Microsoft security alert.
November 8, 2022
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 61 vulnerabilities that were fixed in 10 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 10 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Office Security Update for November 2022
- Severity
- Critical 4
- Qualys ID
- 110419
- Vendor Reference
- KB3191869, KB3191875, KB5002217, KB5002223, KB5002253, KB5002261, KB5002275, KB5002276
- CVE Reference
- CVE-2022-41060, CVE-2022-41061, CVE-2022-41063, CVE-2022-41103, CVE-2022-41104, CVE-2022-41105, CVE-2022-41106, CVE-2022-41107
- CVSS Scores
- Base 7.2 / Temporal 5.3
- Description
-
Microsoft has released November 2022 security updates to fix multiple security vulnerabilities.
This security update contains the following:
KB5002217
KB5002261
KB5002223
KB5002276
KB5002275
KB5002253
KB3191875
KB3191869
- Consequence
-
Successful exploitation allows an attacker to execute code remotely.
- Solution
-
Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
KB5002217
KB5002261
KB5002223
KB5002276
KB5002275
KB5002253
KB3191875
KB3191869
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office November 2022
-
Microsoft SharePoint Server and Foundation Update for November 2022
- Severity
- Critical 4
- Qualys ID
- 110420
- Vendor Reference
- KB5002235, KB5002291, KB5002294, KB5002296, KB5002302, KB5002303, KB5002305
- CVE Reference
- CVE-2022-41060, CVE-2022-41061, CVE-2022-41062, CVE-2022-41103, CVE-2022-41122
- CVSS Scores
- Base 9 / Temporal 7
- Description
-
Microsoft has released November 2022 security updates to fix multiple security vulnerabilities.
This security update contains the following KBs:
KB5002235
KB5002294
KB5002296
KB5002291
KB5002303
KB5002302
QID Detection Logic:
This authenticated QID checks the file versions from above Microsoft KB article with the versions on affected SharePoint system. - Consequence
-
Successful exploitation allows an attacker to execute code remotely.
- Solution
-
Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
This security update contains the following KBs:
KB5002235
KB5002294
KB5002296
KB5002291
KB5002303
KB5002302
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft SharePoint Foundation and SharePoint Server
-
Microsoft Exchange Server Uniform Resource Locator (URL) Rewrite Mitigation Applied for ProxyNotShell
- Severity
- Minimal 1
- Qualys ID
- 48223
- Vendor Reference
- CVE-2022-41040, CVE-2022-41082
- CVE Reference
- N/A
- CVSS Scores
- Base / Temporal
- Description
-
Microsoft Exchange Server 2013, 2016, and 2019 are affected by two zero-day vulnerabilities. The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to the attacker.
Note: Microsoft no longer recommends the options described in the mitigations section of their initial blog post. For more information please refer to Microsoft Exchange Server Security Advisory QID Detection Logic (Authenticated):
The QID checks if the mitigations suggested by Microsoft for ProxyNotShell vulnerability have been applied. - Consequence
- N/A
- Solution
- N/A
-
Microsoft Exchange Server Multiple Vulnerabilities for November 2022
- Severity
- Critical 4
- Qualys ID
- 50123
- Vendor Reference
- CVE-2022-41078, CVE-2022-41079, CVE-2022-41080, CVE-2022-41123
- CVE Reference
- CVE-2022-41078, CVE-2022-41079, CVE-2022-41080, CVE-2022-41123
- CVSS Scores
- Base 10 / Temporal 8.3
- Description
-
Microsoft Exchange Server 2013, 2016 and 2019 are affected by multiple vulnerabilities.
This QID covers detection for the following vulnerabilities:
Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2022-41080).
Microsoft Exchange Server Spoofing Vulnerability (CVE-2022-41079).
Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2022-41123).Microsoft Exchange Server Spoofing Vulnerability (CVE-2022-41078).
KB Articles associated with this update are: KB5019758
Affected Versions:
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2016 Cumulative Update 22
Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 11
Microsoft Exchange Server 2019 Cumulative Update 12QID Detection Logic (Authenticated):
The QID checks for vulnerable version of Microsoft Exchange Server by checking the file version of Exsetup.exe. - Consequence
-
Successful exploitation of the vulnerability may allow spoofing attacks and privilege escalation.
