environment ImagingLib Buffer Overflow Vulnerability (Oracle Java Critical Patch Update - March CVSS: - Active 2010)

QID: 116794 CVSS Base: 7.5 Category: Local CVSS Temporal: 5.5 CVE ID: CVE-2010-0847 Vendor Reference: Oracle javacpumar2010 Bugtraq ID: - Service Modified: 10/26/2010 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Workaround: - Disable the Java plug-in within the browser.

Patch: The vendor released an update to resolve these issues. Refer to vendor advisory Oracle javacpumar2010 (http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html) to obtain more details.

EXPLOITABILITY:

10.10.10.220 Confirmed 4/5/Patchable page 204 There is no exploitability information for this vulnerability.

RESULTS: C:\Program Files\Java\jre1.5.0_06\bin\client\jvm.dll found HKLM\Software\JavaSoft\Java Runtime Environment\1.5.0_06 Key found

4 Oracle Java JDK and JRE Multiple Vulnerabilities CVSS: - Active QID: 117772 CVSS Base: 10 Category: Local CVSS Temporal: 8.3 CVE ID: CVE-2010-0886, CVE-2010-0887, CVE-2010-1423 Vendor Reference: Java Update 6U20 Bugtraq ID: 39346 Service Modified: 10/25/2010 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: The vendor has released an update (Java SE for Business Security Baseline 6 Update 20, Java SE for Business Security Baseline 5.0 Update 24, Java SE for Business Security Baseline 1.4.2_26) to resolve these issues.

Refer to Vendor advisory Sun Java update (http://java.sun.com/javase/6/webnotes/6u20.html) to address this issue and obtain further details.

Workarounds: 1) Internet Explorer users can be protected by temporarily setting the killbit on CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA. Refer to Microsoft article KB240797 (http://support.microsoft.com/kb/240797) for information on setting the killbit.

2) Mozilla Firefox and other NPAPI based browser users can be protected using File System ACLs to prevent access to npdeploytk.dll.

EXPLOITABILITY: Core Security Reference: CVE-2010-1423 Description: Sun Java Web Start Arbitrary Command Line Injection Exploit - Core Security Category : Exploits/Client Side

Metasploit Reference: CVE-2010-0886 Description: Sun Java Web Start Plugin Command Line Argument Injection - Metasploit Ref : /modules/exploit/windows/browser/java_ws_arginject_altjvm Link: http://www.metasploit.com/modules/exploit/windows/browser/java_ws_arginject_altjvm

Reference: CVE-2010-1423 Description: Sun Java Web Start Plugin Command Line Argument Injection - Metasploit Ref : /modules/exploit/windows/browser/java_ws_arginject_altjvm Link: http://www.metasploit.com/modules/exploit/windows/browser/java_ws_arginject_altjvm

The Exploit-DB Reference: CVE-2010-0886 Description: Java Deployment Toolkit Performs Insufficient Validation of Parameters - The Exploit-DB Ref : 12117 Link: http://www.exploit-db.com/exploits/12117

Reference: CVE-2010-0886

10.10.10.220 Confirmed 4/5/Patchable page 205 Description: JAVA Web Start Arbitrary command-line injection - The Exploit-DB Ref : 12122 Link: http://www.exploit-db.com/exploits/12122

Reference: CVE-2010-0886 Description: Sun Java Web Start Plugin Command Line Argument Injection - The Exploit-DB Ref : 16585 Link: http://www.exploit-db.com/exploits/16585

ExploitKits Reference: CVE-2010-0886 Description: Java SMB / Java JDT in Oracle Java SE and Java for Business JDK and JRE 6 Upd 10-19 * Requires xtra components

Link: http://contagiodump.blogspot.com/2010/06/overview-of-exploit-packs-update.html

Reference: CVE-2010-1423 Description: Java Deployment Toolkit Remote Argument Injection Vulnerability (Taviso)

Link: http://contagiodump.blogspot.com/2010/06/overview-of-exploit-packs-update.html

RESULTS: C:\Program Files\Java\jre1.5.0_06\bin\client\jvm.dll found HKLM\Software\JavaSoft\Java Runtime Environment\1.5.0_06 Key found

4 Mozilla Firefox Plugin Parameter Array Dangling Pointer Vulnerability (MFSA 2010-48) CVSS: - Active QID: 118305 CVSS Base: 10 Category: Local CVSS Temporal: 7.8 CVE ID: CVE-2010-2755 Vendor Reference: MFSA 2010-48 Bugtraq ID: - Service Modified: 07/28/2010 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: This issue have been fixed in Firefox 3.6.8 and later. The vendor has released advisories and updates to fix these vulnerabilities. Refer to the following Mozilla Foundation security advisories for further details: MFSA 2010-48 (http://www.mozilla.org/security/announce/2010/mfsa2010-48.html).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1004331: Mozilla Firefox Plugin Parameter Array Dangling Pointer

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: C:\Program Files\Mozilla Firefox\firefox.exe Version is 2.0.0.4

4 Wireshark Multiple Vulnerabilities (wnpa-sec-2010-07, wnpa-sec-2010-08) CVSS: - Active

10.10.10.220 Confirmed 4/5/Patchable page 206 QID: 118321 CVSS Base: 8.3 Category: Local CVSS Temporal: 6.5 CVE ID: CVE-2010-2283, CVE-2010-2284, CVE-2010-2285, CVE-2010-2286, CVE-2010-2287 Vendor Reference: wnpa-sec-2010-07, wnpa-sec-2010-08 Bugtraq ID: - Service Modified: 08/11/2010 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: The vendor has released an update (Version 1.0.15 or 1.2.10) to resolve this issue. Refer to Wireshark advisories wnpa-sec-2010-07 (http://www.wireshark.org/security/wnpa-sec-2010-07.html) and wnpa-sec-2010-08 (http://www.wireshark.org/security/wnpa-sec-2010-08.html) for more information about these vulnerabilities.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: C:\Program Files\Wireshark\\wireshark.exe Version is 0.99.3.0

4 Adobe Acrobat/Reader File Name Handler Buffer Overflow Vulnerability CVSS: - Active QID: 118388 CVSS Base: 7.5 Category: Local CVSS Temporal: 5.9 CVE ID: CVE-2004-0632 Vendor Reference: - Bugtraq ID: - Service Modified: 08/16/2010 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: These issues have been patched in Adobe Reader/Acrobat 6.0.2 and later. Update to the latest Adobe Version available from the Adobe Download site (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows).

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Adobe\Acrobat Reader\6.0 exists HKLM\SOFTWARE\Adobe\Acrobat Reader\6.0\602Update is missing

10.10.10.220 Confirmed 4/5/Patchable page 207 4 Wireshark "airpcap.dll" DLL Hijacking Vulnerability CVSS: - Active QID: 118437 CVSS Base: 9.3 Category: Local CVSS Temporal: 7.7 CVE ID: CVE-2010-3133 Vendor Reference: wnpa-sec-2010-09, wnpa-sec-2010-10 Bugtraq ID: - Service Modified: 10/29/2010 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Upgrade to Wireshark Version 1.2.11 (http://www.wireshark.org/download.html) or later.

EXPLOITABILITY: Core Security Reference: CVE-2010-3133 Description: Wireshark airpcap DLL Hijacking Exploit - Core Security Category : Exploits/Client Side

The Exploit-DB Reference: CVE-2010-3133 Description: Wireshark Link: http://www.exploit-db.com/exploits/14721

RESULTS: %ProgramFiles%\Wireshark\wireshark.exe Version is 0.99.3.0 %ProgramFiles%\Wireshark\wireshark.exe Version is 0.99.3.0

4 Mozilla Firefox, Thunderbird, SeaMonkey Multiple Vulnerabilities (MFSA 2010-49 through MFSA 2010-63) CVSS: - Active QID: 118485 CVSS Base: 9.3 Category: Local CVSS Temporal: 7.3 CVE ID: CVE-2010-2760, CVE-2010-2762, CVE-2010-2763, CVE-2010-2764, CVE-2010-2765, CVE-2010-2766, CVE-2010-2767, CVE-2010-2768, CVE-2010-2769, CVE-2010-2770, CVE-2010-3166, CVE-2010-3167, CVE-2010-3168, CVE-2010-3169 Vendor Reference: MSFA2010-49, MSFA2010-50, MSFA2010-51, MSFA2010-52, MSFA2010-53, MSFA2010-54, MSFA2010-55, MSFA2010-56, MSFA2010-57, MSFA2010-58, MSFA2010-59, MSFA2010-60, MSFA2010-61, MSFA2010-62, MSFA2010-63 Bugtraq ID: - Service Modified: 09/17/2010 User Modified: - Edited: No PCI Vuln: No

10.10.10.220 Confirmed 4/5/Patchable page 208 SOLUTION: The vendor has released advisories and updates to fix these vulnerabilities. Refer to the following Mozilla Foundation security advisories for further details: MFSA 2010-49 (http://www.mozilla.org/security/announce/2010/mfsa2010-49.html), MFSA 2010-50 (http://www.mozilla.org/security/announce/2010/mfsa2010-50.html), MFSA 2010-51 (http://www.mozilla.org/security/announce/2010/mfsa2010-51.html), MFSA 2010-52 (http://www.mozilla.org/security/announce/2010/mfsa2010-52.html), MFSA 2010-53 (http://www.mozilla.org/security/announce/2010/mfsa2010-53.html), MFSA 2010-54 (http://www.mozilla.org/security/announce/2010/mfsa2010-54.html), MFSA 2010-55 (http://www.mozilla.org/security/announce/2010/mfsa2010-55.html), MFSA 2010-56 (http://www.mozilla.org/security/announce/2010/mfsa2010-56.html), MFSA 2010-57 (http://www.mozilla.org/security/announce/2010/mfsa2010-57.html), MFSA 2010-58 (http://www.mozilla.org/security/announce/2010/mfsa2010-58.html), MFSA 2010-59 (http://www.mozilla.org/security/announce/2010/mfsa2010-59.html), MFSA 2010-60 (http://www.mozilla.org/security/announce/2010/mfsa2010-60.html), MFSA 2010-61 (http://www.mozilla.org/security/announce/2010/mfsa2010-61.html), MFSA 2010-62 (http://www.mozilla.org/security/announce/2010/mfsa2010-62.html), MFSA 2010-63 (http://www.mozilla.org/security/announce/2010/mfsa2010-63.html).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1004441: Mozilla Firefox Crafted Font Remote Code Execution Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: C:\Program Files\Mozilla Firefox\firefox.exe Version is 2.0.0.4

