Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 127 vulnerabilities that were fixed in 12 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Microsoft has released 12 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
The KB Articles associated with the update:
KB4577038
KB4577010
KB4577015
KB4577066
KB4577041
KB4570333
KB4571756
KB4577032
KB4577064
KB4574727
KB4577049
KB4577051
QID Detection Logic (Authenticated):
This QID checks for the file version of Mshtml.dll
The following versions of Mshtml.dll with their corresponding KBs are verified:
KB4577038 - 10.0.9200.22975 , 11.0.9600.19811
KB4577010 - 9.0.8112.21488 , 11.0.9600.19811
KB4577015 - 11.0.14393.3930
KB4577066 - 11.0.9600.19811
KB4577041 - 11.0.16299.2107
KB4570333 - 11.0.17763.1457
KB4571756 - 11.0.19041.508
KB4577032 - 11.0.17134.1726
KB4577064 - 9.0.8112.21488
KB4574727 - 11.0.18362.1082
KB4577049 - 11.0.10240.18666
KB4577051 - 11.0.9600.19811
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Security Update Guide Windows
This security update contains the following KBs:
KB4484506
KB4484505
KB4486667
KB4484525
KB4484515
KB4484488
KB4484504
KB4486664
KB4484512
KB4484480
KB4484514
KB4484528
KB3101523
KB4484516
QID Detection Logic:
This authenticated QID checks the file versions from above Microsoft KB article with the versions on affected SharePoint system.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft SharePoint Foundation and SharePoint Server September 2020
This security update contains the following KBs:
KB4484466
KB4484530
KB4484469
KB4484507
KB4486665
KB4484526
KB3101523
KB4484503
KB4484510
KB4484533
KB4486661
KB4484481
KB4486660
KB4484522
KB4484518
KB4484513
KB4484532
KB4484517
QID Detection Logic:
This authenticated QID checks the file versions from above Microsoft KB article with the versions on affected office system.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update September 2020
The security update addresses the vulnerability by correcting how Microsoft Exchange handles objects in memory.
Affected Software:
Microsoft Exchange Server 2016 Cumulative Update 16
Microsoft Exchange Server 2016 Cumulative Update 17
Microsoft Exchange Server 2019 Cumulative Update 5
Microsoft Exchange Server 2019 Cumulative Update 6
KB articles covered: 4577352.
QID Detection Logic (authenticated):
The QID checks for the version of file Exsetup.exe if it is lesser than:
The version for Microsoft Exchange Server 2016 Cumulative Update 16 is 15.1.1979.6
The version for Microsoft Exchange Server 2016 Cumulative Update 17 is 15.1.2044.6
The version for Microsoft Exchange Server 2019 Cumulative Update 5 is 15.2.595.6
The version for Microsoft Exchange Server 2019 Cumulative Update 6 is 15.2.659.6
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Download Security Update For Exchange Server 2016 Cumulative Update 16 (KB4577352) Windows
Download Security Update For Exchange Server 2016 Cumulative Update 17 (KB4577352) Windows
Download Security Update For Exchange Server 2019 Cumulative Update 5 (KB4577352) Windows
Download Security Update For Exchange Server 2019 Cumulative Update 6 (KB4577352) WIndows
Multiple remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server.
Affected Versions:
Microsoft Dynamics 365 (on-premises) version 8.2
Microsoft Dynamics 365 (on-premises) version 9.0
KB Articles: KB4574742, KB4577501
QID Detection Logic:
This authenticated QID flags vulnerable systems by detecting Microsoft.Crm.Setup.Server.exe versions lesser than:
Microsoft Dynamics 365 (on-premises) version 8.2: 8.2.22.14
Microsoft Dynamics 365 (on-premises) version 9.0: 9.0.20.7
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB4574742
KB4577501
The update addresses the vulnerability by modifying how SSRS validates attachment uploads.
