Microsoft security alert.

Advisory overview

Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 76 vulnerabilities that were fixed in 12 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.

Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.

Vulnerability details

Microsoft has released 12 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:

• Microsoft Internet Explorer Cumulative Security Update (KB5006671) for October 2021

  Severity

  Serious 3

  Qualys ID

  100416

  Vendor Reference

  KB5006671

  CVE Reference

  CVE-2021-41342

  CVSS Scores

  Base 6.8 / Temporal 5

  Description

  Internet Explorer is a web browser developed by Microsoft which is included in Microsoft Windows Operating Systems.

  Microsoft has released KB5006671 for Internet Explorer 11 and 9. Microsoft is currently not aware of any issues in this update.

  Affected Versions:
  Internet Explorer 11 on Windows Server 2012 R2 Windows 8.1 Windows Server 2012 Windows Server 2008 R2 SP1

  Consequence

  Not installing the update can not resolves vulnerabilities in Internet Explorer.

  Solution

  For more information, Customers are advised to refer the KB5006671

  Patches:
  The following are links for downloading patches to fix these vulnerabilities:
  KB5006671

• Microsoft SharePoint Enterprise Server Multiple Vulnerabilities October 2021

  Severity

  Critical 4

  Qualys ID

  110392

  Vendor Reference

  KB4493202, KB5001924, KB5002006, KB5002028, KB5002029, KB5002042

  CVE Reference

  CVE-2021-40482, CVE-2021-40483, CVE-2021-40484, CVE-2021-40485, CVE-2021-40486, CVE-2021-40487, CVE-2021-41344

  CVSS Scores

  Base 6.8 / Temporal 5

  Description

  Microsoft has released October security updates to fix multiple security vulnerabilities.

  This security update contains the following KBs:

  KB5002028
  KB5002042
  KB5002029
  KB5002006
  KB4493202
  KB5001924

  QID Detection Logic:
  This authenticated QID checks the file versions from the above Microsoft KB article with the versions on the affected SharePoint system.

  Consequence

  Successful exploitation allows remote code execution.

  Solution

  Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.

  KB5002028
  KB5002042
  KB5002029
  KB5002006
  KB4493202
  KB5001924

  Patches:
  The following are links for downloading patches to fix these vulnerabilities:
  Microsoft Office and Microsoft Office Services and Web Apps Security Update October 2021

• Microsoft Office and Microsoft Office Services and Web Apps Security Update October 2021

  Severity

  Critical 4

  Qualys ID

  110393

  Vendor Reference

  KB4018332, KB4461476, KB5001960, KB5001982, KB5001985, KB5002004, KB5002027, KB5002030, KB5002036, KB5002043

  CVE Reference

  CVE-2021-40454, CVE-2021-40471, CVE-2021-40472, CVE-2021-40473, CVE-2021-40474, CVE-2021-40479, CVE-2021-40480, CVE-2021-40481, CVE-2021-40485, CVE-2021-40486

  CVSS Scores

  Base 6.8 / Temporal 5

  Description

  Microsoft has released September 2021 security updates to fix multiple security vulnerabilities.

  This security update contains the following:

  MacOS Release Notes
  Office Click-2-Run and Office 365 Release Notes
  KB5002004
  KB5001960
  KB5002036
  KB5002027
  KB5001982
  KB4461476
  KB5001985
  KB4018332
  KB5002030
  KB5002043

  QID Detection Logic:
  This authenticated QID checks the file versions from the Microsoft advisory with the versions on the affected office system.

  Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.

  Consequence

  Successful exploitation allows an attacker to execute code remotely.

  Solution

  Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.

  MacOS Release Notes
  Office Click-2-Run and Office 365 Release Notes
  KB5002004
  KB5001960
  KB5002036
  KB5002027
  KB5001982
  KB4461476
  KB5001985
  KB4018332
  KB5002030
  KB5002043

  Patches:
  The following are links for downloading patches to fix these vulnerabilities:
  Microsoft Office and Microsoft Office Services and Web Apps Security Update October 2021

• Microsoft Edge Based on Chromium Prior to 94.0.992.47 Multiple Vulnerabilities

  Severity

  Serious 3

  Qualys ID

  375952

  Vendor Reference

  Edge (chromium based) 94.0.992.47

  CVE Reference

  CVE-2021-37977, CVE-2021-37978, CVE-2021-37979, CVE-2021-37980

  CVSS Scores

  Base 6.8 / Temporal 5.3

  Description

  EdgeChromium has released security update for Mac and Windows to fix the vulnerabilities.
  QID Detection Logic: (Authenticated).
  Operating System: Windows
  The install path is checked via registry "HKLM\SOFTWARE\Clients\StartMenuInternet\Microsoft Edge\shell\open\command". The version is checked via file msedge.exe.

