Microsoft security alert.
March 8, 2022
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 57 vulnerabilities that were fixed in 13 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 13 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Internet Explorer Cumulative Security Update (KB5011486) for March 2022
- Severity
- Critical 4
- Qualys ID
- 100417
- Vendor Reference
- KB5011486
- CVE Reference
- CVE-2022-24502
- CVSS Scores
- Base 4.3 / Temporal 3.2
- Description
-
Internet Explorer is a web browser developed by Microsoft which is included in Microsoft Windows Operating Systems.
Microsoft has released KB501148 for Internet Explorer 11 and 9.
Affected Versions:
Internet Explorer 11 on Windows Server 2012 R2 Windows 8.1 Windows Server 2012 Windows Server 2008 R2 SP1
Internet Explorer 9 on Windows Server 2008 - Consequence
- Successful exploitation allows attacker to execute arbitrary code.
- Solution
-
For more information, Customers are advised to refer the KB5011486
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5011486
-
Microsoft Office Security Update for March 2022
- Severity
- Critical 4
- Qualys ID
- 110403
- Vendor Reference
- KB5002068, KB5002139
- CVE Reference
- CVE-2022-24461, CVE-2022-24462, CVE-2022-24509, CVE-2022-24510, CVE-2022-24511
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
Microsoft has released March 2022 security updates to fix multiple security vulnerabilities.
This security update contains the following:
MacOS Release Notes
Office Click-2-Run and Office 365 Release Notes
KB5002068
KB5002139
QID Detection Logic:
This authenticated QID checks the file versions from the Microsoft advisory with the versions on the affected office system.Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
- Consequence
-
Successful exploitation allows an attacker to execute code remotely.
- Solution
-
Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
MacOS Release Notes
Office Click-2-Run and Office 365 Release Notes
KB5002068
KB5002139
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft office March 2022
-
Microsoft Visual Studio Code Security Update for March 2022
- Severity
- Serious 3
- Qualys ID
- 376453
- Vendor Reference
- CVE-2022-24526
- CVE Reference
- CVE-2022-24526
- CVSS Scores
- Base 4.3 / Temporal 3.2
- Description
-
Visual Studio Code is a lightweight but powerful source code editor which runs on your desktop and is available for Windows, macOS and Linux.
Affected Versions:
Visual studio code prior to version 1.65.1
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of Visual Studio Code.
- Consequence
-
Visual Studio Code is prone to Spoofing Vulnerability.
- Solution
-
Customers are advised to refer to CVE-2022-24526 and for more information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2022-24526
-
Microsoft Skype Extension for Google Chrome Browser Information Disclosure Vulnerability for March 2022
- Severity
- Critical 4
- Qualys ID
- 376454
- Vendor Reference
- CVE-2022-24522
- CVE Reference
- CVE-2022-24522
- CVSS Scores
- Base 2.6 / Temporal 1.9
- Description
-
CVE-2022-24522: Skype Extension for Chrome Information Disclosure Vulnerability.
Affected Versions:-
Skype Extension before 10.2.0.9951
QID Detection Logic(Authenticated)
It checks for vulnerable version of Skype Extension on Chrome browsers. - Consequence
- An attacker gains access to target's Skype ID they could potentially match it within Skype to a name and Avatar for the user.
- Solution
-
The vendor has released fixes to resolve this issue.
For more information please refer to the advisories.CVE-2022-24522
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Skype Extension for Chrome
-
Microsoft Exchange Server Multiple Vulnerabilities for March 2022
- Severity
- Critical 4
- Qualys ID
- 50119
- Vendor Reference
- CVE-2022-23277, CVE-2022-24463
- CVE Reference
- CVE-2022-23277, CVE-2022-24463
- CVSS Scores
- Base 6.5 / Temporal 5.1
- Description
-
Microsoft Exchange Server Remote Code Execution Vulnerability
KB Articles associated with this update are: 5012698, 5010324
Affected Versions:
Microsoft Exchange Server 2016 Cumulative Update 21
Microsoft Exchange Server 2016 Cumulative Update 22
Microsoft Exchange Server 2019 Cumulative Update 10
Microsoft Exchange Server 2019 Cumulative Update 11
Microsoft Exchange Server 2013 Cumulative Update 23QID Detection Logic (authenticated):
The QID checks for the version of file Exsetup.exe.
- Consequence
-
Successful exploitation allows attackers to execute remote code.
- Solution
-
Customers are advised to refer to KB5012698 KB5010324 for information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5010324
KB5012698
-
Microsoft .NET Security Update for March 2022
- Severity
- Serious 3
- Qualys ID
- 91868
- Vendor Reference
- CVE-2020-8927, CVE-2022-24464, CVE-2022-24512
- CVE Reference
- CVE-2020-8927, CVE-2022-24464, CVE-2022-24512
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
Microsoft has released a security Update for .NET which resolves Denial of Service and Remote Code Execution Vulnerabilities.