- Solution
-
Microsoft has released patch, customers are advised to refer to KB5019758 for information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
5019758
-
Microsoft .NET Framework Information Disclosure Vulnerability for November 2022
- Severity
- Serious 3
- Qualys ID
- 91954
- Vendor Reference
- KB5019964, KB5019970, KB5020614, KB5020622, KB5020678, KB5020679, KB5020680, KB5020681, KB5020685, KB5020686, KB5020687, KB5020688, KB5020689, KB5020690, KB5020691, KB5020692, KB5020694, KB5020695, KB5020801
- CVE Reference
- CVE-2022-41064
- CVSS Scores
- Base 4.6 / Temporal 3.4
- Description
-
An Information Disclosure Vulnerability exist in Microsoft .Net Framework.
Following KBs are covered in this detection:
KB5020690
KB5020801
KB5020688
KB5020687
KB5020689
KB5020614
KB5020686
KB5020685
KB5019970
KB5020691
KB5020681
KB5020678
KB5020679
KB5020695
KB5020694
KB5020680
KB5020622
KB5020692
KB5019964
This security update is rated Important for supported versions of Microsoft .NET Framework..NET Framework 2.0, 3.0, 3.5, 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, and 4.8.1
QID Detection Logic (Authenticated):
Checks for vulnerable version of ntoskrnl.exe or Mscorlib.dll for the respective .Net Framework KBs
- Consequence
-
Successful exploitation allows a attacker to cause Information Disclosure Vulnerability.
- Solution
-
Customers are advised to refer to CVE-2022-41064 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2022-41064
-
Microsoft Windows Security Update for November 2022
- Severity
- Critical 4
- Qualys ID
- 91956
- Vendor Reference
- KB5019080, KB5019081, KB5019958, KB5019959, KB5019961, KB5019964, KB5019966, KB5019970, KB5019980, KB5020000, KB5020003, KB5020005, KB5020009, KB5020010, KB5020013, KB5020019, KB5020023
- CVE Reference
- CVE-2022-23824, CVE-2022-37992, CVE-2022-38015, CVE-2022-41039, CVE-2022-41044, CVE-2022-41045, CVE-2022-41047, CVE-2022-41048, CVE-2022-41049, CVE-2022-41050, CVE-2022-41052, CVE-2022-41053, CVE-2022-41054, CVE-2022-41055, CVE-2022-41056, CVE-2022-41057, CVE-2022-41058, CVE-2022-41073, CVE-2022-41086, CVE-2022-41088, CVE-2022-41090, CVE-2022-41091, CVE-2022-41092, CVE-2022-41093, CVE-2022-41095, CVE-2022-41096, CVE-2022-41097, CVE-2022-41098, CVE-2022-41099, CVE-2022-41100, CVE-2022-41101, CVE-2022-41102, CVE-2022-41109, CVE-2022-41113, CVE-2022-41114, CVE-2022-41116, CVE-2022-41118, CVE-2022-41125, CVE-2022-41128, CVE-2023-21712
- CVSS Scores
- Base 7.6 / Temporal 6.3
- Description
-
Microsoft Windows Security Update - November 2022
QID Detection Logic (Authenticated):
Operating Systems: The KB Articles associated with the update:
KB5020000
KB5020013
KB5020019
KB5020005
KB5019980
KB5019959
KB5019081
KB5019961
KB5019966
KB5019964
KB5019958
KB5020023
KB5020010
KB5019970
KB5020009
KB5020003
KB5019080
Also checking for KB5019958 for Internet Explorer 11This QID checks for the file version of ntoskrnl.exe.
- Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
- Solution
-
Please refer to the Following KB Articles associated with the update:
KB5020000
KB5020013
KB5020019
KB5020005
KB5019980
KB5019959
KB5019081
KB5019961
KB5019966
KB5019964
KB5019958
KB5020023
KB5020010
KB5019970
KB5020009
KB5020003
KB5019080
Patches:
The following are links for downloading patches to fix these vulnerabilities:
5019080
5019081
5019958
5019959
5019961
5019964
5019966
5019970
5019980
5020000
5020003
5020005
5020009
5020010
5020013
5020019
5020023
-
Microsoft Windows Server Elevation of Privilege Vulnerability for November 2022
- Severity
- Critical 4
- Qualys ID
- 91957
- Vendor Reference
- KB5019081, KB5019964, KB5019966, KB5020000, KB5020003, KB5020005, KB5020009, KB5020010, KB5020013, KB5020019, KB5020023
- CVE Reference
- CVE-2022-37966, CVE-2022-37967, CVE-2022-38023
- CVSS Scores
- Base 10 / Temporal 7.4
- Description
-
Microsoft Windows Security Update - November 2022
QID Detection Logic (Authenticated):
Operating Systems: The KB Articles associated with the update:
KB5020000
KB5020013
KB5020019
KB5020005
KB5019081
KB5019966
KB5019964
KB5020023
KB5020010
KB5020009
KB5020003
This QID checks for the file version of ntoskrnl.exe.
- Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
- Solution
-
Please refer to the Following KB Articles associated with the update:
KB5020000
KB5020013
KB5020019
KB5020005
KB5019081
KB5019966
KB5019964
KB5020023
KB5020010
KB5020009
KB5020003
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5019081
KB5019964
KB5019966
KB5020000
KB5020003
KB5020005
KB5020009
KB5020010
KB5020013
KB5020019
KB5020023
-
Microsoft Dynamics Business Central Information Disclosure Vulnerability for November 2022
- Severity
- Serious 3
- Qualys ID
- 91958
- Vendor Reference
- KB5021002
- CVE Reference
- CVE-2022-41066
- CVSS Scores
- Base 4.9 / Temporal 3.6
- Description
-
Microsoft Dynamics 365 Business Central is an enterprise resource planning system from Microsoft. The product is part of the Microsoft Dynamics family, and shares the same codebase as NAV.
CVE-2022-41066:Microsoft Dynamics Business Central Information Disclosure Vulnerability.Affected Software:
Microsoft Dynamics 365 Business Central 2022 Release Wave 1 - Update
QID Detection Logic(Authenticated):
This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.Dynamics.Nav.Server.exe - Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
- Solution
-
Customers are advised to refer to CVE-2022-41066 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
5021002
-
Microsoft Azure Stack Hub Security Updates for November 2022
- Severity
- Critical 4
- Qualys ID
- 91959
- Vendor Reference
- Azure Stack Hub
- CVE Reference
- CVE-2022-23824, CVE-2022-37966, CVE-2022-37967, CVE-2022-37992, CVE-2022-38015, CVE-2022-38023, CVE-2022-41039, CVE-2022-41045, CVE-2022-41047, CVE-2022-41048, CVE-2022-41049, CVE-2022-41050, CVE-2022-41052, CVE-2022-41053, CVE-2022-41054, CVE-2022-41055, CVE-2022-41056, CVE-2022-41057, CVE-2022-41058, CVE-2022-41073, CVE-2022-41086, CVE-2022-41088, CVE-2022-41090, CVE-2022-41091, CVE-2022-41093, CVE-2022-41095, CVE-2022-41096, CVE-2022-41097, CVE-2022-41098, CVE-2022-41100, CVE-2022-41101, CVE-2022-41102, CVE-2022-41109, CVE-2022-41113, CVE-2022-41118, CVE-2022-41125, CVE-2022-41128
- CVSS Scores
- Base 10 / Temporal 8.3
- Description
-
Azure Stack Hub is an extension of Azure that provides a way to run apps in an on-premises environment and deliver Azure services in your datacenter.
A complete Qualys vulnerability scan report for Microsoft Azure Stack Hub can be obtained at Azure Stack Vulnerability Scan Report.
QID Detection Logic (Authenticated):
This QID checks for the file version of ntoskrnl.exe, if this file version is less than 10.0.17763.11092, it is considered as vulnerable.
- Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
- Solution
-
Customers are encouraged to connect with Microsoft for obtaining more information about patches and upcoming releases.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Azure Stack Hub
-
Microsoft Visual Studio Security Updates for November 2022
- Severity
- Critical 4
- Qualys ID
- 91960
- Vendor Reference
- CVE-2022-39253, CVE-2022-41119
- CVE Reference
- CVE-2022-39253, CVE-2022-41119
- CVSS Scores
- Base 4.6 / Temporal 3.6
- Description
-
Microsoft has released security Updates for Visual Studio which resolve Remote Code Execution Vulnerabilities.
Affected Software:
Microsoft Visual Studio 2022 version 17.3
Microsoft Visual Studio 2022 version 17.2
Microsoft Visual Studio 2022 version 17.0
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
QID Detection Logic: Authenticated : Windows
This QID detects vulnerable versions of Microsoft Visual Studio by checking the registry key "HKLM\SOFTWARE\Microsoft" and file "evenv.exe" to check the version of the Visual Studio.
- Consequence
-
Vulnerable versions of Microsoft Visual Studio are prone to Arbitrary Code Execution.
- Solution
-
Customers are advised to refer to CVE-2022-41119 and CVE-2022-39253 for more information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2022-39253
CVE-2022-41119
These new vulnerability checks are included in Qualys vulnerability signature 2.5.624-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 110419
- 110420
- 48223
- 50123
- 91954
- 91956
- 91957
- 91958
- 91959
- 91960
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.