Cloud Platform
Support
Contact us

Microsoft security alert.

December 8, 2020

Advisory overview

Qualys Vulnerability R&D Lab has released new vulnerability checks in the Qualys Cloud Platform to protect organizations against 52 vulnerabilities that were fixed in 11 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.

Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.

Vulnerability details

Microsoft has released 11 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:

  • Microsoft SharePoint Enterprise Server and Foundation Multiple Vulnerabilities December 2020

    Severity
    Critical 4
    Qualys ID
    110367
    Vendor Reference
    KB4486696, KB4486697, KB4486721, KB4486751, KB4486752, KB4486753, KB4493138, KB4493149
    CVE Reference
    CVE-2020-17089, CVE-2020-17115, CVE-2020-17118, CVE-2020-17120, CVE-2020-17121, CVE-2020-17122
    CVSS Scores
    Base 10 / Temporal 7.4
    Description
    Microsoft has released December 2020 security updates to fix multiple security vulnerabilities.

    This security update contains the following KBs:

    KB4493138
    KB4493149
    KB4486753
    KB4486751
    KB4486752
    KB4486696
    KB4486721
    KB4486697

    QID Detection Logic:
    This authenticated QID checks the file versions from above Microsoft KB article with the versions on affected SharePoint system.

    Consequence
    Successful exploitation allows an attacker to execute code remotely.

    Solution
    Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    Microsoft SharePoint Foundation and SharePoint Server December 2020

  • Microsoft Office and Microsoft Office Services and Web Apps Security Update December 2020

    Severity
    Critical 4
    Qualys ID
    110368
    Vendor Reference
    KB4484372, KB4484393, KB4484468, KB4486698, KB4486704, KB4486750, KB4486754, KB4486757, KB4486760, KB4493139, KB4493140, KB4493148
    CVE Reference
    CVE-2020-17122, CVE-2020-17123, CVE-2020-17124, CVE-2020-17125, CVE-2020-17126, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129, CVE-2020-17130
    CVSS Scores
    Base 9.3 / Temporal 6.9
    Description
    Microsoft has released December 2020 security updates to fix multiple security vulnerabilities.

    This security update contains the following KBs:
    KB4486754
    KB4486760
    KB4493139
    KB4486750
    KB4493140
    KB4493148
    KB4486757
    KB4484372
    KB4484393
    KB4484468
    KB4486704
    KB4486698

    QID Detection Logic:
    This authenticated QID checks the file versions from the Microsoft advisory with the versions on affected office system.

    Note: Office click-2-run and Office 365 installations need to be either updated manually or need to be set to automatic update. There is no direct download for the patch.

    Consequence
    Successful exploitation allows an attacker to execute code remotely.

    Solution
    Refer to Microsoft Security Guide for more details pertaining to this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    Microsoft Office and Microsoft Office Services and Web Apps Security Update December 2020

  • Microsoft Outlook Information Disclosure Vulnerability Security Update December 2020

    Severity
    Critical 4
    Qualys ID
    110369
    Vendor Reference
    KB4486732, KB4486742, KB4486748
    CVE Reference
    CVE-2020-17119
    CVSS Scores
    Base 5 / Temporal 3.9
    Description
    Microsoft has released December 2020 security updates for outlook to fix a information disclosure vulnerability.

    This security update contains the following KBs:
    KB4486732
    KB4486742
    KB4486748

    QID Detection Logic:
    This authenticated QID checks the file versions from the Microsoft advisory with the versions on affected outlook applications.

    Note: Office click-2-run and Office 365 installations need to be either updated manually or need to be set to automatic update. There is no direct download for the patch.

    Consequence
    Successful exploitation will lead to information disclosure.

    Solution
    Refer to Microsoft Security Guide for more details pertaining to this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    Microsoft Office and Microsoft Office Services and Web Apps Security Update December 2020

  • Microsoft Exchange Server Update for December 2020

    Severity
    Critical 4
    Qualys ID
    50104
    Vendor Reference
    CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17142, CVE-2020-17143, CVE-2020-17144
    CVE Reference
    CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17142, CVE-2020-17143, CVE-2020-17144
    CVSS Scores
    Base 9 / Temporal 7
    Description
    Microsoft Exchange Server is prone to following vulnerabilities:
    - A remote code execution vulnerability occurs due to improper validation of cmdlet arguments

    - An information disclosure vulnerability exists

    KB Articles associated with this update are: KB4593465, KB4593466, KB4593467

    Affected Versions:
    Microsoft Exchange Server 2013 Cumulative Update 23
    Microsoft Exchange Server 2016 Cumulative Update 17
    Microsoft Exchange Server 2016 Cumulative Update 18
    Microsoft Exchange Server 2019 Cumulative Update 6
    Microsoft Exchange Server 2019 Cumulative Update 7
    Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 31

    QID Detection Logic (authenticated):
    The QID checks for the version of file Exsetup.exe.

