Microsoft security alert.
March 14, 2023
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 95 vulnerabilities that were fixed in 10 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 10 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Outlook Elevation of Privilege Vulnerability for March 2023
- Severity
- Urgent 5
- Qualys ID
- 110428
- Vendor Reference
- KB5002254, KB5002265
- CVE Reference
- CVE-2023-23397
- CVSS Scores
- Base 10 / Temporal 8.3
- Description
-
Microsoft has released March 2023 security updates for outlook to fix a Elevation of Privilege Vulnerability.
This security update contains the following KBs:
KB5002254
KB5002265
QID Detection Logic:
This authenticated QID checks the file versions from the Microsoft advisory with the versions on affected outlook applications.Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
- Consequence
-
Successful exploitation will lead to Elevation of Privileges.
- Solution
-
Refer to Microsoft Security Guide, KB5002254, KB5002265 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Outlook Security Update March 2023
-
Microsoft SharePoint Server and Foundation Update for March 2023
- Severity
- Serious 3
- Qualys ID
- 110429
- Vendor Reference
- KB5002168, KB5002355, KB5002358, KB5002366, KB5002367, KB5002368
- CVE Reference
- CVE-2023-23395
- CVSS Scores
- Base 0 / Temporal 0
- Description
-
Microsoft has released March 2023 security updates to fix multiple security vulnerabilities.
This security update contains the following KBs:
KB5002347
KB5002312
KB5002353
KB5002342
KB5002330
KB5002346
QID Detection Logic:
This authenticated QID checks the file versions from above Microsoft KB article with the versions on affected SharePoint system. - Consequence
-
Successful exploitation allows an attacker to execute code remotely.
- Solution
-
Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
KB5002347
KB5002312
KB5002353
KB5002342
KB5002330
KB5002346
Patches:
The following are links for downloading patches to fix these vulnerabilities:
March 2023
-
Microsoft Office Security Update for March 2023
- Severity
- Critical 4
- Qualys ID
- 110430
- Vendor Reference
- KB5002197, KB5002198, KB5002348, KB5002351, KB5002356, KB5002362
- CVE Reference
- CVE-2023-23391, CVE-2023-23396, CVE-2023-23398, CVE-2023-23399, CVE-2023-24910
- CVSS Scores
- Base 4.6 / Temporal 3.6
- Description
-
Microsoft has released March 2023 security updates to fix multiple security vulnerabilities.
This security update contains the following KBs:
KB5002362 KB5002198 KB5002348 KB5002197 KB5002351 KB5002356 QID Detection Logic:
This authenticated QID checks the file versions from the Microsoft advisory with the versions on the affected office system.Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
- Consequence
-
Successful exploitation allows an attacker to execute code remotely.
- Solution
-
Office Click-2-Run and Office 365 Release Notes
KB5002362
KB5002198
KB5002348
KB5002197
KB5002351
KB5002356Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft office March 2023
-
Microsoft Edge Based on Chromium Prior to 111.0.1661.41/ Extended Version 110.0.1587.69 has Multiple Vulnerabilities
- Severity
- Critical 4
- Qualys ID
- 378067
- Vendor Reference
- Edge (chromium based) 110.0.1587.69
- CVE Reference
- CVE-2023-1213, CVE-2023-1214, CVE-2023-1215, CVE-2023-1216, CVE-2023-1217, CVE-2023-1218, CVE-2023-1219, CVE-2023-1220, CVE-2023-1221, CVE-2023-1222, CVE-2023-1223, CVE-2023-1224, CVE-2023-1228, CVE-2023-1229, CVE-2023-1230, CVE-2023-1231, CVE-2023-1232, CVE-2023-1233, CVE-2023-1234, CVE-2023-1235, CVE-2023-1236, CVE-2023-24892
- CVSS Scores
- Base 5.4 / Temporal 4.3
- Description
-
EdgeChromium has released security update for Mac and Windows to fix the vulnerabilities.
QID Detection Logic: (Authenticated).