4 Oracle Java SE Critical Patch Update - October 2010 CVSS: - Active QID: 118597 CVSS Base: 10 Category: Local CVSS Temporal: 7.8 CVE ID: CVE-2009-3555, CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574 Vendor Reference: Java Critical Patch Update Oct 2010 Bugtraq ID: - Service Modified: 10/14/2010 User Modified: - Edited: No PCI Vuln: No

SOLUTION: The vendor released an update to resolve these issues. Refer to vendor advisory Oracle javacpuoct2010 (http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html) to obtain more details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1004351: Detected Malicious HTTP Requests Virtual Patch #1004481: Oracle Java SE And Java For Business Remote Java Plug-in Vulnerability

10.10.10.220 Confirmed 4/5/Patchable page 209 EXPLOITABILITY: Core Security Reference: CVE-2010-3552 Description: Oracle Java docBase Parameter Buffer Overflow Exploit - Core Security Category : Exploits/Client Side

Metasploit Reference: CVE-2010-3552 Description: Sun Java Runtime New Plugin docbase Buffer Overflow - Metasploit Ref : /modules/exploit/windows/browser/java_docbase_bof Link: http://www.metasploit.com/modules/exploit/windows/browser/java_docbase_bof

Reference: CVE-2010-3563 Description: Sun Java Web Start BasicServiceImpl Code Execution - Metasploit Ref : /modules/exploit/windows/browser/java_basicservice_impl Link: http://www.metasploit.com/modules/exploit/windows/browser/java_basicservice_impl

The Exploit-DB Reference: CVE-2009-3555 Description: SSL MITM Vulnerability - The Exploit-DB Ref : 9972 Link: http://www.exploit-db.com/exploits/9972

Reference: CVE-2009-3555 Description: Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability - The Exploit-DB Ref : 10071 Link: http://www.exploit-db.com/exploits/10071

Reference: CVE-2010-3573 Description: Oracle JRE - java.net.URLConnection class � Same-of-Origin (SOP) Policy Bypass - The Exploit-DB Ref : 15288 Link: http://www.exploit-db.com/exploits/15288

Reference: CVE-2010-3552 Description: Oracle Java 6 OBJECT tag ""launchjnlp""/""docbase"" Param Buffer Overflow Exploit - The Exploit-DB Ref : 15241 Link: http://www.exploit-db.com/exploits/15241

Reference: CVE-2010-3563 Description: Sun Java Web Start BasicServiceImpl Remote Code Execution Exploit - The Exploit-DB Ref : 16495 Link: http://www.exploit-db.com/exploits/16495

Reference: CVE-2010-3552 Description: Sun Java Runtime New Plugin docbase Buffer Overflow - The Exploit-DB Ref : 16587 Link: http://www.exploit-db.com/exploits/16587

ExploitKits Reference: CVE-2010-3552 Description: Unspecified vulnerability in the New Java Plug-in . Java 6 < Update 22 . IE Only . ALL Windows

Link: http://contagiodump.blogspot.com/2010/06/overview-of-exploit-packs-update.html

RESULTS: C:\Program Files\Java\jre1.5.0_06\bin\client\jvm.dll found HKLM\Software\JavaSoft\Java Runtime Environment\1.5.0_06 Key found

4 Sun Java Runtime Environment Virtual Machine Remote Privilege Escalation Vulnerability CVSS: - Active QID: 118615 CVSS Base: 10 Category: Local CVSS Temporal: 7.4 CVE ID: CVE-2007-5689 Vendor Reference: - Bugtraq ID: - Service Modified: 10/25/2010 User Modified: - Edited: No

10.10.10.220 Confirmed 4/5/Patchable page 210 PCI Vuln: No

SOLUTION: Updates to fix these vulnerabilities are available. Links for downloading the updates are listed below:

JDK and JRE 6 Update 3 or later: http://java.sun.com/javase/downloads/index.jsp (http://java.sun.com/javase/downloads/index.jsp)

JDK and JRE 5.0 Update 12 or later: http://java.sun.com/javase/downloads/index_jdk5.jsp (http://java.sun.com/javase/downloads/index_jdk5.jsp)

Java SE for Business SDK and JRE 1.4.2_15 or later: http://www.sun.com/software/javaseforbusiness/getit_download.jsp (http://www.sun.com/software/javaseforbusiness/getit_download.jsp)

SDK and JRE 1.3.1_20 or later (for customers with Solaris 8 and Vintage Support Offering support contracts): http://java.sun.com/j2se/1.3/download.html (http://java.sun.com/j2se/1.3/download.html)

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: C:\Program Files\Java\jre1.5.0_06\bin\client\jvm.dll found HKLM\Software\JavaSoft\Java Runtime Environment\1.5.0_06 Key found

4 Mozilla Firefox SeaMonkey Thunderbird Multiple Vulnerabilities (MFSA2010-74 through MFSA2010-84) CVSS: - Active QID: 118823 CVSS Base: 9.3 Category: Local CVSS Temporal: 7.7 CVE ID: CVE-2010-3766, CVE-2010-3767, CVE-2010-3768, CVE-2010-3769, CVE-2010-3770, CVE-2010-3771, CVE-2010-3772, CVE-2010-3773, CVE-2010-3774, CVE-2010-3775, CVE-2010-3776, CVE-2010-3777, CVE-2010-3778 Vendor Reference: mfsa2010-75, mfsa2010-76, mfsa2010-77, mfsa2010-78, mfsa2010-79, mfsa2010-80, mfsa2010-81, mfsa2010-82, mfsa2010-83, mfsa2010-84, mfsa2010-74 Bugtraq ID: - Service Modified: 01/12/2011 User Modified: - Edited: No PCI Vuln: Yes

10.10.10.220 Confirmed 4/5/Patchable page 211 (http://www.mozilla.org/security/announce/2010/mfsa2010-75.html),MFSA2010-76 (http://www.mozilla.org/security/announce/2010/mfsa2010-76.html),MFSA2010-77 (http://www.mozilla.org/security/announce/2010/mfsa2010-77.html),MFSA2010-78 (http://www.mozilla.org/security/announce/2010/mfsa2010-78.html),MFSA2010-79 (http://www.mozilla.org/security/announce/2010/mfsa2010-79.html),MFSA2010-80 (http://www.mozilla.org/security/announce/2010/mfsa2010-80.html),MFSA2010-81 (http://www.mozilla.org/security/announce/2010/mfsa2010-81.html),MFSA2010-82 (http://www.mozilla.org/security/announce/2010/mfsa2010-82.html),MFSA2010-83 (http://www.mozilla.org/security/announce/2010/mfsa2010-83.html),MFSA2010-84 (http://www.mozilla.org/security/announce/2010/mfsa2010-84.html).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1004547: Mozilla Firefox Multiple HTML Injection Vulnerabilities

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: C:\Program Files\Mozilla Firefox\firefox.exe Version is 2.0.0.4

4 Mozilla Firefox, SeaMonkey, Thunderbird Multiple Vulnerabilities (MFSA 2011-12 through MFSA 2011-18) CVSS: - Active QID: 119217 CVSS Base: 10 Category: Local CVSS Temporal: 7.8 CVE ID: CVE-2011-0066, CVE-2011-0067, CVE-2011-0069, CVE-2011-0070, CVE-2011-0071, CVE-2011-0072, CVE-2011-0073, CVE-2011-0074, CVE-2011-0075, CVE-2011-0076, CVE-2011-0077, CVE-2011-0078, CVE-2011-0080, CVE-2011-0081, CVE-2011-1202, CVE-2011-0068, CVE-2011-0079 Vendor Reference: mfsa2011-12, mfsa2011-13, mfsa2011-14, mfsa2011-15, mfsa2011-16, mfsa2011-17, mfsa2011-18 Bugtraq ID: - Service Modified: 05/02/2011 User Modified: - Edited: No PCI Vuln: No

SOLUTION: The vendor has released advisories and updates to fix these vulnerabilities. Refer to the following Mozilla Foundation security advisories for further details: MFSA 2011-02 (http://www.mozilla.org/security/announce/2011/mfsa2011-12.html), MFSA 2011-13 (http://www.mozilla.org/security/announce/2011/mfsa2011-13.html), MFSA2011-14 (http://www.mozilla.org/security/announce/2011/mfsa2011-14.html), MFSA2011-15 (http://www.mozilla.org/security/announce/2011/mfsa2011-15.html), MFSA2011-16 (http://www.mozilla.org/security/announce/2011/mfsa2011-16.html), MFSA2011-17 (http://www.mozilla.org/security/announce/2011/mfsa2011-17.html), MFSA2011-18 (http://www.mozilla.org/security/announce/2011/mfsa2011-18.html).

