Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Compliance
Cloud Security

Microsoft security alert.

January 9, 2024

Advisory overview

Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 54 vulnerabilities that were fixed in 11 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.

Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.

Vulnerability details

Microsoft has released 11 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:

  • Microsoft Internet Explorer Cumulative Security Update (KB5034120) for January 2024

    Severity
    Serious 3
    Qualys ID
    100419
    Vendor Reference
    KB5034120
    CVE Reference
    CVE-2024-20652
    CVSS Scores
    Base 5.1 / Temporal 3.8
    Description
    Internet Explorer is a web browser developed by Microsoft which is included in Microsoft Windows Operating Systems.

    Microsoft has released KB5034120 for Internet Explorer 11 and 9

    Affected Versions:
    Internet Explorer 11 on Windows Server 2012 R2, Windows Server 2008 R2 SP1, Windows Server 2012
    Internet Explorer 9 on Windows Server 2008 SP2

    Consequence
    The MapURLToZone method could be bypassed by an attacker if the API returned a Zone value of 'Intranet' by a passing URL with a device path to the Lanman redirector device object.
    Solution
    For more information, Customers are advised to refer the KB5034120

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    5034120

  • Microsoft SharePoint Server Remote Code Execution (RCE) Vulnerability for January 2024

    Severity
    Critical 4
    Qualys ID
    110455
    Vendor Reference
    KB5002539, KB5002540, KB5002541
    CVE Reference
    CVE-2024-21318
    CVSS Scores
    Base 9 / Temporal 6.7
    Description
    Microsoft has released January 2024 security updates to fix a remote code execution vulnerability in its Sharepoint Server Versions 2016, 2019, and Sharepoint Subscription Edition.

    This security update contains the following KBs:

    KB5002540
    KB5002539
    KB5002541

    QID Detection Logic (Authenticated):
    Operating System: Windows

    Consequence
    Successful exploitation allows an attacker to perform Remote Code Execution.

    Solution
    Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.

    KB5002540
    KB5002539
    KB5002541

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    Microsoft Sharepoint January 2024

  • Microsoft Office Remote Code Execution (RCE) Vulnerability for January 2024

    Severity
    Critical 4
    Qualys ID
    110456
    Vendor Reference
    Office Click-2-Run and Office 365 Release Notes
    CVE Reference
    CVE-2024-20677
    CVSS Scores
    Base 7.2 / Temporal 5.3
    Description
    Microsoft has released January 2024 security updates to fix a Remote Code Execution Vulnerability in its Office Product.

    This security update contains the following:
    Office Click-2-Run and Office 365 Release Notes
    QID Detection Logic (Authenticated):
    Operating System: Windows
    The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office.
    Patched Versions for Microsoft 365 (C2R) are:
    Current Channel: Version 2312 (Build 17126.20132)
    Monthly Enterprise Channel: Version 2311 (Build 17029.20140)
    Monthly Enterprise Channel: Version 2310 (Build 16924.20202)
    Semi-Annual Enterprise Channel (Preview): Version 2308 (Build 16731.20504)
    Semi-Annual Enterprise Channel: Version 2308 (Build 16731.20504)
    Semi-Annual Enterprise Channel: Version 2302 (Build 16130.20884)
    Semi-Annual Enterprise Channel: Version 2208 (Build 15601.20848)
    Office 2021 Retail: Version 2312 (Build 17126.20132)
    Office 2019 Retail: Version 2312 (Build 17126.20132)
    Office 2016 Retail: Version 2312 (Build 17126.20132)
    Office LTSC 2021 Volume Licensed: Version 2108 (Build 14332.20624)
    Office 2019 Volume Licensed: Version 1808 (Build 10406.20006)

    Operating System: MacOS
    Microsoft Office LTSC for Mac 2021: This QID checks whether the Office suite's installed vulnerable application version is less than 16.81.

    Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.

    Consequence
    Vulnerable products may be prone to Remote Code Execution Vulnerability.

