Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 65 vulnerabilities that were fixed in 7 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Microsoft has released 7 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
QID Detection Logic (Authenticated):
Operating Systems: Windows 8.1, Windows RT 8.1, Windows10, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016
This QID checks for the file version of %windir%\System32\Macromed\Flash\Flash.ocx
The following KBs are checked:
The patch version of 25.0.0.171 (KB4020821)
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB4020821 Windows 10 Version 1511 for x64-based Systems
KB4020821 Windows 10 Version 1511 for x86-based Systems
KB4020821 Windows 10 Version 1607 for x64-based Systems
KB4020821 Windows 10 Version 1607 for x86-based Systems
KB4020821 Windows 10 Version 1703 for x64-based Systems
KB4020821 Windows 10 Version 1703 for x86-based Systems
KB4020821 Windows 10 for x64-based Systems
KB4020821 Windows 10 for x86-based Systems
KB4020821 Windows 8.1 for x64-based Systems (
KB4020821 Windows 8.1 for x86-based Systems
KB4020821 Windows Embedded 8 Standard for x64-based Systems
KB4020821 Windows Embedded 8 Standard for x86-based Systems
KB4020821 Windows Server 2012 R2 for x64-based Systems
KB4020821 Windows Server 2012 for x64-based Systems
KB4020821 Windows Server 2016 for x64-based Systems
KB4020821
Microsoft has released Cumulative Security Updates for Internet Explorer which addresses various vulnerabilities found in Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10) and Internet Explorer 11 (IE 11). The security updated is rated Important for for Internet Explorer 9 (IE 9) and Internet Explorer 10 (IE 10) and Critical for Internet Explorer 11 (IE 11).
The Security Update addresses the vulnerabilities by fixing:
1) The update addresses the vulnerability by fixing the way Internet Explorer handles mixed content (CVE-2017-0064)
2) The update addresses the vulnerability by modifying how Internet Explorer handles objects in memory. (CVE-2017-0222 )
3) The update addresses the vulnerability by modifying how Internet Explorer handles objects in memory. (CVE-2017-0226)
4) The update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines objects in memory. (CVE-2017-0228)
5) The update addresses the vulnerability by fixing how Microsoft browsers parse HTML. (CVE-2017-0231)
6) The update addresses the vulnerability by modifying how JavaScript scripting engines objects in memory. (CVE-2017-0238)
KB Articles associated with the Update:
1) 4019264
2) 4019473
3) 4019215
4) 4019472
5) 4019474
6) 4016871
7) 4018271
QID Detection Logic (Authenticated):
Operating Systems: Windows XP, Windows Vista, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8, Windows 8.1, Windows RT 8.1, Windows10, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016
This QID checks for the file version of %windir%\System32\mshtml.dll
The following KBs are checked:
The patch version of 7.0.6000.24071 (KB4018271)
The patch version of 8.0.6001.23942 (KB4018271)
The patch version of 8.0.7601.23764 (KB4018271)
The patch version of 9.0.8112.16896 (KB4018271)
The patch version of 9.0.8112.21007 (KB4018271)
The patch version of 9.1.8112.16896 (KB4018271)
The patch version of 9.1.8112.21007 (KB4018271)
The patch version of 9.4.8112.16896 (KB4018271)
The patch version of 9.4.8112.21007 (KB4018271)
The patch version of 10.0.9200.22137 (KB4018271)
The patch version of 10.2.9200.22137 (KB4018271)
The patch version of 11.0.9600.18666 (KB4018271 or KB4019215 or KB4019264)
The patch version of 11.0.10240.17394 (KB4019474)
The patch version of 11.0.10586.916 (KB4019473)
