Advisory overview
Qualys Vulnerability R&D Lab has released new
vulnerability checks in the Enterprise TruRisk Platform to protect
organizations against
118 vulnerabilities
that were fixed in
10 bulletins
announced today by Microsoft. Customers can immediately audit
their networks for these and other new vulnerabilities by accessing
their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 10 security
bulletins
to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Internet Explorer Security Update for August 2020
-
Severity
-
Critical
4
-
Qualys ID
-
100409
-
Vendor Reference
-
KB4565349,
KB4565351,
KB4566782,
KB4571687,
KB4571692,
KB4571694,
KB4571703,
KB4571709,
KB4571729,
KB4571730,
KB4571736,
KB4571741
-
CVE Reference
-
CVE-2020-1380,
CVE-2020-1567,
CVE-2020-1570
-
CVSS Scores
-
Base 7.6 /
Temporal 6.3
-
Description
-
Microsoft releases the security update for Internet Explorer August 2020
The KB Articles associated with the update:
KB4571729
KB4571687
KB4571709
KB4571692
KB4571741
KB4571694
KB4566782
KB4571730
KB4565351
KB4571736
KB4571703
KB4565349
This QID checks for the file version of Mshtml.dll
The following versions of Mshtml.dll with their corresponding KBs are verified:
KB4571729 - 11.0.9600.19781
KB4571687 - 9.0.8112.21477 , 11.0.9600.19781
KB4571709 - 11.0.17134.1667
KB4571692 - 11.0.10240.18666
KB4571741 - 11.0.16299.2045
KB4571694 - 11.0.14393.3866
KB4566782 - 11.0.19041.450
KB4571730 - 9.0.8112.21477
KB4565351 - 11.0.18362.1016
KB4571736 - 11.0.9600.19781
KB4571703 - 11.0.9600.19781
KB4565349 - 11.0.17763.1397
-
Consequence
-
An attacker could execute arbitrary code in the context of the current user.
-
Solution
-
Please refer to the Security Update Guide for more information pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Security Update Guide Windows
-
Microsoft SharePoint Foundation and SharePoint Server Update August 2020
-
Severity
-
Critical
4
-
Qualys ID
-
110358
-
Vendor Reference
-
KB4484183,
KB4484191,
KB4484462,
KB4484471,
KB4484472,
KB4484473,
KB4484476,
KB4484478,
KB4484479,
KB4484487,
KB4484490,
KB4484498
-
CVE Reference
-
CVE-2020-1495,
CVE-2020-1499,
CVE-2020-1500,
CVE-2020-1501,
CVE-2020-1502,
CVE-2020-1503,
CVE-2020-1505,
CVE-2020-1573,
CVE-2020-1580,
CVE-2020-1583
-
CVSS Scores
-
Base 9.3 /
Temporal 6.9
-
Description
-
Microsoft has released August 2020 security updates to fix multiple security vulnerabilities.
This security update contains the following KBs:
KB4484473
KB4484479
KB4484472
KB4484462
KB4484487
KB4484476
KB4484478
KB4484471
KB4484490
KB4484498
KB4484191
KB4484183
QID Detection Logic:
This authenticated QID checks the file versions from above Microsoft KB article with the versions on affected SharePoint system.
-
Consequence
-
Successful exploitation allows an attacker to execute code remotely.
-
Solution
-
Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft SharePoint Foundation and SharePoint Server August2020
-
Microsoft Office and Microsoft Office Services and Web Apps Security Update August 2020
-
Severity
-
Critical
4
-
Qualys ID
-
110359
-
Vendor Reference
-
KB4484340,
KB4484346,
KB4484354,
KB4484359,
KB4484366,
KB4484375,
KB4484379,
KB4484385,
KB4484431,
KB4484449,
KB4484461,
KB4484465,
KB4484470,
KB4484474,
KB4484475,
KB4484481,
KB4484484,
KB4484486,
KB4484492,
KB4484494,
KB4484495,
KB4484497
-
CVE Reference
-
CVE-2020-1483,
CVE-2020-1493,
CVE-2020-1494,
CVE-2020-1495,
CVE-2020-1496,
CVE-2020-1497,
CVE-2020-1498,
CVE-2020-1502,
CVE-2020-1503,
CVE-2020-1504,
CVE-2020-1563,
CVE-2020-1581,
CVE-2020-1582,
CVE-2020-1583
-
CVSS Scores
-
Base 9.3 /
Temporal 7.3
-
Description
-
Microsoft has released August 2020 security updates to fix multiple security vulnerabilities.
