Microsoft security alert.
September 14, 2021
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 59 vulnerabilities that were fixed in 13 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 13 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Office and Microsoft Office Services and Web Apps Security Update September 2021
- Severity
- Critical 4
- Qualys ID
- 110390
- Vendor Reference
- KB4484103, KB4484108, KB5001958, KB5001997, KB5001999, KB5002003, KB5002005, KB5002007, KB5002009, KB5002014, Office Click-2-Run, Office MacOS 2019
- CVE Reference
- CVE-2021-38646, CVE-2021-38650, CVE-2021-38653, CVE-2021-38654, CVE-2021-38655, CVE-2021-38656, CVE-2021-38657, CVE-2021-38658, CVE-2021-38659, CVE-2021-38660
- CVSS Scores
- Base 6.8 / Temporal 5.6
- Description
-
Microsoft has released September 2021 security updates to fix multiple security vulnerabilities.
This security update contains the following:
MacOS Release Notes
Office Click-2-Run and Office 365 Release Notes
KB5001999
KB4484103
KB5002005
KB5001997
KB4484108
KB5002007
KB5001958
KB5002003
KB5002014
KB5002009
KB5002014QID Detection Logic:
This authenticated QID checks the file versions from the Microsoft advisory with the versions on the affected office system.Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
- Consequence
-
Successful exploitation allows an attacker to execute code remotely.
- Solution
-
Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
MacOS Release Notes
Office Click-2-Run and Office 365 Release Notes
KB5001999
KB4484103
KB5002005
KB5001997
KB4484108
KB5002007
KB5001958
KB5002003
KB5002014
KB5002009
KB5002014Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update September 2021
-
Microsoft SharePoint Enterprise Server Multiple Vulnerabilities September 2021
- Severity
- Serious 3
- Qualys ID
- 110391
- Vendor Reference
- KB5002018, KB5002020, KB5002024
- CVE Reference
- CVE-2021-38651, CVE-2021-38652
- CVSS Scores
- Base 3.5 / Temporal 2.6
- Description
-
Microsoft has released September security updates to fix multiple security vulnerabilities.
This security update contains the following KBs:
QID Detection Logic:
This authenticated QID checks the file versions from the above Microsoft KB article with the versions on the affected SharePoint system. - Consequence
-
Successful exploitation allows spoofing.
- Solution
-
Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update September 2021
-
Visual Studio Code Spoofing Vulnerability
- Severity
- Serious 3
- Qualys ID
- 375854
- Vendor Reference
- CVE-2021-26437
- CVE Reference
- CVE-2021-26437
- CVSS Scores
- Base 4.3 / Temporal 3.2
- Description
-
Visual Studio Code is a lightweight but powerful source code editor which runs on your desktop and is available for Windows, macOS and Linux.
Affected Versions:
Visual studio code prior to version 1.59.1
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of Visual Studio Code.
- Consequence
-
Visual Studio Code is prone to Spoofing Vulnerability
- Solution
-
Customers are advised to refer to CVE-2021-26437 for more information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-26437
-
Azure Open Management Infrastructure Multiple Vulnerabilities
- Severity
- Serious 3
- Qualys ID
- 375860
- Vendor Reference
- CVE-2021-38645, CVE-2021-38647, CVE-2021-38648, CVE-2021-38649
- CVE Reference
- CVE-2021-38645, CVE-2021-38647, CVE-2021-38648, CVE-2021-38649
- CVSS Scores
- Base 7.5 / Temporal 6.2
- Description
-
Open Management Infrastructure (OMI) is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards. The OMI CIMOM is also designed to be portable and highly modular. In order to attain its small footprint.
CVE-2021-38649: Open Management Infrastructure Elevation of Privilege Vulnerability
CVE-2021-38648: Open Management Infrastructure Elevation of Privilege Vulnerability
CVE-2021-38647: Open Management Infrastructure Remote Code Execution Vulnerability
CVE-2021-38645: Open Management Infrastructure Elevation of Privilege VulnerabilityAffected Software:
Azure Open Management Infrastructure prior to v1.6.8-1
- Consequence
- Successful exploitation allows an attacker to conduct Elevation of Privilege and Remote Code Execution Vulnerability.
- Solution
-
Customers are advised to refer to CVE-2021-38649 and
CVE-2021-38648 and
CVE-2021-38647 and
CVE-2021-38645for more details pertaining to this vulnerability
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-38645
CVE-2021-38647
CVE-2021-38648
CVE-2021-38649
-
Microsoft Edge Based On Chromium Prior to 93.0.961.47 Multiple Vulnerabilities
- Severity
- Critical 4
- Qualys ID
- 375861
- Vendor Reference
- Edge (chromium based) 93.0.961.47
- CVE Reference
- CVE-2021-30632
- CVSS Scores
- Base 6.8 / Temporal 5.6
- Description
-
Microsoft Edge is a cross-platform web browser developed by Microsoft.