    Solution
    Customers are advised to refer to these KB Article(s):
    CVE-2024-2067 and Office Click-2-Run and Office 365 Release Notes for more information regarding this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    Microsoft office January 2024

  • Microsoft SQL Server Data Provider Security Feature Bypass Vulnerability - January 2024

    Severity
    Critical 4
    Qualys ID
    379234
    Vendor Reference
    CVE-2024-0056
    CVE Reference
    CVE-2024-0056
    CVSS Scores
    Base 7.6 / Temporal 5.6
    Description
    A successful attack could exploit a vulnerability in the SQL Data Provider which allows the attacker to exploit the SQL Server. Affected Software:
    SQL Server 2022 CU10
    SQL Server 2022 GDR
    QID Detection Logic (Authenticated):
    On Windows,this QID checks for Microsoft SQL Server instances and checks sqlservr.exe file version

    On Linux, this QID checks for the vulnerable version of ODBC based on the installed package.

    Consequence
    An attacker who successfully exploited this vulnerability could carry out a machine-in-the-middle (MITM) attack and could decrypt and read or modify TLS traffic between the client and server.
    Solution
    Customers are advised to refer to KB5033592 KB5032968 for more details pertaining to this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    KB5032968
    KB5033592

  • Microsoft .NET Framework Update for January 2024

    Severity
    Critical 4
    Qualys ID
    92097
    Vendor Reference
    5033910, 5033920, 5034119, 5034269, 5034270, 5034272, 5034273, 5034274, 5034275, 5034276, 5034277, 5034278, 5034279, 5034280
    CVE Reference
    CVE-2023-36042, CVE-2024-0056, CVE-2024-0057, CVE-2024-21312
    CVSS Scores
    Base 8.5 / Temporal 6.3
    Description
    A Denial of Service Vulnerability exist in Microsoft .Net Framework.

    Following KBs are covered in this detection:
    5034280
    5034270
    5033920
    5034272
    5034275
    5034274
    5034276
    5034279
    5034278
    5034269
    5034119
    5034273
    5034277
    5033910

    This security update is rated Important for supported versions of Microsoft .NET Framework.
    .NET Framework 2.0, 3.0, 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, and 4.8.1

    QID Detection Logic (Authenticated):
    Checks for vulnerable file version of ntoskrnl.exe or Mscorlib.dll or System.dll or System.web.dll for the respective .Net Framework KBs

    Consequence
    Successful exploitation may allow a attacker to perform Denial of Service.
    Solution
    Customers are advised to refer to CVE-2024-0056, CVE-2024-21312, CVE-2024-0057 for more details pertaining to these vulnerabilities.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2024-0056
    CVE-2024-0057
    CVE-2024-21312

  • Microsoft Windows Security Update for January 2024

    Severity
    Urgent 5
    Qualys ID
    92099
    Vendor Reference
    KB5034119, KB5034121, KB5034122, KB5034123, KB5034127, KB5034129, KB5034130, KB5034134, KB5034167, KB5034169, KB5034171, KB5034173, KB5034176, KB5034184
    CVE Reference
    CVE-2022-35737, CVE-2024-20652, CVE-2024-20653, CVE-2024-20654, CVE-2024-20657, CVE-2024-20658, CVE-2024-20660, CVE-2024-20661, CVE-2024-20663, CVE-2024-20664, CVE-2024-20666, CVE-2024-20674, CVE-2024-20680, CVE-2024-20681, CVE-2024-20682, CVE-2024-20683, CVE-2024-20687, CVE-2024-20691, CVE-2024-20692, CVE-2024-20694, CVE-2024-20696, CVE-2024-20697, CVE-2024-20698, CVE-2024-20699, CVE-2024-20700, CVE-2024-21305, CVE-2024-21306, CVE-2024-21307, CVE-2024-21309, CVE-2024-21310, CVE-2024-21311, CVE-2024-21313, CVE-2024-21314, CVE-2024-21316, CVE-2024-21320
    CVSS Scores
    Base 7.7 / Temporal 6
    Description
    Microsoft Windows Security Update - January 2024 Patch version is 10.0.20348.2227 for KB5034129
    Patch version is 10.0.17763.5329 for KB5034127
    Patch version is 10.0.14393.6614 for KB5034119
    Patch version is 10.0.10240.20402 for KB5034134
    Patch version is 10.0.22631.3007 for KB5034123
    Patch version is 10.0.19045.3930 for KB5034122
    Patch version is 10.0.22000.2713 for KB5034121
    Patch version is 10.0.25398.643 for KB5034130
    Patch version is 6.3.9600.21765 for KB5034171
    Patch version is 6.2.9200.24664 for KB5034184
    Patch version is 6.1.7601.26910 for KB5034169
    Patch version is 6.1.7601.26910 for KB5034167
    Patch version is 6.0.6003.22464 for KB5034173
    Patch version is 6.0.6003.22464 for KB5034176