The patch version of 11.0.14393.1198 (KB4019472)
The patch version of 11.0.15063.296 (KB4016871)
1) Remote Code Execution (CVE-2017-0238, CVE-2017-0222, CVE-2017-0226, CVE-2017-0228, CVE-2017-0238)
2) Spoofing (CVE-2017-0231)
3) Security Feature Bypass (CVE-2017-0064)
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB4016871 Windows 10 Version 1703 for x64-based Systems(Internet Explorer 11)
KB4016871 Windows 10 Version 1703 for x86-based Systems(Internet Explorer 11)
KB4018271 Windows 8.1(Internet Explorer 11)
KB4018271 Windows Embedded 8 Standard(Internet Explorer 10)
KB4018271 Windows 7(Internet Explorer 11)
KB4018271 Windows 7 for x64-based Systems(Internet Explorer 11)
KB4018271 Windows 8.1 for x64-based Systems(Internet Explorer 11)
KB4018271 Windows Embedded 8 Standard for x64-based Systems(Internet Explorer 10)
KB4018271 Windows Embedded Standard 7(Internet Explorer 11)
KB4018271 Windows Embedded Standard 7(Internet Explorer 11)
KB4018271 Windows Embedded Standard 7 for x64-based Systems(Internet Explorer 11)
KB4018271 Windows Server 2008(Internet Explorer 9)
KB4018271 Windows Server 2008 R2 for x64-based Systems(Internet Explorer 11)
KB4018271 Windows Server 2008 x64 Edition(Internet Explorer 9)
KB4018271 Windows Server 2012(Internet Explorer 10)
KB4018271 Windows Server 2012 R2(Internet Explorer 11)
KB4018271 Windows XP Embedded(Internet Explorer 8)
KB4019215 Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems(Internet Explorer 11)
KB4019215 Monthly Quality Rollup for Windows 8.1 for x64-based Systems(Internet Explorer 11)
KB4019215 Monthly Quality Rollup for Windows 8.1 for x86-based Systems(Internet Explorer 11)
KB4019264 Windows 7 for x64-based Systems(Internet Explorer 11)
KB4019264 Windows Server 2008 R2 for x64-based Systems(Internet Explorer 11)
KB4019264 Windows 7 for x86-based Systems(Internet Explorer 11)
KB4019264 Windows Embedded Standard 7 for x64-based Systems(Internet Explorer 11)
KB4019264 Windows Embedded Standard 7 for x86-based Systems(Internet Explorer 11)
KB4019264 Windows Server 2008 R2 for Itanium-based Systems(Internet Explorer 11)
KB4019472 Windows Server 2016 for x64-based Systems(Internet Explorer 11)
KB4019472 Windows 10 Version 1607 for x64-based Systems(Internet Explorer 11)
KB4019472 Windows 10 Version 1607 for x86-based Systems(Internet Explorer 11)
KB4019473 Windows 10 Version 1511(Internet Explorer 11)
KB4019473 Windows 10 Version 1511 for x64-based Systems(Internet Explorer 11)
KB4019474 Windows 10 for x64-based Systems(Internet Explorer 11)
KB4019474 Windows 10 for x86-based Systems(Internet Explorer 11)
Microsoft Internet Explorer Security Update for May 2017
KB4019109, KB4019115, KB4019108, KB4019112, KB4019108, KB4019112, KB4019108, KB4019112, KB4019108, KB4019112, KB4019110, KB4019113, KB4019110, KB4019113, KB4019110, KB4019113, KB4019110, KB4019113, KB4019111, KB4019114, KB4019111, KB4019114, KB4019111, KB4019114, KB4019111, KB4019114, KB4019474, KB4019472, KB4016871 are covered in this QID.
This security update is rated Important for supported versions of Microsoft .NET Framework.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB4016871
KB4019108
KB4019109
KB4019110
KB4019111
KB4019112
KB4019113
KB4019114
KB4019115
KB4019472
KB4019473
KB4019474
- Microsoft Office Memory Corruption Vulnerability (CVE-2017-0254). - Microsoft SharePoint XSS Vulnerability (CVE-2017-02545). - Microsoft Office Remote Code Execution Vulnerability (CVE-2017-0261). - Microsoft Office Remote Code Execution Vulnerability(CVE-2017-0262). - Microsoft Office Memory Corruption Vulnerability (CVE-2017-0264 , CVE-2017-0265) - Microsoft Office Remote Code Execution Vulnerability(CVE-2017-0281).
