Cloud Platform
Support
Contact us

Microsoft security alert.

June 8, 2021

Advisory overview

Qualys Vulnerability R&D Lab has released new vulnerability checks in the Qualys Cloud Platform to protect organizations against 48 vulnerabilities that were fixed in 12 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.

Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.

Vulnerability details

Microsoft has released 12 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:

  • Microsoft SharePoint Enterprise Server Multiple Vulnerabilities June 2021

    Severity
    Critical 4
    Qualys ID
    110383
    Vendor Reference
    KB4011698, KB5001922, KB5001939, KB5001944, KB5001945, KB5001946, KB5001954, KB5001962
    CVE Reference
    CVE-2021-26420, CVE-2021-31948, CVE-2021-31950, CVE-2021-31963, CVE-2021-31964, CVE-2021-31965, CVE-2021-31966
    CVSS Scores
    Base 6.5 / Temporal 5.1
    Description
    Microsoft has released June security updates to fix multiple security vulnerabilities.

    This security update contains the following KBs:

    KB5001944
    KB5001945
    KB5001962
    KB5001939
    KB5001946
    KB5001922
    KB5001954
    KB4011698

    QID Detection Logic:
    This authenticated QID checks the file versions from the above Microsoft KB article with the versions on the affected SharePoint system.

    Consequence
    Successful exploitation allows an attacker to execute code remotely.

    Solution
    Refer to Microsoft Security Guidance KB4011698 KB5001922 KB5001939 KB5001944 KB5001945 KB5001946 KB5001954 KB5001962 for more details pertaining to this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    Microsoft Office and Microsoft Office Services and Web Apps Security Update June 2021

  • Microsoft Office and Microsoft Office Services and Web Apps Security Update June 2021

    Severity
    Critical 4
    Qualys ID
    110384
    Vendor Reference
    KB5001943, KB5001947, KB5001950, KB5001951, KB5001953, KB5001955, KB5001956, KB5001963
    CVE Reference
    CVE-2021-31939, CVE-2021-31940, CVE-2021-31941, CVE-2021-31949
    CVSS Scores
    Base 6.8 / Temporal 5
    Description
    Microsoft has released June 2021 security updates to fix multiple security vulnerabilities.

    This security update contains the following KBs:

    KB5001943
    KB5001956
    KB5001950
    KB5001951
    KB5001953
    KB5001955
    KB5001947
    KB5001963

    QID Detection Logic:
    This authenticated QID checks the file versions from the Microsoft advisory with the versions on the affected office system.

    Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.

    Consequence
    Successful exploitation allows an attacker to execute code remotely.

    Solution
    Refer to Microsoft Security Guidance, KB5001943, KB5001947, KB5001950, KB5001951, KB5001953, KB5001955, KB5001956, KB5001963 for more details pertaining to this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    Microsoft Office and Microsoft Office Services and Web Apps Security Update June 2021

  • Microsoft Outlook Remote Code Execution Vulnerability Security Update June 2021

    Severity
    Critical 4
    Qualys ID
    110385
    Vendor Reference
    KB5001934, KB5001942
    CVE Reference
    CVE-2021-31941, CVE-2021-31949
    CVSS Scores
    Base 6.8 / Temporal 5
    Description
    Microsoft has released June 2021 security updates for outlook to fix a Remote Code Execution vulnerability.

    This security update contains the following KBs:
    KB5001942
    KB5001934
    QID Detection Logic:
    This authenticated QID checks the file versions from the Microsoft advisory with the versions on affected outlook applications.

    Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.

    Consequence
    Successful exploitation will lead to Remote Code Execution.

    Solution
    Refer to Microsoft Security Guide, KB5001942, KB5001934 for more details pertaining to this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    Microsoft Office and Microsoft Office Services and Web Apps Security Update June 2021

  • Visual Studio Code Kubernetes Tools Extension Elevation of Privilege Vulnerability

    Severity
    Serious 3
    Qualys ID
    375614
    Vendor Reference
    CVE-2021-31938
    CVE Reference
    CVE-2021-31938
    CVSS Scores
    Base 6.8 / Temporal 5
    Description
    Visual Studio Code is a lightweight but powerful source code editor which runs on your desktop and is available for Windows, macOS and Linux.

    Affected Versions:
    Containers Extension for Visual Studio Code prior to version 1.3.3

    QID Detection Logic(Authenticated):
    This QID checks for the vulnerable versions of Containers Extension for Visual Studio Code.

