Microsoft security alert.
March 9, 2021
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 74 vulnerabilities that were fixed in 11 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 11 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Internet Explorer Security Update for March 2021
- Severity
- Serious 3
- Qualys ID
- 100414
- Vendor Reference
- KB5000800, KB5000802, KB5000803, KB5000807, KB5000808, KB5000809, KB5000822, KB5000841, KB5000844, KB5000847, KB5000848
- CVE Reference
- CVE-2021-26411, CVE-2021-27085
- CVSS Scores
- Base 7.6 / Temporal 6.3
- Description
-
Internet Explorer is a web-browser developed by Microsoft which is included in Microsoft Windows Operating Systems.
Microsoft has released Cumulative Security Updates for Internet Explorer which addresses various vulnerabilities found in Internet Explorer 11 (IE 11).
KB Articles associated with the Update:
KB5000800
KB5000802
KB5000803
KB5000807
KB5000808
KB5000809
KB5000822
KB5000841
KB5000847
KB5000848
KB5000844QID Detection Logic (Authenticated):
This QID checks for the file version of %windir%\System32\mshtml.dll
- Consequence
- Successful exploitation of the vulnerability may allow the attacker to cause Remote Code Execution.
- Solution
-
For more information, Customers are advised to refer the Security Update Guide.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-27085
-
Microsoft SharePoint Enterprise Server Multiple Vulnerabilities March 2021
- Severity
- Critical 4
- Qualys ID
- 110375
- Vendor Reference
- KB3101541, KB4493177, KB4493199, KB4493230, KB4493231, KB4493232, KB4493238
- CVE Reference
- CVE-2021-24104, CVE-2021-27052, CVE-2021-27076
- CVSS Scores
- Base 6.5 / Temporal 4.8
- Description
-
Microsoft has released March 2021 security updates to fix multiple security vulnerabilities.
This security update contains the following KBs:
KB4493238
KB3101541
KB4493230
KB4493232
KB4493177
KB4493231
KB4493199QID Detection Logic:
This authenticated QID checks the file versions from the above Microsoft KB article with the versions on the affected SharePoint system. - Consequence
-
Successful exploitation allows an attacker to execute code remotely.
- Solution
-
Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update March 2021
-
Microsoft Office and Microsoft Office Services and Web Apps Security Update March 2021
- Severity
- Critical 4
- Qualys ID
- 110376
- Vendor Reference
- KB4484376, KB4486673, KB4493151, KB4493200, KB4493203, KB4493214, KB4493224, KB4493225, KB4493227, KB4493228, KB4493229, KB4493233, KB4493234, KB4493239, KB4504702, KB4504703, KB4504707
- CVE Reference
- CVE-2021-24108, CVE-2021-27053, CVE-2021-27054, CVE-2021-27055, CVE-2021-27056, CVE-2021-27057, CVE-2021-27058, CVE-2021-27059
- CVSS Scores
- Base 9.3 / Temporal 7.3
- Description
-
Microsoft has released March 2021 security updates to fix multiple security vulnerabilities.
This security update contains the following KBs:
KB4493228
KB4504703
KB4493225
KB4493234
KB4493203
KB4493214
KB4493239
KB4504707
KB4493200
KB4493233
KB4493229
KB4504702
KB4493224
KB4493227
KB4484376
KB4493151
KB4486673QID Detection Logic:
This authenticated QID checks the file versions from the Microsoft advisory with the versions on the affected office system.Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
- Consequence
-
Successful exploitation allows an attacker to execute code remotely.
- Solution
-
Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update March 2021
-
Visual Studio Code Remote Code Execution Vulnerability
- Severity
- Critical 4
- Qualys ID
- 375336
- Vendor Reference
- CVE-2021-27060
- CVE Reference
- CVE-2021-27060
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
Visual Studio Code is a lightweight but powerful source code editor which runs on your desktop and is available for Windows, macOS and Linux.
Affected Versions:
Visual studio code prior to version 1.54.1QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of visual studio code. - Consequence
- A local attacker who successfully exploited the vulnerability could inject arbitrary code to run in the context of the current user.
- Solution
-
Please refer to Microsoft advisory for Visual Studio Code for more details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-27060 Linux
CVE-2021-27060 Windows
-
Microsoft Visual Studio Security Update for March 2021
- Severity
- Critical 4
- Qualys ID
- 91746
- Vendor Reference
- CVE-2021-21300, CVE-2021-26701
- CVE Reference
- CVE-2021-21300, CVE-2021-26701
- CVSS Scores
- Base 7.5 / Temporal 5.9
- Description
-
Microsoft has released security update for Visual Studio which resolves multiple security vulnerabilities.