CVE-2021-38669 Microsoft Edge (Chromium-based)
Affected Versions:
Microsoft Edge Based On Chromium versions before 93.0.961.47QID Detection Logic: (authenticated)
Operating System: Windows
The install path is checked via registry "HKLM\SOFTWARE\Clients\StartMenuInternet\Microsoft Edge\shell\open\command". The version is checked via file msedge.exe.Operating System: MacOS
The QID checks for the version of Microsoft Edge Based On Chromium app. - Consequence
-
Successful exploitation of these vulnerabilities may allow an attacker to execute arbitrary code on the target system.
- Solution
-
Customers are advised to upgrade to version 93.0.961.47 or later
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Edge (chromium based) 93.0.961.47
-
Microsoft Hypertext Mark Up Language (MSHTML) Remote Code Execution (RCE) Vulnerability ActiveX Controls Disabled (Mitigation Enabled)
- Severity
- Minimal 1
- Qualys ID
- 45505
- Vendor Reference
- N/A
- CVE Reference
- N/A
- CVSS Scores
- Base / Temporal
- Description
-
The QID checks if Active X controls are disabled i.e. Mitigation for CVE-2021-40444 is applied.
QID Detection Logic:
The QID checks if Active X controls are disabled in registry hive HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones - Consequence
- N/A
- Solution
- N/A
-
Microsoft Visual Studio Security Update for September 2021
- Severity
- Serious 3
- Qualys ID
- 91815
- Vendor Reference
- CVE-2021-26434, CVE-2021-36952
- CVE Reference
- CVE-2021-26434, CVE-2021-36952
- CVSS Scores
- Base 7.2 / Temporal 5.3
- Description
-
Microsoft has released security Updates for Visual Studio which resolves Remote Code Execution and Elevation of Privilege vulnerability.
Affected Software:
Microsoft Visual Studio 2017 Version 15.9 (includes 15.0 - 15.8)
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 - 16.6)
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
QID Detection Logic: Authenticated
This QID detects vulnerable versions of Microsoft Visual Studio by checking the file version of the Visual Studio.
- Consequence
-
Prone to Remote Code Execution and Elevation of Privilege Vulnerability
- Solution
-
Customers are advised to refer to CVE-2021-26434 and CVE-2021-36952 for more information pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-26434
CVE-2021-36952
-
Microsoft Windows Security Update for September 2021
- Severity
- Critical 4
- Qualys ID
- 91816
- Vendor Reference
- KB5005565, KB5005566, KB5005568, KB5005569, KB5005573, KB5005606, KB5005607, KB5005613, KB5005615, KB5005618, KB5005623, KB5005627, KB5005633
- CVE Reference
- CVE-2021-26435, CVE-2021-36954, CVE-2021-36955, CVE-2021-36958, CVE-2021-36959, CVE-2021-36960, CVE-2021-36961, CVE-2021-36962, CVE-2021-36963, CVE-2021-36964, CVE-2021-36965, CVE-2021-36966, CVE-2021-36967, CVE-2021-36968, CVE-2021-36969, CVE-2021-36972, CVE-2021-36973, CVE-2021-36974, CVE-2021-36975, CVE-2021-38624, CVE-2021-38628, CVE-2021-38629, CVE-2021-38630, CVE-2021-38632, CVE-2021-38633, CVE-2021-38634, CVE-2021-38635, CVE-2021-38636, CVE-2021-38637, CVE-2021-38638, CVE-2021-38639, CVE-2021-38667, CVE-2021-38671, CVE-2021-40447
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
Microsoft releases the security update for Windows September 2021
The KB Articles associated with the update:
KB5005613
KB5005627
KB5005623
KB5005607
KB5005633
KB5005615
KB5005606
KB5005618
KB5005573
KB5005569
KB5005565
KB5005566
KB5005568
This QID checks for the file version of ntoskrnl.exe
The following versions of ntoskrnl.exe with their corresponding KBs are verified:
KB5005613-6.3.9600.20111
KB5005627-6.3.9600.20111
KB5005633-6.1.7601.25704
KB5005615-6.1.7601.25704
KB5005606-6.0.6003.21213
KB5005618-6.0.6003.21213
KB5005623-6.2.9200.23459
KB5005607-6.2.9200.23459
KB5005573-10.0.14393.4651
KB5005569-10.0.10240.19060
KB5005565-10.0.19041.1237
KB5005566-10.0.18362.1801
KB5005568-10.0.17763.2183
KB5005575-10.0.20348.230
- Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
- Solution
-
Please refer to theKB5005613
KB5005627
KB5005623
KB5005607
KB5005633
KB5005615
KB5005606
KB5005618
KB5005573
KB5005569
KB5005565
KB5005566
KB5005568
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5005565
KB5005566
KB5005568
KB5005569
KB5005573
KB5005606
KB5005607
KB5005613
KB5005615
KB5005618
KB5005623
KB5005627
KB5005633
-
Microsoft Dynamics Business Central Cross-Site Scripting (XSS) Vulnerability for September 2021
- Severity
- Serious 3
- Qualys ID
- 91817
- Vendor Reference
- CVE-2021-40440
- CVE Reference
- CVE-2021-40440
- CVSS Scores
- Base 3.5 / Temporal 2.7
- Description
-
Microsoft Dynamics 365 Business Central is an enterprise resource planning system from Microsoft. The product is part of the Microsoft Dynamics family, and shares the same codebase as NAV.
