Live Virtual Event: AI & LLM: How Secure Are Your Generative Sheep? Dec 4, 2024
Learn More

Microsoft security alert.

August 8, 2023

Advisory overview

Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 78 vulnerabilities that were fixed in 15 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.

Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.

Vulnerability details

Microsoft has released 15 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:

  • Microsoft Outlook Spoofing Vulnerability for August 2023

    Severity
    Critical 4
    Qualys ID
    110443
    Vendor Reference
    KB5002449, KB5002459
    CVE Reference
    CVE-2023-36893
    CVSS Scores
    Base 7.8 / Temporal 5.8
    Description
    Microsoft has released August 2023 security updates for outlook to fix a Spoofing Vulnerability.

    This security update contains the following KBs:
    KB5002449
    KB5002459

    QID Detection Logic:
    This authenticated QID checks the file versions from the Microsoft advisory with the versions on affected outlook applications.

    Consequence
    Successful exploitation will lead to Spoofing Vulnerability.

    Solution
    Refer to Microsoft Security Guide, KB5002449, KB5002459 for more details pertaining to this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    August 2023

  • Microsoft SharePoint Server Update for August 2023

    Severity
    Critical 4
    Qualys ID
    110444
    Vendor Reference
    5002398, KB5002422, KB5002436, KB5002437, KB5002453
    CVE Reference
    CVE-2023-36890, CVE-2023-36891, CVE-2023-36892, CVE-2023-36894
    CVSS Scores
    Base 9 / Temporal 6.7
    Description
    Microsoft has released August 2023 security updates security updates to fix multiple security vulnerabilities.

    This security update contains the following KBs:

    KB5002437
    KB5002436
    KB5002422
    KB5002453
    KB5002398

    QID Detection Logic (Authenticated):
    Operating System: Windows

    Consequence
    Successful exploitation allows spoofing.
    Solution
    Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.

    KB5002437
    KB5002436
    KB5002422
    KB5002453
    KB5002398

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    August 2023

  • Microsoft Office Security Update for August 2023

    Severity
    Critical 4
    Qualys ID
    110445
    Vendor Reference
    5002451, KB5002435, KB5002445, KB5002463, KB5002464
    CVE Reference
    CVE-2023-35371, CVE-2023-35372, CVE-2023-36865, CVE-2023-36866, CVE-2023-36893, CVE-2023-36895, CVE-2023-36896, CVE-2023-36897
    CVSS Scores
    Base 7.2 / Temporal 5.3
    Description
    Microsoft has released August 2023 security updates to fix multiple security vulnerabilities.

    This security update contains the following:

    Office Click-2-Run and Office 365 Release Notes
    KB5002451
    KB5002463
    KB5002435
    KB5002445
    KB5002464
    QID Detection Logic (Authenticated):
    Operating System: Windows
    The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office. Patched Versions for Microsoft 365 Apps for enterprise, Microsoft 365 Apps for business, Office 2016 Retail (C2R), Office 2019, Office Current Channel: Version 2307 (Build 16626.20170) Monthly Enterprise Channel: Version 2306 (Build 16529.20226).
    Monthly Enterprise Channel: Version 2305 (Build 16501.20286).
    Semi-Annual Enterprise Channel (Preview): Version 2302 (Build 16130.20714).
    Semi-Annual Enterprise Channel: Version 2302 (Build 16130.20714).
    Semi-Annual Enterprise Channel: Version 2208 (Build 15601.20742).
    Semi-Annual Enterprise Channel: Version 2202 (Build 14931.21078).
    Office 2021 Retail: Version 2307 (Build 16626.20170).
    Office 2019 Retail: Version 2307 (Build 16626.20170).
    Office 2016 Retail: Version 2306 Version 2307 (Build 16626.20170).
    Office LTSC 2021 Volume Licensed: Version 2108 (Build 14332.20546).
    Office 2019 Volume Licensed: Version 1808 (Build 10401.20025).

    Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.

    Consequence
    Successful exploitation allows an attacker to execute code remotely.

