Microsoft security alert.
July 12, 2022
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 51 vulnerabilities that were fixed in 8 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 8 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Skype for Business Server and Lync Server Security Update for July 2022
- Severity
- Serious 3
- Qualys ID
- 110411
- Vendor Reference
- CVE-2022-33633
- CVE Reference
- CVE-2022-33633
- CVSS Scores
- Base 6.5 / Temporal 4.8
- Description
-
Microsoft has released updates to fix multiples updates to fix issues on Microsoft Skype for Business Server and Microsoft Lync Server..
Affected Software:
Microsoft Lync Server 2013 CU10
Microsoft Skype for Business Server 2015 CU12
Microsoft Skype for Business Server 2019 CU6 - Consequence
-
Successful exploitation of vulnerability can lead to Remote Code Execution Vulnerability
- Solution
-
Customers are advised to refer to CVE-2022-33633 for more details pertaining to the vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2022-33633
-
Microsoft Office Security Update for July 2022
- Severity
- Serious 3
- Qualys ID
- 110412
- Vendor Reference
- kb5002112, kb5002121
- CVE Reference
- CVE-2022-26934, CVE-2022-33632
- CVSS Scores
- Base 4.6 / Temporal 3.4
- Description
-
Microsoft has released July 2022 security updates to fix multiple security vulnerabilities.
This security update contains the following:
kb5002121
kb5002112
QID Detection Logic:
This authenticated QID checks the file versions from the Microsoft advisory with the versions on the affected office system.
Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch. - Consequence
-
Successful exploitation allows an attacker to execute code remotely.
- Solution
-
Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft office July 2022
-
Microsoft Azure Storage Library Information Disclosure Vulnerability Security Update for July 2022
- Severity
- Serious 3
- Qualys ID
- 376725
- Vendor Reference
- CVE-2022-30187
- CVE Reference
- CVE-2022-30187
- CVSS Scores
- Base 1.9 / Temporal 1.5
- Description
-
Azure Blob storage is Microsoft's object storage solution for the cloud. Blob storage is optimized for storing massive amounts of unstructured data, such as text or binary data.
Affected Software:
Azure Storage Blobs client library for Python prior to azure-storage-blob 12.13.0
Azure Storage Queues client library for Python prior to azure-storage-queue 12.4.0QID Detection logic
QID checks for azure-storage-blob and azure-storage-queue for python lib using pip show command - Consequence
-
Successful exploitation allows information disclosure
- Solution
-
Customers are advised to refer to CVE-2022-30187
Patches:
The following are links for downloading patches to fix these vulnerabilities:
azure-storage-blob 12.13.0
azure-storage-queue 12.4.0
-
Microsoft Windows Network File System (NFS) Remote Code Execution (RCE) Vulnerability for July 2022
- Severity
- Critical 4
- Qualys ID
- 91921
- Vendor Reference
- CVE-2022-22029
- CVE Reference
- CVE-2022-22029
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
Microsoft Windows Network File System is vulnerable to Remote Code Execution Vulnerability.
This vulnerability is not exploitable in NFSV4.1
The KB Articles associated with the update are:
KB5015874
KB5015877
KB5015863
KB5015875
KB5015861
KB5015862
KB5015866
KB5015870
KB5015808
KB5015807
KB5015827
KB5015811QID Detection Logic (Authenticated):
This QID checks for the file version of nfssvr.sys and checks if the mitigations have been applied.
- Consequence
-
This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).
- Solution
-
Please refer to the CVE-2022-22029 for more information pertaining to the vulnerability.