This security update contains the following KBs:
KB4484475
KB4484486
KB4484497
KB4484465
KB4484346
KB4484461
KB4484449
KB4484375
KB4484354
KB4484470
KB4484474
KB4484492
KB4484495
KB4484481
KB4484494
KB4484484
KB4484431
KB4484379
KB4484359
KB4484366
KB4484340
KB4484385
QID Detection Logic:
This authenticated QID checks the file versions from above Microsoft KB article with the versions on affected office system.
-
Consequence
-
Successful exploitation allows an attacker to execute code remotely.
-
Solution
-
Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update August 2020
-
Microsoft Edge Security Update for August 2020
-
Severity
-
Critical
4
-
Qualys ID
-
91664
-
Vendor Reference
-
KB4565349,
KB4565351,
KB4566782,
KB4571692,
KB4571694,
KB4571709,
KB4571741
-
CVE Reference
-
CVE-2020-1555,
CVE-2020-1568,
CVE-2020-1569
-
CVSS Scores
-
Base 9.3 /
Temporal 6.9
-
Description
-
Microsoft releases the security update for Microsoft Edge August 2020
The KB Articles associated with the update:
KB4571692
KB4571694
KB4571741
KB4571709
KB4565349
KB4565351
KB4566782
QID Detection Logic:Authenticated
This QID checks for the file version of edgehtml.dll
-
Consequence
-
On successfull exploitation, An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website.
Additionally an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
-
Solution
-
Please refer to the CVE-2020-1568 and CVE-2020-1569 for more information pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2020-1568
CVE-2020-1569
-
Microsoft .NET Framework Security Updates for August 2020
-
Severity
-
Urgent
5
-
Qualys ID
-
91665
-
Vendor Reference
-
KB4569745,
KB4569746,
KB4569748,
KB4569749,
KB4569751,
KB4570500,
KB4570501,
KB4570502,
KB4570503,
KB4570505,
KB4570506,
KB4570507,
KB4570508,
KB4570509,
KB4571692,
KB4571709,
KB4571741
-
CVE Reference
-
CVE-2020-1046,
CVE-2020-1476
-
CVSS Scores
-
Base 9.3 /
Temporal 6.9
-
Description
-
.Net Framework is prone to multiple vulnerabilities.
- A remote code execution vulnerability exists when Microsoft .NET Framework processes input
- An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files
KB4569745,KB4569746,KB4569748,KB4569749,KB4569751,KB4570500,KB4570501,KB4570502,KB4570503,KB4570505,KB4570506,KB4570507,KB4570508,KB4570509,KB4571692,KB4571709,KB4571741 kbs are covered.
This security update is rated Important or Critical for supported versions of Microsoft .NET Framework.
.NET Framework 2.0, 3.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 and 4.8
QID Detection Logic (Authenticated):
- Checks for vulnerable version of System.web.dll for .Net Framework
-
Consequence
-
An attacker who successfully exploited this vulnerability can take control of an affected system.
-
Solution
-
Customers are advised to refer to CVE-2020-1046 and CVE-2020-1476 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2020-1046
CVE-2020-1476
-
Microsoft ASP.NET Core Denial of Service Vulnerability August 2020
-
Severity
-
Serious
3
-
Qualys ID
-
91666
-
Vendor Reference
-
CVE-2020-1597
-
CVE Reference
-
CVE-2020-1597
-
CVSS Scores
-
Base 5 /
Temporal 3.7
-
Description
-
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests.
This security update is rated Important for supported versions of Microsoft .NET Framework.