    QID Detection Logic (Authenticated):

    This QID checks for the file version of 'ntoskrnl.exe'.

    Consequence
    Successful exploit could compromise Confidentiality, Integrity and Availability

    Solution
    Please refer to the following KB Articles associated with the update:
    KB5034129
    KB5034127
    KB5034119
    KB5034134
    KB5034123
    KB5034122
    KB5034121
    KB5034130
    KB5034171
    KB5034184
    KB5034169
    KB5034167
    KB5034173
    KB5034176

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    KB5034119
    KB5034121
    KB5034122
    KB5034123
    KB5034127
    KB5034129
    KB5034130
    KB5034134
    KB5034167
    KB5034169
    KB5034171
    KB5034173
    KB5034176
    KB5034184
    KB5034184

  • Microsoft .NET Core Security Update for January 2024

    Severity
    Urgent 5
    Qualys ID
    92100
    Vendor Reference
    CVE-2024-0057, CVE-2024-20672, CVE-2024-21319
    CVE Reference
    CVE-2024-0057, CVE-2024-20672, CVE-2024-21319
    CVSS Scores
    Base 9.4 / Temporal 7
    Description
    Microsoft has released January 2024 security updates for .NET Core to fix multiple security vulnerabilities.

    Affected versions:
    .NET 6.0 before version 6.0.26
    .NET 7.0 before version 7.0.15
    .NET 8.0 before version 8.0.1

    QID Detection Logic: Authenticated
    On Windows, this QID detects vulnerable versions of Microsoft .NET by checking the file version.
    On Linux, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" and "/root/shared/Microsoft.NETCore.App" folders.
    On Mac, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" folder.

    Consequence
    Vulnerable versions of Microsoft .NET are prone to Security Feature Bypass and Denial of Service vulnerability.

    Solution
    Customers are advised to refer to CVE-2024-0057, CVE-2024-20672, and CVE-2024-21319 for more details pertaining to these vulnerabilities.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2024-0057
    CVE-2024-20672
    CVE-2024-21319

  • Microsoft Windows Privilege Escalation January 2024

    Severity
    Critical 4
    Qualys ID
    92101
    Vendor Reference
    CVE-2024-20686
    CVE Reference
    CVE-2024-20686
    CVSS Scores
    Base 4.6 / Temporal 3.4
    Description
    Windows Server 2022, 23H2 Edition Security update

    Patch version is 10.0.25398.643 for KB5034130
    QID Detection Logic (Authenticated):

    This QID checks for the file version of 'ntoskrnl.exe'.

    Consequence
    An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
    Solution
    Please refer to the following KB Articles associated with the update:
    KB5034130

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    KB5034130

  • Microsoft Visual Studio Security Update for January 2024

    Severity
    Critical 4
    Qualys ID
    92102
    Vendor Reference
    CVE-2024-0057, CVE-2024-20656, CVE-2024-21319
    CVE Reference
    CVE-2023-29349, CVE-2023-29356, CVE-2023-32025, CVE-2023-32026, CVE-2023-32027, CVE-2023-32028, CVE-2024-0057, CVE-2024-20656, CVE-2024-21319
    CVSS Scores
    Base 9.4 / Temporal 7.4
    Description
    Microsoft has released January 2024 security updates for Visual Studio to fix multiple security vulnerabilities.

