Microsoft security alert.
January 12, 2021
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 81 vulnerabilities that were fixed in 10 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 10 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Office and Microsoft Office Services and Web Apps Security Update January 2021
- Severity
- Critical 4
- Qualys ID
- 110370
- Vendor Reference
- KB4486755, KB4486759, KB4486762, KB4486764, KB4493142, KB4493143, KB4493145, KB4493156, KB4493160, KB4493165, KB4493168, KB4493171, KB4493176, KB4493181, KB4493186
- CVE Reference
- CVE-2021-1711, CVE-2021-1713, CVE-2021-1714, CVE-2021-1715, CVE-2021-1716
- CVSS Scores
- Base 9.3 / Temporal 6.9
- Description
-
Microsoft has released January 2021 security updates to fix multiple security vulnerabilities.
This security update contains the following KBs:
KB4493171
KB4486764
KB4493145
KB4493142
KB4493156
KB4493160
KB4486759
KB4493181
KB4493176
KB4493186
KB4493168
KB4493165
KB4486762
KB4493143
KB4486755QID Detection Logic:
This authenticated QID checks the file versions from the Microsoft advisory with the versions on the affected office system.Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
- Consequence
-
Successful exploitation allows an attacker to execute code remotely.
- Solution
-
Refer to Microsoft Security Guide for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update January 2021
-
Microsoft SharePoint Enterprise Server Multiple Vulnerabilities January 2021
- Severity
- Critical 4
- Qualys ID
- 110371
- Vendor Reference
- KB4486683, KB4486724, KB4486736, KB4493161, KB4493162, KB4493163, KB4493167, KB4493175, KB4493178, KB4493187
- CVE Reference
- CVE-2021-1641, CVE-2021-1707, CVE-2021-1712, CVE-2021-1714, CVE-2021-1715, CVE-2021-1716, CVE-2021-1717, CVE-2021-1718, CVE-2021-1719
- CVSS Scores
- Base 9.3 / Temporal 6.9
- Description
-
Microsoft has released January 2021 security updates to fix multiple security vulnerabilities.
This security update contains the following KBs:
KB4493162
KB4493163
KB4493175
KB4493178
KB4493161
KB4486683
KB4493167
KB4493187
KB4486736
KB4486724QID Detection Logic:
This authenticated QID checks the file versions from the above Microsoft KB article with the versions on the affected SharePoint system. - Consequence
-
Successful exploitation allows an attacker to execute code remotely.
- Solution
-
Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update January 2021
-
Microsoft Visual Studio Security Update for January 2021
- Severity
- Critical 4
- Qualys ID
- 91710
- Vendor Reference
- CVE-2020-26870
- CVE Reference
- CVE-2020-26870, CVE-2021-1723
- CVSS Scores
- Base 5 / Temporal 3.9
- Description
-
Microsoft has released security update for Visual Studio which resolves multiple security vulnerabilities.
Affected Software:
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 - 16.6)
Microsoft Visual Studio 2019 version 16.0
Microsoft Visual Studio 2019 version 16.8QID Detection Logic:Authenticated
This QID detects vulnerable versions of Microsoft Visual Studio by checking file version of devenv.exe. - Consequence
- Successful exploitation can affect confidentiality, integrity and availability.
- Solution
-
Customers are advised to refer to CVE-2020-26870 for more information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2020-26870 WIndows
-
Microsoft ASP.NET Core Security Update January 2021
- Severity
- Serious 3
- Qualys ID
- 91711
- Vendor Reference
- CVE-2021-1723
- CVE Reference
- CVE-2021-1723
- CVSS Scores
- Base 5 / Temporal 3.7
- Description
-
A denial of service vulnerability exists when .NET Core improperly handles web requests.
This security update is rated Important for supported versions of .NET Core.Affected versions:
Any .NET Core 3.1 or .NET 5.0 application running on .NET Core 3.1.10 or .NET 5.0.1 or lower respectively.QID Detection Logic (Authenticated):
The qid looks for sub directories under %programfiles%\dotnet\shared\Microsoft.NETCore.App, %programfiles(x86)%\dotnet\shared\Microsoft.NETCore.App and checks for vulnerable versions in .version file on Windows. - Consequence
- Successful exploitation allows attacker to bypass the security feature and allows set a second cookie with the name being percent encoded.
