Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 50 vulnerabilities that were fixed in 5 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Microsoft has released 5 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
Microsoft has released Cumulative Security Updates for Internet Explorer which addresses various vulnerabilities found in Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10) and Internet Explorer 11 (IE 11). The security updated is rated Moderate for for Internet Explorer 9 (IE 9) and Internet Explorer 10 (IE 10) and Critical for Internet Explorer 11 (IE 11). The most severe of the vulnerabilities could allow remote code execution.
KB Articles associated with the Update:
1) 4284826
2) 4230450
3) 4284815
4) 4284880
5) 4284860
6) 4284874
7) 4284819
8) 4284835
9) 4284855
QID Detection Logic (Authenticated):
Operating Systems: Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8.1, Windows RT 8.1, Windows10, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016
This QID checks for the file version of %windir%\System32\mshtml.dll
The following KBs are checked:
The patch version is 11.0.9600.19036 (KB4284826 or KB4230450 or KB4284815)
The patch version is 11.0.10240.17889 (KB4284860)
The patch version is 11.0.14393.2312 (KB4284880)
The patch version is 11.0.15063.1155 (KB4284874)
The patch version is 11.0.16299.492 (KB4284819)
The patch version is 11.0.17134.112 (KB4284835)
The patch version is 10.0.9200.22464 (KB4230450 or KB4284855)
The patch version is 9.0.8112.21231 (KB4230450)
1) Remote Code Execution
2) Security Feature Bypass
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Security Update Guide
This security updates contain following KBs:
KB3115197
KB3115248
KB4011026
KB4011186
KB4018387
KB4018391
KB4022151
KB4022160
KB4022169
KB4022173
KB4022174
KB4022177
KB4022179
KB4022182
KB4022183
KB4022190
KB4022191
KB4022196
KB4022197
KB4022199
KB4022203
KB4022205
KB4022209
KB4022210
QID Detection Logic:
This authenticated QID checks the file versions from above Microsoft KB article with the versions on affected office system.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update June 2018
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. (CVE-2018-0982)
An elevation of privilege vulnerability exists when NTFS improperly checks access. (CVE-2018-1036)
A denial of service vulnerability exists in the way that the Windows Code Integrity Module performs hashing.(CVE-2018-1040)
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.(CVE-2018-8121)
An Elevation of Privilege vulnerability exists when Cortana retrieves data from user input services without consideration for status. (CVE-2018-8140)
An elevation of privilege vulnerability exists when the (Human Interface Device) HID Parser Library driver improperly handles objects in memory. (CVE-2018-8169)
An denial of service vulnerability exists when Windows NT WEBDAV Minirdr attempts to query a WEBDAV directory. (CVE-2018-8175)
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. (CVE-2018-8201)
QID Detection Logic (Authenticated):
Operating Systems: Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8.1, Windows RT 8.1, Windows10, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016
This QID checks for following file versions %windir%\System32\Ntoskrnl.exe for all affected OS:
The patch version of 6.0.6002.24400 (KB4230467)
The patch version of 6.1.7601.24150 (KB4284826 or KB4284867)
The patch version of 6.2.9200.22462 (KB4284846 or KB4284855)
The patch version of 6.3.9600.19035 (KB4284878 or KB4284815)
The patch version of 10.0.10240.17889 (KB4284860)
The patch version of 10.0.14393.2312 (KB4284880)
The patch version of 10.0.15063.1155 (KB4284874)
The patch version of 10.0.16299.492 (KB4284819)
The patch version of 10.0.17134.111 (KB4284835)
This QID checks for following files and its versions for Windows 2008 SP2:
The patch version of %windir%\system32\Advapi32.dll 6.0.6002.24398 (KB4234459)
The patch version of %windir%\System32\DriverStore\FileRepository\Hidir.sys 6.0.6002.24394 (KB4294413)
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB4230467
KB4234459
KB4284815
KB4284819
KB4284826
KB4284835
KB4284846
KB4284855
KB4284860
KB4284867
KB4284874
KB4284878
KB4284880
KB4294413
Microsoft Edge contains the following security vulnerabilities:
CVE-2018-0871: An information disclosure vulnerability exists when Edge improperly marks files.
CVE-2018-8110, CVE-2018-8111, CVE-2018-8236: A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.
CVE-2018-8227, CVE-2018-8229: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge.
CVE-2018-8234: An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory.
CVE-2018-8235: A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins.
KB Articles associated with the update:
1) KB4284874
2) KB4284819
3) KB4284835
4) KB4284880
5) KB4284860
QID Detection Logic (Authenticated):
Operating Systems: Windows 10 (1507, 1607, 1703, 1709 and 1803) and Windows Server 2016
This QID checks for the file version of %windir%\System32\edgehtml.dll
The following KBs are checked:
The patch version is 11.0.15063.1155 (KB4284874)
The patch version is 11.0.16299.492 (KB4284819)
The patch version is 11.0.17134.112 (KB4284835)
The patch version is 11.0.14393.2312 (KB4284880)
The patch version is 11.0.10240.17890 (KB4284860)
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Security Update Guide
QID Detection Logic (Authenticated):
Operating Systems: Windows Server 2008 R2, Windows 7, Windows10, Windows Server 2016
This QID checks for following file versions %windir%\System32\Ntoskrnl.exe for all affected OS:
The patch version of 6.0.6002.24421 (KB4340583)
The patch version of 6.1.7601.24150 (KB4284826 or KB4284867)
The patch version of 6.2.9200.22490(KB4338830 or KB4338820)
The patch version of 6.3.9600.19067 (KB4338815 or KB4338824)
The patch version of 10.0.10240.17889 (KB4284860)
The patch version of 10.0.14393.2312 (KB4284880)
The patch version of 10.0.15063.1155 (KB4284874)
The patch version of 10.0.16299.492 (KB4284819)
The patch version of 10.0.17134.111 (KB4284835)
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB4284860
These new vulnerability checks are included in Qualys vulnerability signature 2.4.350-5. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
To perform a selective vulnerability scan, configure a scan profile to use the following options:
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Platforms and Platform Identification
For more information, customers may contact Qualys Technical Support.
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.