CVE-2021-40440:Microsoft Dynamics Business Central Cross-site Scripting Vulnerability.Affected Software:
Microsoft Dynamics 365 Business Central 2021 Release Wave 1 - Update 18.5
Microsoft Dynamics 365 Business Central 2020 Release Wave 2 - Update 17.10.QID Detection Logic(Authenticated):
This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.Dynamics.Nav.Server.exe - Consequence
- Successful exploitation allows an attacker to conduct cross-site scripting attacks.
- Solution
-
Customers are advised to refer to CVE-2021-40440 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-40440
-
Microsoft Windows Kernel Elevation of Privilege Vulnerability September 2021
- Severity
- Critical 4
- Qualys ID
- 91818
- Vendor Reference
- KB5005606, KB5005618
- CVE Reference
- CVE-2021-38625, CVE-2021-38626
- CVSS Scores
- Base 4.6 / Temporal 3.4
- Description
-
Microsoft releases the security update for Windows September 2021
The KB Articles associated with the update:
KB5005606
KB5005618
This QID checks for the file version of ntoskrnl.exe
The following versions of ntoskrnl.exe with their corresponding KBs are verified:
KB5005606
KB5005618
- Consequence
-
Successful Exploit could compromise Confidentiality, Integrity and Availability
- Solution
-
Please refer to the
KB5005606
KB5005618
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5005606
KB5005618
-
Microsoft Windows Codecs Library HEVC Video Extensions Remote Code Execution (RCE) Vulnerability for September 2021
- Severity
- Critical 4
- Qualys ID
- 91819
- Vendor Reference
- CVE-2021-38661
- CVE Reference
- CVE-2021-38661
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory.
Affected Product:
"HEVC from Device Manufacturer" media codec before version 1.0.42091.0QID detection Logic:
The gets the version of HEVCVideoExtension by querying wmi class Win32_InstalledStoreProgram. - Consequence
-
An attacker who successfully exploited this vulnerability can compromise confidentiality, integrity and availability of the system
- Solution
-
Users are advised to check CVE-2021-38661 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-38661
-
Microsoft MPEG-2 Video Extension Remote Code Execution (RCE) Vulnerability
- Severity
- Critical 4
- Qualys ID
- 91820
- Vendor Reference
- CVE-2021-38644
- CVE Reference
- CVE-2021-38644
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
A remote code execution vulnerability exists in the way that Microsoft MPEG-2 Video extensions handles objects in memory.
Affected Product:
MPEG-2 Video Extension before version 1.0.42152.0QID detection Logic:
The gets the version of HMPEG2VideoExtension by querying wmi class Win32_InstalledStoreProgram. - Consequence
-
An attacker who successfully exploited this vulnerability can compromise confidentiality, integrity and availability of the system
- Solution
-
Users are advised to check CVE-2021-38644 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-38644
-
Microsoft Cumulative Security Update for Internet Explorer (KB5005563)
- Severity
- Serious 3
- Qualys ID
- 91821
- Vendor Reference
- KB5005563
- CVE Reference
- N/A
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
Microsoft has released a security update for Internet Explorer.
Microsoft has rated this update as Critical for IE9, IE11
- Consequence
- The vendor has stated that they currently not aware of any security issues in this update.
- Solution
-
The customers are advised to refer to the official advisory. Patch download link can also be found here
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5005563
These new vulnerability checks are included in Qualys vulnerability signature 2.5.279-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 110390
- 110391
- 375854
- 375860
- 375861
- 45505
- 91815
- 91816
- 91817
- 91818
- 91819
- 91820
- 91821
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.