Qualys Vulnerability R&D Lab has released new vulnerability checks in the Qualys Cloud Platform to protect organizations against 81 vulnerabilities that were fixed in 10 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Microsoft has released 10 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
Affected Versions:
Windows 10, version 2004,Windows 10, version 1903 and 1909,Windows 10, version 1809 and Windows Server 2019,Windows 10, version 1803,Windows 10, version 1709,Windows 10, version 1703,Windows 10, version 1607 and Windows Server 2016,Windows 10 (initial version released July 2015),Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2,Windows Server 2012 with Adobe Flash Player version prior to N/A.
QID Detection Logic:
This authenticated QID will flag if file version of %windir%\System32\Macromed\Flash\Flash.ocx is 32.0.0.433 and earlier.
An attacker could exploit this vulnerability to compromise Confidentiality, Integrity and/or Availability.
Workaround:
1. Prevent Adobe Flash Player from running You can disable attempts to instantiate Adobe Flash Player in Internet Explorer and other applications that honor the kill bit feature, such as Office 2007 and Office 2010, by setting the kill bit for the control in the registry.
2. Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
"Compatibility Flags"=dword:00000400
3. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
"Compatibility Flags"=dword:00000400
Double-click the .reg file to apply it to an individual system.
You can also apply this workaround across domains by using Group Policy. For more information about Group Policy, see the TechNet article, Group Policy collection.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
ADV200012 WIndows
This security update contains the following KBs:
KB4486708
KB4486677
KB4486676
KB4486694
KB4486687
KB4484531
QID Detection Logic:
This authenticated QID checks the file versions from above Microsoft KB article with the versions on affected SharePoint system.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft SharePoint Foundation and SharePoint Server October 2020
This security update contains the following KBs:
KB4486695
KB4486707
KB4486663
KB4486678
KB4486692
KB4486703
KB4486701
KB4486674
KB4486671
KB4486679
KB4486689
KB4486682
KB4484524
KB4486700
KB4486688
KB4462175
KB4484417
KB4484435
QID Detection Logic:
This authenticated QID checks the file versions from the Microsoft advisory with the versions on affected office system.
Note: Office click-2-run and Office 365 installations need to be either updated manually or need to be set to automatic update. There is no direct download for the patch.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update October 2020
QID Detection Logic (Authenticated):
This QID executes powershell command "netsh int ipv6 show interfaces level=verbose | Select-String -Pattern 'IfIndex\s+: ([2-9]|[0-9]{2,})' -Context 1,3000" , This QID will only flag when all interfaces except loopback have RDNSS disabled.
NOTE: You may see this QID is supported by remote scanner (Appliance scan) and Cloud Agent in UI, but it is supported by Cloud Agent only.
The security update corrects the way that Exchange handles these token validations.
Affected Software:
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2016 Cumulative Update 17
Microsoft Exchange Server 2016 Cumulative Update 18
Microsoft Exchange Server 2019 Cumulative Update 6
Microsoft Exchange Server 2019 Cumulative Update 7
KB articles covered: 4581424.
QID Detection Logic (authenticated):
The QID checks for the version of file Exsetup.exe if it is lesser than:
The version for Microsoft Exchange Server 2013 Cumulative Update 23 is
The version for Microsoft Exchange Server 2016 Cumulative Update 17 is
The version for Microsoft Exchange Server 2016 Cumulative Update 18 is
The version for Microsoft Exchange Server 2019 Cumulative Update 6 is
The version for Microsoft Exchange Server 2019 Cumulative Update 7 is
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB4581424
KB4578968,KB4578969,KB4578971,KB4578972,KB4578974,KB4579976,KB4579977,KB4579978,KB4579979,KB4579980,KB4580327,KB4580328,KB4580330,KB4580467,KB4580468,KB4580469,KB4580470 kbs are covered.
This security update is rated Important for supported versions of Microsoft .NET Framework.
.NET Framework 2.0, 3.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 and 4.8
QID Detection Logic (Authenticated):
- Checks for vulnerable version of System.security.dll for .Net Framework
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2020-16937
The KB Articles associated with the update:
KB4580385
KB4577668
KB4580358
KB4580353
KB4580378
KB4580347
KB4580387
KB4580346
KB4580330
KB4580382
KB4580345
KB4577671
KB4580327
KB4580328
KB4579311
QID Detection Logic (Authenticated):
This QID checks for the file version of ntoskrnl.exe
The following versions of ntoskrnl.exe with their corresponding KBs are verified:
KB4580385 - 6.0.6003.20953
KB4577668 - 10.0.17763.1518
KB4580358 - 6.3.9600.19846
KB4580353 - 6.2.9200.23179
KB4580378 - 6.0.6003.20953
KB4580347 - 6.3.9600.19846
KB4580387 - 6.1.7601.24561
KB4580346 - 10.0.14393.3986
KB4580330 - 10.0.17134.1792
KB4580382 - 6.2.9200.23179
KB4580345 - 6.1.7601.24561
KB4577671 - 10.0.18362.1139
KB4580327 - 10.0.10240.18725
KB4580328 - 10.0.16299.2166
KB4579311 - 10.0.19041.572
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Security Update Guide Windows
Microsoft has released Servicing Stack security updates for Windows.
QID Detection Logic (Authenticated):
This authenticated QID will check for file version of CbsCore.dll
Patches:
The following are links for downloading patches to fix these vulnerabilities:
ADV990001
Affected Versions:
Microsoft Dynamics 365 (on-premises) version 8.2
Microsoft Dynamics 365 (on-premises) version 9.0
KB Articles: KB4578105, KB4578106
QID Detection Logic:
This authenticated QID flags vulnerable systems by detecting Microsoft.Crm.Setup.Server.exe versions lesser than:
Microsoft Dynamics 365 (on-premises) version 8.2: 8.2.23.16
Microsoft Dynamics 365 (on-premises) version 9.0: 9.0.21.8
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB4578105
KB4578106
Release Notes
The update addresses the vulnerability by correcting how the Windows TCP/IP stack handles ICMPv6 Router Advertisement packets.
QID Detection Logic (Authenticated):
This QID checks for the file version of ntoskrnl.exe
The following versions of "tcpip.sys" with their corresponding KBs are verified:
KB4577668 - 10.0.17763.1518
KB4577671 - 10.0.18362.1139
KB4579311 - 10.0.19041.572
KB4580328 - 10.0.16299.2166
KB4580330 - 10.0.17134.1792
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2020-16898 WIndows
These new vulnerability checks are included in Qualys vulnerability signature 2.5.6-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
To perform a selective vulnerability scan, configure a scan profile to use the following options:
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Platforms and Platform Identification
For more information, customers may contact Qualys Technical Support.
The Qualys Cloud Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.