Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 82 vulnerabilities that were fixed in 7 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Microsoft has released 7 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
This security update contains the following:
Office Click-2-Run and Office 365 Release Notes
Release notes for Office for Mac
KB5002337
KB5002332
QID Detection Logic:
This authenticated QID checks the file versions from the Microsoft advisory with the versions on the affected office system.
Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
Office Click-2-Run and Office 365 Release Notes
Release notes for Office for Mac
KB5002337
KB5002332
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft office January 2023
This security update contains the following KBs:
KB5002331
KB5002329
KB5002336
KB5002338
KB5002335
QID Detection Logic:
This authenticated QID checks the file versions from above Microsoft KB article with the versions on affected SharePoint system.
KB5002331
KB5002329
KB5002336
KB5002338
KB5002335
Patches:
The following are links for downloading patches to fix these vulnerabilities:
January 2023
Affected Versions:
Visual studio code prior to version 1.74.3
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of Visual Studio Code.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2023-21779
This QID covers detection for the following vulnerabilities:
Microsoft Exchange Server Information Disclosure Vulnerability(CVE-2023-21761)
Microsoft Exchange Server Spoofing Vulnerability (CVE-2023-21762)
Microsoft Exchange Server Elevation of Privilege Vulnerability(CVE-2023-21763)
Microsoft Exchange Server Elevation of Privilege Vulnerability(CVE-2023-21764)
Microsoft Exchange Server Spoofing Vulnerability.(CVE-2023-21745)
KB Articles associated with this update are: 5022143,5022193,KB5022188
Affected Versions:
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 11
Microsoft Exchange Server 2019 Cumulative Update 12
QID Detection Logic (Authenticated):
The QID checks for vulnerable version of Microsoft Exchange Server by checking the file version of Exsetup.exe.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5022143
KB5022188
KB5022193
QID Detection Logic (Authenticated):
Operating Systems: Windows 8.1, Windows Server 2012, Windows Server 2008, Windows 7, Windows Server 2016, Windows 10, Windows 11, Windows Server 2022
The KB Articles associated with the update:
The patch version is 6.3.9600.20778KB5022346
The patch version is 6.3.9600.20778KB5022352
The patch version is 6.1.7601.26321KB5022338
The patch version is 6.1.7601.26321KB5022339
The patch version is 10.0.14393.5648KB5022289
The patch version is 10.0.10240.19685KB5022297
The patch version is 10.0.19041.2486KB5022282
The patch version is 10.0.22000.1455KB5022287
The patch version is 10.0.20348.1487KB5022291
The patch version is 6.2.9200.24075KB5022348
The patch version is 6.2.9200.24075KB5022343
The patch version is 10.0.22621.1105KB5022303
The patch version is 6.0.6003.21872KB5022340
The patch version is 6.0.6003.21872KB5022353
The patch version is 10.0.17763.3887KB5022286
This QID checks for the file version of ntoskrnl.exe.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5022282
KB5022286
KB5022287
KB5022289
KB5022291
KB5022297
KB5022303
KB5022338
KB5022339
KB5022340
KB5022343
KB5022346
KB5022348
KB5022352
KB5022353
Affected versions:
.NET 6.0 before version 6.0.13
QID Detection Logic: Authenticated
On Windows, this QID detects vulnerable versions of Microsoft .NET by checking the file version.
On Linux, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" and "/root/shared/Microsoft.NETCore.App" folders.
On Mac, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" folder.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2023-21538
A complete Qualys vulnerability scan report for Microsoft Azure Stack Hub can be obtained at Azure Stack Vulnerability Scan Report.
QID Detection Logic (Authenticated):
This QID checks for the file version of ntoskrnl.exe, if this file version is less than 10.0.17763.11208, it is considered as vulnerable.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Azure Stack Hub
These new vulnerability checks are included in Qualys vulnerability signature 2.5.671-5. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
To perform a selective vulnerability scan, configure a scan profile to use the following options:
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Platforms and Platform Identification
For more information, customers may contact Qualys Technical Support.
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.