It checks package versions to check for the vulnerable packages.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. - Consequence
- Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
- Solution
-
Customers are advised to upgrade to version 110.0.1587.69 or later
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Edge (chromium based) 110.0.1587.69
-
Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability
- Severity
- Critical 4
- Qualys ID
- 378074
- Vendor Reference
- CVE-2023-24930
- CVE Reference
- CVE-2023-24930
- CVSS Scores
- Base 3.6 / Temporal 2.7
- Description
-
Microsoft OneDrive keeps files backed up, protected with 2FA, synced, and accessible on all your devices, allowing you and your team to collaborate at any given time
CVE-2023-24930 Updated build 23.020.0125.0002
QID Detection Logic (Authenticated) :
This checks for vulnerable version of OneDrive - Consequence
- Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
- Solution
-
Vendor has released fix to address these vulnerabilities. Refer to CVE-2023-24930
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2023-24930
-
Microsoft Windows Security Update for March 2023
- Severity
- Critical 4
- Qualys ID
- 91990
- Vendor Reference
- KB5023696, KB5023697, KB5023698, KB5023702, KB5023705, KB5023706, KB5023713, KB5023752, KB5023754, KB5023755, KB5023756, KB5023759, KB5023764, KB5023765, KB5023769
- CVE Reference
- CVE-2023-1017, CVE-2023-1018, CVE-2023-21708, CVE-2023-23385, CVE-2023-23388, CVE-2023-23392, CVE-2023-23393, CVE-2023-23394, CVE-2023-23401, CVE-2023-23402, CVE-2023-23403, CVE-2023-23404, CVE-2023-23405, CVE-2023-23406, CVE-2023-23407, CVE-2023-23409, CVE-2023-23410, CVE-2023-23411, CVE-2023-23412, CVE-2023-23413, CVE-2023-23414, CVE-2023-23415, CVE-2023-23416, CVE-2023-23417, CVE-2023-23418, CVE-2023-23419, CVE-2023-23420, CVE-2023-23421, CVE-2023-23422, CVE-2023-23423, CVE-2023-24856, CVE-2023-24857, CVE-2023-24858, CVE-2023-24859, CVE-2023-24861, CVE-2023-24862, CVE-2023-24863, CVE-2023-24864, CVE-2023-24865, CVE-2023-24866, CVE-2023-24867, CVE-2023-24868, CVE-2023-24869, CVE-2023-24870, CVE-2023-24871, CVE-2023-24872, CVE-2023-24876, CVE-2023-24880, CVE-2023-24906, CVE-2023-24907, CVE-2023-24908, CVE-2023-24909, CVE-2023-24910, CVE-2023-24911, CVE-2023-24913
- CVSS Scores
- Base 7.5 / Temporal 6.2
- Description
-
Microsoft Windows Security Update - March 2023
Operating Systems: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2016, Windows 10, Windows 11, Windows Server 2022, Windows Server 2019
The KB Articles associated with the update:
The patch version is 10.0.22621.1413 for KB5023706
The patch version is 10.0.10240.19805 for KB5023713
The patch version is 10.0.19041.2728 for KB5023696
The patch version is 6.3.9600.20876 for KB5023765
The patch version is 6.3.9600.20876 for KB5023764
The patch version is 6.2.9200.24164 for KB5023756
The patch version is 6.2.9200.24164 for KB5023752
The patch version is 10.0.14393.5786 for KB5023697
The patch version is 10.0.22000.1696 for KB5023698
The patch version is 10.0.20348.1607 for KB5023705
The patch version is 10.0.17763.4131 for KB5023702
The patch version is 6.0.6003.21964 for KB5023754
The patch version is 6.0.6003.21964 for KB5023755
The patch version is 6.1.7601.26413 for KB5023759
The patch version is 6.1.7601.26413 for KB5023769QID Detection Logic (Authenticated):
This QID checks for the file version of ntoskrnl.exe.
- Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
- Solution
-
Please refer to the following KB Articles associated with the update:
KB5023706
KB5023713
KB5023696
KB5023765
KB5023764
KB5023756
KB5023752
KB5023697
KB5023698
KB5023705
KB5023702
KB5023754
KB5023755
KB5023759
KB5023769
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5023696
KB5023697
KB5023698
KB5023702
KB5023705
KB5023706
KB5023713
KB5023752
KB5023754
KB5023755
KB5023756
KB5023759
KB5023764
KB5023765
KB5023769
-
Microsoft Dynamics 365 Security Update for March 2023
- Severity
- Serious 3
- Qualys ID
- 91991
- Vendor Reference
- CVE-2023-24879, CVE-2023-24891, CVE-2023-24919, CVE-2023-24920, CVE-2023-24921, CVE-2023-24922
- CVE Reference
- CVE-2023-24879, CVE-2023-24891, CVE-2023-24919, CVE-2023-24920, CVE-2023-24921, CVE-2023-24922
- CVSS Scores
- Base 6.5 / Temporal 4.8
- Description
-
Microsoft Dynamics 365 is a product line of enterprise resource planning and customer relationship management intelligent business applications.