  Operating System: MacOS
  The QID checks for the version of Microsoft Edge Based On Chromium app.

  
  Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

  Consequence

  Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.

  Solution

  Customers are advised to upgrade to version 94.0.992.47 or later

  Patches:
  The following are links for downloading patches to fix these vulnerabilities:
  Edge (chromium based) 94.0.992.47

• Microsoft Exchange Server Multiple Vulnerabilities October 2021

  Severity

  Critical 4

  Qualys ID

  50115

  Vendor Reference

  KB5007011, KB5007012

  CVE Reference

  CVE-2021-26427, CVE-2021-34453, CVE-2021-41348, CVE-2021-41350

  CVSS Scores

  Base 5.8 / Temporal 4.3

  Description

  Microsoft Exchange Server is prone to multiple vulnerabilities:

  Microsoft Exchange Server Elevation of Privilege Vulnerability
  Microsoft Exchange Server Information Disclosure Vulnerability
  Microsoft Exchange Server Remote Code Execution Vulnerability

  KB Articles associated with this update are: KB5004780,KB5004779,KB5004778

  Affected Versions:
  Microsoft Exchange Server 2019 Cumulative Update 10
  Microsoft Exchange Server 2019 Cumulative Update 11
  Microsoft Exchange Server 2016 Cumulative Update 21
  Microsoft Exchange Server 2016 Cumulative Update 22
  Microsoft Exchange Server 2013 Cumulative Update 23

  QID Detection Logic (authenticated):
  The QID checks for the version of file Exsetup.exe.
  

  Consequence

  Successful exploitation allows attackers to execute remote code.
  

  Solution

  Customers are advised to refer to KB5007012, KB5007011 for information pertaining to this vulnerability.
  

  Patches:
  The following are links for downloading patches to fix these vulnerabilities:
  KB5007011
  KB5007012

• Microsoft Visual Studio Security Update for October 2021

  Severity

  Serious 3

  Qualys ID

  91822

  Vendor Reference

  CVE-2020-1971, CVE-2021-3449, CVE-2021-3450, CVE-2021-41355

  CVE Reference

  CVE-2020-1971, CVE-2021-3449, CVE-2021-3450, CVE-2021-41355

  CVSS Scores

  Base 5.8 / Temporal 4.5

  Description

  Microsoft has released a security Update for Visual Studio which resolves Information Disclosure and Denial of Service Vulnerability.
  Affected Software:
  Microsoft Visual Studio 2019 prior to version 16.11 (includes 16.0-16.10)
  Microsoft Visual Studio 2019 prior to version 16.9 (includes 16.0-16.8)
  Microsoft Visual Studio 2019 prior to version 16.7 (includes 16.0-16.6)
  Microsoft Visual Studio 2019 prior to version 16.4 (includes 16.0-16.3)
  Microsoft Visual Studio 2017 prior to version 15.9 (includes 15.0-15.8)

  QID Detection Logic: Authenticated
  This QID detects vulnerable versions of Microsoft Visual Studio by checking file version of Visual Studio.app.

  Consequence

  The vulnerable versions of Visual Studio let attackers to create a Denial of Service and Information Disclosure Vulnerabilities.
  

  Solution

  Customers are advised to refer to CVE-2021-41355, CVE-2020-1971 , CVE-2021-3450 , and CVE-2021-3449 for more information pertaining to these vulnerabilities.

  Patches:
  The following are links for downloading patches to fix these vulnerabilities:
  CVE-2020-1971
  CVE-2021-3449
  CVE-2021-3450
  CVE-2021-41355

• Microsoft .NET Core Security Update for October 2021

  Severity

  Serious 3

  Qualys ID

  91823

  Vendor Reference

  CVE-2021-41355

  CVE Reference

  CVE-2021-41355

  CVSS Scores

  Base 2.9 / Temporal 2.1

  Description

  Microsoft has released a security Update for .NET Core which resolves Information Disclosure Vulnerability.
  This security update is rated Important for supported versions of .NET Core.

  Affected versions:
  .NET 5.0 before version 5.0.11
  

  QID Detection Logic: Authenticated
  

  This QID detects vulnerable versions of Microsoft .NET Core by checking the file version on windows.
  

  Consequence

  Successful exploitation of this vulnerability could lead to Disclosure of Sensitive Information.

  Solution

  Customers are advised to refer to CVE-2021-41355 for more information pertaining to this vulnerability.

