Microsoft security alert.
June 13, 2023
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 72 vulnerabilities that were fixed in 11 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 11 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Outlook Remote Code Execution Vulnerability for June 2023
- Severity
- Critical 4
- Qualys ID
- 110437
- Vendor Reference
- KB5002382, KB5002387
- CVE Reference
- CVE-2023-33131
- CVSS Scores
- Base 7.5 / Temporal 5.9
- Description
-
Microsoft has released June 2023 security updates for outlook to fix a Elevation of Privilege Vulnerability.
This security update contains the following KBs:
KB5002387
KB5002382QID Detection Logic:
QID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office. Patched Versions for Microsoft 365 Apps for enterprise, Microsoft 365 Apps for business, Office 2016 Retail (C2R), Office 2019, Office LTSC 2021, and Office 2021 are as follows
Current Channel: Version 2305 (Build 16.0.16501.20210)
Monthly Enterprise Channel: Version 2304 (Build 16.0.16327.20324)
Monthly Enterprise Channel: Version 2303 (Build 16.0.16227.20354)
Semi-Annual Enterprise Channel (Preview): Version 2302 (Build 16.0.16130.20580)
Semi-Annual Enterprise Channel: Version 2208 (Build 16.0.15601.20680)
Semi-Annual Enterprise Channel: Version 2202 (Build 16.0.14931.21024)
Office 2021 Retail: Version 2305 (Build 16.0.16501.20210)
Office 2019 Retail: Version 2305 (Build 16.0.16501.20210)
Office 2016 Retail: Version 2305 (Build 16.0.16501.20210)
Office LTSC 2021 Volume Licensed: Version 2108 (Build 16.0.14332.20517)
Office 2019 Volume Licensed: Version 1808 (Build 16.0.10399.20000)
For traditional MSI Installations, following KBs and version are the required:
KB5002387 - 16.0.5395.1000 (outlook.exe)
KB5002382 - 15.0.5559.1000 (emsmdb32.dll)Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
- Consequence
-
Successful exploitation will lead to Remote Code Execution.
- Solution
-
Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
Office Click-2-Run and Office 365 Release Notes
Release notes for Office for Mac
KB5002387
KB5002382Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2023-33131
-
Microsoft Office Security Update for June 2023
- Severity
- Critical 4
- Qualys ID
- 110438
- Vendor Reference
- KB5002401, KB5002405, KB5002414
- CVE Reference
- CVE-2023-32029, CVE-2023-33133, CVE-2023-33137, CVE-2023-33140, CVE-2023-33146
- CVSS Scores
- Base 7.2 / Temporal 5.6
- Description
-
Microsoft has released June 2023 security updates to fix multiple security vulnerabilities.
This security update contains the following:
Office Click-2-Run and Office 365 Release Notes
Release notes for Office for Mac
KB5002401
KB5002405
KB5002414QID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsft Office. Patched Versions for Microsoft 365 Apps for enterprise, Microsoft 365 Apps for business, Office 2016 Retail (C2R), Office 2019, Office LTSC 2021, and Office 2021 are as follows
Current Channel: Version 2305 (Build 16.0.16501.20210)
Monthly Enterprise Channel: Version 2304 (Build 16.0.16327.20324)
Monthly Enterprise Channel: Version 2303 (Build 16.0.16227.20354)
Semi-Annual Enterprise Channel (Preview): Version 2302 (Build 16.0.16130.20580)
Semi-Annual Enterprise Channel: Version 2208 (Build 16.0.15601.20680)
Semi-Annual Enterprise Channel: Version 2202 (Build 16.0.14931.21024)
Office 2021 Retail: Version 2305 (Build 16.0.16501.20210)
Office 2019 Retail: Version 2305 (Build 16.0.16501.20210)
Office 2016 Retail: Version 2305 (Build 16.0.16501.20210)
Office LTSC 2021 Volume Licensed: Version 2108 (Build 16.0.14332.20517)
Office 2019 Volume Licensed: Version 1808 (Build 16.0.10399.20000)
For traditional MSI Installations, following KBs and version are the required:
KB5002401 - 16.0.10399.20000 (microsoft.office.web.agentmanager.exe)
KB5002405 - 16.0.5400.1000 (Excel.exe)
KB5002414 - 15.0.5563.1000 (Excel.exe)Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
- Consequence
-
Successful exploitation allows an attacker to execute code remotely.