- Solution
-
Customers are advised to refer to CVE-2021-1723 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-1723 WIndows
-
Microsoft SQL Server Elevation of Privilege Vulnerability - January 2021
- Severity
- Critical 4
- Qualys ID
- 91721
- Vendor Reference
- KB4583456, KB4583457, KB4583458, KB4583459, KB4583460, KB4583461, KB4583462, KB4583463, KB4583465
- CVE Reference
- CVE-2021-1636
- CVSS Scores
- Base 6.5 / Temporal 4.8
- Description
-
Microsoft SQL Server is prone to elevation of privilege vulnerability.
Affected Software:
SQL Server 2019 RTM (GDR,CU8)
SQL Server 2017 RTM (GDR,CU22)
SQL Server 2016 Service Pack 2(CU15,GDR)
SQL Server 2014 Service Pack 3 (GDR, CU4)
SQL Server 2012 Service Pack 4 (QFE)QID Detection Logic (Authenticated):
Detection looks for Microsoft SQL Server instances and checks sqlservr.exe file version - Consequence
-
An authenticated attacker can send data over a network to an affected SQL Server when configured to run an Extended Event session.
- Solution
-
Customers are advised to refer to CVE-2021-1636 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft SQL Server(CVE-2021-1636)
-
Microsoft Defender Remote Code Execution (RCE) Vulnerability January 2021
- Severity
- Urgent 5
- Qualys ID
- 91722
- Vendor Reference
- CVE-2021-1647
- CVE Reference
- CVE-2021-1647
- CVSS Scores
- Base 7.2 / Temporal 6
- Description
-
Microsoft Defender is prone to Remote Code Execution Vulnerability.
Affected Software:
Microsoft System Center 2012 Endpoint Protection
Microsoft Security Essentials
Microsoft System Center 2012 R2 Endpoint Protection
Microsoft System Center Endpoint Protection
Windows DefenderQID Detection Logic (Authenticated):
Detection checks for mpengine.dll file version less than 1.1.17700.4, and it also checks whether Windows Defender is running. - Consequence
- Successful exploitation allows remote code execution and compromise the system.
- Solution
-
Users are advised to check CVE-2021-1647 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-1647
-
Microsoft Windows Servicing Stack Security Update January 2021
- Severity
- Medium 2
- Qualys ID
- 91723
- Vendor Reference
- ADV990001
- CVE Reference
- N/A
- CVSS Scores
- Base 3.7 / Temporal 2.7
- Description
-
Servicing stack updates improve the reliability of the update process to mitigate potential issues while installing the latest quality updates and feature updates. If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes.
Microsoft has released Servicing Stack security updates for Windows.
QID Detection Logic (Authenticated):
This authenticated QID will check for file version of CbsCore.dll - Consequence
-
Successful exploitation may allow unauthorized disclosure of information, unauthorized modification or disruption of service.
