Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 95 vulnerabilities that were fixed in 8 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Microsoft has released 8 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
This security update contains the following:
MacOS Release Notes
Office Click-2-Run and Office 365 Release Notes
KB5002057
KB5002119
KB5002116
KB5002122
KB5002064
KB5002124
KB4462205
KB5002128
KB5002060
KB5002115
KB5002052
KB5002114
KB5002107
QID Detection Logic (Authenticated): MacOs
This QID looks for the vulnerable version of Apps- Microsoft Excel, Microsoft Word, Microsoft PowerPoint, and Microsoft Outlook installed on MacOS.
QID Detection Logic (Authenticated): Windows
This QID looks for registry keys HKLM\SOFTWARE\Microsoft\Office\16.0\Common\InstallRoot,HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\16.0\Common\InstallRoot, HKLM\SOFTWARE\Microsoft\Office\15.0\Common\InstallRoot, HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\15.0\Common\InstallRoot while checking for files "stslist.dll" and "Graph.exe". For MS Excel, it checks for registry keys HKLM\SOFTWARE\Microsoft\Office\16.0\Common\InstallRoot, HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\16.0\Common\InstallRoot and looks for file "winword.exe", "excel.exe". Apart from these registry keys and files, the QID scans files named acecore.dll and mso.dll to check for vulnerable versions.
Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
MacOS Release Notes
Office Click-2-Run and Office 365 Release Notes
KB5002057
KB5002119
KB5002116
KB5002122
KB5002064
KB5002124
KB4462205
KB5002128
KB5002060
KB5002115
KB5002052
KB5002114
KB5002107
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft office January 2022
This security update contains the following KBs:
KB5002113
KB5002118
KB5002127
KB5002111
KB5002109
KB5002129
KB5002110
KB5002108
KB5001995
KB5002102
QID Detection Logic:
This authenticated QID checks the file versions from the above Microsoft KB article with the versions on the affected SharePoint system.
KB5002113
KB5002118
KB5002127
KB5002111
KB5002109
KB5002129
KB5002110
KB5002108
KB5001995
KB5002102
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update
Affected Versions
Windows IKE affected with the IPSec service running
QID Detection Logic(Authenticated):
This authenticated QID flags vulnerable systems by detecting the file version of %windir%\system32\ikeext.dll
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2022-21843
CVE-2022-21848
CVE-2022-21849
CVE-2022-21883
CVE-2022-21889
CVE-2022-21890
KB Articles associated with this update are: KB5008631
Affected Versions:
Microsoft Exchange Server 2019 Cumulative Update 11
Microsoft Exchange Server 2016 Cumulative Update 22
Microsoft Exchange Server 2019 Cumulative Update 10
Microsoft Exchange Server 2016 Cumulative Update 21
Microsoft Exchange Server 2013 Cumulative Update 23
QID Detection Logic (authenticated):
The QID checks for the version of file Exsetup.exe.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2022-21846
CVE-2022-21855
CVE-2022-21969
This QID checks for the file version of ntoskrnl.exe
The following versions of ntoskrnl.exe with their corresponding KBs are verified:
KB5009543 - 10.0.19041.1466
KB5009555 - 10.0.20348.469
KB5009557 - 10.0.17763.2452
KB5009545 - 10.0.18362.2037
KB5009624 - 6.3.9600.20237
KB5009595 - 6.3.9600.20237
KB5009586 - 6.2.9200.23581
KB5009619 - 6.2.9200.23581
KB5009610 - 6.1.7601.25827
KB5009621 - 6.1.7601.25827
KB5009546 - 10.0.14393.4886
KB5009585 - 10.0.10240.19177
KB5009566 - 10.0.22000.434
KB5009627 - 6.0.6003.21348
KB5009601 - 6.0.6003.21348
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5009543
KB5009545
KB5009546
KB5009555
KB5009557
KB5009566
KB5009585
KB5009586
KB5009595
KB5009601
KB5009610
KB5009619
KB5009621
KB5009624
KB5009627
This QID checks for the file version of http.sys
The following versions of http.sys with their corresponding KBs are verified:
KB5009557 - 10.0.17763.2452
KB5009543 - 10.0.19041.1466
KB5009566 - 10.0.22000.434
KB5009555 - 10.0.20348.469
Detection also checks for registry key "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters" value "EnableTrailerSupport"=dword:00000001 on Windows 10 Version 1809 and Windows Server 2019 Operating Systems.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5009543
KB5009555
KB5009557
KB5009566
CVE-2022-21932: Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability
Affected Software:
Microsoft Dynamics 365 Customer Engagement V9.0
QID Detection Logic(Authenticated):
This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.Crm.Setup.Server.exe:
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2022-21891
CVE-2022-21932
Following KBs are covered in this detection:
KB5008876 for Windows 10, version 1903 and later, Windows 10 LTSB, Windows 10 version 1903 and later,
KB5008877 for Windows 10, Windows 10 LTSB, Windows Server 2016
KB5008879 for Windows 10, version 1903 and later
KB5008880 for Windows 11
KB5008882 for Microsoft Server operating system-21H2
KB5009546 for Windows Server 2016, Windows 10 LTSB
KB5009585 for Windows 10 LTSB
KB5009711 for Windows 7, Windows Server 2008 R2, Windows Embedded Standard 7
KB5009712 for Windows 8 Embedded, Windows Server 2012
KB5009713 for Windows 8.1, Windows Server 2012 R2
KB5009714 for Windows Server 2008
KB5009718 for Windows Server 2019, Windows 10, Windows 10 LTSB, Windows Server 2019
KB5009719 for Windows Server 2008 R2 and Windows 7
KB5009720 for Windows 8 Embedded and Windows Server 2012
KB5009721 for Windows RT 8.1 ,Windows Server 2012 R2, Windows 8.1
KB5009722 for Windows Server 2008
This security update is rated Important for supported versions of Microsoft .NET Framework.
.NET Framework 3.5, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 and 4.8
QID Detection Logic (Authenticated):
- Checks for vulnerable version of System.web.dll for .Net Framework
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2022-21911
These new vulnerability checks are included in Qualys vulnerability signature 2.5.374-4. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
To perform a selective vulnerability scan, configure a scan profile to use the following options:
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Platforms and Platform Identification
For more information, customers may contact Qualys Technical Support.
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.