Affected Software:
Microsoft Dynamics 365 (on-premises) V9.0
Microsoft Dynamics 365 (on-premises) V9.1QID Detection Logic(Authenticated):
This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.Crm.Setup.Server.exe:
- Consequence
-
Successful exploitation of this vulnerability can result in Cross-site Scripting and Information Disclosure Vulnerability
- Solution
-
Customers are advised to refer to CVE-2023-24920 and CVE-2023-24879 and CVE-2023-24919 and CVE-2023-24922 and CVE-2023-24821 and CVE-2023-24891 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2023-24879
CVE-2023-24891
CVE-2023-24919
CVE-2023-24920
CVE-2023-24921
CVE-2023-24922
-
Microsoft Visual Studio Security Updates for March 2023
- Severity
- Critical 4
- Qualys ID
- 91992
- Vendor Reference
- CVE-2023-22490, CVE-2023-22743, CVE-2023-23618, CVE-2023-23946
- CVE Reference
- CVE-2023-22490, CVE-2023-22743, CVE-2023-23618, CVE-2023-23946
- CVSS Scores
- Base 4.6 / Temporal 3.6
- Description
-
Microsoft has released security Updates for Visual Studio which resolve Remote Code Execution, Denial of Service and Escalation of Priviledge Vulnerabilities.
Affected Software:
Microsoft Visual Studio 2022 version 17.5
Microsoft Visual Studio 2022 version 17.4
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Microsoft Visual Studio 2022 version 17.0
Microsoft Visual Studio 2022 version 17.2
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
QID Detection Logic: Authenticated : Windows
This QID detects vulnerable versions of Microsoft Visual Studio by checking the registry key "HKLM\SOFTWARE\Microsoft" and file "evenv.exe" to check the version of the Visual Studio.
- Consequence
-
Vulnerable versions of Microsoft Visual Studio are prone to Remote Code Execution, Information Disclosure and Git for Windows Installer Elevation of Privilege Vulnerabilities.
- Solution
-
Customers are advised to refer to CVE-2023-22490 and CVE-2023-22743 and CVE-2023-23946 and CVE-2023-23618 for more information pertaining to this vulnerability
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2023-22490
CVE-2023-22743
CVE-2023-23618
CVE-2023-23946
-
Microsoft Windows HTTP Protocol Stack Remote Code Execution (RCE) Vulnerability Update for March 2023
- Severity
- Critical 4
- Qualys ID
- 91993
- Vendor Reference
- CVE-2023-23392
- CVE Reference
- CVE-2023-23392
- CVSS Scores
- Base 10 / Temporal 7.4
- Description
-
Microsoft has released security patches to fix HTTP Protocol Stack Remote Code Execution Vulnerability.
QID Detection Logic (Authenticated):
Windows 11 Version 22H2
Windows 11 version 21H2
Windows Server 2022The KB Articles and the patched versions associated with the update:
The patch version is 10.0.22621.1413 (http.sys) for KB5023706
The patch version is 10.0.22000.1696 (http.sys) for KB5023698
The patch version is 10.0.20348.1607 (http.sys) for KB5023705
- Consequence
-
Successful exploitation allows attacker to execute arbitrary code and compromise the system.
- Solution
-
Please refer to the following KB Articles associated with the update:
KB5023706
KB5023698
KB5023705
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5023698
KB5023705
KB5023706
-
Microsoft Windows Domain Name System (DNS) Server Remote Code Execution (RCE) Vulnerability for March 2023
- Severity
- Critical 4
- Qualys ID
- 91995
- Vendor Reference
- Windows DNS Server Security Advisory
- CVE Reference
- CVE-2023-23400
- CVSS Scores
- Base 6.5 / Temporal 4.8
- Description
-
Microsoft Windows Domain Name System (DNS) Server Security Update - March 2023
Operating Systems: Windows Server 2012, Windows Server 2016, Windows Server 2022, Windows Server 2019
The KB Articles associated with the update:
The patch version is 6.3.9600.20874 for KB5023765
The patch version is 6.3.9600.20874 for KB5023764
The patch version is 10.0.14393.5786 for KB5023697
The patch version is 10.0.20348.859 for KB5023705
The patch version is 10.0.17763.4131 for KB5023702QID Detection Logic:
Authenticated: This QID checks for the file version of dns.exeUnauthenticated: This QID checks for vulnerable version of Microsoft DNS by checking the DNS version exposed in the banner.
- Consequence
- Successful exploitation of this vulnerability may allow an attacker with specific elevated privileges to execute arbitrary command on the target system.
- Solution
-
Vendor has released patch. Please refer to CVE-2023-23400 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5023697
KB5023702
KB5023705
KB5023764
KB5023765
These new vulnerability checks are included in Qualys vulnerability signature 2.5.721-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 110428
- 110429
- 110430
- 378067
- 378074
- 91990
- 91991
- 91992
- 91993
- 91995
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.