    Solution
    KB5002451
    KB5002463
    KB5002435
    KB5002445
    KB5002464

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    Microsoft office July 2023

  • Microsoft Edge Based on Chromium Prior to 115.0.1901.200/Extended Stable Version 114.0.1823.106 Multiple Vulnerabilities

    Severity
    Critical 4
    Qualys ID
    378744
    Vendor Reference
    Edge (chromium based) 115.0.1901.200
    CVE Reference
    CVE-2023-4068, CVE-2023-4069, CVE-2023-4070, CVE-2023-4071, CVE-2023-4072, CVE-2023-4073, CVE-2023-4074, CVE-2023-4075, CVE-2023-4076, CVE-2023-4077, CVE-2023-4078, CVE-2023-38157
    CVSS Scores
    Base 5.4 / Temporal 4.3
    Description
    EdgeChromium has released security update for Mac and Windows to fix the vulnerabilities.
    QID Detection Logic: (Authenticated).
    It checks package versions to check for the vulnerable packages.


    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Customers are advised to upgrade to version 115.0.1901.200 or later

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    Edge (chromium based) 115.0.1901.200

  • Microsoft Teams Remote Code Execution (RCE) Vulnerability for August 2023

    Severity
    Critical 4
    Qualys ID
    378755
    Vendor Reference
    CVE-2023-29328, CVE-2023-29330
    CVE Reference
    CVE-2023-29328, CVE-2023-29330
    CVSS Scores
    Base 7.8 / Temporal 5.8
    Description
    Microsoft Teams is a proprietary business communication platform and primarily competes with the similar service Slack, offering workspace chat and videoconferencing, file storage, and application integration.

    Affected Versions:
    Microsoft Teams for Desktop Versions Prior to 1.6.00.18681

    QID Detection Logic(Auth):
    QID checks for the vulnerable version of Teams.

    Consequence
    Vulnerable versions of Microsoft Teams are prone to Remote Code Execution Vulnerability
    Solution
    The vendor has addressed this vulnerability in Microsoft Teams
    For more information, please visit CVE-2023-29328 For more information, please visit CVE-2023-29330

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2023-29328
    CVE-2023-29330

  • Microsoft Exchange Server Multiple Vulnerabilities for August 2023

    Severity
    Urgent 5
    Qualys ID
    50127
    Vendor Reference
    KB5029388
    CVE Reference
    CVE-2023-21709, CVE-2023-35368, CVE-2023-35388, CVE-2023-38181, CVE-2023-38182, CVE-2023-38185
    CVSS Scores
    Base 7.5 / Temporal 5.5
    Description
    Microsoft Exchange Server 2016 and 2019 are affected by multiple vulnerabilities.

    KB Articles associated with this update are: KB5029388 or KB5030524

    Affected Versions:
    Microsoft Exchange Server 2016 Cumulative Update 23
    Microsoft Exchange Server 2019 Cumulative Update 12
    Microsoft Exchange Server 2019 Cumulative Update 13

    QID Detection Logic (Authenticated):
    The QID checks for vulnerable version of Microsoft Exchange Server by checking the file version of Exsetup.exe.

    Note: For CVE-2023-21709: There is script available, run the CVE-2023-21709.ps1 script

    Consequence
    Successful exploitation of the vulnerability may allow remote code execution, elevation of privilege and spoofing

    Solution
    Microsoft has released patch, customers are advised to refer to 5029388 or 5030524for information pertaining to this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    KB5029388
    KB5030524

  • Microsoft .NET Framework Security Update for August 2023

    Severity
    Serious 3
    Qualys ID
    92042
    Vendor Reference
    KB5028948, KB5028952, KB5029566, KB5029567, KB5029568, KB5029569, KB5029647, KB5029648, KB5029649, KB5029650, KB5029651, KB5029652, KB5029653, KB5029654, KB5029655
    CVE Reference
    CVE-2023-36873, CVE-2023-36899
    CVSS Scores
    Base 7.1 / Temporal 5.6
    Description
    An Elevation of Privileges and Spoofing Vulnerabilities exist in Microsoft .Net Framework.