Affected Software:
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 - 16.6)
Microsoft Visual Studio 2019 version 16.8
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)QID Detection Logic:Authenticated
This QID detects vulnerable versions of Microsoft Visual Studio by checking file version of devenv.exe.
QID Detection for Linux/macOS
This QID detects vulnerable versions of Microsoft Visual Studio by uisng command:
ls -d /usr/share/dotnet/shared/Microsoft.NETCore.App/*
ls -d /usr/local/share/dotnet/shared/Microsoft.NETCore.App/*
- Consequence
- Successful exploitation can affect confidentiality, integrity and availability.
- Solution
-
Customers are advised to refer to CVE-2021-21300 for more information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-21300 MAC
CVE-2021-21300 WIndows
-
Microsoft Windows Admin Center Security Feature Bypass Vulnerability - March 2021
- Severity
- Serious 3
- Qualys ID
- 91748
- Vendor Reference
- CVE-2021-27066
- CVE Reference
- CVE-2021-27066
- CVSS Scores
- Base 4 / Temporal 3
- Description
-
Windows Admin Center is a customer-deployed, browser-based app for managing servers, clusters, hyper-converged infrastructure, and Windows 10 PCs.
Windows Admin Center is prone to Security Feature Bypass Vulnerability.
Affected Products:
Windows Admin CenterQID Detection Logic (authenticated):
Detection checks for fileversion from SmeDesktop.exe file. - Consequence
-
Successful exploitation allows attacker to bypass the security feature
- Solution
-
Customers are advised to refer Windows Admin Center for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-27066
-
Microsoft Windows Security Update for March 2021
- Severity
- Urgent 5
- Qualys ID
- 91749
- Vendor Reference
- KB5000802, KB5000803, KB5000807, KB5000808, KB5000809, KB5000822, KB5000840, KB5000841, KB5000844, KB5000847, KB5000848, KB5000851, KB5000853, KB5000856
- CVE Reference
- CVE-2021-1640, CVE-2021-1729, CVE-2021-24090, CVE-2021-24095, CVE-2021-24107, CVE-2021-26860, CVE-2021-26861, CVE-2021-26862, CVE-2021-26863, CVE-2021-26864, CVE-2021-26865, CVE-2021-26866, CVE-2021-26867, CVE-2021-26868, CVE-2021-26869, CVE-2021-26870, CVE-2021-26871, CVE-2021-26872, CVE-2021-26873, CVE-2021-26874, CVE-2021-26875, CVE-2021-26876, CVE-2021-26878, CVE-2021-26879, CVE-2021-26880, CVE-2021-26881, CVE-2021-26882, CVE-2021-26884, CVE-2021-26885, CVE-2021-26886, CVE-2021-26889, CVE-2021-26890, CVE-2021-26891, CVE-2021-26892, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895, CVE-2021-26896, CVE-2021-26898, CVE-2021-26899, CVE-2021-26900, CVE-2021-26901, CVE-2021-27063, CVE-2021-27066, CVE-2021-27070, CVE-2021-27077
- CVSS Scores
- Base 10 / Temporal 8.7
- Description
-
Microsoft releases the security update for Windows March 2021
The KB Articles associated with the update:
KB5000840
KB5000809
KB5000803
KB5000822
KB5000853
KB5000856
KB5000808
KB5000802
KB5000847
KB5000851
KB5000844
KB5000848
KB5000807
KB5000841
This QID checks for the file version of ntoskrnl.exe
The following versions of ntoskrnl.exe with their corresponding KBs are verified:
KB5000840 - 6.2.9200.23297
KB5000809 - 10.0.17134.2087
KB5000803 - 10.0.14393.4283
KB5000822 - 10.0.17763.1817
KB5000853 - 6.3.9600.19962
KB5000856 - 6.0.6003.21064
KB5000808 - 10.0.18362.1440
KB5000802 - 10.0.19041.867
KB5000847 - 6.2.9200.23297
KB5000851 - 6.1.7601.24566
KB5000844 - 6.0.6003.21064
KB5000848 - 6.3.9600.19962
KB5000807 - 10.0.10240.18874
KB5000841 - 6.1.7601.24566
- Consequence
- Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
- Solution
-
Please refer to the Security Update Guide for more information pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Security Update Guide Windows
-
Microsoft Edge Security Update for March 2021
- Severity
- Critical 4
- Qualys ID
- 91751
- Vendor Reference
- KB5000802, KB5000803, KB5000807, KB5000808, KB5000809, KB5000822
- CVE Reference
- CVE-2021-26411
- CVSS Scores
- Base 5.1 / Temporal 4.4
- Description
-
Microsoft releases the security update for Microsoft Edge March 2021
An attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability.
