Live Virtual Event: AI & LLM: How Secure Are Your Generative Sheep? Dec 4, 2024
Learn More

Microsoft security alert.

September 14, 2021

Advisory overview

Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 59 vulnerabilities that were fixed in 13 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.

Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.

Vulnerability details

Microsoft has released 13 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:

  • Microsoft Office and Microsoft Office Services and Web Apps Security Update September 2021

    Severity
    Critical 4
    Qualys ID
    110390
    Vendor Reference
    KB4484103, KB4484108, KB5001958, KB5001997, KB5001999, KB5002003, KB5002005, KB5002007, KB5002009, KB5002014, Office Click-2-Run, Office MacOS 2019
    CVE Reference
    CVE-2021-38646, CVE-2021-38650, CVE-2021-38653, CVE-2021-38654, CVE-2021-38655, CVE-2021-38656, CVE-2021-38657, CVE-2021-38658, CVE-2021-38659, CVE-2021-38660
    CVSS Scores
    Base 6.8 / Temporal 5.6
    Description
    Microsoft has released September 2021 security updates to fix multiple security vulnerabilities.

    This security update contains the following:

    MacOS Release Notes
    Office Click-2-Run and Office 365 Release Notes
    KB5001999
    KB4484103
    KB5002005
    KB5001997
    KB4484108
    KB5002007
    KB5001958
    KB5002003
    KB5002014
    KB5002009
    KB5002014

    QID Detection Logic:
    This authenticated QID checks the file versions from the Microsoft advisory with the versions on the affected office system.

    Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.

    Consequence
    Successful exploitation allows an attacker to execute code remotely.

    Solution
    Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.

    MacOS Release Notes
    Office Click-2-Run and Office 365 Release Notes
    KB5001999
    KB4484103
    KB5002005
    KB5001997
    KB4484108
    KB5002007
    KB5001958
    KB5002003
    KB5002014
    KB5002009
    KB5002014

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    Microsoft Office and Microsoft Office Services and Web Apps Security Update September 2021

  • Microsoft SharePoint Enterprise Server Multiple Vulnerabilities September 2021

    Severity
    Serious 3
    Qualys ID
    110391
    Vendor Reference
    KB5002018, KB5002020, KB5002024
    CVE Reference
    CVE-2021-38651, CVE-2021-38652
    CVSS Scores
    Base 3.5 / Temporal 2.6
    Description
    Microsoft has released September security updates to fix multiple security vulnerabilities.

    This security update contains the following KBs:

    KB5002018
    KB5002024
    KB5002020

    QID Detection Logic:
    This authenticated QID checks the file versions from the above Microsoft KB article with the versions on the affected SharePoint system.

    Consequence
    Successful exploitation allows spoofing.

    Solution
    Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.

    KB5002018
    KB5002024
    KB5002020

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    Microsoft Office and Microsoft Office Services and Web Apps Security Update September 2021

  • Visual Studio Code Spoofing Vulnerability

    Severity
    Serious 3
    Qualys ID
    375854
    Vendor Reference
    CVE-2021-26437
    CVE Reference
    CVE-2021-26437
    CVSS Scores
    Base 4.3 / Temporal 3.2
    Description
    Visual Studio Code is a lightweight but powerful source code editor which runs on your desktop and is available for Windows, macOS and Linux.

    Affected Versions:
    Visual studio code prior to version 1.59.1

    QID Detection Logic(Authenticated):
    This QID checks for the vulnerable versions of Visual Studio Code.

    Consequence
    Visual Studio Code is prone to Spoofing Vulnerability
    Solution
    Customers are advised to refer to CVE-2021-26437 for more information pertaining to this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2021-26437

  • Azure Open Management Infrastructure Multiple Vulnerabilities

    Severity
    Serious 3
    Qualys ID
    375860
    Vendor Reference
    CVE-2021-38645, CVE-2021-38647, CVE-2021-38648, CVE-2021-38649
    CVE Reference
    CVE-2021-38645, CVE-2021-38647, CVE-2021-38648, CVE-2021-38649
    CVSS Scores
    Base 7.5 / Temporal 6.2
    Description
    Open Management Infrastructure (OMI) is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards. The OMI CIMOM is also designed to be portable and highly modular. In order to attain its small footprint.

