Microsoft security alert.
October 8, 2019
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 61 vulnerabilities that were fixed in 8 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 8 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Internet Explorer Security Update for October 2019
- Severity
- Critical 4
- Qualys ID
- 100389
- Vendor Reference
- KB4517389, KB4519338, KB4519974, KB4519976, KB4519998, KB4520002, KB4520004, KB4520005, KB4520007, KB4520008, KB4520010, KB4520011
- CVE Reference
- CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-0608, CVE-2019-1060, CVE-2019-1238, CVE-2019-1239, CVE-2019-1318, CVE-2019-1357, CVE-2019-1371, CVE-2019-11091
- CVSS Scores
- Base 9.3 / Temporal 6.9
- Description
-
Microsoft releases the security update for Internet Explorer October 2019
The KB Articles associated with the update:
KB4519974
KB4520011
KB4520010
KB4519976
KB4519338
KB4520008
KB4517389
KB4520007
KB4519998
KB4520005
KB4520004
KB4520002
QID Detection Logic:This QID checks for the file version of Mshtml.dll
The following versions of Mshtml.dll with their corresponding KBs are verified:
KB4519974 - 10.0.9200.22885 , 9.0.8112.21374 , 11.0.9600.19502
KB4520011 - 11.0.10240.18366
KB4520010 - 11.0.15063.2106
KB4519976 - 11.0.9600.19507
KB4519338 - 11.0.17763.802
KB4520008 - 11.0.17134.1067
KB4517389 - 11.0.18362.418
KB4520007 - 10.0.9200.22890
KB4519998 - 11.0.14393.3269
KB4520005 - 11.0.9600.19507
KB4520004 - 11.0.16299.1448
KB4520002 - 9.0.8112.21380
- Consequence
- An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user's system
- Solution
-
Please refer to the Security Update Guide for more information pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Security Update Guide Windows
-
Microsoft Office and Microsoft Office Services and Web Apps Security Update October 2019
- Severity
- Critical 4
- Qualys ID
- 110339
- Vendor Reference
- KB4462176, KB4462215, KB4475554, KB4475558, KB4475569, KB4475595, KB4475608, KB4484110, KB4484111, KB4484112, KB4484122, KB4484123, KB4484130, KB4484131
- CVE Reference
- CVE-2019-1070, CVE-2019-1327, CVE-2019-1328, CVE-2019-1329, CVE-2019-1330, CVE-2019-1331
- CVSS Scores
- Base 9.3 / Temporal 6.9
- Description
-
Microsoft has released October 2019 security updates to fix multiple security vulnerabilities.
This security update contains the following KBs:
KB4484122
KB4484111
KB4484130
KB4484112
KB4484123
KB4484131
KB4475608
KB4484110
KB4462176
KB4475558
KB4475554
KB4475569
KB4475595
KB4462215QID Detection Logic:
This authenticated QID checks the file versions from above Microsoft KB article with the versions on affected office system. - Consequence
- Successful exploitation allows an attacker to execute code remotely.
- Solution
-
Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update October 2019
-
Open Enclave SDK Information Disclosure Vulnerability
- Severity
- Serious 3
- Qualys ID
- 372148
- Vendor Reference
- Open Enclave SDK 0.7.0
- CVE Reference
- CVE-2019-1369
- CVSS Scores
- Base 2.1 / Temporal 1.6
- Description
-
Open Enclave is an SDK for building enclave applications in C and C++.
An information disclosure vulnerability exists when an enclave application is loaded by a malicious host application.
Affected Software:
Open Enclave SDK version prior to 0.7.0QID Detection Logic:
Checks for open-enclave package version less than 0.7.0 on Ubuntu operating system. - Consequence
-
An attacker who successfully exploited the vulnerability can read privileged data from the enclave heap across trust boundaries.
- Solution
-
The issue has been addressed in version 0.7.0
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Open Enclave SDK 0.7.0
-
Microsoft Dynamics 365 Security Update for October 2019
- Severity
- Serious 3
- Qualys ID
- 91578
- Vendor Reference
- CVE-2019-1375
- CVE Reference
- CVE-2019-1375
- CVSS Scores
- Base 3.5 / Temporal 2.6
- Description
-
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server.
Affected Versions:
Microsoft Dynamics 365 (on-premises) version 9.0QID Detection Logic:
This authenticated QID flags vulnerable systems by detecting Microsoft.Crm.Setup.Server.exe versions lesser than 9.0.9.4 - Consequence
- The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current authenticated user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions within Dynamics Server on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.