  Patches:
  The following are links for downloading patches to fix these vulnerabilities:
  CVE-2021-41355

• Microsoft Windows Security Update for October 2021

  Severity

  Critical 4

  Qualys ID

  91824

  Vendor Reference

  KB5006667, KB5006669, KB5006670, KB5006671, KB5006672, KB5006674, KB5006675, KB5006699, KB5006714, KB5006715, KB5006728, KB5006729, KB5006732, KB5006736, KB5006739, KB5006743

  CVE Reference

  CVE-2021-26441, CVE-2021-26442, CVE-2021-36953, CVE-2021-36970, CVE-2021-38662, CVE-2021-38663, CVE-2021-40443, CVE-2021-40449, CVE-2021-40450, CVE-2021-40454, CVE-2021-40455, CVE-2021-40456, CVE-2021-40460, CVE-2021-40461, CVE-2021-40462, CVE-2021-40463, CVE-2021-40464, CVE-2021-40465, CVE-2021-40466, CVE-2021-40467, CVE-2021-40468, CVE-2021-40470, CVE-2021-40475, CVE-2021-40476, CVE-2021-40477, CVE-2021-40478, CVE-2021-40488, CVE-2021-40489, CVE-2021-41330, CVE-2021-41331, CVE-2021-41332, CVE-2021-41334, CVE-2021-41335, CVE-2021-41337, CVE-2021-41338, CVE-2021-41339, CVE-2021-41340, CVE-2021-41342, CVE-2021-41343, CVE-2021-41345, CVE-2021-41346, CVE-2021-41347, CVE-2021-41357, CVE-2021-41361

  CVSS Scores

  Base 7.2 / Temporal 6.3

  Description

  Microsoft releases the security update for Windows October 2021

  The KB Articles associated with the update:
  KB5006670
  KB5006675
  KB5006674
  KB5006669
  KB5006699
  KB5006743
  KB5006728
  KB5006714
  KB5006729
  KB5006739
  KB5006732
  KB5006736
  KB5006715
  KB5006667
  KB5006672
  

  This QID checks for the file version of ntoskrnl.exe

  The following versions of ntoskrnl.exe and Win32k.sys with their corresponding KBs are verified:
  KB5006670-10.0.19041.1288
  KB5006675-10.0.10240.19086
  KB5006674-10.0.22000.258
  KB5006669-10.0.14393.4704
  KB5006699-10.0.20348.288
  KB5006743-6.1.7601.25740
  KB5006728-6.1.7601.25740
  KB5006714-6.3.9600.20144
  KB5006729-6.3.9600.20143
  KB5006739-6.2.9200.23489
  KB5006732-6.2.9200.23489
  KB5006736-6.0.6003.21251
  KB5006715-6.0.6003.21251
  KB5006667-10.0.18362.1854
  KB5006672-10.0.17763.2237
  

  Consequence

  Successful exploit could compromise Confidentiality, Integrity and Availability

  Solution

  Please refer to the KB5006670
  KB5006675
  KB5006674
  KB5006669
  KB5006699
  KB5006743
  KB5006728
  KB5006714
  KB5006729
  KB5006739
  KB5006732
  KB5006736
  KB5006715
  KB5006667
  KB5006672
  

  Patches:
  The following are links for downloading patches to fix these vulnerabilities:
  KB5006667
  KB5006669
  KB5006670
  KB5006672
  KB5006674
  KB5006675
  KB5006699
  KB5006714
  KB5006715
  KB5006728
  KB5006729
  KB5006732
  KB5006736
  KB5006739
  KB5006743

• Microsoft System Center Operations Manager (SCOM) Information Disclosure Vulnerability - October 2021

  Severity

  Serious 3

  Qualys ID

  91825

  Vendor Reference

  KB5006871

  CVE Reference

  CVE-2021-41352

  CVSS Scores

  Base 5 / Temporal 3.7

  Description

  System Center Operations Manager (SCOM) is a cross-platform data center management system for operating systems and hypervisors.

  The type of information that could be disclosed if an attacker successfully exploited this vulnerability is file content.

  Affected Software:
  System Center 2019 Operations Manager
  System Center 2016 Operations Manager
  System Center 2012 R2 Operations Manager

  NOTE:This vulnerability only affects machines that have the SCOM web console installed QID Detection Logic (Authenticated):
  TODO

  Consequence

  Insecure Direct Object Reference (IDOR) vulnerability in APM websites that allows users to access any file under Web folder and gain access to the file contents.

  Solution

  Users are advised to check KB5006871 for more information.