EXPLOITABILITY: Metasploit Reference: CVE-2011-0073 Description: Mozilla Firefox "nsTreeRange" Dangling Pointer Vulnerability - Metasploit Ref : /modules/exploit/windows/browser/mozilla_nstreerange Link: http://www.metasploit.com/modules/exploit/windows/browser/mozilla_nstreerange

The Exploit-DB Reference: CVE-2011-0073

10.10.10.220 Confirmed 4/5/Patchable page 212 Description: Mozilla Firefox ""nsTreeRange"" Dangling Pointer Vulnerability - The Exploit-DB Ref : 17520 Link: http://www.exploit-db.com/exploits/17520

Reference: CVE-2011-0073 Description: Mozilla Firefox ""nsTreeRange"" Dangling Pointer Exploit - The Exploit-DB Ref : 17419 Link: http://www.exploit-db.com/exploits/17419

RESULTS: C:\Program Files\Mozilla Firefox\firefox.exe Version is 2.0.0.4

4 Microsoft Windows Cumulative Security Update of ActiveX Kill Bits (MS10-008) CVSS: - Active QID: 90583 CVSS Base: 9.3 Category: Windows CVSS Temporal: 6.9 CVE ID: CVE-2010-0252 Vendor Reference: MS10-008 Bugtraq ID: 38045 Service Modified: 07/08/2010 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (http://www.microsoft.com/downloads/details.aspx?FamilyID=543dc6a7-fa76-4ba9-81e4-25fdf2013548)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?FamilyID=7bcf3945-0552-478e-b7f3-bbca97dd1b5d)

Windows XP Professional x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?FamilyId=25ef97e8-e76e-44c2-953c-f94cbac552cf)

Windows Server 2003 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?FamilyID=29ff72f7-1663-4f35-a794-2dfe3c17b39c)

Windows Server 2003 x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?FamilyID=d4a97bb7-4f74-4884-9a6e-7a4df9c540fb)

Windows Server 2003 with SP2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?FamilyID=b84f0be4-6d11-4b07-bb3c-2c76ae9ceea8)

Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?FamilyID=2c897ddd-f441-41d4-b5b4-d794cfc96e6b)

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?FamilyID=9a85b1bf-7427-47d0-9e1b-21dbe824a62c)

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?FamilyID=fde218c3-90ab-4664-852d-25ca55835054)

Windows 7 for 32-bit Systems (http://www.microsoft.com/downloads/details.aspx?FamilyID=ec6d996f-dffa-45ad-9467-e96a4ac63e5f)

10.10.10.220 Confirmed 4/5/Patchable page 213 Windows 7 for x64-based Systems (http://www.microsoft.com/downloads/details.aspx?FamilyID=b3265576-04c1-48b1-8ce9-128843c58cf5)

Windows Server 2008 R2 for x64-based Systems (http://www.microsoft.com/downloads/details.aspx?FamilyID=cda31c54-8b81-4185-a623-64480ad4b73c)

Windows Server 2008 R2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?FamilyID=43fa4e26-160f-4aa3-a03d-b98a79666a18)

Refer to Microsoft Security Bulletin MS10-008 (http://www.microsoft.com/technet/security/bulletin/MS10-008.mspx) for further details.

Workaround: 1) Set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting.

2) Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone.

Impact of workaround #1 and #2: On visiting Web sites on the Internet or Intranet that use ActiveX or Active Scripting to provide additional functionality, you will be prompted frequently when you enable this workaround.

3) Prevent COM objects from running in Internet Explorer.

Refer to the advisory to obtain detailed information on enabling and disabling the workarounds.

Virtual Patches:

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB980195\Filelist is missing HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB978262\Filelist is missing

4 Microsoft Windows Indexing Service Remote Code Execution Vulnerability (MS09-057) CVSS: - Active QID: 90554 CVSS Base: 9.3 Category: Windows CVSS Temporal: 6.9 CVE ID: CVE-2009-2507 Vendor Reference: MS09-057 Bugtraq ID: 36629 Service Modified: 11/10/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (http://www.microsoft.com/downloads/details.aspx?familyid=b34d94b5-b828-4e16-a636-04344c60d945)

Windows XP Service Pack 2 and Windows XP Service Pack 3

10.10.10.220 Confirmed 4/5/Patchable page 214 (http://www.microsoft.com/downloads/details.aspx?familyid=768fd74e-0a2f-4353-ac22-65d0d6321739)

Windows XP Professional x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=270ec100-5ba1-4f8c-aa36-105d30ad57bf)

Windows Server 2003 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=78072164-84d1-44da-8ede-2a9d212d47a9)

Windows Server 2003 x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=8aa1f97d-ad53-4450-bb93-4a147dd10a87)

Windows Server 2003 with SP2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=fb5678b9-5ef1-42db-902e-c9ea02880e0a)

Refer to Microsoft Security Bulletin MS09-057 (http://www.microsoft.com/technet/security/bulletin/MS09-057.mspx) for further details.

Workarounds: 1) Unregister ixsso.dll as follows: - Click Start, click Run, type "%SystemRoot%\System32\regsvr32.exe" /u ixsso.dll, and then click OK. - A dialog box appears to confirm that the unregistration process has succeeded. Click OK to close the dialog box.

Impact of workaround #1: The Windows Indexing Service will not be able to construct an indexed catalog to facilitate efficient and rapid searching. Searches may take longer to complete.

2) Prevent the Indexing Service ActiveX control COM object from running in Internet Explorer. Refer to Microsoft article KB240797 (http://support.microsoft.com/kb/240797) for information on setting the kill bit.

Impact of workaround #2: Internet Explorer will no longer be able to invoke the Indexing Service ActiveX control.

3) Set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting

4) Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone

Impact of workarounds #3 and #4: On visiting Web sites on the Internet or Intranet that use ActiveX or Active Scripting to provide additional functionality, you will be prompted frequently when you enable this workaround.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003771: Memory Corruption In Indexing Service Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB969059\Filelist is missing %windir%\system32\query.dll Version is 5.2.3790.552

4 Microsoft Windows CryptoAPI Spoofing Vulnerability (MS09-056) CVSS: - Active QID: 90552 CVSS Base: 7.5 Category: Windows CVSS Temporal: 5.5 CVE ID: CVE-2009-2510, CVE-2009-2511 Vendor Reference: MS09-056 Bugtraq ID: 36475, 36577 Service Modified: 07/08/2010 User Modified: - Edited: No PCI Vuln: Yes

10.10.10.220 Confirmed 4/5/Patchable page 215 First Detected: 07/27/2011 at 19:27:53 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 25

CVSS Environment: Asset Group: - Collateral Damage Potential: - Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (http://www.microsoft.com/downloads/details.aspx?familyid=52b9198d-b65f-467a-a5ab-141e23d64a86)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (http://www.microsoft.com/downloads/details.aspx?familyid=9c5ab624-e37b-418a-a919-d8f652b15679)

Windows XP Professional x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=ad29696d-4611-4a12-9dfa-74fa6866b759)

Windows Server 2003 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=49e9cc53-cf17-4bc7-aaaa-92213167e1a9)

Windows Server 2003 x64 Edition Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=d170cef9-f5d2-4fcd-997b-e778ad5a6797)

Windows Server 2003 with SP2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=2ede1eb9-7f5f-411d-bbc3-5db46d80e0bb)

Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=8b5a9a95-9439-40c8-acef-000b919daa04)

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=f9b487af-fe73-42a8-b240-d59c4321f95b)

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=0d8a2a3e-d7d4-47fb-8364-16fce28e4d38)

Windows 7 for 32-bit Systems (http://www.microsoft.com/downloads/details.aspx?familyid=ad6f06d5-27db-445d-a8b2-c42adc90afc0)

Windows 7 for x64-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=70cd0270-77e9-492a-82d9-798364640c10)

Windows Server 2008 R2 for x64-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=ce78c019-ec08-4ec6-abec-334f5ec5cb76)

Windows Server 2008 R2 for Itanium-based Systems (http://www.microsoft.com/downloads/details.aspx?familyid=6442a77a-3c0d-4beb-b2d2-2885376c2135)

Refer to Microsoft Security Bulletin MS09-056 (http://www.microsoft.com/technet/security/bulletin/MS09-056.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1003670: Multiple Browser Certificate Regexp Parsing Heap Overflow 10.10.10.220 Confirmed 4/5/Patchable page 216 Virtual Patch #1003779: Truncation In X.509 Common Name Spoofing Vulnerability Virtual Patch #1003780: Integer Overflow In X.509 Object Identifiers Spoofing Vulnerability EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB974571 is missing %windir%\System32\msasn1.dll Version is 5.2.3790.139

4 Microsoft Outlook Remote Code Execution Vulnerabilities (MS07-003) CVSS: - Active QID: 110049 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 7.3 CVE ID: CVE-2007-0033, CVE-2006-1305, CVE-2007-0034 Vendor Reference: MS07-003 Bugtraq ID: 21937, 21931, 21936 Service Modified: 06/10/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office 2000 Service Pack 3 (Microsoft Outlook 2000 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=97CE0B32-C6AF-4C6C-ABF1-838ED89062EB (http://www.microsoft.com/downloads/details.aspx?FamilyId=97CE0B32-C6AF-4C6C-ABF1-838ED89062EB) Microsoft Office XP Service Pack 3 (Microsoft Outlook 2002 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=1D1991C5-3DE3-4258-9120-058FFD62B4F5 (http://www.microsoft.com/downloads/details.aspx?FamilyId=1D1991C5-3DE3-4258-9120-058FFD62B4F5) Microsoft Office 2003 Service Pack 2 (Microsoft Outlook 2003 ):http://www.microsoft.com/downloads/details.aspx?FamilyId=9E4DD8AE-2564-4176-AC2E-E3760058CB56 (http://www.microsoft.com/downloads/details.aspx?FamilyId=9E4DD8AE-2564-4176-AC2E-E3760058CB56) Refer to Micrsoft Security Bulletin MS07-003 (http://www.microsoft.com/technet/security/bulletin/MS07-003.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1000904: Microsoft Outlook VEVENT Remote Code Execution

EXPLOITABILITY: Core Security Reference: CVE-2007-0034 Description: Microsoft Outlook MS07-003 Exploit - Core Security Category : Exploits/Client Side

RESULTS: C:\Program Files\Microsoft Office\OFFICE11\\Outlmime.dll version is 11.0.6555.0 . %ProgramFiles%\Microsoft Office\OFFICE11\Outllib.dll version is 11.0.8002.0 .