- Solution
-
Customers are advised to refer to CVE-2019-1375 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2019-1375
-
Microsoft Edge Security Update for October 2019
- Severity
- Critical 4
- Qualys ID
- 91579
- Vendor Reference
- KB4517389, KB4519338, KB4519998, KB4520004, KB4520008, KB4520010, KB4520011
- CVE Reference
- CVE-2019-0608, CVE-2019-1307, CVE-2019-1308, CVE-2019-1335, CVE-2019-1356, CVE-2019-1357, CVE-2019-1366
- CVSS Scores
- Base 7.6 / Temporal 5.6
- Description
-
Microsoft releases the security update for Microsoft Edge October 2019
The KB Articles associated with the update:
KB4519998
KB4520004
KB4519338
KB4520010
KB4520011
KB4520008
KB4517389
QID Detection Logic:This QID checks for the file version of edgehtml.dll
The following versions of edgehtml.dll with their corresponding KBs are verified:
KB4519998 - 11.0.14393.3241
KB4520004 - 11.0.16299.1419
KB4519338 - 11.0.17763.802
KB4520010 - 11.0.15063.2076
KB4520011 - 11.0.10240.18366
KB4520008 - 11.0.17134.1067
KB4517389 - 11.0.18362.418
- Consequence
- An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
- Solution
-
Please refer to the Security Update Guide for more information pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Security Update Guide Windows
-
Microsoft Windows Servicing Stack Security Update October 2019
- Severity
- Medium 2
- Qualys ID
- 91580
- Vendor Reference
- KB4521856, KB4521857, KB4521858, KB4521859, KB4521860, KB4521861, KB4521862, KB4521863, KB4521864
- CVE Reference
- N/A
- CVSS Scores
- Base 5.1 / Temporal 3.8
- Description
-
Microsoft has released Servicing Stack security updates for Windows 10, Windows 10 Version 1607, Windows 10 Version 1703, Windows 10 Version 1709, Windows 10 Version 1803, Windows 10 Version 1809, Windows 10 Version 1903,Windows 8.1, Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation), Windows Server 2016,Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server, version 1803 (Server Core Installation), Windows Server, version 1903 (Server Core installation)
QID Detection Logic (Authenticated):
This authenticated QID will check for file version of CbsCore.dll - Consequence
- Successful exploitation allows attacker to compromise the system.
- Solution
-
Customers are advised to refer to advisrory ADV990001for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
ADV990001
-
Microsoft SQL Server Management Studio Information Disclosure Vulnerability Update for October 2019
- Severity
- Serious 3
- Qualys ID
- 91581
- Vendor Reference
- CVE-2019-1313, CVE-2019-1376
- CVE Reference
- CVE-2019-1313, CVE-2019-1376
- CVSS Scores
- Base 4 / Temporal 3
- Description
-
SSMS is an integrated environment for managing any SQL infrastructure, from SQL Server to SQL Database. SSMS provides tools to configure, monitor, and administer instances of SQL.
Two information disclosure vulnerabilities exist in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions. An attacker could exploit the vulnerability if the attacker's credentials allow access to an affected SQL server database. The security update addresses the vulnerability by correcting how SQL Server Management Studio enforces permissions.
Affected Versions:
SQL Server Management Studio 18.3
SQL Server Management Studio 18.3.1QID Detection Logic:
This authenticated QID detects versions of the Microsoft SQL Server Management Studio. - Consequence
-
Successful exploitation allows an attacker to gain unauthorized access to database and file information.
- Solution
-
Customers are advised to refer Security Update Guide for updates pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
SQL Server Management Studio
-
Microsoft Windows Security Update for October 2019
- Severity
- Critical 4
- Qualys ID
- 91582
- Vendor Reference
- KB4517389, KB4519338, KB4519976, KB4519985, KB4519990, KB4519998, KB4520002, KB4520003, KB4520004, KB4520005, KB4520007, KB4520008, KB4520009, KB4520010, KB4520011
- CVE Reference
- CVE-2019-1060, CVE-2019-1166, CVE-2019-1230, CVE-2019-1311, CVE-2019-1315, CVE-2019-1316, CVE-2019-1317, CVE-2019-1318, CVE-2019-1319, CVE-2019-1320, CVE-2019-1321, CVE-2019-1322, CVE-2019-1323, CVE-2019-1325, CVE-2019-1326, CVE-2019-1333, CVE-2019-1334, CVE-2019-1336, CVE-2019-1337, CVE-2019-1338, CVE-2019-1339, CVE-2019-1340, CVE-2019-1341, CVE-2019-1342, CVE-2019-1343, CVE-2019-1344, CVE-2019-1345, CVE-2019-1346, CVE-2019-1347, CVE-2019-1358, CVE-2019-1359, CVE-2019-1361, CVE-2019-1362, CVE-2019-1363, CVE-2019-1364, CVE-2019-1365, CVE-2019-1368
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
Microsoft releases the security update for Windows October 2019
The KB Articles associated with the update:
KB4520011
KB4520010
KB4519976
KB4519338
KB4520008
KB4517389
KB4520007
KB4519998
KB4520005
KB4520004
KB4520002
KB4519990
KB4520003
KB4519985
KB4520009
QID Detection Logic:This QID checks for the file version of ntoskrnl.exe
The following versions of ntoskrnl.exe with their corresponding KBs are verified:
KB4520011 - 10.0.10240.18366
KB4520010 - 10.0.15063.2106
KB4519976 - 6.1.7601.24524
KB4519338 - 10.0.17763.802
KB4520008 - 10.0.17134.1067
KB4517389 - 10.0.18362.418
KB4520007 - 6.2.9200.22881
KB4519998 - 10.0.14393.3269
KB4520004 - 10.0.16299.1448
KB4520002 - 6.0.6003.20654
The following versions of User32.dll with their corresponding KBs are verified:
KB4520005, KB4519990 - 6.3.9600.19468
- Consequence
- An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
- Solution
-
Please refer to the Security Update Guide for more information pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Security Update Guide Windows
These new vulnerability checks are included in Qualys vulnerability signature 2.4.718-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 100389
- 110339
- 372148
- 91578
- 91579
- 91580
- 91581
- 91582
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.