This security update is rated Important for supported versions of .NETAffected versions:
.NET 5.0 before version 5.0.15
.NET 6.0 before version 6.0.3
and .NET Core 3.1 before version 3.1.23
QID Detection Logic: Authenticated
This QID detects vulnerable versions of Microsoft .NET Core by checking the file version on windows.
- Consequence
-
Successful exploitation of this vulnerability could lead to Denial of Service and Remote Code Execution Vulnerabilities.
- Solution
-
Customers are advised to refer to CVE-2022-24512, CVE-2022-24464, and CVE-2020-8927 for more information pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2020-8927
CVE-2022-24464
CVE-2022-24512
-
Microsoft Windows Codecs Library Remote Code Execution (RCE) Vulnerability for March 2022
- Severity
- Critical 4
- Qualys ID
- 91869
- Vendor Reference
- CVE-2022-22006, CVE-2022-22007, CVE-2022-23295, CVE-2022-23300, CVE-2022-23301, CVE-2022-24451, CVE-2022-24452, CVE-2022-24453, CVE-2022-24456, CVE-2022-24457, CVE-2022-24501
- CVE Reference
- CVE-2022-22006, CVE-2022-22007, CVE-2022-23295, CVE-2022-23300, CVE-2022-23301, CVE-2022-24451, CVE-2022-24452, CVE-2022-24453, CVE-2022-24456, CVE-2022-24457, CVE-2022-24501
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
Multiple security vulnerabilities exist in Microsoft Windows Codecs Library.
Affected Product:
HEIFImageExtension before 1.0.43012.0
VP9VideoExtensions before 1.0.42791.0
HEVCVideoExtension before 1.0.50361.0 and 1.0.50362.0
For Windows 11 RawImageExtension before 2.1.30391.0
For Windows 10 RawImageExtension before 2.0.30391.0
QID detection Logic:
Detection gets the version of Microsoft.VP9VideoExtension, Microsoft.HEIFImageExtension, Microsoft.RawImageExtension, HEVCVideoExtension by querying wmi class Win32_InstalledStoreProgram. - Consequence
-
An attacker who successfully exploited the vulnerability could execute arbitrary code.
- Solution
-
Users are advised to check CVE-2022-23300
Users are advised to check CVE-2022-23295
Users are advised to check CVE-2022-22007
Users are advised to check CVE-2022-23301
Users are advised to check CVE-2022-24451
Users are advised to check CVE-2022-24452
Users are advised to check CVE-2022-24453
Users are advised to check CVE-2022-24457
Users are advised to check CVE-2022-22006
Users are advised to check CVE-2022-24501
Users are advised to check CVE-2022-24456
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2022-22006
CVE-2022-22007
CVE-2022-23295
CVE-2022-23300
CVE-2022-23301
CVE-2022-24451
CVE-2022-24452
CVE-2022-24453
CVE-2022-24456
CVE-2022-24457
CVE-2022-24501
-
Microsoft Windows Security Update for March 2022
- Severity
- Critical 4
- Qualys ID
- 91870
- Vendor Reference
- KB5011485, KB5011487, KB5011491, KB5011493, KB5011495, KB5011497, KB5011503, KB5011525, KB5011527, KB5011529, KB5011534, KB5011535, KB5011552, KB5011560, KB5011564
- CVE Reference
- CVE-2022-21975, CVE-2022-21977, CVE-2022-21990, CVE-2022-22010, CVE-2022-23253, CVE-2022-23281, CVE-2022-23283, CVE-2022-23284, CVE-2022-23285, CVE-2022-23286, CVE-2022-23287, CVE-2022-23288, CVE-2022-23290, CVE-2022-23291, CVE-2022-23293, CVE-2022-23294, CVE-2022-23296, CVE-2022-23297, CVE-2022-23298, CVE-2022-23299, CVE-2022-24454, CVE-2022-24455, CVE-2022-24459, CVE-2022-24460, CVE-2022-24502, CVE-2022-24503, CVE-2022-24505, CVE-2022-24507, CVE-2022-24508, CVE-2022-24525
- CVSS Scores
- Base 9 / Temporal 7.4
- Description
-
Microsoft Windows Security Update - March 2022
The KB Articles associated with the update:
KB5011491
KB5011487
KB5011493
KB5011495
KB5011485
KB5011503
KB5011534
KB5011525
KB5011564
KB5011497
KB5011560
KB5011535
KB5011527
KB5011552
KB5011529
QID Detection Logic: (Authenticated)
This QID checks for the file version of " windir\system32\ntoskrnl.exe" and whether the following KBs- KB5011491, KB5011487, KB5011493, KB5011495, KB5011485, KB5011503, KB5011534, KB5011525, KB5011564, KB5011497, KB5011560, KB5011535, KB5011527, KB5011552, KB5011529 are installed or not. - Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
- Solution
-
Please refer to the KB5011491
KB5011487
KB5011493
KB5011495
KB5011485
KB5011503
KB5011534
KB5011525
KB5011564
KB5011497
KB5011560
KB5011535
KB5011527
KB5011552
KB5011529
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5011485
KB5011487
KB5011491
KB5011493
KB5011495
KB5011497
KB5011503
KB5011525
KB5011527
KB5011529
KB5011534
KB5011535
KB5011552
KB5011560
KB5011564
-
Microsoft Paint 3D Remote Code Execution (RCE) Vulnerability for March 2022
- Severity
- Serious 3
- Qualys ID
- 91871
- Vendor Reference
- CVE-2022-23282
- CVE Reference
- CVE-2022-23282
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
Microsoft Paint 3D is prone to Remote Code Execution Vulnerability.