    Consequence
    Successful exploitation allows attacker to execute remote code and compromise the system.
    Solution
    Customers are advised to refer to KB4593465, KB4593466, KB4593467for information pertaining to this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    KB4593465
    KB4593466
    KB4593467

  • Microsoft Azure DevOps Server and Team Foundation Services Spoofing Vulnerability - December 2020

    Severity
    Critical 4
    Qualys ID
    91696
    Vendor Reference
    CVE-2020-1325, CVE-2020-17135, CVE-2020-17145
    CVE Reference
    CVE-2020-1325, CVE-2020-17135, CVE-2020-17145
    CVSS Scores
    Base 5.5 / Temporal 4.1
    Description
    Microsoft Azure DevOps Server and Team Foundation Services Spoofing Vulnerability Affected Versions:
    Team Foundation Server 2018 Update 3.2
    Azure DevOps Server 2020
    Team Foundation Server 2018 Update 1.2
    Team Foundation Server 2015 Update 4.2
    Azure DevOps Server 2019 Update 1.1
    Azure DevOps Server 2019.0.1
    Team Foundation Server 2017 Update 3.1
    Consequence
    Successful exploitation allows attacker to compromise the confidentiality and integrity of the system.
    Solution
    Customers are advised to refer to CVE-2020-1325, CVE-2020-17135 and CVE-2020-17145 for information pertaining to this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2020-1325
    CVE-2020-17135
    CVE-2020-17145

  • Microsoft Dynamics 365 Security Update for December 2020

    Severity
    Critical 4
    Qualys ID
    91701
    Vendor Reference
    CVE-2020-17147, CVE-2020-17152, CVE-2020-17158
    CVE Reference
    CVE-2020-17133, CVE-2020-17147, CVE-2020-17152, CVE-2020-17158
    CVSS Scores
    Base 6.5 / Temporal 4.8
    Description
    Microsoft Dynamics contains the following vulnerabilities:
    CVE-2020-17133: Microsoft Dynamics Business Central/NAV Information Disclosure
    CVE-2020-17158: Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
    CVE-2020-17152: Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
    CVE-2020-17147: Dynamics CRM Webclient Cross-site Scripting Vulnerability

    Affected Software:

    Microsoft Dynamics NAV 2015
    Dynamics 365 for Finance and Operations
    Microsoft Dynamics 365 (on-premises) version 8.2
    Microsoft Dynamics 365 (on-premises) version 9.0

    QID Detection Logic(Authenticated):
    This authenticated QID flags vulnerable systems by detecting Vulnerable versions:

    Consequence
    Depending on the vulnerability being exploited, an attacker to conduct cross-site scripting attacks or update data without proper authorization.
    Solution
    Customers are advised to refer to CVE-2020-17152 CVE-2020-17158,CVE-2020-17152,CVE-2020-17147 for more details pertaining to this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2020-17133 WIndows
    CVE-2020-17147 WIndows
    CVE-2020-17152 WIndows
    CVE-2020-17158 WIndows

  • Microsoft Visual Studio Security Update for December 2020

    Severity
    Critical 4
    Qualys ID
    91703
    Vendor Reference
    CVE-2020-17156
    CVE Reference
    CVE-2020-17156
    CVSS Scores
    Base 6.8 / Temporal 5
    Description
    Microsoft has released security update for Visual Studio which resolves multiple security vulnerabilities.

    Affected Software:
    Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
    Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
    Microsoft Visual Studio 2019 version 16.7 (includes 16.0 - 16.6)
    Microsoft Visual Studio 2019 version 16.0
    Microsoft Visual Studio 2019 version 16.8

    QID Detection Logic:Authenticated
    This QID detects vulnerable versions of Microsoft Visual Studio by checking file version of devenv.exe.

    Consequence
    Successful exploitation can affect confidentiality, integrity and availability.
    Solution
    Customers are advised to refer to CVE-2020-17156 for more information pertaining to this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2020-17156 windows

  • Microsoft Windows DNS Resolver Addressing Spoofing Vulnerability (ADV200013)

    Severity
    Serious 3
    Qualys ID
    91704
    Vendor Reference
    ADV200013
    CVE Reference
    N/A
    CVSS Scores
    Base 5 / Temporal 4
    Description
    Microsoft is aware of a vulnerability involving DNS cache poisoning caused by IP fragmentation that affects Windows DNS Resolver. QID Detection Logic (Authenticated):
    This authenticated QID will check for workaround in registry key "HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters" ,value "MaximumUdpPacketSize" and data 1221

    Consequence
    An attacker who successfully exploited this vulnerability could spoof the DNS packet which can be cached by the DNS Forwarder or the DNS Resolver.
    Solution
    Please refer to Microsoft advisory for ADV200013 for more details.Workaround:
    Configure Windows DNS servers to have UDP buffer size of 1221
  • Microsoft Windows Security Update for December 2020

