Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 72 vulnerabilities that were fixed in 11 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Microsoft has released 11 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
This security update contains the following KBs:
KB5002387
KB5002382
QID Detection Logic:
QID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office.
Patched Versions for Microsoft 365 Apps for enterprise, Microsoft 365 Apps for business, Office 2016 Retail (C2R), Office 2019, Office LTSC 2021, and Office 2021 are as follows
Current Channel: Version 2305 (Build 16.0.16501.20210)
Monthly Enterprise Channel: Version 2304 (Build 16.0.16327.20324)
Monthly Enterprise Channel: Version 2303 (Build 16.0.16227.20354)
Semi-Annual Enterprise Channel (Preview): Version 2302 (Build 16.0.16130.20580)
Semi-Annual Enterprise Channel: Version 2208 (Build 16.0.15601.20680)
Semi-Annual Enterprise Channel: Version 2202 (Build 16.0.14931.21024)
Office 2021 Retail: Version 2305 (Build 16.0.16501.20210)
Office 2019 Retail: Version 2305 (Build 16.0.16501.20210)
Office 2016 Retail: Version 2305 (Build 16.0.16501.20210)
Office LTSC 2021 Volume Licensed: Version 2108 (Build 16.0.14332.20517)
Office 2019 Volume Licensed: Version 1808 (Build 16.0.10399.20000)
For traditional MSI Installations, following KBs and version are the required:
KB5002387 - 16.0.5395.1000 (outlook.exe)
KB5002382 - 15.0.5559.1000 (emsmdb32.dll)
Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
Office Click-2-Run and Office 365 Release Notes
Release notes for Office for Mac
KB5002387
KB5002382
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2023-33131
This security update contains the following:
Office Click-2-Run and Office 365 Release Notes
Release notes for Office for Mac
KB5002401
KB5002405
KB5002414
QID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsft Office.
Patched Versions for Microsoft 365 Apps for enterprise, Microsoft 365 Apps for business, Office 2016 Retail (C2R), Office 2019, Office LTSC 2021, and Office 2021 are as follows
Current Channel: Version 2305 (Build 16.0.16501.20210)
Monthly Enterprise Channel: Version 2304 (Build 16.0.16327.20324)
Monthly Enterprise Channel: Version 2303 (Build 16.0.16227.20354)
Semi-Annual Enterprise Channel (Preview): Version 2302 (Build 16.0.16130.20580)
Semi-Annual Enterprise Channel: Version 2208 (Build 16.0.15601.20680)
Semi-Annual Enterprise Channel: Version 2202 (Build 16.0.14931.21024)
Office 2021 Retail: Version 2305 (Build 16.0.16501.20210)
Office 2019 Retail: Version 2305 (Build 16.0.16501.20210)
Office 2016 Retail: Version 2305 (Build 16.0.16501.20210)
Office LTSC 2021 Volume Licensed: Version 2108 (Build 16.0.14332.20517)
Office 2019 Volume Licensed: Version 1808 (Build 16.0.10399.20000)
For traditional MSI Installations, following KBs and version are the required:
KB5002401 - 16.0.10399.20000 (microsoft.office.web.agentmanager.exe)
KB5002405 - 16.0.5400.1000 (Excel.exe)
KB5002414 - 15.0.5563.1000 (Excel.exe)
Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
Office Click-2-Run and Office 365 Release Notes
Release notes for Office for Mac
KB5002401
KB5002405
KB5002414
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft office June 2023
This security update contains the following KBs:
KB5002416
KB5002402
KB5002403
KB5002404
QID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Sharepoint via the Windows Registry. Below is the mapping of Filename, patched version and KB details checked for each applicable Product:
ONETUTIL.DLL - 16.0.5400.1000 (KB5002404)
ONETUTIL.DLL - 16.0.10399.20005 (KB5002402)
ppintl.dll - 16.0.10399.20005 (KB5002403)
mssmsg.dll - 16.0.16130.20542 (KB5002416)
Patches:
The following are links for downloading patches to fix these vulnerabilities:
June 2023
Affected Versions:
Visual studio code prior to version 1.79
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of Visual Studio Code.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
https://msrc.microsoft.comCVE-2023-33144
KB Articles associated with this update are: KB5023038
Affected Versions:
Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 12
Microsoft Exchange Server 2019 Cumulative Update 13
QID Detection Logic (Authenticated):
The QID checks for vulnerable version of Microsoft Exchange Server by checking the file version of Exsetup.exe.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5025903
KB5026261
Operating Systems: Windows Server 2016, Windows Server 2022, Windows Server 2019, Windows Server 2012, Windows Server 2012 R2, Windows Server 2008 and Windows Server 2008 R2
The KB Articles associated with the update:
5027271
5027282
5027283
5027281
5027275
5027256
5027279
5027277
5027219
5027225
5027222
QID Detection Logic (Authenticated):
This QID checks for the file version of dns.exe
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Windows DNS Server Security Advisory
Following KBs are covered in this detection:
KB5027540
KB5027531
KB5027542
KB5027533
KB5027541
KB5027532
KB5027543
KB5027534
KB5027219
KB5027230
KB5027538
KB5027119
KB5027537
KB5027539
KB5027544
KB5027536
KB5027123
This security update is rated Important for supported versions of Microsoft .NET Framework.