4 Microsoft Exchange Remote Code Execution (MS06-019) CVSS: - Active QID: 90309 CVSS Base: 7.5 Category: Windows CVSS Temporal: 5.9 CVE ID: CVE-2006-0027 Vendor Reference: MS06-019

10.10.10.220 Confirmed 4/5/Patchable page 217 Bugtraq ID: 17908 Service Modified: 06/18/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Exchange Server 2000 with the Exchange 2000 Post Service Pack 3 Update Rollup of August 2004: http://support.microsoft.com/kb/870540/ (http://support.microsoft.com/kb/870540/) Microsoft Exchange Server 2003 Service Pack 1 : http://www.microsoft.com/downloads/details.aspx?FamilyId=F32574E0-F35C-4537-9AD0-524CB49AFE53 (http://www.microsoft.com/downloads/details.aspx?FamilyId=F32574E0-F35C-4537-9AD0-524CB49AFE53 ) Microsoft Exchange Server 2003 Service Pack 2 : http://www.microsoft.com/downloads/details.aspx?FamilyId=82AE4397-0982-4585-84C1-DC1AF6944A0F (http://www.microsoft.com/downloads/details.aspx?FamilyId=82AE4397-0982-4585-84C1-DC1AF6944A0F) Refer to Micrsoft Security Bulletin MS06-019 (http://www.microsoft.com/technet/security/bulletin/MS06-019.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1000456: Calendar Remote Code Execution Vulnerability.

EXPLOITABILITY: Core Security Reference: CVE-2006-0027 Description: Exchange CDO Calendar PreEnum exploit - Core Security Category : Exploits/Remote

Metasploit Reference: CVE-2006-0027 Description: MS06-019 Exchange MODPROP Heap Overflow - Metasploit Ref : /modules/auxiliary/dos/windows/smtp/ms06_019_exchange Link: http://www.metasploit.com/modules/auxiliary/dos/windows/smtp/ms06_019_exchange

RESULTS: HKLM\SYSTEM\CurrentControlSet\Services\LicenseInfo\MSExchangeIS DisplayName = Microsoft Exchange Server 2003 HKLM\SOFTWARE\Microsoft\Exchange\Setup ServicePackNumber = 2 HKLM\SOFTWARE\Microsoft\Updates\Exchange Server 2003\SP3\KB931832 is missing %ProgramFiles%\Exchsrvr\res\mdbmsg.dll version is 6.5.7638.2 . HKLM\SOFTWARE\Microsoft\Updates\Exchange Server 2003\SP3\KB916803 is missing %ProgramFiles%\Common Files\Microsoft Shared\CDO\cdoex.dll version is 6.5.7638.1 .

4 Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection CVSS: - Active (MS06-029)

QID: 90318 CVSS Base: 2.6 Category: Windows CVSS Temporal: 1.9 CVE ID: CVE-2006-1193 Vendor Reference: MS06-029 Bugtraq ID: - Service Modified: 06/04/2009 User Modified: -

10.10.10.220 Confirmed 4/5/Patchable page 218 Edited: No PCI Vuln: No

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Exchange 2000 Server Pack 3 with the August 2004 Exchange 2000 Server Post Service Pack 3 Update Rollup : http://www.microsoft.com/downloads/details.aspx?FamilyId=746CE64E-3186-422B-A13B-004E7942189B (http://www.microsoft.com/downloads/details.aspx?FamilyId=746CE64E-3186-422B-A13B-004E7942189B) Microsoft Exchange Server 2003 Service Pack 1 : http://www.microsoft.com/downloads/details.aspx?FamilyId=0E192781-847F-41C1-B32A-84218DB60942 (http://www.microsoft.com/downloads/details.aspx?FamilyId=0E192781-847F-41C1-B32A-84218DB60942) Microsoft Exchange Server 2003 Service Pack 2 : http://www.microsoft.com/downloads/details.aspx?FamilyId=C777BC9F-52B7-4F17-96C7-DAF3B9987D70 (http://www.microsoft.com/downloads/details.aspx?FamilyId=C777BC9F-52B7-4F17-96C7-DAF3B9987D70) Refer to Microsoft Security Bulletin MS06-029 (http://www.microsoft.com/technet/security/bulletin/MS06-029.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1000614: Microsoft Exchange Server Outlook Web Access Script Injection Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SYSTEM\CurrentControlSet\Services\LicenseInfo\MSExchangeIS DisplayName = Microsoft Exchange Server 2003 HKLM\SOFTWARE\Microsoft\Exchange\Setup ServicePackNumber = 2 HKLM\SOFTWARE\Microsoft\Updates\Exchange Server 2003\SP3\KB931832 is missing %ProgramFiles%\Exchsrvr\res\mdbmsg.dll version is 6.5.7638.2 . HKLM\SOFTWARE\Microsoft\Updates\Exchange Server 2003\SP3\KB912442 is missing %ProgramFiles%\Exchsrvr\bin\store.exe version is 6.5.7638.2 .

4 Microsoft VBScript Remote Code Execution Vulnerability (MS10-022 and KB981169) CVSS: - Active QID: 90587 CVSS Base: 7.6 Category: Windows CVSS Temporal: 6 CVE ID: CVE-2010-0483 Vendor Reference: KB981169, MS10-022 Bugtraq ID: - Service Modified: 08/26/2010 User Modified: - Edited: No PCI Vuln: Yes

10.10.10.220 Confirmed 4/5/Patchable page 219 SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 (VBScript 5.1) (http://www.microsoft.com/downloads/details.aspx?familyid=421BE318-F217-4D12-B7A5-833093189073) Microsoft Windows 2000 Service Pack 4 (VBScript 5.6) (http://www.microsoft.com/downloads/details.aspx?familyid=421BE318-F217-4D12-B7A5-833093189073)

Microsoft Windows 2000 Service Pack 4 (VBScript 5.7) (http://www.microsoft.com/downloads/details.aspx?familyid=D5FC47A4-CECB-4817-AAFB-45F335061BE3) Windows XP Service Pack 2 (VBScript 5.6) (http://www.microsoft.com/downloads/details.aspx?familyid=AA8FF157-A7B3-4787-80C9-5BC453F0F1C9) Windows XP Service Pack 2 and Windows XP Service Pack 3 (VBScript 5.7) (http://www.microsoft.com/downloads/details.aspx?familyid=CB21D276-65E9-4C8F-96E3-CF6DC36D0133)

Windows XP Service Pack 2 and Windows XP Service Pack 3 (VBScript 5.8) (http://www.microsoft.com/downloads/details.aspx?familyid=BA7EF6E5-80BA-4281-A611-6E5BE008C1B4) Windows XP Professional x64 Edition Service Pack 2 (VBScript 5.6) (http://www.microsoft.com/downloads/details.aspx?familyid=896C738D-4058-440F-8D4F-16C678610CD1) Windows XP Professional x64 Edition Service Pack 2 (VBScript 5.7) (http://www.microsoft.com/downloads/details.aspx?familyid=D7E8B930-8708-4F0B-B22B-961C2CBC2673)

Windows XP Professional x64 Edition Service Pack 2 (VBScript 5.8) (http://www.microsoft.com/downloads/details.aspx?familyid=153FD9C1-0F8E-4492-87D1-F0381E7FEB23) Windows Server 2003 Service Pack 2 (VBScript 5.6) (http://www.microsoft.com/downloads/details.aspx?familyid=28B035B8-D56E-4E93-B811-9A82CF1D4BA9) Windows Server 2003 Service Pack 2 (VBScript 5.7) (http://www.microsoft.com/downloads/details.aspx?familyid=A142A553-85FC-40E0-9426-8D58F6A4333C) Windows Server 2003 Service Pack 2 (VBScript 5.8) (http://www.microsoft.com/downloads/details.aspx?familyid=72754E1B-3D09-4B9D-8794-689C45A37F66) Windows Server 2003 x64 Edition Service Pack 2 (VBScript 5.6) (http://www.microsoft.com/downloads/details.aspx?familyid=339DDF48-8949-4857-9EF6-1DDCC7C5F8B8)

Windows Server 2003 x64 Edition Service Pack 2 (VBScript 5.7) (http://www.microsoft.com/downloads/details.aspx?familyid=A489B4E3-78D2-411B-B27C-5987B8FC91D1) For a complete list of patch download links, please refer to Microsoft Security Bulletin MS10-022 (http://www.microsoft.com/technet/security/bulletin/MS10-022.mspx).

Workarounds:1) Avoid pressing F1 on untrusted Web sites. 2) Restrict access to the Windows Help System. Impact of workaround #2: The Windows Help System will be unavailable, and users may not be able to invoke the help function in applications. The attempt to open the help function in applications may lead to an error message. 3) Set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting

4) Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone

Impact of workaround #3 and #4: On visiting Web sites on the Internet or Intranet that use ActiveX or Active Scripting to provide additional functionality, you will be prompted frequently when you enable this workaround. Detailed instructions on applying the workarounds can be found at Microsoft Security Bulletin MS10-022 (http://www.microsoft.com/technet/security/bulletin/MS10-022.mspx).

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1004019: 1004019 - Microsoft Internet Explorer win32hlp Remote Code Execution

EXPLOITABILITY: Immunity Reference: CVE-2010-0483 Description: ie_help - Immunity Ref : ie_help Link: http://qualys.immunityinc.com/home/exploitpack/CANVAS/ie_help/qualys_user

Immunity - Agora Reference: CVE-2010-0483 Description: Arbitrary command execution using windows help files - Immunity - Agora Ref : ag_win_msgbox Link: http://qualys.immunityinc.com/home/exploitpack/Agora/ag_win_msgbox/qualys_user

Metasploit Reference: CVE-2010-0483 Description: Internet Explorer Winhlp32.exe MsgBox Code Execution - Metasploit Ref : /modules/exploit/windows/browser/ms10_022_ie_vbscript_winhlp32

10.10.10.220 Confirmed 4/5/Patchable page 220 Link: http://www.metasploit.com/modules/exploit/windows/browser/ms10_022_ie_vbscript_winhlp32

The Exploit-DB Reference: CVE-2010-0483 Description: Internet Explorer 'winhlp32.exe' 'MsgBox()' Remote Code Execution Vulnerability - The Exploit-DB Ref : 11615 Link: http://www.exploit-db.com/exploits/11615

Reference: CVE-2010-0483 Description: Internet Explorer Winhlp32.exe MsgBox Code Execution - The Exploit-DB Ref : 16541 Link: http://www.exploit-db.com/exploits/16541

ExploitKits Reference: CVE-2010-0483 Description: Internet Explorer Winhlp32.exe MsgBox Code Execution