    Severity
    Critical 4
    Qualys ID
    91706
    Vendor Reference
    KB4592438, KB4592440, KB4592446, KB4592449, KB4592464, KB4592468, KB4592471, KB4592484, KB4592495, KB4592497, KB4592498, KB4592503, KB4592504, KB4593226
    CVE Reference
    CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964, CVE-2020-16996, CVE-2020-17092, CVE-2020-17094, CVE-2020-17095, CVE-2020-17096, CVE-2020-17097, CVE-2020-17098, CVE-2020-17099, CVE-2020-17103, CVE-2020-17134, CVE-2020-17136, CVE-2020-17137, CVE-2020-17138, CVE-2020-17139, CVE-2020-17140
    CVSS Scores
    Base 9 / Temporal 6.7
    Description
    Microsoft releases the security update for Windows December 2020

    The KB Articles associated with the update:
    KB4592484
    KB4592449
    KB4592440
    KB4592503
    KB4592495
    KB4592464
    KB4592504
    KB4592471
    KB4592446
    KB4592468
    KB4593226
    KB4592438
    KB4592497
    KB4592498

    This QID checks for the file version of ntoskrnl.exe

    The following versions of ntoskrnl.exe with their corresponding KBs are verified:
    KB4592484 - 6.3.9600.19880
    KB4592449 - 10.0.18362.1256
    KB4592440 - 10.0.17763.1637
    KB4592503 - 6.1.7601.24563
    KB4592495 - 6.3.9600.19880
    KB4592464 - 10.0.10240.18782
    KB4592504 - 6.0.6003.20996
    KB4586786 - 10.0.18362.1198
    KB4586793 - 10.0.17763.1577
    KB4586830 - 10.0.14393.4046
    KB4592471 - 6.1.7601.24563
    KB4592468 - 6.2.9200.23209
    KB4593226 - 10.0.14393.4104
    KB4592438 - 10.0.19041.685
    KB4586781 - 10.0.19041.630
    KB4592497 - 6.2.9200.23209
    KB4592498 - 6.0.6003.20996

    The following versions of Ntfs.sys with their corresponding KBs are verified:
    KB4592446 - 10.0.17134.1902

    Consequence
    A remote attacker could send specially crafted requests over a network to exploit this vulnerability and execute code on the target system.
    Solution
    Please refer to the Security Update Guide for more information pertaining to these vulnerabilities.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    Microsoft Security Update Guide Windows

  • Microsoft Windows Servicing Stack Security Update December 2020

    Severity
    Medium 2
    Qualys ID
    91707
    Vendor Reference
    ADV990001
    CVE Reference
    N/A
    CVSS Scores
    Base 3.7 / Temporal 2.7
    Description
    Servicing stack updates improve the reliability of the update process to mitigate potential issues while installing the latest quality updates and feature updates. If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes.

    Microsoft has released Servicing Stack security updates for Windows.

    QID Detection Logic (Authenticated):
    This authenticated QID will check for file version of CbsCore.dll

    Consequence
    Successful exploitation may allow unauthorized disclosure of information, unauthorized modification or disruption of service.

    Solution
    Customers are advised to refer to advisory ADV990001 for more information.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    ADV990001

  • Microsoft Edge Security Update for December 2020

    Severity
    Critical 4
    Qualys ID
    91708
    Vendor Reference
    KB4592438, KB4592440, KB4592449
    CVE Reference
    CVE-2020-17131
    CVSS Scores
    Base 5.1 / Temporal 4
    Description
    Microsoft releases the security update for Microsoft Edge December 2020

    The KB Articles associated with the update:
    KB4592440
    KB4592449
    KB4592438

    QID Detection Logic:Authenticated
    This QID checks for the file version of edgehtml.dll and ntoskrnl.exe.

    Consequence
    Successful exploitation of this vulnerability can lead to remote code execution.
    Solution
    Please refer to the CVE-2020-17131 for more information pertaining to these vulnerabilities.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2020-17131

These new vulnerability checks are included in Qualys vulnerability signature 2.5.51-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.

Selective Scan Instructions Using Qualys

To perform a selective vulnerability scan, configure a scan profile to use the following options:

  1. Ensure access to TCP ports 135 and 139 are available.
  2. Enable Windows Authentication (specify Authentication Records).
  3. Enable the following Qualys IDs:
    • 110367
    • 110368
    • 110369
    • 50104
    • 91696
    • 91701
    • 91703
    • 91704
    • 91706
    • 91707
    • 91708
  4. If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
  5. If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.

In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.

Access for Qualys Customers

Platforms and Platform Identification

Technical Support

For more information, customers may contact Qualys Technical Support.

About Qualys

The Qualys Cloud Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.