Microsoft security alert.
August 10, 2021
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 39 vulnerabilities that were fixed in 11 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 11 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft SharePoint Enterprise Server Multiple Vulnerabilities August 2021
- Severity
- Serious 3
- Qualys ID
- 110388
- Vendor Reference
- 4011600, 5002000, 5002002
- CVE Reference
- CVE-2021-36940
- CVSS Scores
- Base 4 / Temporal 3
- Description
-
Microsoft has released August security updates to fix multiple security vulnerabilities.
This security update contains the following KBs:
QID Detection Logic:
This authenticated QID checks the file versions from the above Microsoft KB article with the versions on the affected SharePoint system. - Consequence
-
Successful exploitation allows spoofing.
- Solution
-
Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update August 2021
-
Microsoft Office and Microsoft Office Services and Web Apps Security Update August 2021
- Severity
- Critical 4
- Qualys ID
- 110389
- Vendor Reference
- Office Click-2-Run, Office MacOS 2019
- CVE Reference
- CVE-2021-34478, CVE-2021-36941
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
Microsoft has released August 2021 security updates to fix multiple security vulnerabilities.
This security update contains the following:
MacOS Release Notes
Office Click-2-Run and Office 365 Release NotesQID Detection Logic:
This authenticated QID checks the file versions from the Microsoft advisory with the versions on the affected office system.Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
- Consequence
-
Successful exploitation allows an attacker to execute code remotely.
- Solution
-
Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
MacOS Release Notes
Office Click-2-Run and Office 365 Release NotesPatches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update August 2021
-
Microsoft Azure CycleCloud Elevation of Privilege Vulnerability August 2021
- Severity
- Serious 3
- Qualys ID
- 375798
- Vendor Reference
- CVE-2021-33762, CVE-2021-36943, KB3142345
- CVE Reference
- CVE-2021-33762, CVE-2021-36943
- CVSS Scores
- Base 4.6 / Temporal 3.4
- Description
-
Azure CycleCloud is an enterprise-friendly tool for orchestrating and managing High Performance Computing (HPC) environments on Azure.
CVE-2021-36943:Azure CycleCloud Elevation of Privilege Vulnerability.CVE-2021-33762:Azure CycleCloud Elevation of Privilege Vulnerability.
Affected Software:
Azure CycleCloud prior to 8.2.0
Azure CycleCloud prior to 7.9.10
QID Detection Logic(Authenticated):
This authenticated QID flags vulnerable version of Azure CycleCloud
- Consequence
- Successful exploitation allows an attacker to conduct Vulnerability.
- Solution
-
Customers are advised to refer to CVE-2021-33762 and
CVE-2021-36943 for more details pertaining to this vulnerability
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-33762
CVE-2021-36943
-
Microsoft Dynamics Business Central Cross-Site (XSS) Scripting Vulnerability for August 2021
- Severity
- Serious 3
- Qualys ID
- 91801
- Vendor Reference
- CVE-2021-36946
- CVE Reference
- CVE-2021-36946
- CVSS Scores
- Base 3.5 / Temporal 2.7
- Description
-
Microsoft Dynamics 365 Business Central is an enterprise resource planning system from Microsoft. The product is part of the Microsoft Dynamics family, and shares the same codebase as NAV.
CVE-2021-36946:Microsoft Dynamics Business Central Cross-site Scripting Vulnerability.Affected Software:
Dynamics 365 Business Central 2019 Spring Update.
Microsoft Dynamics 365 Business Central 2020 Release Wave 1 - Update 16.15
Microsoft Dynamics 365 Business Central 2020 Release Wave 2 - Update 17.9.
Microsoft Dynamics NAV 2017
Microsoft Dynamics NAV 2018QID Detection Logic(Authenticated):
This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.Dynamics.Nav.Server.exe - Consequence
- Successful exploitation allows an attacker to conduct cross-site scripting attacks.