    Following KBs are covered in this detection:
    KB5029654
    KB5029569
    KB5029649
    KB5029655
    KB5029653
    KB5029568
    KB5029647
    KB5029650
    KB5028952
    KB5028948
    KB5029648
    KB5029652
    KB5029567
    KB5029651
    KB5029566

    This security update is rated Important for supported versions of Microsoft .NET Framework.
    .NET Framework 2.0, 3.0, 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, and 4.8.1

    QID Detection Logic (Authenticated):
    Checks for vulnerable file version of ntoskrnl.exe or Mscorlib.dll or System.core.dll or System.web.dll for the respective .Net Framework KBs

    Consequence
    Successful exploitation may allow a attacker to exploit Elevation of Privileges and/or Spoofing vulnerabilities.
    Solution
    Customers are advised to refer to CVE-2023-36899 and CVE-2023-36873 for more details pertaining to these vulnerabilities.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2023-36873
    CVE-2023-36899

  • Microsoft Dynamics Business Central Elevation of Privilege Vulnerability for August 2023

    Severity
    Critical 4
    Qualys ID
    92043
    Vendor Reference
    CVE-2023-38167
    CVE Reference
    CVE-2023-38167
    CVSS Scores
    Base 6.5 / Temporal 4.8
    Description
    Microsoft Dynamics 365 Business Central is an enterprise resource planning system from Microsoft. The product is part of the Microsoft Dynamics family, and shares the same codebase as NAV.


    CVE-2023-38167:Microsoft Dynamics Business Central Elevation Of Privilege Vulnerability.

    Affected Software:

    Microsoft Dynamics 365 Business Central 2023 Release Wave 1 - Update
    QID Detection Logic(Authenticated):
    This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.Dynamics.Nav.Server.exe

    Consequence
    Successful exploit could compromise Confidentiality, Integrity and Availability

    Solution
    Customers are advised to refer to CVE-2023-38167 for more details pertaining to this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    KB5029765

  • Azure DevOps Server Spoofing Vulnerability for August 2023

    Severity
    Serious 3
    Qualys ID
    92044
    Vendor Reference
    CVE-2023-36869
    CVE Reference
    CVE-2023-36869
    CVSS Scores
    Base 6.8 / Temporal 5
    Description

    Azure DevOps Server is a Microsoft product that provides version control, reporting, requirements management, project management, automated builds, testing, and release management capabilities.
    CVE-2023-36869: Azure DevOps Server Spoofing Vulnerability.

    Affected Software:
    Azure DevOps Server 2019.0.1
    Azure DevOps Server 2019.1.2
    Azure DevOps Server 2020.1.2
    Azure DevOps Server 2022.0.1

    QID Detection Logic(Authenticated):
    This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.TeamFoundation.Framework.Server.dll.

    Consequence
    Successful exploitation could allow spoofing vulnerability.

    Solution
    Customers are advised to refer to CVE-2023-36869 for more details.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2023-36869

  • Microsoft Azure Stack Hub Security Updates for August 2023

    Severity
    Critical 4
    Qualys ID
    92045
    Vendor Reference
    Azure Stack Hub
    CVE Reference
    CVE-2023-20569, CVE-2023-35359, CVE-2023-35376, CVE-2023-35377, CVE-2023-35378, CVE-2023-35380, CVE-2023-35381, CVE-2023-35382, CVE-2023-35383, CVE-2023-35384, CVE-2023-35385, CVE-2023-35386, CVE-2023-35387, CVE-2023-36882, CVE-2023-36889, CVE-2023-36900, CVE-2023-36903, CVE-2023-36904, CVE-2023-36905, CVE-2023-36906, CVE-2023-36907, CVE-2023-36908, CVE-2023-36909, CVE-2023-36910, CVE-2023-36911, CVE-2023-36912, CVE-2023-36913, CVE-2023-38154, CVE-2023-38172, CVE-2023-38184, CVE-2023-38254
    CVSS Scores
    Base 7.8 / Temporal 6.4
    Description
    Azure Stack Hub is an extension of Azure that provides a way to run apps in an on-premises environment and deliver Azure services in your datacenter.

    A complete Qualys vulnerability scan report for Microsoft Azure Stack Hub can be obtained at Azure Stack Vulnerability Scan Report.

    QID Detection Logic (Authenticated):
    This QID checks for the file version of ntoskrnl.exe, if this file version is less than 10.0.17763.11626, it is considered as vulnerable.