  Patches:
  The following are links for downloading patches to fix these vulnerabilities:
  KB5006871

• Microsoft Windows Domain Name System (DNS) Server Remote Code Execution (RCE) Vulnerability October 2021

  Severity

  Serious 3

  Qualys ID

  91826

  Vendor Reference

  KB5006669, KB5006670, KB5006672, KB5006699, KB5006714, KB5006715, KB5006728, KB5006729, KB5006732, KB5006736, KB5006739, KB5006743

  CVE Reference

  CVE-2021-40469

  CVSS Scores

  Base 6.5 / Temporal 4.8

  Description

  Microsoft releases the security update for Windows October 2021

  The KB Articles associated with the update:
  KB5006714
  KB5006729
  KB5006739
  KB5006732
  KB5006743
  KB5006728
  KB5006736
  KB5006715
  KB5006669
  KB5006670
  KB5006699
  KB5006672
  

  The following versions of dns.exe with their corresponding KBs are verified:
  KB5006739- 6.2.9200.23488
  KB5006732- 6.2.9200.23488
  KB5006743- 6.1.7601.25738
  KB5006728- 6.1.7601.25738
  KB5006736- 6.0.6003.21249
  KB5006715- 6.0.6003.21249
  KB5006669- 10.0.14393.4704
  KB5006670- 10.0.19041.1288
  KB5006699- 10.0.20348.288
  KB5006714- 6.3.9600.20141
  KB5006729- 6.3.9600.20141
  KB5006672- 10.0.17763.2237

  QID Detection Logic:
  Authenticated: This QID checks for the file version of dns.exe
  Unauthenticated: This QID checks for vulnerable version of Microsoft DNS by checking the DNS version exposed in the banner.

  Consequence

  Successful exploit could compromise Confidentiality, Integrity and Availability

  Solution

  Please refer to theKB5006714
  KB5006729
  KB5006739
  KB5006732
  KB5006743
  KB5006728
  KB5006736
  KB5006715
  KB5006669
  KB5006670
  KB5006699
  KB5006672
  

  Patches:
  The following are links for downloading patches to fix these vulnerabilities:
  KB5006669
  KB5006670
  KB5006672
  KB5006699
  KB5006714
  KB5006715
  KB5006728
  KB5006729
  KB5006732
  KB5006736
  KB5006739
  KB5006743

• Microsoft Windows Hyper-V Remote Code Execution (RCE) Vulnerability October 2021

  Severity

  Critical 4

  Qualys ID

  91827

  Vendor Reference

  KB5006674, KB5006699

  CVE Reference

  CVE-2021-38672, CVE-2021-40461

  CVSS Scores

  Base 5.2 / Temporal 3.8

  Description

  Microsoft releases the security update for Windows October 2021

  The KB Articles associated with the update:
  KB5006674
  KB5006699
  

  This QID checks for the file version of ntoskrnl.exe

  The following versions of ntoskrnl.exe with their corresponding KBs are verified:
  KB5006674-10.0.22000.258
  KB5006699-10.0.20348.288
  

  Consequence

  Successful exploit could compromise Confidentiality, Integrity and Availability

  Solution

  Please refer to theKB5006674
  KB5006699
  Workaround:
  10.0.22000.258

  Patches:
  The following are links for downloading patches to fix these vulnerabilities:
  KB5006674
  KB5006699

• Microsoft Dynamics 365 Security Update for October 2021

  Severity

  Serious 3

  Qualys ID

  91828

  Vendor Reference

  CVE-2021-40457, CVE-2021-41353, CVE-2021-41354

  CVE Reference

  CVE-2021-40457, CVE-2021-41353, CVE-2021-41354

  CVSS Scores

  Base 4.3 / Temporal 3.2

  Description

  Microsoft Dynamics 365 is a product line of enterprise resource planning and customer relationship management intelligent business applications.

  CVE-2021-34524:Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
  CVE-2021-36950:Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability.

  Affected Software:
  Microsoft Dynamics 365(on-premise) version 9.0
  Microsoft Dynamics 365 Customer Engagement 9.0
  Microsoft Dynamics 365(on-premise) version 9.1
  Microsoft Dynamics 365 Customer Engagement 9.1

  QID Detection Logic(Authenticated):
  This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.Crm.Setup.Server.exe:
  

  Consequence

  An attacker could conduct spoofing attacks, which may aid further exploitations.

  Solution

  Customers are advised to refer to CVE-2021-41354, CVE-2021-41353 and CVE-2021-40457 for more details pertaining to this vulnerability.

  Patches:
  The following are links for downloading patches to fix these vulnerabilities:
  CVE-2021-40457
  CVE-2021-41353
  CVE-2021-41354

Access for Qualys Customers

Platforms and Platform Identification

Technical Support

For more information, customers may contact Qualys Technical Support.

About Qualys

The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.