- Solution
-
Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
Office Click-2-Run and Office 365 Release Notes
Release notes for Office for Mac
KB5002401
KB5002405
KB5002414Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft office June 2023
-
Microsoft SharePoint Server Update for June 2023
- Severity
- Critical 4
- Qualys ID
- 110439
- Vendor Reference
- KB5002402, KB5002403, KB5002404, KB5002416
- CVE Reference
- CVE-2023-29357, CVE-2023-33129, CVE-2023-33130, CVE-2023-33132, CVE-2023-33142
- CVSS Scores
- Base 7.5 / Temporal 6.2
- Description
-
Microsoft has released June 2023 security updates to fix multiple security vulnerabilities.
This security update contains the following KBs:
KB5002416
KB5002402
KB5002403
KB5002404QID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Sharepoint via the Windows Registry. Below is the mapping of Filename, patched version and KB details checked for each applicable Product: ONETUTIL.DLL - 16.0.5400.1000 (KB5002404)
ONETUTIL.DLL - 16.0.10399.20005 (KB5002402)
ppintl.dll - 16.0.10399.20005 (KB5002403)
mssmsg.dll - 16.0.16130.20542 (KB5002416) - Consequence
-
Successful exploitation allows an attacker to execute code remotely and elevate privileges.
- Solution
-
Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
June 2023
-
Microsoft Visual Studio Code Security Update for June 2023
- Severity
- Serious 3
- Qualys ID
- 378574
- Vendor Reference
- CVE-2023-33144
- CVE Reference
- CVE-2023-33144
- CVSS Scores
- Base 4.6 / Temporal 3.4
- Description
-
Visual Studio Code is a lightweight but powerful source code editor which runs on your desktop and is available for Windows, macOS and Linux.
Affected Versions:
Visual studio code prior to version 1.79QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of Visual Studio Code.
- Consequence
-
Visual Studio Code is prone to Information Disclosure Vulnerability
- Solution
-
Customers are advised to refer to CVE-2023-33144 for more information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
https://msrc.microsoft.comCVE-2023-33144
-
Microsoft Exchange Server Remote Code Execution (RCE) Vulnerability for June 2023
- Severity
- Critical 4
- Qualys ID
- 50126
- Vendor Reference
- CVE-2023-28310, CVE-2023-32031
- CVE Reference
- CVE-2023-28310, CVE-2023-32031
- CVSS Scores
- Base 8.3 / Temporal 6.5
- Description
-
Microsoft Exchange Server 2013, 2016 and 2019 are affected by multiple vulnerabilities.
KB Articles associated with this update are: KB5023038
Affected Versions:
Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 12
Microsoft Exchange Server 2019 Cumulative Update 13QID Detection Logic (Authenticated):
The QID checks for vulnerable version of Microsoft Exchange Server by checking the file version of Exsetup.exe. - Consequence
-
Successful exploitation of the vulnerability may allow remote code execution
- Solution
-
Microsoft has released patch, customers are advised to refer to KB5026261 and
KB5025903 for information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5025903
KB5026261
-
Microsoft Windows Domain Name System (DNS) Server Spoofing Vulnerability for June 2023
- Severity
- Critical 4
- Qualys ID
- 92021
- Vendor Reference
- Windows DNS Server Security Advisory
- CVE Reference
- CVE-2023-32020
- CVSS Scores
- Base 2.6 / Temporal 1.9
- Description
-
Microsoft Windows Domain Name System (DNS) Server Security Update - June 2023
Operating Systems: Windows Server 2016, Windows Server 2022, Windows Server 2019, Windows Server 2012, Windows Server 2012 R2, Windows Server 2008 and Windows Server 2008 R2
The KB Articles associated with the update:
5027271
5027282
5027283
5027281
5027275
5027256
5027279
5027277
5027219
5027225
5027222QID Detection Logic (Authenticated):
This QID checks for the file version of dns.exe
- Consequence
- Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.
- Solution
-
Vendor has released patch. Please refer to CVE-2023-32020 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Windows DNS Server Security Advisory
-
Microsoft .NET Framework Security Update for June 2023
- Severity
- Critical 4
- Qualys ID
- 92022
- Vendor Reference
- KB5027119, KB5027123, KB5027219, KB5027230, KB5027531, KB5027532, KB5027533, KB5027534, KB5027536, KB5027537, KB5027538, KB5027539, KB5027540, KB5027541, KB5027542, KB5027543, KB5027544
- CVE Reference
- CVE-2023-24895, CVE-2023-24897, CVE-2023-24936, CVE-2023-29326, CVE-2023-29331, CVE-2023-32030
- CVSS Scores
- Base 7.6 / Temporal 5.6
- Description
-
A Denial of Service and Remote Code Execution Vulnerability exist in Microsoft .Net Framework.