    Consequence
    Successful exploit could compromise Confidentiality, Integrity and Availability

    Solution
    Customers are encouraged to connect with Microsoft for obtaining more information about patches and upcoming releases.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    Azure Stack Hub

  • Microsoft Windows Security Update for August 2023

    Severity
    Urgent 5
    Qualys ID
    92046
    Vendor Reference
    KB5029242, KB5029244, KB5029247, KB5029250, KB5029253, KB5029259, KB5029263, KB5029295, KB5029296, KB5029301, KB5029304, KB5029307, KB5029308, KB5029312, KB5029318
    CVE Reference
    CVE-2023-20569, CVE-2023-35359, CVE-2023-35376, CVE-2023-35377, CVE-2023-35378, CVE-2023-35379, CVE-2023-35380, CVE-2023-35381, CVE-2023-35382, CVE-2023-35383, CVE-2023-35384, CVE-2023-35385, CVE-2023-35386, CVE-2023-35387, CVE-2023-36876, CVE-2023-36882, CVE-2023-36889, CVE-2023-36898, CVE-2023-36900, CVE-2023-36903, CVE-2023-36904, CVE-2023-36905, CVE-2023-36906, CVE-2023-36907, CVE-2023-36908, CVE-2023-36909, CVE-2023-36910, CVE-2023-36911, CVE-2023-36912, CVE-2023-36913, CVE-2023-36914, CVE-2023-38154, CVE-2023-38170, CVE-2023-38172, CVE-2023-38184, CVE-2023-38186, CVE-2023-38254
    CVSS Scores
    Base 7.5 / Temporal 6.2
    Description
    Microsoft Windows Security Update - August 2023

    The patch version is 6.3.9600.21501 for 5029312
    The patch version is 6.3.9600.21501 for 5029304
    The patch version is 6.2.9200.24412 for 5029295
    The patch version is 6.2.9200.24412 for 5029308
    The patch version is 6.1.7601.26662 for 5029296
    The patch version is 6.1.7601.26662 for 5029307
    The patch version is 6.0.6003.22214 for 5029318
    The patch version is 6.0.6003.22214 for 5029301
    The patch version is 10.0.14393.6167 for 5029242
    The patch version is 10.0.10240.20107 for 5029259
    The patch version is 10.0.19041.3324 for 5029244
    The patch version is 10.0.22621.2134 for 5029263
    The patch version is 10.0.22000.2295 for 5029253
    The patch version is 10.0.20348.1906 for 5029250
    The patch version is 10.0.17763.4737 for 5029247

    QID Detection Logic (Authenticated):

    This QID checks for the file version of 'ntoskrnl.exe'.

    Consequence
    Successful exploit could compromise Confidentiality, Integrity and Availability

    Solution
    Please refer to the following KB Articles associated with the update:
    5029312
    5029304
    5029295
    5029308
    5029296
    5029307
    5029318
    5029301
    5029242
    5029259
    5029244
    5029263
    5029253
    5029250
    5029247

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    KB5029242
    KB5029244
    KB5029247
    KB5029250
    KB5029253
    KB5029259
    KB5029263
    KB5029295
    KB5029296
    KB5029301
    KB5029304
    KB5029307
    KB5029308
    KB5029312
    KB5029318

  • Microsoft .NET Security Update for August 2023

    Severity
    Serious 3
    Qualys ID
    92047
    Vendor Reference
    CVE-2023-35390, CVE-2023-35391, CVE-2023-38178, CVE-2023-38180
    CVE Reference
    CVE-2023-35390, CVE-2023-35391, CVE-2023-38178, CVE-2023-38180
    CVSS Scores
    Base 7.2 / Temporal 5.3
    Description
    Microsoft has released a security Update for .NET which resolves Information Disclosure, Remote Code Execution, and Denial of Service vulnerabilities.

    Affected versions:
    .NET 6.0 before version 6.0.21
    .NET 7.0 before version 7.0.10

    QID Detection Logic: Authenticated
    On Windows, this QID detects vulnerable versions of Microsoft .NET by checking the file version.
    On Linux, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" and "/root/shared/Microsoft.NETCore.App" folders.
    On Mac, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" folder.

    Consequence
    Vulnerable versions of Microsoft Visual Studio are prone to Information Disclosure, Remote Code Execution, and Denial of Service vulnerabilities.