- Solution
-
Customers are advised to refer to CVE-2021-36946 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-36946
-
Microsoft Windows Security Update for August 2021
- Severity
- Critical 4
- Qualys ID
- 91802
- Vendor Reference
- KB5005030, KB5005031, KB5005033, KB5005040, KB5005043, KB5005076, KB5005088, KB5005089, KB5005090, KB5005094, KB5005095, KB5005099, KB5005106
- CVE Reference
- CVE-2021-26424, CVE-2021-26425, CVE-2021-26426, CVE-2021-26431, CVE-2021-26432, CVE-2021-26433, CVE-2021-34480, CVE-2021-34483, CVE-2021-34484, CVE-2021-34486, CVE-2021-34487, CVE-2021-34530, CVE-2021-34533, CVE-2021-34534, CVE-2021-34535, CVE-2021-34536, CVE-2021-34537, CVE-2021-36926, CVE-2021-36927, CVE-2021-36932, CVE-2021-36933, CVE-2021-36936, CVE-2021-36937, CVE-2021-36938, CVE-2021-36947, CVE-2021-36948
- CVSS Scores
- Base 7.5 / Temporal 6.2
- Description
-
Microsoft releases the security update for Windows August 2021
The KB Articles associated with the update:
KB5005033
KB5005031
KB5005030
KB5005043
KB5005040
KB5005076
KB5005106
KB5005099
KB5005094
KB5005088
KB5005095
KB5005090
KB5005089
QID Detection logic (Authenticated) :
This QID checks for the file version of ntoskrnl.exe, win32k.sys and spoolsv.exe.The following versions of ntoskrnl.exe with their corresponding KBs are verified:
KB5005033-10.0.19041.1165
KB5005031-10.0.18362.1734
KB5005030-10.0.17763.2114
KB5005043-10.0.14393.4583
KB5005040-10.0.10240.19022
KB5005076-6.3.9600.20094
KB5005106-6.3.9600.20094
KB5005099-6.2.9200.23431
KB5005094-6.2.9200.23431
KB5005090-6.0.6003.21192
KB5005095-6.0.6003.21192
KB5005088-6.1.7601.25685
KB5005089-6.1.7601.25685
- Consequence
-
A remote attacker could exploit this vulnerability and execute code on the target system.
- Solution
-
Please refer to theKB5005033
KB5005031
KB5005030
KB5005043
KB5005040
KB5005076
KB5005106
KB5005099
KB5005094
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5005031
KB5005033
KB5005036
KB5005040
KB5005043
KB5005076
KB5005088
KB5005089
KB5005090
KB5005094
KB5005095
KB5005099
KB5005106
-
Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability August 2021
- Severity
- Critical 4
- Qualys ID
- 91803
- Vendor Reference
- KB5005030, KB5005033, KB5005043, KB5005076, KB5005088, KB5005089, KB5005090, KB5005094, KB5005095, KB5005099, KB5005106
- CVE Reference
- CVE-2021-36942
- CVSS Scores
- Base 5 / Temporal 4.1
- Description
-
Microsoft releases the security update for Windows August 2021
The KB Articles associated with the update:
KB5005076
KB5005106
KB5005099
KB5005094
KB5005043
KB5005033
KB5005030
KB5005088
KB5005095
KB5005090
KB5005089
This QID checks for the file version of ntoskrnl.exe
The following versions of ntoskrnl.exe with their corresponding KBs are verified:
KB5005076
KB5005106
KB5005099
KB5005094
KB5005043
KB5005033
KB5005030
- Consequence
-
An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM
- Solution
-
Please refer to theKB5005076
KB5005106
KB5005099
KB5005094
KB5005043
KB5005033
KB5005030
KB5005088
KB5005095
KB5005090
KB5005089
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5005030
KB5005033
KB5005043
KB5005076
KB5005088
KB5005089
KB5005090
KB5005094
KB5005095
KB5005099
KB5005106
-
Microsoft Windows Defender Elevation of Privilege Vulnerability August 2021
- Severity
- Serious 3
- Qualys ID
- 91804
- Vendor Reference
- CVE-2021-34471
- CVE Reference
- CVE-2021-34471
- CVSS Scores
- Base 4.6 / Temporal 3.4
- Description
-
Microsoft Defender is prone to Elevation of Privilege Vulnerability.
Affected Software:
Windows DefenderQID Detection Logic (Authenticated):
Detection checks for mpengine.dll file version less than 1.1.18400.4
- Consequence
- Successful exploitation allows attacker to compromise the system.
- Solution
-
Users are advised to check CVE-2021-34471 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-34471
-
Microsoft Windows 10 Update Assistant Elevation of Privilege Vulnerability August 2021
- Severity
- Serious 3
- Qualys ID
- 91805
- Vendor Reference
- CVE-2021-36945
- CVE Reference
- CVE-2021-36945
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
Windows Update Assistant is prone to Elevation of Privilege Vulnerability.