.NET Framework 2.0, 3.0, 3.5, 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, and 4.8.1
QID Detection Logic (Authenticated):
Checks for vulnerable file.version of ntoskrnl.exe or Mscorlib.dll or System.core.dll for the respective .Net Framework KBs
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2023-24895
CVE-2023-24897
CVE-2023-24936
CVE-2023-29326
CVE-2023-29331
CVE-2023-32030
QID Detection Logic: Authenticated
On Windows, this QID detects vulnerable versions of Microsoft .NET by checking the file version.
On Linux, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" and "/root/shared/Microsoft.NETCore.App" folders.
On Mac, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" folder.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2023-24895
CVE-2023-24897
CVE-2023-24936
CVE-2023-29331
CVE-2023-32032
CVE-2023-33126
CVE-2023-33128
CVE-2023-33135
Azure DevOps Server is a Microsoft product that provides version control, reporting, requirements management, project management, automated builds, testing, and release management capabilities.
CVE-2023-21569: Azure DevOps Server Spoofing Vulnerability.
CVE-2023-21565: Azure DevOps Server Spoofing Vulnerability.
Affected Software:
Azure DevOps Server 2022
Azure DevOps Server 2020.1.2
Azure DevOps Server 2022.0.1
QID Detection Logic(Authenticated):
This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.TeamFoundation.Framework.Server.dll.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2023-21565
CVE-2023-21569
The patch version is 6.3.9600.21013 for
The patch version is 6.3.9600.21013 for
The patch version is 10.0.14393.5989 for
The patch version is 10.0.20348.1787 for
The patch version is 10.0.17763.4499 for
The patch version is 6.2.9200.24312 for
The patch version is 6.2.9200.24312 for
The patch version is 6.1.7601.26561 for
The patch version is 6.0.6003.22112 for
The patch version is 6.0.6003.22112 for
The patch version is for
The patch version is 10.0.22621.1848 for
The patch version is 10.0.22000.2057 for
The patch version is 10.0.10240.19983 for
QID Detection Logic (Authenticated):
This QID checks for the file version of 'ntoskrnl.exe'.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5027215
KB5027219
KB5027222
KB5027223
KB5027225
KB5027230
KB5027231
KB5027271
KB5027275
KB5027277
KB5027279
KB5027281
KB5027282
KB5027283
Microsoft has released security Updates for Visual Studio which resolve Remote Code Execution, Denial of Service and Escalation of Priviledge Vulnerabilities.
Affected Software:
Microsoft Visual Studio 2022 version 17.6
Microsoft Visual Studio 2015 Update 3
Microsoft Visual Studio 2013 Update 5
Microsoft Visual Studio 2022 version 17.4
Microsoft Visual Studio 2022 version 17.0
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Microsoft Visual Studio 2022 version 17.2
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
QID Detection Logic: Authenticated : Windows
This QID detects vulnerable versions of Microsoft Visual Studio by checking the registry key "HKLM\SOFTWARE\Microsoft" and file "evenv.exe" to check the version of the Visual Studio.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2023-25652
CVE-2023-25815
CVE-2023-27909
CVE-2023-27910
CVE-2023-27911
CVE-2023-29007
CVE-2023-29011
CVE-2023-29012
CVE-2023-33139
These new vulnerability checks are included in Qualys vulnerability signature 2.5.790-4. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
To perform a selective vulnerability scan, configure a scan profile to use the following options:
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Platforms and Platform Identification
For more information, customers may contact Qualys Technical Support.
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.