    Affected Software:
    Microsoft Visual Studio 2015 Update 3
    Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
    Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
    Microsoft Visual Studio 2022 version 17.2
    Microsoft Visual Studio 2022 version 17.4
    Microsoft Visual Studio 2022 version 17.6
    Microsoft Visual Studio 2022 version 17.8

    QID Detection Logic: Authenticated : Windows
    This QID detects vulnerable versions of Microsoft Visual Studio by checking the registry key "HKLM\SOFTWARE\Microsoft" and file "devenv.exe" to check the version of the Visual Studio.

    Consequence
    Vulnerable versions of Microsoft Visual Studio are prone to Security feature bypass and Elevation of privilege vulnerability.

    Solution
    Customers are advised to refer to CVE-2024-0057, CVE-2024-20656, and CVE-2024-21319 for more information on the vulnerability and it's patch.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2024-0057
    CVE-2024-20656
    CVE-2024-21319

  • Microsoft Windows Server Security Update for January 2024

    Severity
    Serious 3
    Qualys ID
    92103
    Vendor Reference
    CVE-2024-20655, CVE-2024-20662
    CVE Reference
    CVE-2024-20655, CVE-2024-20662
    CVSS Scores
    Base 7.5 / Temporal 5.5
    Description
    Microsoft Windows Security Update - January 2024 Patch version is 10.0.20348.2227 for KB5034129
    Patch version is 10.0.17763.5329 for KB5034127
    Patch version is 10.0.14393.6614 for KB5034119
    Patch version is 6.3.9600.21765 for KB5034171
    Patch version is 6.2.9200.24664 for KB5034184
    Patch version is 6.1.7601.26910 for KB5034169
    Patch version is 6.1.7601.26910 for KB5034167
    Patch version is 6.0.6003.22464 for KB5034173
    Patch version is 10.0.25398.643 for KB5034130
    Patch version is 6.0.6003.22464 for KB5034176

    QID Detection Logic (Authenticated):

    This QID checks for the file version of 'ntoskrnl.exe'.

    Consequence
    Successful exploit could compromise Confidentiality, Integrity and Availability

    Solution
    Please refer to the following KB Articles associated with the update:
    KB5034129
    KB5034127
    KB5034119
    KB5034130
    KB5034171
    KB5034184
    KB5034169
    KB5034167
    KB5034173
    KB5034176

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    KB5034119
    KB5034127
    KB5034129
    KB5034130
    KB5034167
    KB5034169
    KB5034171
    KB5034173
    KB5034176
    KB5034184

  • Microsoft Windows Nearby Sharing Spoofing Vulnerability Security Update for January 2024

    Severity
    Serious 3
    Qualys ID
    92104
    Vendor Reference
    CVE-2024-20690
    CVE Reference
    CVE-2024-20690
    CVSS Scores
    Base 5 / Temporal 3.7
    Description
    Microsoft Windows OS Security Update - January 2024 Patch version is 10.0.17763.5329 for KB5034127
    Patch version is 10.0.22631.3007 for KB5034123
    Patch version is 10.0.19045.3930 for KB5034122
    Patch version is 10.0.22000.2713 for KB5034121
    QID Detection Logic (Authenticated):

    This QID checks for the file version of 'ntoskrnl.exe'.

    Consequence
    Successful exploit could compromise Integrity

    Solution
    Please refer to the following KB Articles associated with the update:
    KB5034127
    KB5034123
    KB5034122
    KB5034121

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    KB5034121
    KB5034122
    KB5034123
    KB5034127

These new vulnerability checks are included in Qualys vulnerability signature 2.5.955-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.

Selective Scan Instructions Using Qualys

To perform a selective vulnerability scan, configure a scan profile to use the following options:

  1. Ensure access to TCP ports 135 and 139 are available.
  2. Enable Windows Authentication (specify Authentication Records).
  3. Enable the following Qualys IDs:
    • 100419
    • 110455
    • 110456
    • 379234
    • 92097
    • 92099
    • 92100
    • 92101
    • 92102
    • 92103
    • 92104
  4. If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
  5. If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.

In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.

Access for Qualys Customers

Platforms and Platform Identification

Technical Support

For more information, customers may contact Qualys Technical Support.

About Qualys

The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.