Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 74 vulnerabilities that were fixed in 15 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Microsoft has released 15 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
This security update contains the following:
Office Click-2-Run and Office 365 Release Notes
KB5002199
KB5002204
KB5002187
KB4484347
KB5002196
KB5002205
KB4493152
KB5002184
QID Detection Logic:
This authenticated QID checks the file versions from the Microsoft advisory with the versions on the affected office system.
Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
Office Click-2-Run and Office 365 Release Notes
KB5002199
KB5002204
KB5002187
KB4484347
KB5002196
KB5002205
KB4493152
KB5002184
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft office April 2022
This security update contains the following KBs:
KB5002203
KB5002194
KB5002207
KB5002195
QID Detection Logic:
This authenticated QID checks the file versions from above Microsoft KB article with the versions on affected SharePoint system.
KB5002203
KB5002194
KB5002207
KB5002195
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft SharePoint Foundation and SharePoint Server
Affected Versions:
Visual studio code prior to version 1.67.1
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of Visual Studio Code.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2022-30129
Microsoft Exchange Server Elevation of Privilege Vulnerability
KB Articles associated with this update are: KB5014261, KB5014260
Affected Versions:
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 11
Microsoft Exchange Server 2019 Cumulative Update 12
Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft Exchange Server 2016 Cumulative Update 22
QID Detection Logic (authenticated):
The QID checks for the version of file Exsetup.exe.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5014260
KB5014261
Microsoft has released security Updates for Visual Studio which resolves Remote Code Execution and Denial of Service vulnerability.
Affected Software:
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Microsoft Visual Studio 2022 Version 17.0
and
Microsoft Visual Studio 2022 Version 17.1
QID Detection Logic: Authenticated
This QID detects vulnerable versions of Microsoft Visual Studio by checking the file version of the Visual Studio.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2022-23267
CVE-2022-29117
CVE-2022-29145
CVE-2022-29148
The KB Articles associated with the update:
KB5014001
KB5014011
KB5014017
KB5014018
KB5013952
KB5013944
KB5013941
KB5013942
This QID checks for the file version of ntoskrnl.exe
The following versions of ntoskrnl.exe with their corresponding KBs are verified:
KB5014001-6.3.9600.20369
KB5014011-6.3.9600.20369
KB5014017-6.2.9200.23711
KB5014018-6.2.9200.23711
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5013941
KB5013942
KB5013944
KB5013952
KB5014001
KB5014011
KB5014017
KB5014018
The KB Articles associated with the update:
5013952
5013941
5013963
5013942
5013943
5014011
5014001
5014017
5014018
5014012
5013999
5014010
5014006
5014025
5013944
5013945
This QID checks for the file version of ntoskrnl.exe
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5013941
KB5013942
KB5013943
KB5013944
KB5013945
KB5013952
KB5013963
KB5013999
KB5014001
KB5014006
KB5014010
KB5014011
KB5014012
KB5014017
KB5014018
KB5014025
Affected versions:
.NET 5.0 before version 5.0.17
.NET 6.0 before version 6.0.5
and .NET Core 3.1 before version 3.1.25
QID Detection Logic: Authenticated
This QID detects vulnerable versions of Microsoft .NET Core by checking the file version on windows.
Successful exploitation of this vulnerability could lead to Denial of Service Vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2022-23267
CVE-2022-29117
CVE-2022-29145
Microsoft Hyper-V its release as Windows Server Virtualization, is a native hypervisor.it can create virtual machines on x86-64 systems running Windows.
Microsoft releases the security update for Windows May 2022
The KB Articles associated with the update:
KB5013952
KB5013942
KB5013944
KB5013941
This QID checks for the file version of ntoskrnl.exe
Patches:
The following are links for downloading patches to fix these vulnerabilities:
5013941
5013942
5013944
5013952
This vulnerability is not exploitable in NFSV4.1.
The KB Articles associated with the update are:
5013941
5013942
5013944
5013952
5013999
5014001
5014006
5014010
5014011
5014012
5014017
5014018
QID Detection Logic (Authenticated):
This QID checks for the file version of nfssvr.sys.
Workaround:
Prior to updating your version of Windows that protects against this vulnerability, you can mitigate an attack by disabling NFSV2 and NFSV3. This may adversely affect your ecosystem and should only be used as a temporary mitigation.
The following PowerShell command will disable those versions:
PS C:\Set-NfsServerConfiguration -EnableNFSV2 $false -EnableNFSV3 $false
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2022-26937
CVE-2022-26940: Remote Desktop Protocol Client Information Disclosure Vulnerability.
CVE-2022-22017: Remote Desktop Client Remote Code Execution Vulnerability.
Affected Versions:
Windows Remote Desktop Client Versions prior to version 1.2.3130
QID Detection Logic:(Authenticated)
This QID checks for a vulnerable Remote Desktop client
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2022-22017
CVE-2022-26940
The KB Article associated with the update:
KB5013943
QID Detection Logic:
This QID checks for the file version of ntoskrnl.exe
The following versions of ntoskrnl.exe with their corresponding KBs are verified:
10.0.22000.675- KB5013943
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5013943
Following KBs are covered in this detection:
KB5013624
KB5013625
KB5013627
KB5013628
KB5013630
KB5013837
KB5013838
KB5013839
KB5013840
KB5013868
KB5013870
KB5013871
KB5013872
KB5013873
KB5013952
This security update is rated Important for supported versions of Microsoft .NET Framework.
.NET Framework 2.0, 3.0, 3.5, 3.5.1, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 and 4.8
QID Detection Logic (Authenticated):
- Checks for vulnerable version of Mscorlib.dll for .Net Framework
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2022-30130
Microsoft has released security Updates for Visual Studio which resolves Remote Code Execution vulnerability.
Affected Software:
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
QID Detection Logic: Authenticated
This QID detects vulnerable versions of Microsoft Visual Studio by checking the file version of the Visual Studio.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2022-29148
The KB Articles associated with the update:
KB5013952
KB5013944
KB5013941
KB5013942
This QID checks for the file version of ntoskrnl.exe
The following versions of ntoskrnl.exe with their corresponding KBs are verified:
KB5013941-10.0.17763.2928
KB5013944-10.0.20348.707
KB5013952-10.0.14393.5125
KB5013942- 10.0.19041.1706
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5013941
KB5013942
KB5013944
KB5013952
These new vulnerability checks are included in Qualys vulnerability signature 2.5.474-6. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
To perform a selective vulnerability scan, configure a scan profile to use the following options:
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Platforms and Platform Identification
For more information, customers may contact Qualys Technical Support.
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.