Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 81 vulnerabilities that were fixed in 10 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Microsoft has released 10 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
This security update contains the following KBs:
KB4493171
KB4486764
KB4493145
KB4493142
KB4493156
KB4493160
KB4486759
KB4493181
KB4493176
KB4493186
KB4493168
KB4493165
KB4486762
KB4493143
KB4486755
QID Detection Logic:
This authenticated QID checks the file versions from the Microsoft advisory with the versions on the affected office system.
Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update January 2021
This security update contains the following KBs:
KB4493162
KB4493163
KB4493175
KB4493178
KB4493161
KB4486683
KB4493167
KB4493187
KB4486736
KB4486724
QID Detection Logic:
This authenticated QID checks the file versions from the above Microsoft KB article with the versions on the affected SharePoint system.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update January 2021
Affected Software:
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 - 16.6)
Microsoft Visual Studio 2019 version 16.0
Microsoft Visual Studio 2019 version 16.8
QID Detection Logic:Authenticated
This QID detects vulnerable versions of Microsoft Visual Studio by checking file version of devenv.exe.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2020-26870 WIndows
Affected versions:
Any .NET Core 3.1 or .NET 5.0 application running on .NET Core 3.1.10 or .NET 5.0.1 or lower respectively.
QID Detection Logic (Authenticated):
The qid looks for sub directories under %programfiles%\dotnet\shared\Microsoft.NETCore.App, %programfiles(x86)%\dotnet\shared\Microsoft.NETCore.App and checks for vulnerable versions in .version file on Windows.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-1723 WIndows
QID Detection Logic (Authenticated):
Detection looks for Microsoft SQL Server instances and checks sqlservr.exe file version
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft SQL Server(CVE-2021-1636)
Affected Software:
Microsoft System Center 2012 Endpoint Protection
Microsoft Security Essentials
Microsoft System Center 2012 R2 Endpoint Protection
Microsoft System Center Endpoint Protection
Windows Defender
QID Detection Logic (Authenticated):
Detection checks for mpengine.dll file version less than 1.1.17700.4, and it also checks whether Windows Defender is running.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-1647
Microsoft has released Servicing Stack security updates for Windows.
QID Detection Logic (Authenticated):
This authenticated QID will check for file version of CbsCore.dll
Patches:
The following are links for downloading patches to fix these vulnerabilities:
ADV990001
The KB Articles associated with the update:
KB4598288
KB4598287
KB4598243
KB4598278
KB4598275
KB4598242
KB4598285
KB4598229
KB4598245
KB4598230
KB4598297
KB4598231
KB4598279
KB4598289
This QID checks for the file version of ntoskrnl.exe
The following versions of ntoskrnl.exe with their corresponding KBs are verified:
KB4598288 - 6.0.6003.21026
KB4598287 - 6.0.6003.21026
KB4598243 - 10.0.14393.4169
KB4598278 - 6.2.9200.23246
KB4598275 - 6.3.9600.19913
KB4598242 - 10.0.19041.746
KB4598285 - 6.3.9600.19913
KB4598229 - 10.0.18362.1316
KB4598245 - 10.0.17134.1967
KB4598230 - 10.0.17763.1697
KB4598297 - 6.2.9200.23246
KB4598231 - 10.0.10240.18818
KB4598279 - 6.1.7601.24564
KB4598289 - 6.1.7601.24564
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Security Update Guide Windows
The KB Articles associated with the update:
KB4598243
KB4598231
KB4598242
KB4598229
KB4598230
KB4598245
QID Detection Logic: (Authenticated)
This QID checks for the file version of edgehtml.dll and ntoskrnl.exe.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-1705
Affected Product::
HEVCVideoExtension prior to 1.0.33242.0
QID detection Logic:
Detection gets the version of HEVCVideoExtension by querying wmi class Win32_InstalledStoreProgram.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Security Update Guide
These new vulnerability checks are included in Qualys vulnerability signature 2.5.78-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
To perform a selective vulnerability scan, configure a scan profile to use the following options:
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Platforms and Platform Identification
For more information, customers may contact Qualys Technical Support.
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.