    Consequence
    A successful exploitation could lead to elevation of privilege vulnerability.
    Solution
    Please refer to Microsoft advisory for Visual Studio Code for more details.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2021-31938

  • Microsoft .NET Core Security Update June 2021

    Severity
    Serious 3
    Qualys ID
    91768
    Vendor Reference
    CVE-2021-31957
    CVE Reference
    CVE-2021-31957
    CVSS Scores
    Base 5 / Temporal 3.7
    Description
    A denial of service vulnerability exists in .NET Core
    This security update is rated Important for supported versions of .NET Core.

    Affected versions:
    .NET 5.0 and .NET Core 3.1

    QID Detection Logic (Authenticated):
    The qid looks for sub directories under %programfiles%\dotnet\shared\Microsoft.NETCore.App, %programfiles(x86)%\dotnet\shared\Microsoft.NETCore.App and checks for vulnerable versions in .version file on Windows.

    Consequence
    Successful exploitation of this vulnerability can lead to denial of service vulnerability

    Solution
    Customers are advised to refer to CVE-2021-31957 for more details pertaining to this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2021-31957

  • Microsoft Visual Studio Security Update for June 2021

    Severity
    Serious 3
    Qualys ID
    91769
    Vendor Reference
    CVE-2021-31957
    CVE Reference
    CVE-2021-31957
    CVSS Scores
    Base 5 / Temporal 3.7
    Description
    Microsoft has released a security update for Visual Studio which resolves Denial of Service Vulnerability.

    Affected Software:
    Microsoft Visual Studio 2019 version 16.10 (includes 16.0 - 16.9)
    Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
    Microsoft Visual Studio 2019 version 16.7 (includes 16.0 - 16.6)
    Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)

    QID Detection Logic: Authenticated
    This QID detects vulnerable versions of Microsoft Visual Studio by checking file version of devenv.exe.

    Consequence
    Successful exploitation of this vulnerability can lead to denial of service attack

    Solution
    Customers are advised to refer to CVE-2021-31957 for more information pertaining to this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2021-31957

  • Microsoft Defender Multiple Vulnerabilities June 2021

    Severity
    Urgent 5
    Qualys ID
    91771
    Vendor Reference
    CVE-2021-31978, CVE-2021-31985
    CVE Reference
    CVE-2021-31978, CVE-2021-31985
    CVSS Scores
    Base 6.8 / Temporal 5
    Description
    Microsoft Defender is prone to Remote Code Execution and Denial of Service Vulnerabilities.

    Affected Software:
    Windows Defender

    QID Detection Logic (Authenticated):
    Detection checks for mpengine.dll file version less than 1.1.18200.3 and also check if the Windows Defender Service status is RUNNING.

    Consequence
    Successful exploitation allows attacker to compromise the system.
    Solution
    Users are advised to check CVE-2021-31978 and CVE-2021-31985 for more information.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2021-31978
    CVE-2021-31985

  • Microsoft Windows Security Update for June 2021

    Severity
    Urgent 5
    Qualys ID
    91772
    Vendor Reference
    KB5003635, KB5003637, KB5003638, KB5003646, KB5003661, KB5003667, KB5003671, KB5003681, KB5003687, KB5003694, KB5003695, KB5003696, KB5003697
    CVE Reference
    CVE-2021-1675, CVE-2021-26414, CVE-2021-31199, CVE-2021-31201, CVE-2021-31951, CVE-2021-31952, CVE-2021-31953, CVE-2021-31954, CVE-2021-31955, CVE-2021-31956, CVE-2021-31958, CVE-2021-31959, CVE-2021-31960, CVE-2021-31962, CVE-2021-31968, CVE-2021-31969, CVE-2021-31970, CVE-2021-31971, CVE-2021-31972, CVE-2021-31973, CVE-2021-31974, CVE-2021-31975, CVE-2021-31976, CVE-2021-31977, CVE-2021-33742
    CVSS Scores
    Base 9.3 / Temporal 7.3
    Description
    Microsoft releases the security update for Windows June 2021

    The KB Articles associated with the update:
    KB5003635
    KB5003637
    KB5003638
    KB5003646
    KB5003661
    KB5003667
    KB5003671
    KB5003681
    KB5003687
    KB5003694
    KB5003695
    KB5003696
    KB5003697

    This QID checks for the file version of ntoskrnl.exe

    The following versions of ntoskrnl.exe with their corresponding KBs are verified:
    KB5003635 - 10.0.18362.1621
    KB5003637 - 10.0.19041.1052
    KB5003638 - 10.0.14393.4467
    KB5003646 - 10.0.17763.1999
    KB5003661 - 6.0.6003.21137
    KB5003667 - 6.1.7601.25631
    KB5003671 - 6.3.9600.20040
    KB5003681 - 6.3.9600.20040
    KB5003687 - 10.0.10240.18967
    KB5003694 - 6.1.7601.25631
    KB5003695 - 6.0.6003.21137
    KB5003696 - 6.2.9200.23376
    KB5003697 - 6.2.9200.23376