Affected versions:
.NET Core 2.1.x prior to 2.1.21
.NET Core 3.1.x prior to 3.1.7
QID Detection Logic (Authenticated):
The qid looks for sub directories under %programfiles%\dotnet\shared\Microsoft.NETCore.App, %programfiles(x86)%\dotnet\shared\Microsoft.NETCore.App and checks for vulnerable versions in .version file on windows.
-
Consequence
-
An attacker who successfully exploited this vulnerability can cause a denial of service against an ASP.NET Core web application.
-
Solution
-
Customers are advised to refer to CVE-2020-1597 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2020-1597
-
Microsoft Visual Studio Security Update for August 2020
-
Severity
-
Critical
4
-
Qualys ID
-
91667
-
Vendor Reference
-
CVE-2020-1597
-
CVE Reference
-
CVE-2020-1597
-
CVSS Scores
-
Base 5 /
Temporal 3.7
-
Description
-
Microsoft has released security update for Visual Studio which resolves multiple security vulnerabilities.
Affected Software:
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 - 16.6)
Microsoft Visual Studio 2019 version 16.0
-
Consequence
-
Successful exploitation can affect confidentiality, integrity and availability.
-
Solution
-
Customers are advised to refer to CVE-2020-1597 for more information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2020-1597 WIndows
-
Microsoft Windows Security Update for August 2020
-
Severity
-
Urgent
5
-
Qualys ID
-
91668
-
Vendor Reference
-
KB4565349,
KB4565351,
KB4566782,
KB4571692,
KB4571694,
KB4571702,
KB4571703,
KB4571709,
KB4571719,
KB4571723,
KB4571729,
KB4571730,
KB4571736,
KB4571741,
KB4571746,
KB4578013
-
CVE Reference
-
CVE-2020-1337,
CVE-2020-1339,
CVE-2020-1377,
CVE-2020-1378,
CVE-2020-1379,
CVE-2020-1383,
CVE-2020-1417,
CVE-2020-1459,
CVE-2020-1464,
CVE-2020-1466,
CVE-2020-1467,
CVE-2020-1470,
CVE-2020-1472,
CVE-2020-1473,
CVE-2020-1474,
CVE-2020-1475,
CVE-2020-1477,
CVE-2020-1478,
CVE-2020-1479,
CVE-2020-1480,
CVE-2020-1484,
CVE-2020-1485,
CVE-2020-1486,
CVE-2020-1487,
CVE-2020-1488,
CVE-2020-1489,
CVE-2020-1490,
CVE-2020-1492,
CVE-2020-1509,
CVE-2020-1510,
CVE-2020-1511,
CVE-2020-1512,
CVE-2020-1513,
CVE-2020-1515,
CVE-2020-1516,
CVE-2020-1517,
CVE-2020-1518,
CVE-2020-1519,
CVE-2020-1520,
CVE-2020-1521,
CVE-2020-1522,
CVE-2020-1524,
CVE-2020-1525,
CVE-2020-1526,
CVE-2020-1527,
CVE-2020-1528,
CVE-2020-1529,
CVE-2020-1530,
CVE-2020-1531,
CVE-2020-1533,
CVE-2020-1534,
CVE-2020-1535,
CVE-2020-1536,
CVE-2020-1537,
CVE-2020-1538,
CVE-2020-1539,
CVE-2020-1540,
CVE-2020-1541,
CVE-2020-1542,
CVE-2020-1543,
CVE-2020-1544,
CVE-2020-1545,
CVE-2020-1546,
CVE-2020-1547,
CVE-2020-1548,
CVE-2020-1549,
CVE-2020-1550,
CVE-2020-1551,
CVE-2020-1552,
CVE-2020-1553,
CVE-2020-1554,
CVE-2020-1556,
CVE-2020-1557,
CVE-2020-1558,
CVE-2020-1560,
CVE-2020-1561,
CVE-2020-1562,
CVE-2020-1564,
CVE-2020-1565,
CVE-2020-1566,
CVE-2020-1571,
CVE-2020-1574,
CVE-2020-1577,
CVE-2020-1578,
CVE-2020-1579,
CVE-2020-1584,
CVE-2020-1585,
CVE-2020-1587
-
CVSS Scores
-
Base 9.3 /
Temporal 7.7
-
Description
-
Microsoft releases the security update for Windows August 2020
The KB Articles associated with the update:
KB4571730
KB4565351
KB4571729
KB4571736
KB4565349
KB4571703
KB4571702
KB4571692
KB4571723
KB4571694
KB4571746
KB4571741
KB4571719
KB4571709
KB4566782
KB4578013
QID Detection Logic (Authenticated):
This QID checks for the file version of ntoskrnl.exe
The following versions of ntoskrnl.exe with their corresponding KBs are verified:
KB4571730 - 6.0.6003.20898