The KB Articles associated with the update:
KB5000803
KB5000807
KB5000802
KB5000808
KB5000822
KB5000809QID Detection Logic: (Authenticated)
This QID checks for the file version of edgehtml.dll and ntoskrnl.exe. - Consequence
- Successful exploitation of this vulnerability can affect confidentiality, integrity, and availability.
- Solution
-
Please refer to the CVE-2021-26411 for more information pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-26411
-
Microsoft Windows Servicing Stack Security Update March 2021
- Severity
- Medium 2
- Qualys ID
- 91752
- Vendor Reference
- ADV990001
- CVE Reference
- N/A
- CVSS Scores
- Base 2.1 / Temporal 1.6
- Description
-
Servicing stack updates improve the reliability of the update process to mitigate potential issues while installing the latest quality updates and feature updates. If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes.
Microsoft has released Servicing Stack security updates for Windows.
Related KBs:
KB5000858,KB5000859,KB5000908
QID Detection Logic (Authenticated):
This authenticated QID will check for file version of CbsCore.dll - Consequence
-
Successful exploitation may allow unauthorized disclosure of information, unauthorized modification or disruption of service.
- Solution
-
Customers are advised to refer to advisory ADV990001 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
ADV990001
-
Microsoft Windows Codecs Library Remote Code Execution Vulnerabilities
- Severity
- Critical 4
- Qualys ID
- 91753
- Vendor Reference
- CVE-2021-24089, CVE-2021-24110, CVE-2021-26884, CVE-2021-26902, CVE-2021-27047, CVE-2021-27048, CVE-2021-27049, CVE-2021-27050, CVE-2021-27051, CVE-2021-27061, CVE-2021-27062
- CVE Reference
- CVE-2021-24089, CVE-2021-24110, CVE-2021-26884, CVE-2021-26902, CVE-2021-27047, CVE-2021-27048, CVE-2021-27049, CVE-2021-27050, CVE-2021-27051, CVE-2021-27061, CVE-2021-27062
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory.
Affected Product:
"HEVC" or "HEVC from Device Manufacturer" media codec before and including version 1.0.40203.0QID detection Logic:
The gets the version of HEVCVideoExtension by querying wmi class Win32_InstalledStoreProgram. - Consequence
- An attacker who successfully exploited this vulnerability could obtain information to further compromise the user system.
- Solution
-
Users are advised to check CVE-2021-26902 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-24089 Windows
CVE-2021-24110 Windows
CVE-2021-26884 Windows
CVE-2021-26902 Windows
CVE-2021-27047 Windows
CVE-2021-27048 Windows
CVE-2021-27049 Windows
CVE-2021-27050 Windows
CVE-2021-27051 Windows
CVE-2021-27061 Windows
CVE-2021-27062 Windows
-
Microsoft Windows DNS Server Remote Code Execution Vulnerabilities
- Severity
- Urgent 5
- Qualys ID
- 91754
- Vendor Reference
- KB5000802, KB5000803, KB5000808, KB5000822, KB5000840, KB5000841, KB5000844, KB5000847, KB5000848, KB5000851, KB5000853, KB5000856
- CVE Reference
- CVE-2021-26877, CVE-2021-26897
- CVSS Scores
- Base 10 / Temporal 7.4
- Description
-
Microsoft releases the security update for Windows DNS Server March 2021
The KB Articles associated with the update:
KB5000840
KB5000853
KB5000803
KB5000802
KB5000856
KB5000808
KB5000822
KB5000847
KB5000851
KB5000844
KB5000848
KB5000841
This QID checks for the file version of dns.exe
The following versions of dns.exe with their corresponding KBs are verified:
KB5000840 - 6.2.9200.23297
KB5000853 - 6.3.9600.19965
KB5000803 - 10.0.14393.4283
KB5000802 - 10.0.19041.867
KB5000856 - 6.0.6003.21069
KB5000808 - 10.0.18362.1440
KB5000822 - 10.0.17763.1817
KB5000847 - 6.2.9200.23297
KB5000851 - 6.1.7601.24566
KB5000844 - 6.0.6003.21069
KB5000848 - 6.3.9600.19965
KB5000841 - 6.1.7601.24566
- Consequence
- An attacker who successfully exploited the vulnerability could run arbitrary code
- Solution
-
Please refer to the Security Update Guide for more information pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Security Update Guide Windows
These new vulnerability checks are included in Qualys vulnerability signature 2.5.126-8. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 100414
- 110375
- 110376
- 375336
- 91746
- 91748
- 91749
- 91751
- 91752
- 91753
- 91754
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.