    CVE-2021-38649: Open Management Infrastructure Elevation of Privilege Vulnerability
    CVE-2021-38648: Open Management Infrastructure Elevation of Privilege Vulnerability
    CVE-2021-38647: Open Management Infrastructure Remote Code Execution Vulnerability
    CVE-2021-38645: Open Management Infrastructure Elevation of Privilege Vulnerability

    Affected Software:

    Azure Open Management Infrastructure prior to v1.6.8-1

    Consequence
    Successful exploitation allows an attacker to conduct Elevation of Privilege and Remote Code Execution Vulnerability.
    Solution
    Customers are advised to refer to CVE-2021-38649 and CVE-2021-38648 and CVE-2021-38647 and CVE-2021-38645for more details pertaining to this vulnerability

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2021-38645
    CVE-2021-38647
    CVE-2021-38648
    CVE-2021-38649

  • Microsoft Edge Based On Chromium Prior to 93.0.961.47 Multiple Vulnerabilities

    Severity
    Critical 4
    Qualys ID
    375861
    Vendor Reference
    Edge (chromium based) 93.0.961.47
    CVE Reference
    CVE-2021-30632
    CVSS Scores
    Base 6.8 / Temporal 5.6
    Description
    Microsoft Edge is a cross-platform web browser developed by Microsoft.

    CVE-2021-38669 Microsoft Edge (Chromium-based)
    Affected Versions:
    Microsoft Edge Based On Chromium versions before 93.0.961.47

    QID Detection Logic: (authenticated)
    Operating System: Windows
    The install path is checked via registry "HKLM\SOFTWARE\Clients\StartMenuInternet\Microsoft Edge\shell\open\command". The version is checked via file msedge.exe.

    Operating System: MacOS
    The QID checks for the version of Microsoft Edge Based On Chromium app.

    Consequence
    Successful exploitation of these vulnerabilities may allow an attacker to execute arbitrary code on the target system.
    Solution
    Customers are advised to upgrade to version 93.0.961.47 or later

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    Edge (chromium based) 93.0.961.47

  • Microsoft Hypertext Mark Up Language (MSHTML) Remote Code Execution (RCE) Vulnerability ActiveX Controls Disabled (Mitigation Enabled)

    Severity
    Minimal 1
    Qualys ID
    45505
    Vendor Reference
    N/A
    CVE Reference
    N/A
    CVSS Scores
    Base / Temporal
    Description
    The QID checks if Active X controls are disabled i.e. Mitigation for CVE-2021-40444 is applied.

    QID Detection Logic:
    The QID checks if Active X controls are disabled in registry hive HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

    Consequence
    N/A
    Solution
    N/A
  • Microsoft Visual Studio Security Update for September 2021

    Severity
    Serious 3
    Qualys ID
    91815
    Vendor Reference
    CVE-2021-26434, CVE-2021-36952
    CVE Reference
    CVE-2021-26434, CVE-2021-36952
    CVSS Scores
    Base 7.2 / Temporal 5.3
    Description

    Microsoft has released security Updates for Visual Studio which resolves Remote Code Execution and Elevation of Privilege vulnerability.
    Affected Software:
    Microsoft Visual Studio 2017 Version 15.9 (includes 15.0 - 15.8)
    Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
    Microsoft Visual Studio 2019 version 16.7 (includes 16.0 - 16.6)
    Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)
    Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)

    QID Detection Logic: Authenticated

    This QID detects vulnerable versions of Microsoft Visual Studio by checking the file version of the Visual Studio.