Link: http://contagiodump.blogspot.com/2010/06/overview-of-exploit-packs-update.html

RESULTS: HKLM\Software\Microsoft\Internet Explorer Version = 6.0.3790.0 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB981350 is missing HKLM\Software\Microsoft\Internet Explorer Version = 6.0.3790.0 %windir%\system32\VBscript.dll Version is 5.6.0.8515

4 Microsoft Agent Allows Remote Code Execution (MS07-020) CVSS: - Active QID: 90392 CVSS Base: 9.3 Category: Windows CVSS Temporal: 6.9 CVE ID: CVE-2007-1205 Vendor Reference: MS07-020 Bugtraq ID: - Service Modified: 09/04/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4 : http://www.microsoft.com/downloads/details.aspx?FamilyId=49dc470b-64e2-47ec-be90-622b407c7751 (http://www.microsoft.com/downloads/details.aspx?FamilyId=49dc470b-64e2-47ec-be90-622b407c7751) Microsoft Windows XP Service Pack 2 : http://www.microsoft.com/downloads/details.aspx?FamilyId=e16ededa-6e8c-40d6-a3c0-d61362411acc (http://www.microsoft.com/downloads/details.aspx?FamilyId=e16ededa-6e8c-40d6-a3c0-d61362411acc) Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP Professional x64 Edition Service Pack 2 : http://www.microsoft.com/downloads/details.aspx?FamilyId=23909036-898f-41af-a3de-4a899a15d25d (http://www.microsoft.com/downloads/details.aspx?FamilyId=23909036-898f-41af-a3de-4a899a15d25d) Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 and Microsoft Server 2003 Service Pack 2 : http://www.microsoft.com/downloads/details.aspx?FamilyId=281f10d2-d754-44cd-8318-9ce94b8d01b4 (http://www.microsoft.com/downloads/details.aspx?FamilyId=281f10d2-d754-44cd-8318-9ce94b8d01b4) Microsoft Windows Server 2003 x64 Edition and Microsoft Windows Server 2003 x64 Edition Service Pack 2 : http://www.microsoft.com/downloads/details.aspx?FamilyId=50469b54-b6ff-46ed-b2bc-3b00b0984e1e (http://www.microsoft.com/downloads/details.aspx?FamilyId=50469b54-b6ff-46ed-b2bc-3b00b0984e1e) Microsoft Windows Server 2003 for Itanium based Systems, Microsoft Windows Server 2003 with SP1 for Itanium based Systems, and Microsoft Windows Server 2003 with SP2 for Itanium based Systems :

10.10.10.220 Confirmed 4/5/Patchable page 221 http://www.microsoft.com/downloads/details.aspx?FamilyId=883660ca-e976-460f-8e50-c19d1b02b42f (http://www.microsoft.com/downloads/details.aspx?FamilyId=883660ca-e976-460f-8e50-c19d1b02b42f) Refer to Micrsoft Security Bulletin MS07-020 (http://www.microsoft.com/technet/security/bulletin/MS07-020.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1000985: Microsoft Agent Remote Code Execution

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB932168 is missing %windir%\msagent\Agentdpv.dll Version is 2.0.0.3424

4 Cumulative Security Update for Outlook Express and Windows Mail (MS07-034) CVSS: - Active QID: 90398 CVSS Base: 9.3 Category: Windows CVSS Temporal: 7.7 CVE ID: CVE-2006-2111, CVE-2007-1658, CVE-2007-2225, CVE-2007-2227 Vendor Reference: MS07-034 Bugtraq ID: 17717, 23103 Service Modified: 09/26/2007 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Windows XP Service Pack 2 (Microsoft Outlook Express 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=27cca556-0872-4803-b610-4c895ceb99aa (http://www.microsoft.com/downloads/details.aspx?FamilyId=27cca556-0872-4803-b610-4c895ceb99aa) Windows XP Professional x64 Edition (Microsoft Outlook Express 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=1ea813bf-bddb-40f0-8960-b9debc8413e7 (http://www.microsoft.com/downloads/details.aspx?FamilyId=1ea813bf-bddb-40f0-8960-b9debc8413e7) Windows XP Professional x64 Edition Service Pack 2 (Microsoft Outlook Express 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=1ea813bf-bddb-40f0-8960-b9debc8413e7 (http://www.microsoft.com/downloads/details.aspx?FamilyId=1ea813bf-bddb-40f0-8960-b9debc8413e7) Windows Server 2003 Service Pack 1 (Microsoft Outlook Express 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=93808a74-035c-4ab7-9283-c693d7bd82be (http://www.microsoft.com/downloads/details.aspx?FamilyId=93808a74-035c-4ab7-9283-c693d7bd82be) Windows Server 2003 Service Pack 2 (Microsoft Outlook Express 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=93808a74-035c-4ab7-9283-c693d7bd82be (http://www.microsoft.com/downloads/details.aspx?FamilyId=93808a74-035c-4ab7-9283-c693d7bd82be) Windows Server 2003 x64 Edition (Microsoft Outlook Express 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=f63323a9-e285-45e5-84bd-71ae9da126e3 (http://www.microsoft.com/downloads/details.aspx?FamilyId=f63323a9-e285-45e5-84bd-71ae9da126e3) Windows Server 2003 x64 Edition Service Pack 2 (Microsoft Outlook Express 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=f63323a9-e285-45e5-84bd-71ae9da126e3 (http://www.microsoft.com/downloads/details.aspx?FamilyId=f63323a9-e285-45e5-84bd-71ae9da126e3) Windows Server 2003 with SP1 for Itanium-based Systems (Microsoft Outlook Express 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=2e62e96e-6571-437d-a612-99175ac39025 (http://www.microsoft.com/downloads/details.aspx?FamilyId=2e62e96e-6571-437d-a612-99175ac39025) Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft Outlook Express 6):http://www.microsoft.com/downloads/details.aspx?FamilyId=2e62e96e-6571-437d-a612-99175ac39025

10.10.10.220 Confirmed 4/5/Patchable page 222 (http://www.microsoft.com/downloads/details.aspx?FamilyId=2e62e96e-6571-437d-a612-99175ac39025) Windows Vista (Windows Mail):http://www.microsoft.com/downloads/details.aspx?FamilyId=ee57de19-44ea-48f2-ae28-e76fd2018633 (http://www.microsoft.com/downloads/details.aspx?FamilyId=ee57de19-44ea-48f2-ae28-e76fd2018633) Windows Vista x64 Edition (Windows Mail):http://www.microsoft.com/downloads/details.aspx?FamilyId=343db20f-7794-4423-b11d-885329fbdf78 (http://www.microsoft.com/downloads/details.aspx?FamilyId=343db20f-7794-4423-b11d-885329fbdf78) Refer to Micrsoft Security Bulletin MS07-034 (http://www.microsoft.com/technet/security/bulletin/MS07-034.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1000503: Microsoft Internet Explorer MHTML URI Buffer Overflow Virtual Patch #1000973: Microsoft Windows Vista Windows Mail Local File Execution

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB929123\Filelist is missing HKLM\SOFTWARE\Microsoft\Updates\Windows XP Version 2003\SP3\KB929123\Filelist is missing HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB929123\Filelist is missing %windir%\system32\inetcomm.dll Version is 6.0.3790.607

4 Windows Schannel Security Package Could Allow Remote Code Execution (MS07-031) CVSS: - Active QID: 115571 CVSS Base: 9.3 Category: Local CVSS Temporal: 6.9 CVE ID: CVE-2007-2218 Vendor Reference: MS07-031 Bugtraq ID: 24416 Service Modified: 06/10/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Windows 2000 Service Pack 4: http://www.microsoft.com/downloads/details.aspx?FamilyId=5b8e728c-cb9f-4176-93a0-bf42d6387f93 (http://www.microsoft.com/downloads/details.aspx?FamilyId=5b8e728c-cb9f-4176-93a0-bf42d6387f93) Windows XP Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyId=8615e6f3-415b-4c23-ba52-7eef70a11d77 (http://www.microsoft.com/downloads/details.aspx?FamilyId=8615e6f3-415b-4c23-ba52-7eef70a11d77) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyId=7e994340-c616-4f66-845b-7eaf095e968a (http://www.microsoft.com/downloads/details.aspx?FamilyId=7e994340-c616-4f66-845b-7eaf095e968a) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyId=39e6c6d2-7e6f-4992-a731-36f44fe2d87f (http://www.microsoft.com/downloads/details.aspx?FamilyId=39e6c6d2-7e6f-4992-a731-36f44fe2d87f) Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyId=da424772-079c-4351-9759-8886e0f1ba79 (http://www.microsoft.com/downloads/details.aspx?FamilyId=da424772-079c-4351-9759-8886e0f1ba79) Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?FamilyId=028592ff-2b69-472e-b186-bd2cc76bdfa4 (http://www.microsoft.com/downloads/details.aspx?FamilyId=028592ff-2b69-472e-b186-bd2cc76bdfa4) Refer to Micrsoft Security Bulletin MS07-031 (http://www.microsoft.com/technet/security/bulletin/MS07-031.mspx) for further details.