Workaround:
The following PowerShell command will disable the affected versions:
PS C:\Set-NfsServerConfiguration -EnableNFSV3 $falsePatches:
The following are links for downloading patches to fix these vulnerabilities:
KB5015807
KB5015808
KB5015811
KB5015827
KB5015861
KB5015862
KB5015863
KB5015866
KB5015870
KB5015874
KB5015875
KB5015877
-
Microsoft Windows Security Update for July 2022
- Severity
- Critical 4
- Qualys ID
- 91922
- Vendor Reference
- KB5015807, KB5015808, KB5015811, KB5015814, KB5015827, KB5015832, KB5015861, KB5015862, KB5015863, KB5015866, KB5015870, KB5015874, KB5015875, KB5015877
- CVE Reference
- CVE-2022-21845, CVE-2022-22022, CVE-2022-22023, CVE-2022-22024, CVE-2022-22025, CVE-2022-22026, CVE-2022-22027, CVE-2022-22031, CVE-2022-22034, CVE-2022-22036, CVE-2022-22037, CVE-2022-22038, CVE-2022-22040, CVE-2022-22041, CVE-2022-22042, CVE-2022-22043, CVE-2022-22045, CVE-2022-22047, CVE-2022-22048, CVE-2022-22049, CVE-2022-22050, CVE-2022-22711, CVE-2022-23825, CVE-2022-27776, CVE-2022-30202, CVE-2022-30203, CVE-2022-30205, CVE-2022-30206, CVE-2022-30208, CVE-2022-30209, CVE-2022-30211, CVE-2022-30212, CVE-2022-30213, CVE-2022-30215, CVE-2022-30216, CVE-2022-30220, CVE-2022-30221, CVE-2022-30222, CVE-2022-30223, CVE-2022-30224, CVE-2022-30225, CVE-2022-30226, CVE-2022-33644
- CVSS Scores
- Base 8.5 / Temporal 7
- Description
-
Microsoft Windows Security Update - July 2022
QID Detection Logic (Authenticated):
Operating Systems: Windows 10, Windows Server 2016, Windows Server 2009, Windows 11,Windows Server 2022, Windows Server 2012, Windows 8.1, Windows 7, Windows Server 2008 R2, Windows Server 2019
The KB Articles associated with the update:
The patch version is 10.0.14393.5246 (KB5015808)
The patch version is 10.0.10240.19360 (KB5015832)
The patch version is 10.0.19041.1826 (KB5015807)
The patch version is 10.0.22000.795 (KB5015814)
The patch version is 10.0.20348.825 (KB5015827)
The patch version is 6.3.9600.20475 (KB5015874)
The patch version is 6.3.9600.20475 (KB5015877)
The patch version is 6.0.6003.21569 (KB5015866)
The patch version is 6.0.6003.21569 (KB5015870)
The patch version is 6.1.7601.26022 (KB5015861)
The patch version is 6.1.7601.26022 (KB5015862)
The patch version is 6.2.9200.23770 (KB5015863)
The patch version is 6.2.9200.23770 (KB5015875)
The patch version is 10.0.17763.3165 (KB5015811)
This QID checks for the file version of ntoskrnl.exe
- Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
- Solution
-
Please refer to the Following KB Articles associated with the update:
KB5015808
KB5015832
KB5015807
KB5015814
KB5015827
KB5015874
KB5015877
KB5015866
KB5015870
KB5015861
KB5015862
KB5015863
KB5015875
KB5015811
Patches:
The following are links for downloading patches to fix these vulnerabilities:
5015807
5015808
5015811
5015814
5015827
5015832
5015861
5015862
5015863
5015866
5015870
5015874
5015875
5015877
-
Microsoft Windows Domain Name System (DNS) Server Remote Code Execution (RCE) Vulnerability for July 2022
- Severity
- Critical 4
- Qualys ID
- 91923
- Vendor Reference
- CVE-2022-30214
- CVE Reference
- CVE-2022-30214
- CVSS Scores
- Base 6 / Temporal 4.4
- Description
-
Microsoft Windows Security Update - July 2022
The KB Articles associated with the update:
KB5015808
KB5015807
KB5015827
KB5015811QID Detection Logic:
Authenticated: This QID checks for the file version of dns.exeUnauthenticated: This QID checks for the vulnerable version of Microsoft Windows DNS exposed in banner.