KB4565351 - 10.0.18362.1016
KB4571729 - 6.1.7601.24559
KB4571736 - 6.2.9200.23118
KB4565349 - 10.0.17763.1397
KB4571703 - 6.3.9600.19780
KB4571702 - 6.2.9200.23118
KB4571692 - 10.0.10240.18666
KB4571723 - 6.3.9600.19780
KB4571694 - 10.0.14393.3866
KB4571746 - 6.0.6003.20898
KB4571741 - 10.0.16299.2045
KB4571719 - 6.1.7601.24559
KB4571709 - 10.0.17134.1667
KB4566782 - 10.0.19041.450
KB4578013 - 6.3.9600.19780
Note: CVE-2020-1472 only affects Microsoft Windows Server Operating Systems.
-
Consequence
-
An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
-
Solution
-
Please refer to the Security Update Guide for more information pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Security Update Guide Windows
-
Microsoft SQL Server Management Studio Update for August 2020
-
Severity
-
Serious
3
-
Qualys ID
-
91669
-
Vendor Reference
-
CVE-2020-1455
-
CVE Reference
-
CVE-2020-1455
-
CVSS Scores
-
Base 2.1 /
Temporal 1.6
-
Description
-
A denial of service vulnerability exists when Microsoft SQL Server Management Studio (SSMS) improperly handles files. The security update addresses the vulnerability by ensuring Microsoft SQL Server Management Studio properly handles files.
Affected Software:
SQL Server Management Studio 18.0 - 18.5.1
QID Detection Logic:
This authenticated QID detects vulnerable SQL Server Management Studio versions by fetching ssms.exe file versions from the HKLM\SOFTWARE\Microsoft\Microsoft SQL Server Management Studio registry key.
-
Consequence
-
Successful exploitation allows an attacker to cause a denial of service condition on the targeted system.
-
Solution
-
Customers are advised to refer to CVE-2020-1455 for more information pertaining to this update.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
SQL Server Management Studio 18.6
-
Microsoft Windows Servicing Stack Security Update August 2020
-
Severity
-
Medium
2
-
Qualys ID
-
91670
-
Vendor Reference
-
ADV990001
-
CVE Reference
-
N/A
-
CVSS Scores
-
Base 6.8 /
Temporal 5
-
Description
-
Servicing stack updates improve the reliability of the update process to mitigate potential issues while installing the latest quality updates and feature updates. If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes.
Microsoft has released Servicing Stack security updates for Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 10 version 1809, Windows Server 2019, Windows version 10 1903, Windows Server 1903, Windows version 10 1909, Windows Server 1909, Windows version 10 2004, Windows Server 2004.
QID Detection Logic (Authenticated):
This authenticated QID will check for file version of CbsCore.dll
-
Consequence
-
Successful exploitation may allow unauthorized disclosure of information, unauthorized modification or disruption of service.
-
Solution
-
Customers are advised to refer to advisory ADV990001 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
ADV990001
These new vulnerability checks are included in Qualys
vulnerability signature
2.4.958-3.
Each Qualys account is automatically updated with the latest
vulnerability signatures as they become available. To view the
vulnerability signature version in your account, from the
Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
-
Ensure access to TCP ports 135 and 139 are available.
-
Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
-
100409
-
110358
-
110359
-
91664
-
91665
-
91666
-
91667
-
91668
-
91669
-
91670
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.