Microsoft security alert.
January 10, 2023
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 82 vulnerabilities that were fixed in 7 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 7 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Office Security Update for January 2023
- Severity
- Critical 4
- Qualys ID
- 110424
- Vendor Reference
- KB5002332, KB5002337
- CVE Reference
- CVE-2023-21734, CVE-2023-21735, CVE-2023-21736, CVE-2023-21737, CVE-2023-21738, CVE-2023-21741
- CVSS Scores
- Base 4.6 / Temporal 3.4
- Description
-
Microsoft has released January 2023 security updates to fix multiple security vulnerabilities.
This security update contains the following:
Office Click-2-Run and Office 365 Release Notes
Release notes for Office for Mac
KB5002337
KB5002332QID Detection Logic:
This authenticated QID checks the file versions from the Microsoft advisory with the versions on the affected office system.Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
- Consequence
-
Successful exploitation allows an attacker to execute code remotely.
- Solution
-
Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
Office Click-2-Run and Office 365 Release Notes
Release notes for Office for Mac
KB5002337
KB5002332Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft office January 2023
-
Microsoft SharePoint Server and Foundation Update for January 2023
- Severity
- Critical 4
- Qualys ID
- 110425
- Vendor Reference
- KB5002329, KB5002331, KB5002335, KB5002336, KB5002338
- CVE Reference
- CVE-2023-21742, CVE-2023-21743, CVE-2023-21744
- CVSS Scores
- Base 9 / Temporal 7.1
- Description
-
Microsoft has released January 2023 security updates to fix multiple security vulnerabilities.
This security update contains the following KBs:
KB5002331
KB5002329
KB5002336
KB5002338
KB5002335
QID Detection Logic:
This authenticated QID checks the file versions from above Microsoft KB article with the versions on affected SharePoint system. - Consequence
-
Successful exploitation allows an attacker to execute code remotely.
- Solution
-
Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
KB5002331
KB5002329
KB5002336
KB5002338
KB5002335
Patches:
The following are links for downloading patches to fix these vulnerabilities:
January 2023
-
Microsoft Visual Studio Code Security Update for January 2023
- Severity
- Serious 3
- Qualys ID
- 377884
- Vendor Reference
- CVE-2023-21779
- CVE Reference
- CVE-2023-21779
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
Visual Studio Code is a lightweight but powerful source code editor which runs on your desktop and is available for Windows, macOS and Linux.
Affected Versions:
Visual studio code prior to version 1.74.3
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of Visual Studio Code.
- Consequence
-
Visual Studio Code is prone to Remote Code Execution Vulnerability
- Solution
-
Customers are advised to refer to CVE-2023-21779 for more information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2023-21779
-
Microsoft Exchange Server Multiple Vulnerabilities for January 2023
- Severity
- Critical 4
- Qualys ID
- 50124
- Vendor Reference
- CVE-2023-21745, CVE-2023-21761, CVE-2023-21762, CVE-2023-21763, CVE-2023-21764
- CVE Reference
- CVE-2023-21745, CVE-2023-21761, CVE-2023-21762, CVE-2023-21763, CVE-2023-21764
- CVSS Scores
- Base 8.3 / Temporal 6.1
- Description
-
Microsoft Exchange Server 2013, 2016 and 2019 are affected by multiple vulnerabilities.
This QID covers detection for the following vulnerabilities:
Microsoft Exchange Server Information Disclosure Vulnerability(CVE-2023-21761)
Microsoft Exchange Server Spoofing Vulnerability (CVE-2023-21762)
Microsoft Exchange Server Elevation of Privilege Vulnerability(CVE-2023-21763)
Microsoft Exchange Server Elevation of Privilege Vulnerability(CVE-2023-21764)Microsoft Exchange Server Spoofing Vulnerability.(CVE-2023-21745)
KB Articles associated with this update are: 5022143,5022193,KB5022188
Affected Versions:
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 11
Microsoft Exchange Server 2019 Cumulative Update 12QID Detection Logic (Authenticated):
The QID checks for vulnerable version of Microsoft Exchange Server by checking the file version of Exsetup.exe. - Consequence
-
Successful exploitation of the vulnerability may allow information disclosure, spoofing attacks and privilege escalation.