Virtual Patches:

10.10.10.220 Confirmed 4/5/Patchable page 223 Trend Micro Virtual Patching Virtual Patch #1001039: Microsoft Windows Schannel Security Package Code Execution Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB935840 is missing %windir%\system32\schannel.dll Version is 5.2.3790.132

4 Win 32 API Could Allow Remote Code Execution (MS07-035) CVSS: - Active QID: 90397 CVSS Base: 9.3 Category: Windows CVSS Temporal: 6.9 CVE ID: CVE-2007-2219 Vendor Reference: MS07-035 Bugtraq ID: 24370 Service Modified: 09/04/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Windows 2000 Service Pack 4: http://www.microsoft.com/downloads/details.aspx?FamilyId=3918ac76-ebb6-4886-9a9e-808eafb96b1b (http://www.microsoft.com/downloads/details.aspx?FamilyId=3918ac76-ebb6-4886-9a9e-808eafb96b1b) Windows XP Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyId=27c7f1b9-2d1d-40cb-ad7e-bfedb6156a9c (http://www.microsoft.com/downloads/details.aspx?FamilyId=27c7f1b9-2d1d-40cb-ad7e-bfedb6156a9c) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyId=0ba12191-1e6f-443b-9150-7ab8b2deb7c2 (http://www.microsoft.com/downloads/details.aspx?FamilyId=0ba12191-1e6f-443b-9150-7ab8b2deb7c2) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyId=d554dff4-bcfb-4bbc-8fa0-af2f939d2610 (http://www.microsoft.com/downloads/details.aspx?FamilyId=d554dff4-bcfb-4bbc-8fa0-af2f939d2610) Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyId=170473d8-6bb1-4fbd-8494-a059dbfdf182 (http://www.microsoft.com/downloads/details.aspx?FamilyId=170473d8-6bb1-4fbd-8494-a059dbfdf182) Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?FamilyId=f5e45e3c-4cac-41a5-99f7-42c2c2c73e99 (http://www.microsoft.com/downloads/details.aspx?FamilyId=f5e45e3c-4cac-41a5-99f7-42c2c2c73e99) Refer to Micrsoft Security Bulletin MS07-035 (http://www.microsoft.com/technet/security/bulletin/MS07-035.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1001052: Microsoft Windows Win32 API Code Execution Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS:

10.10.10.220 Confirmed 4/5/Patchable page 224 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB935839\Filelist is missing %windir%\System32\kernel32.dll Version is 5.2.3790.566

4 Microsoft OLE Automation Could Allow Remote Code Execution (MS07-043) CVSS: - Active QID: 90404 CVSS Base: 9.3 Category: Windows CVSS Temporal: 7.3 CVE ID: CVE-2007-2224 Vendor Reference: MS07-043 Bugtraq ID: - Service Modified: 06/10/2009 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Windows 2000 Service Pack 4: http://www.microsoft.com/downloads/details.aspx?FamilyId=5c35b6e8-732a-4451-b5d4-23ed63e6e792 (http://www.microsoft.com/downloads/details.aspx?FamilyId=5c35b6e8-732a-4451-b5d4-23ed63e6e792) Windows XP Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyId=6e8de050-8589-4831-ae19-075c93509485 (http://www.microsoft.com/downloads/details.aspx?FamilyId=6e8de050-8589-4831-ae19-075c93509485) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyId=b85bb583-dc61-4d37-b458-208f5bb07ece (http://www.microsoft.com/downloads/details.aspx?FamilyId=b85bb583-dc61-4d37-b458-208f5bb07ece) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyId=15d4d4fa-9bab-4da5-978e-f89c78c8086a (http://www.microsoft.com/downloads/details.aspx?FamilyId=15d4d4fa-9bab-4da5-978e-f89c78c8086a) Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyId=6608d722-3ef8-4085-b771-7b17bb0ba06e (http://www.microsoft.com/downloads/details.aspx?FamilyId=6608d722-3ef8-4085-b771-7b17bb0ba06e) Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?FamilyId=fc04451a-0696-4a21-b2b6-f02d4e2c33bf (http://www.microsoft.com/downloads/details.aspx?FamilyId=fc04451a-0696-4a21-b2b6-f02d4e2c33bf) Microsoft Office 2004 for Mac: http://www.microsoft.com/mac/downloads.aspx#Office2004 (http://www.microsoft.com/mac/downloads.aspx#Office2004) Microsoft Visual Basic 6.0 Service Pack 6 : http://www.microsoft.com/downloads/details.aspx?FamilyId=E1646FB0-29D5-4A6E-A8D2-304C4D7735B7 (http://www.microsoft.com/downloads/details.aspx?FamilyId=E1646FB0-29D5-4A6E-A8D2-304C4D7735B7) Refer to Micrsoft Security Bulletin MS07-043 (http://www.microsoft.com/technet/security/bulletin/MS07-043.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1001065: Microsoft Windows OLE Automation Memory Corruption Vulnerability

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB921503\Filelist is missing %windir%\System32\oleaut32.dll Version is 5.2.3790.0

10.10.10.220 Confirmed 4/5/Patchable page 225 4 Internet Information Services Remote Code Execution Vulnerability (MS08-006) CVSS: - Active QID: 90428 CVSS Base: 10 Category: Windows CVSS Temporal: 7.8 CVE ID: CVE-2008-0075 Vendor Reference: MS08-006 Bugtraq ID: - Service Modified: 02/13/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Windows XP Professional Service Pack 2 (Microsoft Internet Information Services 5.1):http://www.microsoft.com/downloads/details.aspx?FamilyID=2b498065-d682-4227-b23e-d234d7d6a3fe (http://www.microsoft.com/downloads/details.aspx?FamilyID=2b498065-d682-4227-b23e-d234d7d6a3fe) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Microsoft Internet Information Services 6.0):http://www.microsoft.com/downloads/details.aspx?FamilyID=df9875f7-04d6-486e-bdb5-35e9e305fa1d (http://www.microsoft.com/downloads/details.aspx?FamilyID=df9875f7-04d6-486e-bdb5-35e9e305fa1d) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Microsoft Internet Information Services 6.0):http://www.microsoft.com/downloads/details.aspx?FamilyID=6583e798-d16d-419c-aee1-30c3e6c635b3 (http://www.microsoft.com/downloads/details.aspx?FamilyID=6583e798-d16d-419c-aee1-30c3e6c635b3) Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (Microsoft Internet Information Services 6.0):http://www.microsoft.com/downloads/details.aspx?familyid=e8286174-8209-409f-8805-e534715a741c (http://www.microsoft.com/downloads/details.aspx?familyid=e8286174-8209-409f-8805-e534715a741c) Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft Internet Information Services 6.0):http://www.microsoft.com/downloads/details.aspx?familyid=29faa70d-f1ac-4da4-b72a-faf1973cd845 (http://www.microsoft.com/downloads/details.aspx?familyid=29faa70d-f1ac-4da4-b72a-faf1973cd845) Refer to Micrsoft Security Bulletin MS08-006 (http://www.microsoft.com/technet/security/bulletin/MS08-006.mspx) for further details.

EXPLOITABILITY: Core Security Reference: CVE-2008-0075 Description: Microsoft IIS MS08-006 exploit - Core Security Category : Exploits/Local

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB942830 is missing %windir%\System32\inetsrv\asp.dll Version is 6.0.3790.520

4 OLE Automation Remote Code Execution Vulnerability (MS08-008) CVSS: - Active QID: 90427 CVSS Base: 10 Category: Windows CVSS Temporal: 7.8 CVE ID: CVE-2007-0065 Vendor Reference: MS08-008 Bugtraq ID: - Service Modified: 02/13/2008 User Modified: - Edited: No PCI Vuln: Yes

First Detected: 07/27/2011 at 19:27:53 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 25 CVSS Environment: Asset Group: -

10.10.10.220 Confirmed 4/5/Patchable page 226 Collateral Damage Potential: - Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Windows 2000 Service Pack 4: http://www.microsoft.com/downloads/details.aspx?FamilyId=93b3d0a3-2091-405e-8dd4-10f20dc2be7f (http://www.microsoft.com/downloads/details.aspx?FamilyId=93b3d0a3-2091-405e-8dd4-10f20dc2be7f) Windows XP Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyId=5c331a3a-93e0-42e4-9cd1-4e32ebdda38d (http://www.microsoft.com/downloads/details.aspx?FamilyId=5c331a3a-93e0-42e4-9cd1-4e32ebdda38d) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyId=e0a15967-7184-4194-8edb-81760e440604 (http://www.microsoft.com/downloads/details.aspx?FamilyId=e0a15967-7184-4194-8edb-81760e440604) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyId=cfa0d5c6-a9b0-4c5c-a651-898e9f900799 (http://www.microsoft.com/downloads/details.aspx?FamilyId=cfa0d5c6-a9b0-4c5c-a651-898e9f900799) Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyId=a08e87dc-993b-493b-8af3-be6e98643aeb (http://www.microsoft.com/downloads/details.aspx?FamilyId=a08e87dc-993b-493b-8af3-be6e98643aeb) Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?FamilyId=5a88522b-ee30-4deb-878b-598e852fd60e (http://www.microsoft.com/downloads/details.aspx?FamilyId=5a88522b-ee30-4deb-878b-598e852fd60e) Windows Vista: http://www.microsoft.com/downloads/details.aspx?FamilyID=c67ec357-0f86-4f7d-9af0-d63d8b765f44 (http://www.microsoft.com/downloads/details.aspx?FamilyID=c67ec357-0f86-4f7d-9af0-d63d8b765f44) Windows Vista x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=9137108f-e80b-46f1-b547-82da8fb058bf (http://www.microsoft.com/downloads/details.aspx?FamilyId=9137108f-e80b-46f1-b547-82da8fb058bf) Microsoft Office 2004 for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyId=36B00C58-192D-488C-A069-730C69F0B6B0 (http://www.microsoft.com/downloads/details.aspx?FamilyId=36B00C58-192D-488C-A069-730C69F0B6B0) Microsoft Visual Basic 6.0 Service Pack 6: http://www.microsoft.com/downloads/details.aspx?FamilyID=C96420A9-7436-4625-9649-75F1514B0FE3 (http://www.microsoft.com/downloads/details.aspx?FamilyID=C96420A9-7436-4625-9649-75F1514B0FE3) Refer to Micrsoft Security Bulletin MS08-008 (http://www.microsoft.com/technet/security/bulletin/MS08-008.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1001635: Microsoft Internet Explorer OLE Automation Remote Code Execution

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB943055\Filelist is missing %windir%\System32\oleaut32.dll Version is 5.2.3790.0

4 Microsoft Outlook Remote Code Execution Vulnerability (MS08-015) CVSS: - Active QID: 110076 CVSS Base: 9.3 Category: Office Application CVSS Temporal: 7.3 CVE ID: CVE-2008-0110 Vendor Reference: MS08-015 Bugtraq ID: - Service Modified: 09/14/2009 User Modified: - Edited: No PCI Vuln: Yes

First Detected: 07/27/2011 at 19:27:53 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 25