Following KBs are covered in this detection:
KB5027540
KB5027531
KB5027542
KB5027533
KB5027541
KB5027532
KB5027543
KB5027534
KB5027219
KB5027230
KB5027538
KB5027119
KB5027537
KB5027539
KB5027544
KB5027536
KB5027123
This security update is rated Important for supported versions of Microsoft .NET Framework.
.NET Framework 2.0, 3.0, 3.5, 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, and 4.8.1
QID Detection Logic (Authenticated):
Checks for vulnerable file.version of ntoskrnl.exe or Mscorlib.dll or System.core.dll for the respective .Net Framework KBs
- Consequence
-
Successful exploitation may allow a attacker to perform Denial of Service, Remote Code Execution and/or Elevation of Privileges.
- Solution
-
Customers are advised to refer to CVE-2023-32030, CVE-2023-29326, CVE-2023-24895, CVE-2023-24936, CVE-2023-29331, and CVE-2023-24897 for more details pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2023-24895
CVE-2023-24897
CVE-2023-24936
CVE-2023-29326
CVE-2023-29331
CVE-2023-32030
-
Microsoft .NET Security Update for June 2023
- Severity
- Critical 4
- Qualys ID
- 92023
- Vendor Reference
- CVE-2023-24895, CVE-2023-24897, CVE-2023-24936, CVE-2023-29331, CVE-2023-32032, CVE-2023-33126, CVE-2023-33128, CVE-2023-33135
- CVE Reference
- CVE-2023-24895, CVE-2023-24897, CVE-2023-24936, CVE-2023-29331, CVE-2023-32032, CVE-2023-33126, CVE-2023-33128, CVE-2023-33135
- CVSS Scores
- Base 7.6 / Temporal 5.6
- Description
-
Microsoft has released a security Update for .NET which resolves Denial of Service, Remote Code Execution and/or Elevation of Privileges Vulnerabilities.
Affected versions:
.NET 6.0 before version 6.0.18
.NET 7.0 before version 7.0.7
QID Detection Logic: Authenticated
On Windows, this QID detects vulnerable versions of Microsoft .NET by checking the file version.
On Linux, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" and "/root/shared/Microsoft.NETCore.App" folders.
On Mac, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" folder.
- Consequence
-
Successful exploitation may allow a attacker to perform Denial of Service, Remote Code Execution and/or Elevation of Privileges.
- Solution
-
Customers are advised to refer to CVE-2023-33135, CVE-2023-33128, CVE-2023-33128, CVE-2023-32032, CVE-2023-24936, CVE-2023-24895, CVE-2023-24897, and CVE-2023-29331 for more details pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2023-24895
CVE-2023-24897
CVE-2023-24936
CVE-2023-29331
CVE-2023-32032
CVE-2023-33126
CVE-2023-33128
CVE-2023-33135
-
Azure DevOps Server Spoofing Vulnerability for June 2023
- Severity
- Critical 4
- Qualys ID
- 92024
- Vendor Reference
- CVE-2023-21565, CVE-2023-21569
- CVE Reference
- CVE-2023-21565, CVE-2023-21569
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
Azure DevOps Server is a Microsoft product that provides version control, reporting, requirements management, project management, automated builds, testing, and release management capabilities.
CVE-2023-21569: Azure DevOps Server Spoofing Vulnerability.
CVE-2023-21565: Azure DevOps Server Spoofing Vulnerability.Affected Software:
Azure DevOps Server 2022
Azure DevOps Server 2020.1.2
Azure DevOps Server 2022.0.1QID Detection Logic(Authenticated):
This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.TeamFoundation.Framework.Server.dll.
- Consequence
-
Successful exploitation could allow spoofing vulnerability.