- Solution
-
Microsoft has released patch, customers are advised to refer to KB5022188
KB5022193
KB5022143 for information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5022143
KB5022188
KB5022193
-
Microsoft Windows Security Update for January 2023
- Severity
- Critical 4
- Qualys ID
- 91969
- Vendor Reference
- KB5022282, KB5022286, KB5022287, KB5022289, KB5022291, KB5022297, KB5022303, KB5022338, KB5022339, KB5022340, KB5022343, KB5022346, KB5022348, KB5022352, KB5022353
- CVE Reference
- CVE-2023-21524, CVE-2023-21525, CVE-2023-21527, CVE-2023-21532, CVE-2023-21535, CVE-2023-21536, CVE-2023-21537, CVE-2023-21539, CVE-2023-21540, CVE-2023-21541, CVE-2023-21542, CVE-2023-21543, CVE-2023-21546, CVE-2023-21547, CVE-2023-21548, CVE-2023-21549, CVE-2023-21550, CVE-2023-21551, CVE-2023-21552, CVE-2023-21555, CVE-2023-21556, CVE-2023-21557, CVE-2023-21558, CVE-2023-21559, CVE-2023-21560, CVE-2023-21561, CVE-2023-21563, CVE-2023-21674, CVE-2023-21675, CVE-2023-21676, CVE-2023-21677, CVE-2023-21678, CVE-2023-21679, CVE-2023-21680, CVE-2023-21681, CVE-2023-21682, CVE-2023-21683, CVE-2023-21724, CVE-2023-21726, CVE-2023-21728, CVE-2023-21730, CVE-2023-21732, CVE-2023-21733, CVE-2023-21739, CVE-2023-21746, CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21752, CVE-2023-21753, CVE-2023-21754, CVE-2023-21755, CVE-2023-21757, CVE-2023-21758, CVE-2023-21759, CVE-2023-21760, CVE-2023-21765, CVE-2023-21766, CVE-2023-21767, CVE-2023-21768, CVE-2023-21771, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774, CVE-2023-21776
- CVSS Scores
- Base 7.2 / Temporal 6
- Description
-
Microsoft Windows Security Update - January 2023
QID Detection Logic (Authenticated):
Operating Systems: Windows 8.1, Windows Server 2012, Windows Server 2008, Windows 7, Windows Server 2016, Windows 10, Windows 11, Windows Server 2022The KB Articles associated with the update:
The patch version is 6.3.9600.20778KB5022346
The patch version is 6.3.9600.20778KB5022352
The patch version is 6.1.7601.26321KB5022338
The patch version is 6.1.7601.26321KB5022339
The patch version is 10.0.14393.5648KB5022289
The patch version is 10.0.10240.19685KB5022297
The patch version is 10.0.19041.2486KB5022282
The patch version is 10.0.22000.1455KB5022287
The patch version is 10.0.20348.1487KB5022291
The patch version is 6.2.9200.24075KB5022348
The patch version is 6.2.9200.24075KB5022343
The patch version is 10.0.22621.1105KB5022303
The patch version is 6.0.6003.21872KB5022340
The patch version is 6.0.6003.21872KB5022353
The patch version is 10.0.17763.3887KB5022286
This QID checks for the file version of ntoskrnl.exe.
- Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
- Solution
-
Please refer to the following KB Articles associated with the update:
KB5022346
KB5022352
KB5022338
KB5022339
KB5022289
KB5022297
KB5022282
KB5022287
KB5022291
KB5022348
KB5022343
KB5022303
KB5022340
KB5022353
KB5022286
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5022282
KB5022286
KB5022287
KB5022289
KB5022291
KB5022297
KB5022303
KB5022338
KB5022339
KB5022340
KB5022343
KB5022346
KB5022348
KB5022352
KB5022353
-
Microsoft .NET Security Update for January 2023
- Severity
- Serious 3
- Qualys ID
- 91970
- Vendor Reference
- CVE-2023-21538
- CVE Reference
- CVE-2023-21538
- CVSS Scores
- Base 7.8 / Temporal 5.8
- Description
-
Microsoft has released a security Update for .NET which resolves Denial of Service Vulnerability.
This security update is rated Important for affected versions of .NETAffected versions:
.NET 6.0 before version 6.0.13
QID Detection Logic: Authenticated
On Windows, this QID detects vulnerable versions of Microsoft .NET by checking the file version.
On Linux, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" and "/root/shared/Microsoft.NETCore.App" folders.
On Mac, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" folder.
- Consequence
-
Vulnerable versions of Microsoft .NET are prone to Denial of Service Vulnerability.
- Solution
-
Customers are advised to refer to CVE-2023-21538 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2023-21538
-
Microsoft Azure Stack Hub Security Updates for January 2023
- Severity
- Critical 4
- Qualys ID
- 91971
- Vendor Reference
- Azure Stack Hub
- CVE Reference
- CVE-2023-21524, CVE-2023-21525, CVE-2023-21527, CVE-2023-21532, CVE-2023-21535, CVE-2023-21536, CVE-2023-21537, CVE-2023-21540, CVE-2023-21541, CVE-2023-21543, CVE-2023-21546, CVE-2023-21547, CVE-2023-21548, CVE-2023-21549, CVE-2023-21550, CVE-2023-21551, CVE-2023-21552, CVE-2023-21555, CVE-2023-21556, CVE-2023-21557, CVE-2023-21558, CVE-2023-21559, CVE-2023-21560, CVE-2023-21561, CVE-2023-21563, CVE-2023-21674, CVE-2023-21675, CVE-2023-21676, CVE-2023-21677, CVE-2023-21678, CVE-2023-21679, CVE-2023-21680, CVE-2023-21681, CVE-2023-21682, CVE-2023-21683, CVE-2023-21726, CVE-2023-21728, CVE-2023-21730, CVE-2023-21732, CVE-2023-21746, CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21753, CVE-2023-21754, CVE-2023-21757, CVE-2023-21758, CVE-2023-21760, CVE-2023-21765, CVE-2023-21766, CVE-2023-21767, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774, CVE-2023-21776
- CVSS Scores
- Base 4.6 / Temporal 3.8
- Description
-
Azure Stack Hub is an extension of Azure that provides a way to run apps in an on-premises environment and deliver Azure services in your datacenter.
A complete Qualys vulnerability scan report for Microsoft Azure Stack Hub can be obtained at Azure Stack Vulnerability Scan Report.
QID Detection Logic (Authenticated):
This QID checks for the file version of ntoskrnl.exe, if this file version is less than 10.0.17763.11208, it is considered as vulnerable.
- Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
- Solution
-
Customers are encouraged to connect with Microsoft for obtaining more information about patches and upcoming releases.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Azure Stack Hub
These new vulnerability checks are included in Qualys vulnerability signature 2.5.671-5. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 110424
- 110425
- 377884
- 50124
- 91969
- 91970
- 91971
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.