10.10.10.220 Confirmed 4/5/Patchable page 227 CVSS Environment: Asset Group: - Collateral Damage Potential: - Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office 2000 Service Pack 3 (Outlook 2000 Service Pack 3):http://www.microsoft.com/downloads/details.aspx?FamilyId=714a49cd-5bca-4719-96a1-e1077f279533 (http://www.microsoft.com/downloads/details.aspx?FamilyId=714a49cd-5bca-4719-96a1-e1077f279533) Microsoft Office XP Service Pack 3 (Outlook 2002 Service Pack 3):http://www.microsoft.com/downloads/details.aspx?FamilyId=59853687-d885-4059-9460-ee403855dbd8 (http://www.microsoft.com/downloads/details.aspx?FamilyId=59853687-d885-4059-9460-ee403855dbd8) Microsoft Office 2003 Service Pack 2 (Outlook 2003 Service Pack 2):http://www.microsoft.com/downloads/details.aspx?FamilyId=fccc7c4c-8496-4682-bd46-6590503c1bf2 (http://www.microsoft.com/downloads/details.aspx?FamilyId=fccc7c4c-8496-4682-bd46-6590503c1bf2) Microsoft Office 2003 Service Pack 3 (Outlook 2003 Service Pack 3):http://www.microsoft.com/downloads/details.aspx?FamilyId=fccc7c4c-8496-4682-bd46-6590503c1bf2 (http://www.microsoft.com/downloads/details.aspx?FamilyId=fccc7c4c-8496-4682-bd46-6590503c1bf2) 2007 Microsoft Office System (Outlook 2007):http://www.microsoft.com/downloads/details.aspx?FamilyId=4e2baf00-88eb-4eb6-961a-54245b363c21 (http://www.microsoft.com/downloads/details.aspx?FamilyId=4e2baf00-88eb-4eb6-961a-54245b363c21) Refer to Microsoft Security Bulletin MS08-015 (http://www.microsoft.com/technet/security/bulletin/MS08-015.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1001936: Microsoft Outlook URI Remote Code Execution

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: Outlook 2003 C:\Program Files\Microsoft Office\OFFICE11\\Outlmime.dll found C:\Program Files\Microsoft Office\OFFICE11\\OUTLOOK.exe version is 11.0.8000.0 . C:\Program Files\Microsoft Office\OFFICE11\\Outlmime.dll version is 11.0.6555.0 .

4 Microsoft Vulnerability in DNS Client Could Allow Spoofing (MS08-020) CVSS: - Active QID: 90432 CVSS Base: 8.8 Category: Windows CVSS Temporal: 6.9 CVE ID: CVE-2008-0087 Vendor Reference: MS08-020 Bugtraq ID: - Service Modified: 04/10/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION:

10.10.10.220 Confirmed 4/5/Patchable page 228 Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4: http://www.microsoft.com/downloads/details.aspx?FamilyId=41326ade-96b6-47ce-9291-d4e3039471c4 (http://www.microsoft.com/downloads/details.aspx?FamilyId=41326ade-96b6-47ce-9291-d4e3039471c4) Windows XP Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyID=893f4cef-0395-4c44-ba28-7a10b6e7dd48 (http://www.microsoft.com/downloads/details.aspx?FamilyID=893f4cef-0395-4c44-ba28-7a10b6e7dd48) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyID=8fdd1207-6e93-4c43-bacc-fe3623a6ebe7 (http://www.microsoft.com/downloads/details.aspx?FamilyID=8fdd1207-6e93-4c43-bacc-fe3623a6ebe7) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyId=214bd8f5-6eb2-414c-b013-c516a306d692 (http://www.microsoft.com/downloads/details.aspx?FamilyId=214bd8f5-6eb2-414c-b013-c516a306d692) Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyId=fd123394-a5d6-4b55-be74-2938f52ce922 (http://www.microsoft.com/downloads/details.aspx?FamilyId=fd123394-a5d6-4b55-be74-2938f52ce922) Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?FamilyId=e0e63f03-904d-47ee-94fc-51a8dea668eb (http://www.microsoft.com/downloads/details.aspx?FamilyId=e0e63f03-904d-47ee-94fc-51a8dea668eb) Windows Vista: http://www.microsoft.com/downloads/details.aspx?FamilyID=8203d303-c855-4579-9bbf-b06ddf5c1b87 (http://www.microsoft.com/downloads/details.aspx?FamilyID=8203d303-c855-4579-9bbf-b06ddf5c1b87) Windows Vista x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyID=73f3a234-3973-4467-be7e-69efa7ee978c (http://www.microsoft.com/downloads/details.aspx?FamilyID=73f3a234-3973-4467-be7e-69efa7ee978c) Refer to Micrsoft Security Bulletin MS08-020 (http://www.microsoft.com/technet/security/bulletin/MS08-020.mspx) for further details.

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB945553\Filelist is missing %windir%\System32\dnsapi.dll Version is 5.2.3790.558

4 Windows Kernel Vulnerability Could Allow Elevation of Privilege (MS08-025) CVSS: - Active QID: 90430 CVSS Base: 7.2 Category: Windows CVSS Temporal: 5.6 CVE ID: CVE-2008-1084 Vendor Reference: MS08-025 Bugtraq ID: - Service Modified: 04/10/2008 User Modified: - Edited: No PCI Vuln: Yes

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4: http://www.microsoft.com/downloads/details.aspx?familyid=8db9f328-da0e-4fb8-96c4-6d368b47c224 (http://www.microsoft.com/downloads/details.aspx?familyid=8db9f328-da0e-4fb8-96c4-6d368b47c224) Windows XP Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=0e937f65-abd0-46dd-8883-5bfd70ea1178 (http://www.microsoft.com/downloads/details.aspx?familyid=0e937f65-abd0-46dd-8883-5bfd70ea1178) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=a29bbd13-761f-44fa-8948-e1a8c244bd7a (http://www.microsoft.com/downloads/details.aspx?familyid=a29bbd13-761f-44fa-8948-e1a8c244bd7a)

10.10.10.220 Confirmed 4/5/Patchable page 229 Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=d3b855a6-4648-4771-826d-11a151828eac (http://www.microsoft.com/downloads/details.aspx?familyid=d3b855a6-4648-4771-826d-11a151828eac) Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=320fd100-35e1-4345-9399-796393235cbc (http://www.microsoft.com/downloads/details.aspx?familyid=320fd100-35e1-4345-9399-796393235cbc) Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=126426a7-be38-4327-89db-02d99d76589d (http://www.microsoft.com/downloads/details.aspx?familyid=126426a7-be38-4327-89db-02d99d76589d) Windows Vista and Windows Vista Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=9640cd8b-d749-4ddd-8af9-b298cebed969 (http://www.microsoft.com/downloads/details.aspx?familyid=9640cd8b-d749-4ddd-8af9-b298cebed969) Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=d56bb4fe-304e-45e0-95f2-fde2f47b2a04 (http://www.microsoft.com/downloads/details.aspx?familyid=d56bb4fe-304e-45e0-95f2-fde2f47b2a04) Windows Server 2008 for 32-bit Systems: http://www.microsoft.com/downloads/details.aspx?familyid=4497333c-9418-4b91-83dc-0155735421c0 (http://www.microsoft.com/downloads/details.aspx?familyid=4497333c-9418-4b91-83dc-0155735421c0) Windows Server 2008 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=5aefc7a6-79a4-45a2-b534-35d0ec400dda (http://www.microsoft.com/downloads/details.aspx?familyid=5aefc7a6-79a4-45a2-b534-35d0ec400dda) Windows Server 2008 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=3080c26b-7456-41ef-8668-28f15bc7b8ce (http://www.microsoft.com/downloads/details.aspx?familyid=3080c26b-7456-41ef-8668-28f15bc7b8ce) Refer to Micrsoft Security Bulletin MS08-025 (http://www.microsoft.com/technet/security/bulletin/MS08-025.mspx) for further details.

EXPLOITABILITY: Core Security Reference: CVE-2008-1084 Description: Microsoft NtUserMessageCall Kernel Privilege Escalation Exploit (MS08-025) - Core Security Category : Exploits/Local

Immunity Reference: CVE-2008-1084 Description: Win32k ClientLoadMenu Privilege Escalation - Immunity Ref : ms08_025 Link: http://qualys.immunityinc.com/home/exploitpack/CANVAS/ms08_025/qualys_user

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB2567053 is missing %windir%\System32\Win32k.sys Version is 5.2.3790.651 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB2555917 is missing %windir%\System32\Win32k.sys Version is 5.2.3790.651 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB2506223 is missing %windir%\System32\Win32k.sys Version is 5.2.3790.651 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB2479628\Filelist is missing %windir%\System32\Win32k.sys Version is 5.2.3790.651 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB979559\Filelist is missing %windir%\System32\Win32k.sys Version is 5.2.3790.651 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB968537 is missing %windir%\System32\Win32k.sys Version is 5.2.3790.651 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB958690 is missing %windir%\System32\Win32k.sys Version is 5.2.3790.651 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB954211 is missing %windir%\System32\Win32k.sys Version is 5.2.3790.651 %windir%\system32\win32k.sys Version is 5.2.3790.651

4 GDI Could Allow Remote Code Execution (MS08-021) CVSS: - Active QID: 90434 CVSS Base: 9.3 Category: Windows CVSS Temporal: 7.7 CVE ID: CVE-2008-1083, CVE-2008-1087 Vendor Reference: MS08-021 Bugtraq ID: - Service Modified: 04/10/2008 User Modified: - Edited: No PCI Vuln: Yes

First Detected: 07/27/2011 at 19:27:53 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 25 CVSS Environment: Asset Group: -