- Solution
-
Customers are advised to refer to CVE-2023-21569, CVE-2023-21565, for more details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2023-21565
CVE-2023-21569
-
Microsoft Windows Security Update for June 2023
- Severity
- Urgent 5
- Qualys ID
- 92025
- Vendor Reference
- KB5027215, KB5027219, KB5027222, KB5027223, KB5027225, KB5027230, KB5027231, KB5027271, KB5027275, KB5027277, KB5027279, KB5027281, KB5027282, KB5027283
- CVE Reference
- CVE-2023-24937, CVE-2023-24938, CVE-2023-29346, CVE-2023-29351, CVE-2023-29352, CVE-2023-29355, CVE-2023-29358, CVE-2023-29359, CVE-2023-29360, CVE-2023-29361, CVE-2023-29362, CVE-2023-29363, CVE-2023-29364, CVE-2023-29365, CVE-2023-29366, CVE-2023-29367, CVE-2023-29368, CVE-2023-29369, CVE-2023-29370, CVE-2023-29371, CVE-2023-29372, CVE-2023-29373, CVE-2023-32008, CVE-2023-32009, CVE-2023-32010, CVE-2023-32011, CVE-2023-32012, CVE-2023-32013, CVE-2023-32014, CVE-2023-32015, CVE-2023-32016, CVE-2023-32017, CVE-2023-32018, CVE-2023-32019, CVE-2023-32021, CVE-2023-32022
- CVSS Scores
- Base 7.5 / Temporal 6.2
- Description
-
Microsoft Windows Security Update - June 2023
The patch version is 6.3.9600.21013 for
The patch version is 6.3.9600.21013 for
The patch version is 10.0.14393.5989 for
The patch version is 10.0.20348.1787 for
The patch version is 10.0.17763.4499 for
The patch version is 6.2.9200.24312 for
The patch version is 6.2.9200.24312 for
The patch version is 6.1.7601.26561 for
The patch version is 6.0.6003.22112 for
The patch version is 6.0.6003.22112 for
The patch version is for
The patch version is 10.0.22621.1848 for
The patch version is 10.0.22000.2057 for
The patch version is 10.0.10240.19983 forQID Detection Logic (Authenticated):
This QID checks for the file version of 'ntoskrnl.exe'.
- Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
- Solution
-
Please refer to the following KB Articles associated with the update:
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5027215
KB5027219
KB5027222
KB5027223
KB5027225
KB5027230
KB5027231
KB5027271
KB5027275
KB5027277
KB5027279
KB5027281
KB5027282
KB5027283
-
Microsoft Visual Studio Security Updates for June 2023
- Severity
- Critical 4
- Qualys ID
- 92027
- Vendor Reference
- CVE-2023-25652, CVE-2023-25815, CVE-2023-27909, CVE-2023-27910, CVE-2023-27911, CVE-2023-29007, CVE-2023-29011, CVE-2023-29012, CVE-2023-33139
- CVE Reference
- CVE-2023-24897, CVE-2023-25652, CVE-2023-25815, CVE-2023-27909, CVE-2023-27910, CVE-2023-27911, CVE-2023-29007, CVE-2023-29011, CVE-2023-29012, CVE-2023-33139
- CVSS Scores
- Base 7.2 / Temporal 5.6
- Description
-
Microsoft has released security Updates for Visual Studio which resolve Remote Code Execution, Denial of Service and Escalation of Priviledge Vulnerabilities.
Affected Software:
Microsoft Visual Studio 2022 version 17.6
Microsoft Visual Studio 2015 Update 3
Microsoft Visual Studio 2013 Update 5
Microsoft Visual Studio 2022 version 17.4
Microsoft Visual Studio 2022 version 17.0
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Microsoft Visual Studio 2022 version 17.2
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
QID Detection Logic: Authenticated : Windows
This QID detects vulnerable versions of Microsoft Visual Studio by checking the registry key "HKLM\SOFTWARE\Microsoft" and file "evenv.exe" to check the version of the Visual Studio.
- Consequence
-
Vulnerable versions of Microsoft Visual Studio are prone to Remote Code Execution, Information Disclosure, Elevation of Privileges, and Spoofing Vulnerabilities.
- Solution
-
Customers are advised to refer to CVE-2023-33139,CVE-2023-25815,CVE-2023-25652,CVE-2023-27909,CVE-2023-27910,CVE-2023-27911,CVE-2023-29007,CVE-2023-29011,CVE-2023-29012
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2023-25652
CVE-2023-25815
CVE-2023-27909
CVE-2023-27910
CVE-2023-27911
CVE-2023-29007
CVE-2023-29011
CVE-2023-29012
CVE-2023-33139
These new vulnerability checks are included in Qualys vulnerability signature 2.5.790-4. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 110437
- 110438
- 110439
- 378574
- 50126
- 92021
- 92022
- 92023
- 92024
- 92025
- 92027
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.