Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 59 vulnerabilities that were fixed in 13 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Microsoft has released 13 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
This security update contains the following:
MacOS Release Notes
Office Click-2-Run and Office 365 Release Notes
KB5002103
KB5002105
KB5002098
KB5002097
KB5002101
KB4504745
KB5002033
KB4486726
KB4504710
KB5002104
KB5002099
QID Detection Logic:
This authenticated QID checks the file versions from the Microsoft advisory with the versions on the affected office system.
Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
MacOS Release Notes
Office Click-2-Run and Office 365 Release Notes
KB5002103
KB5002105
KB5002098
KB5002097
KB5002101
KB4504745
KB5002033
KB4486726
KB4504710
KB5002104
KB5002099
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update December 2021
This security update contains the following KBs:
KB5002045
KB5002054
KB5002055
KB5002071
KB5002015
KB5002047
KB5002061
KB5002008
KB5002059
QID Detection Logic:
This authenticated QID checks the file versions from the above Microsoft KB article with the versions on the affected SharePoint system.
KB5002045
KB5002054
KB5002055
KB5002071
KB5002015
KB5002047
KB5002061
KB5002008
KB5002059
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update December 2021
QID Detection Logic: (Authenticated)
This QID detects vulnerable versions of powershell using pwsh --version
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-43896
Affected Versions:
Visual studio code prior to version 1.63.1
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of Visual Studio Code.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
VS Code 1.63
Affected Versions:
0.63.11
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of Visual Studio Code with WSL extension.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-43907
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
96.0.1054.57
Microsoft has released a security Update for Visual Studio which resolves Elevation of Privilege Vulnerability.
Affected Software:
Microsoft Visual Studio 2019 version 16.11 (includes 16.0-16.10)
Microsoft Visual Studio 2019 version 16.9 (includes 16.0-16.8)
Microsoft Visual Studio 2019 version 16.7 (includes 16.0-16.6)
and Microsoft Visual Studio 2022 version 17.0
The vulnerable versions of Visual Studio let attackers to perform Elevation of Privileges Attacks.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-43877
Affected versions:
ASP.NET Core 3.1 prior to version 3.1.22
ASP.NET Core 5.0 prior to version 5.0.13
and ASP.NET Core 6.0 prior to version 6.0.1
QID Detection Logic (Authenticated):
This QID looks for sub directories under %programfiles%\dotnet\shared\Microsoft.NETCore.App, %programfiles(x86)%\dotnet\shared\Microsoft.NETCore.App and checks for vulnerable versions in .version file on Windows.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-43877
Affected Product:
"HEVC from Device Manufacturer" media codec before version 1.0.42702.0
"WEB from Device Manufacturer" media codec before version 1.0.42192.0
QID detection Logic:
The gets the version of HEVCVideoExtension and WebMediaExtensions by querying wmi class Win32_InstalledStoreProgram.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-40452
CVE-2021-40453
CVE-2021-41360
CVE-2021-43214
This QID checks for the file version of ntoskrnl.exe
The following versions of ntoskrnl.exe with their corresponding KBs are verified:
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5008206
KB5008207
KB5008210
KB5008212
KB5008215
KB5008218
KB5008223
KB5008230
KB5008244
KB5008255
KB5008263
KB5008271
KB5008274
KB5008277
KB5008282
KB5008285
Affected Product:
VP9 Video Extensions prior to version prior to 1.0.42791.0
QID detection Logic:
The detection gets the version of VP9VideoExtension by querying wmi class Win32_InstalledStoreProgram.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-43243
Affected Products:
Windows 10 version Windows 10 version 1809 and later or any version of Windows 11
Windows 10 version 1709 or Windows 10 version 1803.
QID Detection Logic (authenticated):
The detection gets the version of Microsoft.DesktopAppInstaller by querying wmi class Win32_InstalledStoreProgram.
Detection is also checking for BlockNonAdminUserInstall and AllowAllTrustedAppToInstall policies.
For version 1.17.10633.0 or greater of the App Installer, we are also checking for Group Policy EnableMSAppInstallerProtocol is set to Disabled.
Workaround:
Option1: Enable the following GPO to prevent non-admins from installing any Windows App packages.
BlockNonAdminUserInstall- This policy setting manages the ability of non-administrator users to install (signed) Windows app packages. When enabled (value: 1), non-administrator users will be unable to initiate the installation of (signed) Windows app packages.
Option2: Enable this GPO to prevent installing apps from outside the Microsoft Store
AllowAllTrustedAppToInstall- This policy setting allows you to manage the installation of trusted line-of-business (LOB) or developer-signed Windows Store apps.If you enable this policy setting, you can install any LOB or developer-signed Windows Store app (which must be signed with a certificate chain that can be successfully validated by the local computer)
Option3: Disable the ms-appinstaller protocol to install apps directly from a website.
ms-appinstaller- This will block all attempts to invoke the protocol from the browser. Specifically, how that looks to the user will depend on the construction of the page that tries to launch the protocol.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-43890
Detection Logic: (Authenticated)
The detection gets the version of MicrosoftOfficeHub by querying wmi class Win32_InstalledStoreProgram.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-43905
These new vulnerability checks are included in Qualys vulnerability signature 2.5.354-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
To perform a selective vulnerability scan, configure a scan profile to use the following options:
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Platforms and Platform Identification
For more information, customers may contact Qualys Technical Support.
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.