    Consequence
    Prone to Remote Code Execution and Elevation of Privilege Vulnerability
    Solution
    Customers are advised to refer to CVE-2021-26434 and CVE-2021-36952 for more information pertaining to these vulnerabilities.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2021-26434
    CVE-2021-36952

  • Microsoft Windows Security Update for September 2021

    Severity
    Critical 4
    Qualys ID
    91816
    Vendor Reference
    KB5005565, KB5005566, KB5005568, KB5005569, KB5005573, KB5005606, KB5005607, KB5005613, KB5005615, KB5005618, KB5005623, KB5005627, KB5005633
    CVE Reference
    CVE-2021-26435, CVE-2021-36954, CVE-2021-36955, CVE-2021-36958, CVE-2021-36959, CVE-2021-36960, CVE-2021-36961, CVE-2021-36962, CVE-2021-36963, CVE-2021-36964, CVE-2021-36965, CVE-2021-36966, CVE-2021-36967, CVE-2021-36968, CVE-2021-36969, CVE-2021-36972, CVE-2021-36973, CVE-2021-36974, CVE-2021-36975, CVE-2021-38624, CVE-2021-38628, CVE-2021-38629, CVE-2021-38630, CVE-2021-38632, CVE-2021-38633, CVE-2021-38634, CVE-2021-38635, CVE-2021-38636, CVE-2021-38637, CVE-2021-38638, CVE-2021-38639, CVE-2021-38667, CVE-2021-38671, CVE-2021-40447
    CVSS Scores
    Base 9.3 / Temporal 7.7
    Description
    Microsoft releases the security update for Windows September 2021

    The KB Articles associated with the update:
    KB5005613
    KB5005627
    KB5005623
    KB5005607
    KB5005633
    KB5005615
    KB5005606
    KB5005618
    KB5005573
    KB5005569
    KB5005565
    KB5005566
    KB5005568

    This QID checks for the file version of ntoskrnl.exe

    The following versions of ntoskrnl.exe with their corresponding KBs are verified:
    KB5005613-6.3.9600.20111
    KB5005627-6.3.9600.20111
    KB5005633-6.1.7601.25704
    KB5005615-6.1.7601.25704
    KB5005606-6.0.6003.21213
    KB5005618-6.0.6003.21213
    KB5005623-6.2.9200.23459
    KB5005607-6.2.9200.23459
    KB5005573-10.0.14393.4651
    KB5005569-10.0.10240.19060
    KB5005565-10.0.19041.1237
    KB5005566-10.0.18362.1801
    KB5005568-10.0.17763.2183
    KB5005575-10.0.20348.230

    Consequence
    Successful exploit could compromise Confidentiality, Integrity and Availability

    Solution
    Please refer to theKB5005613
    KB5005627
    KB5005623
    KB5005607
    KB5005633
    KB5005615
    KB5005606
    KB5005618
    KB5005573
    KB5005569
    KB5005565
    KB5005566
    KB5005568

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    KB5005565
    KB5005566
    KB5005568
    KB5005569
    KB5005573
    KB5005606
    KB5005607
    KB5005613
    KB5005615
    KB5005618
    KB5005623
    KB5005627
    KB5005633

  • Microsoft Dynamics Business Central Cross-Site Scripting (XSS) Vulnerability for September 2021

    Severity
    Serious 3
    Qualys ID
    91817
    Vendor Reference
    CVE-2021-40440
    CVE Reference
    CVE-2021-40440
    CVSS Scores
    Base 3.5 / Temporal 2.7
    Description
    Microsoft Dynamics 365 Business Central is an enterprise resource planning system from Microsoft. The product is part of the Microsoft Dynamics family, and shares the same codebase as NAV.


    CVE-2021-40440:Microsoft Dynamics Business Central Cross-site Scripting Vulnerability.

    Affected Software:

    Microsoft Dynamics 365 Business Central 2021 Release Wave 1 - Update 18.5
    Microsoft Dynamics 365 Business Central 2020 Release Wave 2 - Update 17.10.