Affected Software:
Windows Update AssistantQID Detection Logic (Authenticated):
Detection checks for vulnerable version by fetching the details from Uninstall registry key
- Consequence
-
Successful exploitation allows attacker to elevate the privileges and gain unauthorized access.
- Solution
-
Users are advised to check CVE-2021-36945 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-36945
-
Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability August 2021
- Severity
- Serious 3
- Qualys ID
- 91806
- Vendor Reference
- CVE-2021-36949
- CVE Reference
- CVE-2021-36949
- CVSS Scores
- Base 4.9 / Temporal 3.8
- Description
-
Azure AD Connect allows you to quickly onboard to Azure AD and Office 365.Azure AD makes users more productive by providing a common identity for accessing both cloud and on-premises resources.
QID Detection Logic (Authenticated):
This QID checks file version of AzureADConnect.exe.
- Consequence
- Prone to Authentication Bypass Vulnerability
- Solution
-
Customers are advised to refer to CVE-2021-36949
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-36949
-
Microsoft .NET Core and ASP.NET Core Security Update for August 2021
- Severity
- Critical 4
- Qualys ID
- 91807
- Vendor Reference
- CVE-2021-26423, CVE-2021-34485, CVE-2021-34532
- CVE Reference
- CVE-2021-26423, CVE-2021-34485, CVE-2021-34532
- CVSS Scores
- Base 5 / Temporal 3.7
- Description
-
A denial of service vulnerability exists in .NET Core and Information Disclosure Vulnerability exists in both .NET Core and ASP .NET Core
This security update is rated Important for supported versions of .NET Core.Affected versions:
.NET Core 2.1 before version 2.1.29
.NET Core 3.1 before version 3.1.18
.NET 5.0 before version 5.0.9
ASP.NET Core 2.1 before version 2.1.29
ASP.NET Core 3.1 before version 3.1.18
ASP.NET Core 5.0 before version 5.0.9QID Detection Logic (Authenticated):
The qid looks for sub directories under %programfiles%\dotnet\shared\Microsoft.NETCore.App, %programfiles(x86)%\dotnet\shared\Microsoft.NETCore.App and checks for vulnerable versions in .version file on Windows. - Consequence
-
Successful exploitation will lead to Denial of Service and Information Disclosure Vulnerability.
- Solution
-
Customers are advised to refer to CVE-2021-26423, CVE-2021-34485 and CVE-2021-34532 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-26423 Windows
CVE-2021-34485 Windows
CVE-2021-34532 Windows
-
Microsoft Visual Studio Security Update for August 2021
- Severity
- Serious 3
- Qualys ID
- 91809
- Vendor Reference
- CVE-2021-26423, CVE-2021-34485, CVE-2021-34532
- CVE Reference
- CVE-2021-26423, CVE-2021-34485, CVE-2021-34532
- CVSS Scores
- Base 5 / Temporal 3.7
- Description
-
Microsoft has released security update for Visual Studio which resolves multiple security vulnerabilities.
Affected Software:
Microsoft Visual Studio on Mac prior to version 8.10.6.10
Microsoft Visual Studio 2019 prior to version 16.10 (includes 16.0-16.9)
Microsoft Visual Studio 2019 prior to version 16.9 (includes 16.0-16.8)
Microsoft Visual Studio 2019 prior to version 16.7 (includes 16.0-16.6)
Microsoft Visual Studio 2019 prior to version 16.4 (includes 16.0-16.3)
Microsoft Visual Studio 2017 prior to version 15.9 (includes 15.0-15.8)QID Detection Logic:Authenticated
This QID detects vulnerable versions of Microsoft Visual Studio by checking file version of Visual Studio.app. - Consequence
- Prone to Denial of Service and Information Disclosure.
- Solution
-
Customers are advised to refer to CVE-2021-34532 CVE-2021-26423 and CVE-2021-34485 for more information pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-26423
CVE-2021-34485
CVE-2021-34532
These new vulnerability checks are included in Qualys vulnerability signature 2.5.252-6. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 110388
- 110389
- 375798
- 91801
- 91802
- 91803
- 91804
- 91805
- 91806
- 91807
- 91809
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.