- Solution
-
Customers are advised to refer to advisory ADV990001 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
ADV990001
-
Microsoft Windows Security Update for January 2021
- Severity
- Urgent 5
- Qualys ID
- 91724
- Vendor Reference
- KB4598229, KB4598231, KB4598242, KB4598243, KB4598245, KB4598275, KB4598278, KB4598279, KB4598285, KB4598287, KB4598288, KB4598289, KB4598297
- CVE Reference
- CVE-2021-1637, CVE-2021-1638, CVE-2021-1642, CVE-2021-1645, CVE-2021-1646, CVE-2021-1648, CVE-2021-1649, CVE-2021-1650, CVE-2021-1651, CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1656, CVE-2021-1657, CVE-2021-1658, CVE-2021-1659, CVE-2021-1660, CVE-2021-1661, CVE-2021-1662, CVE-2021-1663, CVE-2021-1664, CVE-2021-1665, CVE-2021-1666, CVE-2021-1667, CVE-2021-1668, CVE-2021-1669, CVE-2021-1670, CVE-2021-1671, CVE-2021-1672, CVE-2021-1673, CVE-2021-1674, CVE-2021-1676, CVE-2021-1678, CVE-2021-1679, CVE-2021-1680, CVE-2021-1681, CVE-2021-1682, CVE-2021-1683, CVE-2021-1684, CVE-2021-1685, CVE-2021-1686, CVE-2021-1687, CVE-2021-1688, CVE-2021-1689, CVE-2021-1690, CVE-2021-1691, CVE-2021-1692, CVE-2021-1693, CVE-2021-1694, CVE-2021-1695, CVE-2021-1696, CVE-2021-1697, CVE-2021-1699, CVE-2021-1700, CVE-2021-1701, CVE-2021-1702, CVE-2021-1703, CVE-2021-1704, CVE-2021-1706, CVE-2021-1708, CVE-2021-1709, CVE-2021-1710
- CVSS Scores
- Base 9.3 / Temporal 7.3
- Description
-
Microsoft releases the security update for Windows January 2021
The KB Articles associated with the update:
KB4598288
KB4598287
KB4598243
KB4598278
KB4598275
KB4598242
KB4598285
KB4598229
KB4598245
KB4598230
KB4598297
KB4598231
KB4598279
KB4598289
This QID checks for the file version of ntoskrnl.exe
The following versions of ntoskrnl.exe with their corresponding KBs are verified:
KB4598288 - 6.0.6003.21026
KB4598287 - 6.0.6003.21026
KB4598243 - 10.0.14393.4169
KB4598278 - 6.2.9200.23246
KB4598275 - 6.3.9600.19913
KB4598242 - 10.0.19041.746
KB4598285 - 6.3.9600.19913
KB4598229 - 10.0.18362.1316
KB4598245 - 10.0.17134.1967
KB4598230 - 10.0.17763.1697
KB4598297 - 6.2.9200.23246
KB4598231 - 10.0.10240.18818
KB4598279 - 6.1.7601.24564
KB4598289 - 6.1.7601.24564
- Consequence
- Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
- Solution
-
Please refer to the Security Update Guide for more information pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Security Update Guide Windows
-
Microsoft Edge Security Update for January 2021
- Severity
- Serious 3
- Qualys ID
- 91725
- Vendor Reference
- KB4598229, KB4598231, KB4598242, KB4598243, KB4598245
- CVE Reference
- CVE-2021-1705
- CVSS Scores
- Base 7.6 / Temporal 6.3
- Description
-
Microsoft releases the security update for Microsoft Edge January 2021
The KB Articles associated with the update:
KB4598243
KB4598231
KB4598242
KB4598229
KB4598230
KB4598245QID Detection Logic: (Authenticated)
This QID checks for the file version of edgehtml.dll and ntoskrnl.exe. - Consequence
- Successful exploitation of this vulnerability can affect confidentiality, integrity and availability.
- Solution
-
Please refer to the CVE-2021-1705 for more information pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-1705
-
Microsoft Windows Codecs Library Remote Code Execution Vulnerabilities - January 2021
- Severity
- Critical 4
- Qualys ID
- 91726
- Vendor Reference
- CVE-2021-1643, CVE-2021-1644
- CVE Reference
- CVE-2021-1643, CVE-2021-1644
- CVSS Scores
- Base 9.3 / Temporal 6.9
- Description
-
Multiple security vulnerabilities exist in Microsoft Windows Codecs Library.
Affected Product::
HEVCVideoExtension prior to 1.0.33242.0QID detection Logic:
Detection gets the version of HEVCVideoExtension by querying wmi class Win32_InstalledStoreProgram. - Consequence
-
An attacker who successfully exploited the vulnerability could execute arbitrary code.
- Solution
-
Users are advised to check CVE-2021-1643,CVE-2021-1644
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Security Update Guide
These new vulnerability checks are included in Qualys vulnerability signature 2.5.78-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 110370
- 110371
- 91710
- 91711
- 91721
- 91722
- 91723
- 91724
- 91725
- 91726
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.