Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 48 vulnerabilities that were fixed in 12 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Microsoft has released 12 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
This security update contains the following KBs:
KB5001944
KB5001945
KB5001962
KB5001939
KB5001946
KB5001922
KB5001954
KB4011698
QID Detection Logic:
This authenticated QID checks the file versions from the above Microsoft KB article with the versions on the affected SharePoint system.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update June 2021
This security update contains the following KBs:
KB5001943
KB5001956
KB5001950
KB5001951
KB5001953
KB5001955
KB5001947
KB5001963
QID Detection Logic:
This authenticated QID checks the file versions from the Microsoft advisory with the versions on the affected office system.
Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update June 2021
This security update contains the following KBs:
KB5001942
KB5001934
QID Detection Logic:
This authenticated QID checks the file versions from the Microsoft advisory with the versions on affected outlook applications.
Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update June 2021
Affected Versions:
Containers Extension for Visual Studio Code prior to version 1.3.3
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of Containers Extension for Visual Studio Code.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-31938
Affected versions:
.NET 5.0 and .NET Core 3.1
QID Detection Logic (Authenticated):
The qid looks for sub directories under %programfiles%\dotnet\shared\Microsoft.NETCore.App, %programfiles(x86)%\dotnet\shared\Microsoft.NETCore.App and checks for vulnerable versions in .version file on Windows.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-31957
Affected Software:
Microsoft Visual Studio 2019 version 16.10 (includes 16.0 - 16.9)
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 - 16.6)
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)
QID Detection Logic: Authenticated
This QID detects vulnerable versions of Microsoft Visual Studio by checking file version of devenv.exe.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-31957
Affected Software:
Windows Defender
QID Detection Logic (Authenticated):
Detection checks for mpengine.dll file version less than 1.1.18200.3 and also check if the Windows Defender Service status is RUNNING.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-31978
CVE-2021-31985
The KB Articles associated with the update:
KB5003635
KB5003637
KB5003638
KB5003646
KB5003661
KB5003667
KB5003671
KB5003681
KB5003687
KB5003694
KB5003695
KB5003696
KB5003697
This QID checks for the file version of ntoskrnl.exe
The following versions of ntoskrnl.exe with their corresponding KBs are verified:
KB5003635 - 10.0.18362.1621
KB5003637 - 10.0.19041.1052
KB5003638 - 10.0.14393.4467
KB5003646 - 10.0.17763.1999
KB5003661 - 6.0.6003.21137
KB5003667 - 6.1.7601.25631
KB5003671 - 6.3.9600.20040
KB5003681 - 6.3.9600.20040
KB5003687 - 10.0.10240.18967
KB5003694 - 6.1.7601.25631
KB5003695 - 6.0.6003.21137
KB5003696 - 6.2.9200.23376
KB5003697 - 6.2.9200.23376
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Security Update Guide Windows
QID Detection Logic (Authenticated):
The detection gets the version of Microsoft.Microsoft3DViewer by querying wmi class Win32_InstalledStoreProgram.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-31942
CVE-2021-31943
CVE-2021-31944
QID Detection Logic (Authenticated):
The detection gets the version of Microsoft.MSPaint by querying wmi class Win32_InstalledStoreProgram.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-31945
CVE-2021-31946
CVE-2021-31983
Affected Product:
VP9 Video Extensions prior to version 1.0.41182.0
QID detection Logic:
The detection gets the version of VP9VideoExtension by querying wmi class Win32_InstalledStoreProgram.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-31967
QID Detection Logic (Authenticated):
The detection gets the version of dwmcore.dll.
The KB Articles associated with the update:
KB5003635
KB5003637
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-33739 Windows
These new vulnerability checks are included in Qualys vulnerability signature 2.5.203-4. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
To perform a selective vulnerability scan, configure a scan profile to use the following options:
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Platforms and Platform Identification
For more information, customers may contact Qualys Technical Support.
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.