Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 61 vulnerabilities that were fixed in 10 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Microsoft has released 10 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
This security update contains the following:
KB5002217
KB5002261
KB5002223
KB5002276
KB5002275
KB5002253
KB3191875
KB3191869
KB5002217
KB5002261
KB5002223
KB5002276
KB5002275
KB5002253
KB3191875
KB3191869
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office November 2022
This security update contains the following KBs:
KB5002235
KB5002294
KB5002296
KB5002291
KB5002303
KB5002302
QID Detection Logic:
This authenticated QID checks the file versions from above Microsoft KB article with the versions on affected SharePoint system.
This security update contains the following KBs:
KB5002235
KB5002294
KB5002296
KB5002291
KB5002303
KB5002302
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft SharePoint Foundation and SharePoint Server
Note: Microsoft no longer recommends the options described in the mitigations section of their initial blog post. For more information please refer to Microsoft Exchange Server Security Advisory
QID Detection Logic (Authenticated):
The QID checks if the mitigations suggested by Microsoft for ProxyNotShell vulnerability have been applied.
This QID covers detection for the following vulnerabilities:
Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2022-41080).
Microsoft Exchange Server Spoofing Vulnerability (CVE-2022-41079).
Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2022-41123).
Microsoft Exchange Server Spoofing Vulnerability (CVE-2022-41078).
KB Articles associated with this update are: KB5019758
Affected Versions:
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2016 Cumulative Update 22
Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 11
Microsoft Exchange Server 2019 Cumulative Update 12
QID Detection Logic (Authenticated):
The QID checks for vulnerable version of Microsoft Exchange Server by checking the file version of Exsetup.exe.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
5019758
Following KBs are covered in this detection:
KB5020690
KB5020801
KB5020688
KB5020687
KB5020689
KB5020614
KB5020686
KB5020685
KB5019970
KB5020691
KB5020681
KB5020678
KB5020679
KB5020695
KB5020694
KB5020680
KB5020622
KB5020692
KB5019964
This security update is rated Important for supported versions of Microsoft .NET Framework.
.NET Framework 2.0, 3.0, 3.5, 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, and 4.8.1
QID Detection Logic (Authenticated):
Checks for vulnerable version of ntoskrnl.exe or Mscorlib.dll for the respective .Net Framework KBs
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2022-41064
QID Detection Logic (Authenticated):
Operating Systems:
The KB Articles associated with the update:
KB5020000
KB5020013
KB5020019
KB5020005
KB5019980
KB5019959
KB5019081
KB5019961
KB5019966
KB5019964
KB5019958
KB5020023
KB5020010
KB5019970
KB5020009
KB5020003
KB5019080
Also checking for KB5019958 for Internet Explorer 11
This QID checks for the file version of ntoskrnl.exe.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
5019080
5019081
5019958
5019959
5019961
5019964
5019966
5019970
5019980
5020000
5020003
5020005
5020009
5020010
5020013
5020019
5020023
QID Detection Logic (Authenticated):
Operating Systems:
The KB Articles associated with the update:
KB5020000
KB5020013
KB5020019
KB5020005
KB5019081
KB5019966
KB5019964
KB5020023
KB5020010
KB5020009
KB5020003
This QID checks for the file version of ntoskrnl.exe.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5019081
KB5019964
KB5019966
KB5020000
KB5020003
KB5020005
KB5020009
KB5020010
KB5020013
KB5020019
KB5020023
CVE-2022-41066:Microsoft Dynamics Business Central Information Disclosure Vulnerability.
Affected Software:
Microsoft Dynamics 365 Business Central 2022 Release Wave 1 - Update
QID Detection Logic(Authenticated):
This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.Dynamics.Nav.Server.exe
Patches:
The following are links for downloading patches to fix these vulnerabilities:
5021002
A complete Qualys vulnerability scan report for Microsoft Azure Stack Hub can be obtained at Azure Stack Vulnerability Scan Report.
QID Detection Logic (Authenticated):
This QID checks for the file version of ntoskrnl.exe, if this file version is less than 10.0.17763.11092, it is considered as vulnerable.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Azure Stack Hub
Microsoft has released security Updates for Visual Studio which resolve Remote Code Execution Vulnerabilities.
Affected Software:
Microsoft Visual Studio 2022 version 17.3
Microsoft Visual Studio 2022 version 17.2
Microsoft Visual Studio 2022 version 17.0
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
QID Detection Logic: Authenticated : Windows
This QID detects vulnerable versions of Microsoft Visual Studio by checking the registry key "HKLM\SOFTWARE\Microsoft" and file "evenv.exe" to check the version of the Visual Studio.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2022-39253
CVE-2022-41119
These new vulnerability checks are included in Qualys vulnerability signature 2.5.624-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
To perform a selective vulnerability scan, configure a scan profile to use the following options:
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Platforms and Platform Identification
For more information, customers may contact Qualys Technical Support.
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.