QID Detection Logic (Authenticated):
The detection gets the version of Microsoft.MSPaint by querying wmi class Win32_InstalledStoreProgram. - Consequence
-
Successful exploitation of the vulnerability may allow remote code execution leading to complete system compromise.
- Solution
-
Users are advised to refer to CVE-2022-23282 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2022-23282
-
Microsoft Windows Elevation of Privilege Vulnerability for March 2022
- Severity
- Critical 4
- Qualys ID
- 91872
- Vendor Reference
- KB5011485, KB5011487, KB5011491, KB5011493, KB5011495, KB5011503
- CVE Reference
- CVE-2022-21967
- CVSS Scores
- Base 4.4 / Temporal 3.3
- Description
-
Microsoft Windows Security Update - March 2022
The KB Articles associated with the update:
KB5011495
KB5011491
KB5011487
KB5011493
KB5011485
KB5011503
- Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
- Solution
-
Please refer to the KB5011495
KB5011491
KB5011487
KB5011493
KB5011485
KB5011503
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5011485
KB5011487
KB5011491
KB5011493
KB5011495
KB5011503
-
Microsoft Visual Studio Security Update for March 2022
- Severity
- Critical 4
- Qualys ID
- 91873
- Vendor Reference
- CVE-2020-8927, CVE-2022-24464, CVE-2022-24512
- CVE Reference
- CVE-2020-9827, CVE-2022-24464, CVE-2022-24512
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
Microsoft has released security Updates for Visual Studio which resolves Remote Code Execution and Denial of Service vulnerability.
Affected Software:
Microsoft Visual Studio 2022 Version 17.1
Microsoft Visual Studio 2022 Version 17.0
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 - 16.6)
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
QID Detection Logic: Authenticated
This QID detects vulnerable versions of Microsoft Visual Studio by checking the file version of the Visual Studio.
- Consequence
-
Prone to Remote Code Execution and Denial of Service Vulnerability
- Solution
-
Customers are advised to refer to CVE-2022-24464, CVE-2020-8927 and CVE-2022-24512 for more information pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2020-8927
CVE-2022-24464
VCE-2022-24512
-
Microsoft Windows Media Center Denial of Service (DoS) Vulnerability for March 2022
- Severity
- Serious 3
- Qualys ID
- 91874
- Vendor Reference
- KB5011527, KB5011529, KB5011535, KB5011552, KB5011560, KB5011564
- CVE Reference
- CVE-2022-21973
- CVSS Scores
- Base 2.1 / Temporal 1.6
- Description
-
Microsoft Windows Security Update - March 2022
The KB Articles associated with the update:
KB5011564
KB5011560
KB5011535
KB5011527
KB5011552
KB5011529
- Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
- Solution
-
Please refer to the KB5011564
KB5011560
KB5011535
KB5011527
KB5011552
KB5011529
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5011527
KB5011529
KB5011535
KB5011552
KB5011560
KB5011564
-
Microsoft Windows Remote Desktop Client Multiple Vulnerabilities for March 2022
- Severity
- Critical 4
- Qualys ID
- 91875
- Vendor Reference
- CVE-2022-21990, CVE-2022-24503
- CVE Reference
- CVE-2022-21990, CVE-2022-24503
- CVSS Scores
- Base 6.8 / Temporal 5.3
- Description
-
Remote Desktop client for Windows Desktop to access Windows apps and desktops remotely from a different Windows device.
CVE-2022-24503: Remote Desktop Protocol Client Information Disclosure Vulnerability.
CVE-2022-21990:Remote Desktop Client Remote Code Execution Vulnerability.
Affected Versions:-
Remote Desktop client Prior to 1.2.2925.
QID Detection Logic:(Authenticated)
This QID checks for a vulnerable Remote Desktop client - Consequence
- An attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.
- Solution
-
Customers are advised to refer to Microsoft Advisory CVE-2022-24503 And CVE-2022-21990for more details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2022-21990
CVE-2022-24503
These new vulnerability checks are included in Qualys vulnerability signature 2.5.420-5. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 100417
- 110403
- 376453
- 376454
- 50119
- 91868
- 91869
- 91870
- 91871
- 91872
- 91873
- 91874
- 91875
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.