- Consequence
-
Successful exploitation of the vulnerability may allow Remote Code Execution
- Solution
-
Please refer to the following to get more info about the patch details:
KB5015808
KB5015807
KB5015827
KB5015811Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5015807
KB5015808
KB5015811
KB5015827
-
Microsoft Windows Network File System (NFS) Security Update for July 2022
- Severity
- Critical 4
- Qualys ID
- 91924
- Vendor Reference
- CVE-2022-22028, CVE-2022-22039
- CVE Reference
- CVE-2022-22028, CVE-2022-22039
- CVSS Scores
- Base 6 / Temporal 4.4
- Description
-
Microsoft Windows Network File System is vulnerable to Information Disclosure Vulnerability (CVE-2022-22028) and Remote Code Execution Vulnerability (CVE-2022-22039).
The KB Articles associated with the update are:
KB5015874
KB5015877
KB5015863
KB5015875
KB5015861
KB5015862
KB5015866
KB5015870
KB5015808
KB5015807
KB5015827
KB5015811QID Detection Logic (Authenticated):
This QID checks for the file version of nfssvr.sys.
- Consequence
-
This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).
- Solution
-
Please refer to the CVE-2022-22028 and CVE-2022-22039 for more information pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5015807
KB5015808
KB5015811
KB5015827
KB5015861
KB5015862
KB5015863
KB5015866
KB5015870
KB5015874
KB5015875
KB5015877
-
Microsoft Azure Stack Hub Security Updates for July 2022
- Severity
- Critical 4
- Qualys ID
- 91927
- Vendor Reference
- Azure Stack Hub
- CVE Reference
- CVE-2022-21845, CVE-2022-22022, CVE-2022-22023, CVE-2022-22024, CVE-2022-22025, CVE-2022-22026, CVE-2022-22027, CVE-2022-22028, CVE-2022-22029, CVE-2022-22031, CVE-2022-22034, CVE-2022-22036, CVE-2022-22037, CVE-2022-22038, CVE-2022-22039, CVE-2022-22040, CVE-2022-22041, CVE-2022-22042, CVE-2022-22043, CVE-2022-22045, CVE-2022-22047, CVE-2022-22048, CVE-2022-22049, CVE-2022-22050, CVE-2022-22711, CVE-2022-23825, CVE-2022-27776, CVE-2022-30202, CVE-2022-30203, CVE-2022-30205, CVE-2022-30206, CVE-2022-30208, CVE-2022-30209, CVE-2022-30211, CVE-2022-30212, CVE-2022-30213, CVE-2022-30214, CVE-2022-30215, CVE-2022-30220, CVE-2022-30221, CVE-2022-30222, CVE-2022-30223, CVE-2022-30224, CVE-2022-30225, CVE-2022-30226, CVE-2022-33633
- CVSS Scores
- Base 8.5 / Temporal 7
- Description
-
Azure Stack Hub is an extension of Azure that provides a way to run apps in an on-premises environment and deliver Azure services in your datacenter.
A complete Qualys vulnerability scan report for Microsoft Azure Stack Hub can be obtained at Azure Stack Vulnerability Scan Report.
QID Detection Logic (Authenticated):
This QID checks for the file version of ntoskrnl.exe, if this file version is less than 10.0.17763.10906, it is considered as vulnerable.
- Consequence
-
Successful exploitation of these vulnerabilities might allow an attacker to perform Information Disclosure, Elevation of Privileges, Security Feature Bypass, Remote Code Execution, and Denial of Service attacks.
- Solution
-
Customers are encouraged to connect with Microsoft for obtaining more information about patches and upcoming releases.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Azure Stack Hub
These new vulnerability checks are included in Qualys vulnerability signature 2.5.530-4. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 110411
- 110412
- 376725
- 91921
- 91922
- 91923
- 91924
- 91927
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.