    QID Detection Logic(Authenticated):
    This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.Dynamics.Nav.Server.exe

    Consequence
    Successful exploitation allows an attacker to conduct cross-site scripting attacks.
    Solution
    Customers are advised to refer to CVE-2021-40440 for more details pertaining to this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2021-40440

  • Microsoft Windows Kernel Elevation of Privilege Vulnerability September 2021

    Severity
    Critical 4
    Qualys ID
    91818
    Vendor Reference
    KB5005606, KB5005618
    CVE Reference
    CVE-2021-38625, CVE-2021-38626
    CVSS Scores
    Base 4.6 / Temporal 3.4
    Description
    Microsoft releases the security update for Windows September 2021

    The KB Articles associated with the update:
    KB5005606
    KB5005618

    This QID checks for the file version of ntoskrnl.exe

    The following versions of ntoskrnl.exe with their corresponding KBs are verified:
    KB5005606
    KB5005618

    Consequence
    Successful Exploit could compromise Confidentiality, Integrity and Availability

    Solution
    Please refer to the KB5005606
    KB5005618

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    KB5005606
    KB5005618

  • Microsoft Windows Codecs Library HEVC Video Extensions Remote Code Execution (RCE) Vulnerability for September 2021

    Severity
    Critical 4
    Qualys ID
    91819
    Vendor Reference
    CVE-2021-38661
    CVE Reference
    CVE-2021-38661
    CVSS Scores
    Base 6.8 / Temporal 5
    Description
    A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory.

    Affected Product:
    "HEVC from Device Manufacturer" media codec before version 1.0.42091.0

    QID detection Logic:
    The gets the version of HEVCVideoExtension by querying wmi class Win32_InstalledStoreProgram.

    Consequence
    An attacker who successfully exploited this vulnerability can compromise confidentiality, integrity and availability of the system

    Solution
    Users are advised to check CVE-2021-38661 for more information.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2021-38661

  • Microsoft MPEG-2 Video Extension Remote Code Execution (RCE) Vulnerability

    Severity
    Critical 4
    Qualys ID
    91820
    Vendor Reference
    CVE-2021-38644
    CVE Reference
    CVE-2021-38644
    CVSS Scores
    Base 6.8 / Temporal 5
    Description
    A remote code execution vulnerability exists in the way that Microsoft MPEG-2 Video extensions handles objects in memory.

    Affected Product:
    MPEG-2 Video Extension before version 1.0.42152.0

    QID detection Logic:
    The gets the version of HMPEG2VideoExtension by querying wmi class Win32_InstalledStoreProgram.

    Consequence
    An attacker who successfully exploited this vulnerability can compromise confidentiality, integrity and availability of the system

    Solution
    Users are advised to check CVE-2021-38644 for more information.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2021-38644

  • Microsoft Cumulative Security Update for Internet Explorer (KB5005563)

    Severity
    Serious 3
    Qualys ID
    91821
    Vendor Reference
    KB5005563
    CVE Reference
    N/A
    CVSS Scores
    Base 6.8 / Temporal 5
    Description
    Microsoft has released a security update for Internet Explorer.

    Microsoft has rated this update as Critical for IE9, IE11

    Consequence
    The vendor has stated that they currently not aware of any security issues in this update.
    Solution
    The customers are advised to refer to the official advisory. Patch download link can also be found here

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    KB5005563

These new vulnerability checks are included in Qualys vulnerability signature 2.5.279-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.

Selective Scan Instructions Using Qualys

To perform a selective vulnerability scan, configure a scan profile to use the following options:

  1. Ensure access to TCP ports 135 and 139 are available.
  2. Enable Windows Authentication (specify Authentication Records).
  3. Enable the following Qualys IDs:
    • 110390
    • 110391
    • 375854
    • 375860
    • 375861
    • 45505
    • 91815
    • 91816
    • 91817
    • 91818
    • 91819
    • 91820
    • 91821
  4. If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
  5. If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.

In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.

Access for Qualys Customers

Platforms and Platform Identification

Technical Support

For more information, customers may contact Qualys Technical Support.

About Qualys

The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.