    Consequence
    A remote attacker could exploit this vulnerability and execute code on the target system.
    Solution
    Please refer to the Security Update Guide, KB5003635
    KB5003637
    KB5003638
    KB5003646
    KB5003661
    KB5003667
    KB5003671
    KB5003681
    KB5003687
    KB5003694
    KB5003695
    KB5003696
    KB5003697
    for more information pertaining to these vulnerabilities.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    Microsoft Security Update Guide Windows

  • Microsoft 3D Viewer Multiple Vulnerabilities - June 2021

    Severity
    Critical 4
    Qualys ID
    91773
    Vendor Reference
    CVE-2021-31942, CVE-2021-31943, CVE-2021-31944
    CVE Reference
    CVE-2021-31942, CVE-2021-31943, CVE-2021-31944
    CVSS Scores
    Base 6.8 / Temporal 5
    Description
    Microsoft 3D Viewer is prone to Remote Code Execution and Information Disclosure Vulnerability.

    QID Detection Logic (Authenticated):
    The detection gets the version of Microsoft.Microsoft3DViewer by querying wmi class Win32_InstalledStoreProgram.

    Consequence
    Successful exploitation allows attacker to compromise the system.
    Solution
    Users are advised to check CVE-2021-31944, CVE-2021-31943 and CVE-2021-31942 for more information.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2021-31942
    CVE-2021-31943
    CVE-2021-31944

  • Microsoft Paint 3D Remote Code Execution Vulnerability - June 2021

    Severity
    Critical 4
    Qualys ID
    91774
    Vendor Reference
    CVE-2021-31945, CVE-2021-31946, CVE-2021-31983
    CVE Reference
    CVE-2021-31945, CVE-2021-31946, CVE-2021-31983
    CVSS Scores
    Base 6.8 / Temporal 5
    Description
    Microsoft Paint 3D is prone to Remote Code Execution Vulnerability.

    QID Detection Logic (Authenticated):
    The detection gets the version of Microsoft.MSPaint by querying wmi class Win32_InstalledStoreProgram.

    Consequence
    Successful exploitation allows attacker to compromise the system.
    Solution
    Users are advised to check CVE-2021-31983, CVE-2021-31946 and CVE-2021-31945 for more information.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2021-31945
    CVE-2021-31946
    CVE-2021-31983

  • Microsoft Windows VP9 Video Extension Remote Code Execution Vulnerability

    Severity
    Serious 3
    Qualys ID
    91775
    Vendor Reference
    CVE-2021-31967
    CVE Reference
    CVE-2021-31967
    CVSS Scores
    Base 6.8 / Temporal 5
    Description
    A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory.
    Microsoft has disclosed Information Disclosure and Remote Code Execution in Windows VP9 Video Extensions.

    Affected Product:
    VP9 Video Extensions prior to version 1.0.41182.0
    QID detection Logic:
    The detection gets the version of VP9VideoExtension by querying wmi class Win32_InstalledStoreProgram.

    Consequence
    An attacker who successfully exploited this vulnerability could execute arbitrary code on the system.
    Solution
    Users are advised to check CVE-2021-31967 for more information.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2021-31967

  • Microsoft Windows DWM Core Library Elevation of Privilege Vulnerability - June 2021

    Severity
    Critical 4
    Qualys ID
    91777
    Vendor Reference
    KB5003635, KB5003637
    CVE Reference
    CVE-2021-33739
    CVSS Scores
    Base 4.6 / Temporal 3.4
    Description
    Microsoft DWM Core Library is prone to Elevation of Privilege Vulnerability.

    QID Detection Logic (Authenticated):
    The detection gets the version of dwmcore.dll.

    The KB Articles associated with the update:
    KB5003635
    KB5003637

    Consequence
    A remote attacker could exploit this vulnerability and escalate privileges on the target system.
    Solution
    Please refer to the CVE-2021-33739 for more information pertaining to these vulnerabilities.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2021-33739 Windows

These new vulnerability checks are included in Qualys vulnerability signature 2.5.203-4. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.

Selective Scan Instructions Using Qualys

To perform a selective vulnerability scan, configure a scan profile to use the following options:

  1. Ensure access to TCP ports 135 and 139 are available.
  2. Enable Windows Authentication (specify Authentication Records).
  3. Enable the following Qualys IDs:
    • 110383
    • 110384
    • 110385
    • 375614
    • 91768
    • 91769
    • 91771
    • 91772
    • 91773
    • 91774
    • 91775
    • 91777
  4. If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
  5. If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.

In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.

Access for Qualys Customers

Platforms and Platform Identification

Technical Support

For more information, customers may contact Qualys Technical Support.

About Qualys

The Qualys Cloud Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.