Qualys Vulnerability R&D Lab has released new vulnerability checks in the Qualys Cloud Platform to protect organizations against 76 vulnerabilities that were fixed in 12 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Microsoft has released 12 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
Microsoft has released KB5006671 for Internet Explorer 11 and 9. Microsoft is currently not aware of any issues in this update.
Affected Versions:
Internet Explorer 11 on Windows Server 2012 R2 Windows 8.1 Windows Server 2012 Windows Server 2008 R2 SP1
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5006671
This security update contains the following KBs:
KB5002028
KB5002042
KB5002029
KB5002006
KB4493202
KB5001924
QID Detection Logic:
This authenticated QID checks the file versions from the above Microsoft KB article with the versions on the affected SharePoint system.
KB5002028
KB5002042
KB5002029
KB5002006
KB4493202
KB5001924
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update October 2021
This security update contains the following:
MacOS Release Notes
Office Click-2-Run and Office 365 Release Notes
KB5002004
KB5001960
KB5002036
KB5002027
KB5001982
KB4461476
KB5001985
KB4018332
KB5002030
KB5002043
QID Detection Logic:
This authenticated QID checks the file versions from the Microsoft advisory with the versions on the affected office system.
Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
MacOS Release Notes
Office Click-2-Run and Office 365 Release Notes
KB5002004
KB5001960
KB5002036
KB5002027
KB5001982
KB4461476
KB5001985
KB4018332
KB5002030
KB5002043
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update October 2021
Operating System: MacOS
The QID checks for the version of Microsoft Edge Based On Chromium app.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Edge (chromium based) 94.0.992.47
Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Server Information Disclosure Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
KB Articles associated with this update are: KB5004780,KB5004779,KB5004778
Affected Versions:
Microsoft Exchange Server 2019 Cumulative Update 10
Microsoft Exchange Server 2019 Cumulative Update 11
Microsoft Exchange Server 2016 Cumulative Update 21
Microsoft Exchange Server 2016 Cumulative Update 22
Microsoft Exchange Server 2013 Cumulative Update 23
QID Detection Logic (authenticated):
The QID checks for the version of file Exsetup.exe.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5007011
KB5007012
Microsoft has released a security Update for Visual Studio which resolves Information Disclosure and Denial of Service Vulnerability.
Affected Software:
Microsoft Visual Studio 2019 prior to version 16.11 (includes 16.0-16.10)
Microsoft Visual Studio 2019 prior to version 16.9 (includes 16.0-16.8)
Microsoft Visual Studio 2019 prior to version 16.7 (includes 16.0-16.6)
Microsoft Visual Studio 2019 prior to version 16.4 (includes 16.0-16.3)
Microsoft Visual Studio 2017 prior to version 15.9 (includes 15.0-15.8)
QID Detection Logic: Authenticated
This QID detects vulnerable versions of Microsoft Visual Studio by checking file version of Visual Studio.app.
The vulnerable versions of Visual Studio let attackers to create a Denial of Service and Information Disclosure Vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2020-1971
CVE-2021-3449
CVE-2021-3450
CVE-2021-41355
Affected versions:
.NET 5.0 before version 5.0.11
QID Detection Logic: Authenticated
This QID detects vulnerable versions of Microsoft .NET Core by checking the file version on windows.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-41355
The KB Articles associated with the update:
KB5006670
KB5006675
KB5006674
KB5006669
KB5006699
KB5006743
KB5006728
KB5006714
KB5006729
KB5006739
KB5006732
KB5006736
KB5006715
KB5006667
KB5006672
This QID checks for the file version of ntoskrnl.exe
The following versions of ntoskrnl.exe and Win32k.sys with their corresponding KBs are verified:
KB5006670-10.0.19041.1288
KB5006675-10.0.10240.19086
KB5006674-10.0.22000.258
KB5006669-10.0.14393.4704
KB5006699-10.0.20348.288
KB5006743-6.1.7601.25740
KB5006728-6.1.7601.25740
KB5006714-6.3.9600.20144
KB5006729-6.3.9600.20143
KB5006739-6.2.9200.23489
KB5006732-6.2.9200.23489
KB5006736-6.0.6003.21251
KB5006715-6.0.6003.21251
KB5006667-10.0.18362.1854
KB5006672-10.0.17763.2237
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5006667
KB5006669
KB5006670
KB5006672
KB5006674
KB5006675
KB5006699
KB5006714
KB5006715
KB5006728
KB5006729
KB5006732
KB5006736
KB5006739
KB5006743
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is file content.
Affected Software:
System Center 2019 Operations Manager
System Center 2016 Operations Manager
System Center 2012 R2 Operations Manager
NOTE:This vulnerability only affects machines that have the SCOM web console installed
QID Detection Logic (Authenticated):
TODO
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5006871
The KB Articles associated with the update:
KB5006714
KB5006729
KB5006739
KB5006732
KB5006743
KB5006728
KB5006736
KB5006715
KB5006669
KB5006670
KB5006699
KB5006672
The following versions of dns.exe with their corresponding KBs are verified:
KB5006739- 6.2.9200.23488
KB5006732- 6.2.9200.23488
KB5006743- 6.1.7601.25738
KB5006728- 6.1.7601.25738
KB5006736- 6.0.6003.21249
KB5006715- 6.0.6003.21249
KB5006669- 10.0.14393.4704
KB5006670- 10.0.19041.1288
KB5006699- 10.0.20348.288
KB5006714- 6.3.9600.20141
KB5006729- 6.3.9600.20141
KB5006672- 10.0.17763.2237
QID Detection Logic:
Authenticated: This QID checks for the file version of dns.exe
Unauthenticated: This QID checks for vulnerable version of Microsoft DNS by checking the DNS version exposed in the banner.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5006669
KB5006670
KB5006672
KB5006699
KB5006714
KB5006715
KB5006728
KB5006729
KB5006732
KB5006736
KB5006739
KB5006743
The KB Articles associated with the update:
KB5006674
KB5006699
This QID checks for the file version of ntoskrnl.exe
The following versions of ntoskrnl.exe with their corresponding KBs are verified:
KB5006674-10.0.22000.258
KB5006699-10.0.20348.288
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5006674
KB5006699
CVE-2021-34524:Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
CVE-2021-36950:Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability.
Affected Software:
Microsoft Dynamics 365(on-premise) version 9.0
Microsoft Dynamics 365 Customer Engagement 9.0
Microsoft Dynamics 365(on-premise) version 9.1
Microsoft Dynamics 365 Customer Engagement 9.1
QID Detection Logic(Authenticated):
This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.Crm.Setup.Server.exe:
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-40457
CVE-2021-41353
CVE-2021-41354
These new vulnerability checks are included in Qualys vulnerability signature 2.5.303-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
To perform a selective vulnerability scan, configure a scan profile to use the following options:
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Platforms and Platform Identification
For more information, customers may contact Qualys Technical Support.
The Qualys Cloud Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.