10.10.10.220 Confirmed 4/5/Patchable page 230 Collateral Damage Potential: - Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Windows 2000 Service Pack 4: http://www.microsoft.com/downloads/details.aspx?familyid=caac000a-22b6-48cb-aa00-1a0bfe886de2 (http://www.microsoft.com/downloads/details.aspx?familyid=caac000a-22b6-48cb-aa00-1a0bfe886de2) Windows XP Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=c2763dd8-a03e-4a48-aa86-a7ec00250a7a (http://www.microsoft.com/downloads/details.aspx?familyid=c2763dd8-a03e-4a48-aa86-a7ec00250a7a) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=166f2ab5-913c-47a9-86fe-b814797b751e (http://www.microsoft.com/downloads/details.aspx?familyid=166f2ab5-913c-47a9-86fe-b814797b751e) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=bee91d80-d49a-4d3d-82d6-d5aa63f54979 (http://www.microsoft.com/downloads/details.aspx?familyid=bee91d80-d49a-4d3d-82d6-d5aa63f54979) Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=e3dde449-e062-4ce0-a9f4-433bff23e224 (http://www.microsoft.com/downloads/details.aspx?familyid=e3dde449-e062-4ce0-a9f4-433bff23e224) Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=7886a802-f2b5-489c-b14b-631f4c4c0742 (http://www.microsoft.com/downloads/details.aspx?familyid=7886a802-f2b5-489c-b14b-631f4c4c0742) Windows Vista and Windows Vista Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=9b51deb8-3873-4146-977f-7e3d0840a4c5 (http://www.microsoft.com/downloads/details.aspx?familyid=9b51deb8-3873-4146-977f-7e3d0840a4c5) Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=4ad6dcd1-6ea5-43bf-8bee-a5f507beadc6 (http://www.microsoft.com/downloads/details.aspx?familyid=4ad6dcd1-6ea5-43bf-8bee-a5f507beadc6) Windows Server 2008 for 32-bit Systems: http://www.microsoft.com/downloads/details.aspx?familyid=006d5c47-53e6-4ee1-932c-497611804938 (http://www.microsoft.com/downloads/details.aspx?familyid=006d5c47-53e6-4ee1-932c-497611804938) Windows Server 2008 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=8909f144-655b-4f07-916f-fd967f1efb2b (http://www.microsoft.com/downloads/details.aspx?familyid=8909f144-655b-4f07-916f-fd967f1efb2b) Windows Server 2008 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=b7771a4a-4e4f-48d1-8551-bb8b778ca5a7 (http://www.microsoft.com/downloads/details.aspx?familyid=b7771a4a-4e4f-48d1-8551-bb8b778ca5a7) Refer to Micrsoft Security Bulletin MS08-021 (http://www.microsoft.com/technet/security/bulletin/MS08-021.mspx) for further details.

Virtual Patches:

Trend Micro Virtual Patching Virtual Patch #1002377: Microsoft Windows GDI Multiply By Zero Code Execution Virtual Patch #1002372: Microsoft Windows GDI+ EMF Remote Code Execution

EXPLOITABILITY: Core Security Reference: CVE-2008-1087 Description: Microsoft GDI EMF Exploit (MS08-021) - Core Security Category : Exploits/Client Side

The Exploit-DB Reference: CVE-2008-1083 Description: MS Windows GDI Image Parsing Stack Overflow Exploit (MS08-021) - The Exploit-DB Ref : 5442 Link: http://www.exploit-db.com/exploits/5442

Reference: CVE-2008-1087 Description: MS Windows GDI Image Parsing Stack Overflow Exploit (MS08-021) - The Exploit-DB Ref : 5442 Link: http://www.exploit-db.com/exploits/5442

Reference: CVE-2008-1083 Description: Micrsoft Windows GDI (CreateDIBPatternBrushPt) Heap Overflow PoC - The Exploit-DB Ref : 6330 Link: http://www.exploit-db.com/exploits/6330

10.10.10.220 Confirmed 4/5/Patchable page 231 Reference: CVE-2008-1083 Description: MS Windows GDI (EMR_COLORMATCHTOTARGETW) Exploit MS08-021 - The Exploit-DB Ref : 6656 Link: http://www.exploit-db.com/exploits/6656

RESULTS: HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB956802 is missing %windir%\system32\gdi32.dll Version is 5.2.3790.651 HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB948590 is missing %windir%\system32\gdi32.dll Version is 5.2.3790.651

4 Mozilla Firefox and Thunderbird Multiple Vulnerabilities (MFSA-2011-46 through MFSA-2011-52) CVSS: - Active QID: 119733 CVSS Base: 10 Category: Local CVSS Temporal: 7.4 CVE ID: CVE-2011-3647, CVE-2011-3649, CVE-2011-3648, CVE-2011-3655, CVE-2011-3653, CVE-2011-3651, CVE-2011-3650, CVE-2011-3652, CVE-2011-3654 Vendor Reference: MFSA2011-46, MFSA2011-47, MFSA2011-48, MFSA2011-49, MFSA2011-50, MFSA2011-51, MFSA2011-52 Bugtraq ID: - Service Modified: 11/10/2011 User Modified: - Edited: No PCI Vuln: No

First Detected: 11/12/2011 at 08:26:07 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 10 CVSS Environment: Asset Group: - Collateral Damage Potential: - Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: The vendor has released advisories and updates to fix these vulnerabilities. Refer to the following Mozilla Foundation security advisories for further details: MFSA 2011-46 (http://www.mozilla.org/security/announce/2011/mfsa2011-46.html), MFSA 2011-47 (http://www.mozilla.org/security/announce/2011/mfsa2011-47.html), MFSA2011-48 (http://www.mozilla.org/security/announce/2011/mfsa2011-48.html), MFSA2011-49 (http://www.mozilla.org/security/announce/2011/mfsa2011-49.html), MFSA2011-50 (http://www.mozilla.org/security/announce/2011/mfsa2011-50.html), MFSA2011-51 (http://www.mozilla.org/security/announce/2011/mfsa2011-51.html), MFSA2011-52 (http://www.mozilla.org/security/announce/2011/mfsa2011-52.html),

EXPLOITABILITY: There is no exploitability information for this vulnerability.

RESULTS: C:\Program Files\Mozilla Firefox\firefox.exe Version is 2.0.0.4

4 Microsoft SharePoint Elevation of Privilege Vulnerability (MS11-074) CVSS: - Active QID: 110159 CVSS Base: 4.3 Category: Office Application CVSS Temporal: 3.4 CVE ID: CVE-2011-1252, CVE-2011-0653, CVE-2011-1890, CVE-2011-1891, CVE-2011-1892, CVE-2011-1893 Vendor Reference: MS11-074 Bugtraq ID: - Service Modified: 09/14/2011 User Modified: - Edited: No PCI Vuln: Yes

First Detected: 09/17/2011 at 09:21:07 (GMT) Last Detected: 01/14/2012 at 08:26:08 (GMT) Times Detected: 17

10.10.10.220 Confirmed 4/5/Patchable page 232 CVSS Environment: Asset Group: - Collateral Damage Potential: - Target Distribution: - Confidentiality Requirement: - Integrity Requirement: - Availability Requirement: -

SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:

Microsoft Office Groove 2007 Service Pack 2 (http://www.microsoft.com/downloads/details.aspx?familyid=5ea6192b-55e5-4ca4-8d91-cc768ede8277)

Microsoft SharePoint Workspace 2010 and Microsoft SharePoint Workspace 2010 Service Pack 1 (32-bit editions) (http://www.microsoft.com/downloads/details.aspx?familyid=f6ee7e43-9da9-4b96-abd0-390cfcacb885)

Microsoft SharePoint Workspace 2010 and Microsoft SharePoint Workspace 2010 Service Pack 1 (64-bit editions) (http://www.microsoft.com/downloads/details.aspx?familyid=234efac1-4f09-41f5-90a9-4a3c2e81c05e)

Microsoft Office Forms Server 2007 Service Pack 2 (32-bit editions) (http://www.microsoft.com/downloads/details.aspx?familyid=c4c8ad7e-50bd-460e-9678-d8c72c6ee7ab)

Microsoft Office Forms Server 2007 Service Pack 2 (64-bit editions) (http://www.microsoft.com/downloads/details.aspx?familyid=7390b526-f411-45a4-8587-8077b473ac17)

Microsoft Office SharePoint Server 2007 Service Pack 2 (32-bit editions) (Microsoft Office SharePoint Server 2007 Service Pack 2 ) (http://www.microsoft.com/downloads/details.aspx?familyid=ad52c341-13ce-4b53-87b4-269cb3f41275)

Microsoft Office SharePoint Server 2007 Service Pack 2 (64-bit editions) (Microsoft Office SharePoint Server 2007 Service Pack 2 ) (http://www.microsoft.com/downloads/details.aspx?familyid=e5e60751-242a-4fdb-9852-6d94050d3d0e)

For a complete list of patch download links, please refer to Microsoft Security Bulletin MS11-074 (http://technet.microsoft.com/en-us/security/bulletin/MS11-074).

Workaround: 1) Enable Internet Explorer 8 and Internet Explorer 9 XSS filter in the Local intranet security zone

Impact of workaround #1: Internal sites not previously flagged as being XSS risks could be flagged.

EXPLOITABILITY:

10.10.10.220 Confirmed 4/5/Patchable page 233 The Exploit-DB Reference: CVE-2011-1892 Description: File disclosure via XEE in SharePoint 2007/2010 and DotNetNuke < 6 - The Exploit-DB Ref : 17873 Link: http://www.exploit-db.com/exploits/17873

RESULTS: %programfiles%\Common Files\Microsoft Shared\web server extensions\60\ISAPI\Microsoft.SharePoint.dll found %ProgramFiles%\Common Files\Microsoft Shared\web server extensions\60\Bin\Onetutil.dll version is 11.0.6568.0 .

Footnotes This footnote indicates that the CVSS Base score that is displayed for the vulnerability is not supplied by NIST. When the service looked up the latest NIST score for the vulnerability, as published in the National Vulnerability Database (NVD), NIST either listed the CVSS Base score as 0 or did not provide a score in the NVD. In this case, the service determined that the severity of the vulnerability warranted a higher CVSS Base score. The score provided by the service is displayed.

This report was generated with an evaluation version of QualysGuard This report was generated with an evaluation version of QualysGuard

CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides the QualysGuard Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this report is complete or error-free. Copyright 2012, Qualys, Inc.

10.10.10.220 Confirmed 4/5/Patchable page 234