Affected Software:
SQL Server 2017 Reporting Services
SQL Server 2019 Reporting Services
QID Detection Logic:
This authenticated QID detects vulnerable file versions of the above mentioned software by fetching SSRS\ReportServer\bin\ReportingServicesService.exe file versions from the HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\SSRS\Setup registry key
SQL Server 2017 Reporting Services: lesser than 2017.140.600.1669.
SQL Server 2019 Reporting Services: lesser than 2018.150.1102.861
Patches:
The following are links for downloading patches to fix these vulnerabilities:
SQL Server 2017 Reporting Services Windows
SQL Server 2019 Reporting Services Windows
The KB Articles associated with the update:
KB4577038
KB4577015
KB4577066
KB4577071
KB4577041
KB4577070
KB4570333
KB4577032
KB4577053
KB4577064
KB4574727
KB4577049
KB4577051
KB4577048
KB4571756
QID Detection Logic (Authenticated):
This QID checks for the file version of ntoskrnl.exe
The following versions of ntoskrnl.exe with their corresponding KBs are verified:
KB4577038 - 6.2.9200.23149
KB4577015 - 10.0.14393.3930
KB4577066 - 6.3.9600.19812
KB4577071 - 6.3.9600.19812
KB4577041 - 10.0.16299.2107
KB4577070 - 6.0.6003.20933
KB4570333 - 10.0.17763.1457
KB4577032 - 10.0.17134.1726
KB4577053 - 6.1.7601.24560
KB4577064 - 6.0.6003.20933
KB4574727 - 10.0.18362.1082
KB4577049 - 10.0.10240.18696
KB4577051 - 6.1.7601.24560
KB4577048 - 6.2.9200.23149
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Security Update Guide Windows
Affected Software:
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 - 16.6)
Microsoft Visual Studio 2019 version 16.0
Microsoft Visual Studio 2015 Update 3
Microsoft Visual Studio 2013 Update 5
Microsoft Visual Studio 2012 Update 5
QID Detection Logic:Authenticated
This QID detects vulnerable versions of Microsoft Visual Studio by checking file version of devenv.exe.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2020-1130 WIndows
CVE-2020-1133 WIndows
CVE-2020-16856 WIndows
CVE-2020-16874 WIndows
Affected Software:
OneDrive for Windows - Version prior to 20.143.0716.0003
QID Detection Logic(Authenticated)
This authenticated QID detects vulnerable versions by checking file version of OneDrive.exe lower than 20.143.0716.0003 and 20.114.0607.0002
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2020-16851 WIndows
CVE-2020-16852 WIndows
CVE-2020-16853 WIndows
This security update is rated Important for supported versions of Microsoft .NET Framework.
Affected versions:
.NET Core 2.1.x prior to 2.1.22
.NET Core 3.1.x prior to 3.1.8
QID Detection Logic (Authenticated):
The qid looks for sub directories under %programfiles%\dotnet\shared\Microsoft.NETCore.App, %programfiles(x86)%\dotnet\shared\Microsoft.NETCore.App and checks for vulnerable versions in .version file on windows.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
.Net Core 2.1
.Net Core 3.1
The KB Articles associated with the update:
KB4577032
KB4570333
KB4574727
KB4577041
KB4571756
KB4577049
KB4577015
QID Detection Logic:Authenticated
This QID checks for the file version of edgehtml.dll
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2020-0878
CVE-2020-1057
CVE-2020-1172
CVE-2020-1180
Microsoft has released Servicing Stack security updates for Windows.
QID Detection Logic (Authenticated):
This authenticated QID will check for file version of CbsCore.dll
Patches:
The following are links for downloading patches to fix these vulnerabilities:
ADV990001
These new vulnerability checks are included in Qualys vulnerability signature 2.4.979-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
To perform a selective vulnerability scan, configure a scan profile to use the following options:
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Platforms and Platform Identification
For more information, customers may contact Qualys Technical Support.
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.