Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 111 vulnerabilities that were fixed in 14 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Microsoft has released 14 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
This security update contains the following KBs:
KB5001975
KB5001992
KB5001996
KB5001976
KB5001981
KB5001984
QID Detection Logic:
This authenticated QID checks the file versions from the above Microsoft KB article with the versions on the affected SharePoint system.
KB5001975
KB5001992
KB5001996
KB5001976
KB5001981
KB5001984
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update July 2021
This security update contains the following KBs:
KB5001949
KB5001986
KB5001973
KB5001979
KB5001983
KB5001977
KB5001993
QID Detection Logic:
This authenticated QID checks the file versions from the Microsoft advisory with the versions on the affected office system.
Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
KB5001949
KB5001986
KB5001973
KB5001979
KB5001983
KB5001977
KB5001993
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update July 2021
Affected Versions:
Visual studio code prior to version 1.58.1.
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of visual studio code.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-34479
CVE-2021-34528
CVE-2021-34529
Affected Software:
Open Enclave SDK version prior to 0.17.1
QID Detection Logic:
Checks for open-enclave package version less than 0.17.1
Patches:
The following are links for downloading patches to fix these vulnerabilities:
v0.17.1
Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Server Information Disclosure Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
KB Articles associated with this update are: KB5004780,KB5004779,KB5004778
Affected Versions:
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 9
Microsoft Exchange Server 2019 Cumulative Update 10
Microsoft Exchange Server 2016 Cumulative Update 20
Microsoft Exchange Server 2016 Cumulative Update 21
QID Detection Logic (authenticated):
The QID checks for the version of file Exsetup.exe.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5004778
KB5004779
KB5004780
Microsoft Exchange Server Elevation of Privilege Vulnerability
KB Articles associated with this update are: KB5003611, KB5003612, KB5004778
Affected Versions:
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 10
Microsoft Exchange Server 2016 Cumulative Update 21
QID Detection Logic (authenticated):
The QID checks for the version of file Exsetup.exe.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5003611
KB5003612
KB5004778
Affected Product:
"HEVC" or "HEVC from Device Manufacturer" media codec before version 1.0.41483.0
QID detection Logic:
The gets the version of HEVCVideoExtension by querying wmi class Win32_InstalledStoreProgram.
, CVE-2021-33776 for more information.
,CVE-2021-33777 for more information.
,CVE-2021-33778 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-31947
CVE-2021-33775
CVE-2021-33776
CVE-2021-33777
CVE-2021-33778
Affected Product:
"RawImageExtension " or "RawImageExtension from Device Manufacturer" media codec before and including version 1.0.41311.0
QID detection Logic:
The gets the version of RawImageExtension by querying wmi class Win32_InstalledStoreProgram.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-34521
Affected Software:
Windows Defender
QID Detection Logic (Authenticated):
Detection checks for mpengine.dll file version less than 1.1.18242.0
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-34464
CVE-2021-34522
The KB Articles associated with the update:
KB5004237
KB5004244
KB5004238
This QID checks for the file version of ntoskrnl.exe
The following versions of ntoskrnl.exe with their corresponding KBs are verified:
KB5004237-
KB5004244-
KB5004238-
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-34458
Affected Software:
Microsoft Dynamics 365 Business Central 2021 Release Wave 1 - Update 18.3
Microsoft Dynamics 365 Business Central 2020 Release Wave 2 - Update 17.8
Microsoft Dynamics 365 Business Central 2020 Release Wave 1 - Update 16.14
QID Detection Logic(Authenticated):
This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.Dynamics.Nav.Server.exe
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5004715
KB5004716
KB5004717
The KB Articles associated with the update:
KB5004294
KB5004302
KB5004298
KB5004285
KB5004238
KB5004244
KB5004237
This QID checks for the file version of ntoskrnl.exe
The following versions of ntoskrnl.exe with their corresponding KBs are verified:
KB5004294-
KB5004302-
KB5004298-
KB5004285-
KB5004238-
KB5004244-
KB5004237-
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5004237
KB5004238
KB5004244
KB5004285
KB5004294
KB5004298
KB5004302
Affected Versions:
.NET Education Bundle SDK Install Tool Extension for Visual Studio Code prior to version 0.7.0.
.NET Install Tool for Authors Extension for Visual Studio Code prior to version 1.2.0.
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of .NET Education Bundle SDK Install Tool and .NET Install Tool for Authors Extension for Visual Studio Code.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-34477
The KB Articles associated with the update:
KB5004233
KB5004235
KB5004237
KB5004238
KB5004244
KB5004245
KB5004249
KB5004285
KB5004294
KB5004298
KB5004302
This QID checks for the file version of ntoskrnl.exe
The following versions of ntoskrnl.exe with their corresponding KBs are verified:
KB5004299-6.0.6003.21163
KB5004305-6.0.6003.21163
KB5004289-6.1.7601.25661
KB5004307-6.1.7601.25661
KB5004249-10.0.10240.19003
KB5004238-10.0.14393.4530
KB5004302-6.2.9200.23409
KB5004294-6.2.9200.23409
KB5004285-6.2.9200.23409
KB5004298-6.3.9600.20065
KB5004245-10.0.18362.1679
KB5004244-10.0.17763.2061
KB5004237-10.0.19041.1110
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5004233
KB5004235
KB5004237
KB5004238
KB5004244
KB5004245
KB5004249
KB5004285
KB5004294
KB5004298
KB5004302
These new vulnerability checks are included in Qualys vulnerability signature 2.5.231-4. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
To perform a selective vulnerability scan, configure a scan profile to use the following options:
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Platforms and Platform Identification
For more information, customers may contact Qualys Technical Support.
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.