    Solution
    Customers are advised to refer to CVE-2023-35391, CVE-2023-35390, CVE-2023-38178, and CVE-2023-38180 for more information on these vulnerabilities and their patches.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2023-35390
    CVE-2023-35391
    CVE-2023-38178
    CVE-2023-38180

  • Microsoft Windows Codecs Library HEVC Video Extensions Remote Code Execution (RCE) Vulnerability for August 2023

    Severity
    Critical 4
    Qualys ID
    92049
    Vendor Reference
    CVE-2023-38170
    CVE Reference
    CVE-2023-38170
    CVSS Scores
    Base 4.6 / Temporal 3.4
    Description
    A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory.

    Affected Product:
    HEVC Video Extensions before 2.0.61931.0
    HEVC Video Extensions before 2.0.61933.0
    QID detection Logic:
    The gets the version of HEVCVideoExtension and AV1VideoExtension by querying wmi class Win32_InstalledStoreProgram.

    Consequence
    An attacker who successfully exploited this vulnerability can compromise confidentiality, integrity and availability of the system

    Solution
    Users are advised to check CVE-2023-38170

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2023-38170

  • Microsoft Visual Studio Security Updates for August 2023

    Severity
    Critical 4
    Qualys ID
    92052
    Vendor Reference
    CVE-2023-35390, CVE-2023-35391, CVE-2023-38178, CVE-2023-38180
    CVE Reference
    CVE-2023-35390, CVE-2023-35391, CVE-2023-38178, CVE-2023-38180
    CVSS Scores
    Base 8.7 / Temporal 6.8
    Description

    Microsoft has released security Updates for Visual Studio which resolve Security Feature Bypass and Escalation of Privileges Vulnerabilities.

    Affected Software:
    Microsoft Visual Studio 2022 version 17.6
    Microsoft Visual Studio 2022 version 17.4
    Microsoft Visual Studio 2022 version 17.2

    QID Detection Logic: Authenticated : Windows
    This QID detects vulnerable versions of Microsoft Visual Studio by checking the registry key "HKLM\SOFTWARE\Microsoft" and file "evenv.exe" to check the version of the Visual Studio.

    Consequence
    An unauthenticated attacker could bypass validation as a trusted source through a crafted certificate that could mislead a user to believing the file, they are installing is legitimate.

    Solution
    Customers are advised to refer to CVE-2023-35391,CVE-2023-38178,CVE-2023-38180,CVE-2023-35390 for more information on these vulnerabilities and their patches.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2023-35390
    CVE-2023-35391
    CVE-2023-36897
    CVE-2023-38178
    CVE-2023-38180

  • Microsoft Windows Defender Elevation of Privilege Vulnerability for August 2023

    Severity
    Critical 4
    Qualys ID
    92053
    Vendor Reference
    CVE-2023-38175
    CVE Reference
    CVE-2023-38175
    CVSS Scores
    Base 4.6 / Temporal 3.4
    Description
    Microsoft Defender is prone to Elevation of Privilege Vulnerability.

    Affected Software:
    Windows Defende Antimalware Platform

    Affected Version:
    Windows Defender prior to build 1.1.23060.3001
    QID Detection Logic (Authenticated):
    The authenticated check looks for a vulnerable version of file under system32 directory MpSigStub.exe

    Consequence
    An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.
    Solution
    Users are advised to check CVE-2023-38175 for more information.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2023-38175

These new vulnerability checks are included in Qualys vulnerability signature 2.5.835-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.

Selective Scan Instructions Using Qualys

To perform a selective vulnerability scan, configure a scan profile to use the following options:

  1. Ensure access to TCP ports 135 and 139 are available.
  2. Enable Windows Authentication (specify Authentication Records).
  3. Enable the following Qualys IDs:
    • 110443
    • 110444
    • 110445
    • 378744
    • 378755
    • 50127
    • 92042
    • 92043
    • 92044
    • 92045
    • 92046
    • 92047
    • 92049
    • 92052
    • 92053
  4. If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
  5. If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.

In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.

Access for Qualys Customers

Platforms and Platform Identification

Technical Support

For more information, customers may contact Qualys Technical Support.

About Qualys

The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.