Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 74 vulnerabilities that were fixed in 11 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Microsoft has released 11 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
Microsoft has released Cumulative Security Updates for Internet Explorer which addresses various vulnerabilities found in Internet Explorer 11 (IE 11).
KB Articles associated with the Update:
KB5000800
KB5000802
KB5000803
KB5000807
KB5000808
KB5000809
KB5000822
KB5000841
KB5000847
KB5000848
KB5000844
QID Detection Logic (Authenticated):
This QID checks for the file version of %windir%\System32\mshtml.dll
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-27085
This security update contains the following KBs:
KB4493238
KB3101541
KB4493230
KB4493232
KB4493177
KB4493231
KB4493199
QID Detection Logic:
This authenticated QID checks the file versions from the above Microsoft KB article with the versions on the affected SharePoint system.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update March 2021
This security update contains the following KBs:
KB4493228
KB4504703
KB4493225
KB4493234
KB4493203
KB4493214
KB4493239
KB4504707
KB4493200
KB4493233
KB4493229
KB4504702
KB4493224
KB4493227
KB4484376
KB4493151
KB4486673
QID Detection Logic:
This authenticated QID checks the file versions from the Microsoft advisory with the versions on the affected office system.
Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update March 2021
Affected Versions:
Visual studio code prior to version 1.54.1
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of visual studio code.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-27060 Linux
CVE-2021-27060 Windows
Affected Software:
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 - 16.6)
Microsoft Visual Studio 2019 version 16.8
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)
QID Detection Logic:Authenticated
This QID detects vulnerable versions of Microsoft Visual Studio by checking file version of devenv.exe.
QID Detection for Linux/macOS
This QID detects vulnerable versions of Microsoft Visual Studio by uisng command:
ls -d /usr/share/dotnet/shared/Microsoft.NETCore.App/*
ls -d /usr/local/share/dotnet/shared/Microsoft.NETCore.App/*
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-21300 MAC
CVE-2021-21300 WIndows
Windows Admin Center is prone to Security Feature Bypass Vulnerability.
Affected Products:
Windows Admin Center
QID Detection Logic (authenticated):
Detection checks for fileversion from SmeDesktop.exe file.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-27066
The KB Articles associated with the update:
KB5000840
KB5000809
KB5000803
KB5000822
KB5000853
KB5000856
KB5000808
KB5000802
KB5000847
KB5000851
KB5000844
KB5000848
KB5000807
KB5000841
This QID checks for the file version of ntoskrnl.exe
The following versions of ntoskrnl.exe with their corresponding KBs are verified:
KB5000840 - 6.2.9200.23297
KB5000809 - 10.0.17134.2087
KB5000803 - 10.0.14393.4283
KB5000822 - 10.0.17763.1817
KB5000853 - 6.3.9600.19962
KB5000856 - 6.0.6003.21064
KB5000808 - 10.0.18362.1440
KB5000802 - 10.0.19041.867
KB5000847 - 6.2.9200.23297
KB5000851 - 6.1.7601.24566
KB5000844 - 6.0.6003.21064
KB5000848 - 6.3.9600.19962
KB5000807 - 10.0.10240.18874
KB5000841 - 6.1.7601.24566
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Security Update Guide Windows
An attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability.
The KB Articles associated with the update:
KB5000803
KB5000807
KB5000802
KB5000808
KB5000822
KB5000809
QID Detection Logic: (Authenticated)
This QID checks for the file version of edgehtml.dll and ntoskrnl.exe.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-26411
Microsoft has released Servicing Stack security updates for Windows.
Related KBs:
KB5000858,KB5000859,KB5000908
QID Detection Logic (Authenticated):
This authenticated QID will check for file version of CbsCore.dll
Patches:
The following are links for downloading patches to fix these vulnerabilities:
ADV990001
Affected Product:
"HEVC" or "HEVC from Device Manufacturer" media codec before and including version 1.0.40203.0
QID detection Logic:
The gets the version of HEVCVideoExtension by querying wmi class Win32_InstalledStoreProgram.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-24089 Windows
CVE-2021-24110 Windows
CVE-2021-26884 Windows
CVE-2021-26902 Windows
CVE-2021-27047 Windows
CVE-2021-27048 Windows
CVE-2021-27049 Windows
CVE-2021-27050 Windows
CVE-2021-27051 Windows
CVE-2021-27061 Windows
CVE-2021-27062 Windows
The KB Articles associated with the update:
KB5000840
KB5000853
KB5000803
KB5000802
KB5000856
KB5000808
KB5000822
KB5000847
KB5000851
KB5000844
KB5000848
KB5000841
This QID checks for the file version of dns.exe
The following versions of dns.exe with their corresponding KBs are verified:
KB5000840 - 6.2.9200.23297
KB5000853 - 6.3.9600.19965
KB5000803 - 10.0.14393.4283
KB5000802 - 10.0.19041.867
KB5000856 - 6.0.6003.21069
KB5000808 - 10.0.18362.1440
KB5000822 - 10.0.17763.1817
KB5000847 - 6.2.9200.23297
KB5000851 - 6.1.7601.24566
KB5000844 - 6.0.6003.21069
KB5000848 - 6.3.9600.19965
KB5000841 - 6.1.7601.24566
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Security Update Guide Windows
These new vulnerability checks are included in Qualys vulnerability signature 2.5.126-8. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
To perform a selective vulnerability scan, configure a scan profile to use the following options:
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Platforms and Platform Identification
For more information, customers may contact Qualys Technical Support.
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.