This security updates contain following KBs:
KB2596904
KB3114375
KB3118310
KB3162040
KB3162054
KB3172458
KB3178729
KB3191835
KB3191836
KB3191839
KB3191841
KB3191843
KB3191858
KB3191863
KB3191865
KB3191880
KB3191881
KB3191885
KB3191888
KB3191890
KB3191895
KB3191899
KB3191904
KB3191909
KB3191913
KB3191914
KB3191915
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update May 2017
Office 2016 for Mac Mac OS
Office for Mac 2011 Mac OS
Microsoft Edge suffers multiple security vulnerabilities. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.
Affected Version:
Microsoft Edge on all Windows 10 versions
KB Articles associated with the Update:
1) 4019472
2) 4016871
3) 4019473
4) 4019474
QID Detection Logic (Authenticated):
Operating Systems: All versions of Windows 10
This QID checks for the file version of %windir%\System32\edgehtml.dll
The following KBs are checked:
The patch version is 11.0.14393.1198(KB4019472)
The patch version is 11.0.15063.296(KB4016871)
The patch version is 11.0.10586.916(KB4019473)
The patch version is 11.0.10240.17394(KB4019474)
1) Remote Code Execution
2) Arbitrary Code Execution
3) Elevation of Privilege
4) Spoofing Vulnerability
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Edge Security Update for May 2017 Windows 10 Version 1511 for x86 and x64
Edge Security Update for May 2017 Windows 10 Version 1607 for x86 and x64
Edge Security Update for May 2017 Windows 10 Version 1703 for x86 and x64
Edge Security Update for May 2017 Windows 10 for x86 and x64
An elevation of privilege vulnerability exists when the Windows improperly handles objects in memory. (CVE-2017-0246, CVE-2017-0077)
A denial of service vulnerability exists in Windows DNS Server if the server is configured to answer version queries. (CVE-2017-0171)
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. (CVE-2017-0175, CVE-2017-0220)
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. (CVE-2017-0190)
An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly validate vSMB packet data. (CVE-2017-0212)
An elevation of privilege exists in Windows COM Aggregate Marshaler. (CVE-2017-0213)
An elevation of privilege vulnerability exists when Windows fails to properly validate input before loading type libraries. (CVE-2017-0214)
An information disclosure vulnerability exists in the way some ActiveX objects are instantiated. (CVE-2017-0242)
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. (CVE-2017-0244)
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. (CVE-2017-0245)
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. (CVE-2017-0258, CVE-2017-0259)
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. (CVE-2017-0263)
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. (CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, CVE-2017-0276)
A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. (CVE-2017-0269, CVE-2017-0273, CVE-2017-0280)
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. (CVE-2017-0272, CVE-2017-0277, CVE-2017-0278, CVE-2017-0279)
A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file leading to memory corruption.(CVE-2017-0290)
KB Articles associated with the Update:
1) 4019263
2) 4019264
3) 4019215
4) 4019473
5) 4019214
6) 4019472
7) 4019474
8) 4016871
9) 4019149
10) 4018196
11) 4018885
12) 4019206
13) 4018556
14) 4018821
15) 4018927
16) 4019204
17) 4019213
18) 4019216
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB4016871
KB4018196
KB4018556
KB4018821
KB4018885
KB4018927
KB4019149
KB4019204
KB4019206
KB4019213
KB4019214
KB4019215
KB4019216
KB4019263
KB4019264
KB4019472
KB4019473
KB4019474
Microsoft will no longer release security patches and quality updates.
Refer to Windows 10 version 1507 will no longer receive security updates for more information.
QID Detection Logic (Authenticated):
This QID reviews the Windows build number under the registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion.
The QID is posted if the vulnerable build number "10240" is found on a Windows 10 target.
These new vulnerability checks are included in Qualys vulnerability signature 2.4.35-4. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
To perform a selective vulnerability scan, configure a scan profile to use the following options:
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Platforms and Platform Identification
For more information, customers may contact Qualys Technical Support.
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.