Microsoft security alert.
August 8, 2023
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 78 vulnerabilities that were fixed in 15 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 15 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Outlook Spoofing Vulnerability for August 2023
- Severity
- Critical 4
- Qualys ID
- 110443
- Vendor Reference
- KB5002449, KB5002459
- CVE Reference
- CVE-2023-36893
- CVSS Scores
- Base 7.8 / Temporal 5.8
- Description
-
Microsoft has released August 2023 security updates for outlook to fix a Spoofing Vulnerability.
This security update contains the following KBs:
KB5002449
KB5002459
QID Detection Logic:
This authenticated QID checks the file versions from the Microsoft advisory with the versions on affected outlook applications. - Consequence
-
Successful exploitation will lead to Spoofing Vulnerability.
- Solution
-
Refer to Microsoft Security Guide, KB5002449, KB5002459 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
August 2023
-
Microsoft SharePoint Server Update for August 2023
- Severity
- Critical 4
- Qualys ID
- 110444
- Vendor Reference
- 5002398, KB5002422, KB5002436, KB5002437, KB5002453
- CVE Reference
- CVE-2023-36890, CVE-2023-36891, CVE-2023-36892, CVE-2023-36894
- CVSS Scores
- Base 9 / Temporal 6.7
- Description
-
Microsoft has released August 2023 security updates security updates to fix multiple security vulnerabilities.
This security update contains the following KBs:
KB5002437
KB5002436
KB5002422
KB5002453
KB5002398QID Detection Logic (Authenticated):
Operating System: Windows
- Consequence
- Successful exploitation allows spoofing.
- Solution
-
Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
KB5002437
KB5002436
KB5002422
KB5002453
KB5002398
Patches:
The following are links for downloading patches to fix these vulnerabilities:
August 2023
-
Microsoft Office Security Update for August 2023
- Severity
- Critical 4
- Qualys ID
- 110445
- Vendor Reference
- 5002451, KB5002435, KB5002445, KB5002463, KB5002464
- CVE Reference
- CVE-2023-35371, CVE-2023-35372, CVE-2023-36865, CVE-2023-36866, CVE-2023-36893, CVE-2023-36895, CVE-2023-36896, CVE-2023-36897
- CVSS Scores
- Base 7.2 / Temporal 5.3
- Description
-
Microsoft has released August 2023 security updates to fix multiple security vulnerabilities.
This security update contains the following:
Office Click-2-Run and Office 365 Release Notes
KB5002451
KB5002463
KB5002435
KB5002445
KB5002464
QID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office. Patched Versions for Microsoft 365 Apps for enterprise, Microsoft 365 Apps for business, Office 2016 Retail (C2R), Office 2019, Office Current Channel: Version 2307 (Build 16626.20170) Monthly Enterprise Channel: Version 2306 (Build 16529.20226).
Monthly Enterprise Channel: Version 2305 (Build 16501.20286).
Semi-Annual Enterprise Channel (Preview): Version 2302 (Build 16130.20714).
Semi-Annual Enterprise Channel: Version 2302 (Build 16130.20714).
Semi-Annual Enterprise Channel: Version 2208 (Build 15601.20742).
Semi-Annual Enterprise Channel: Version 2202 (Build 14931.21078).
Office 2021 Retail: Version 2307 (Build 16626.20170).
Office 2019 Retail: Version 2307 (Build 16626.20170).
Office 2016 Retail: Version 2306 Version 2307 (Build 16626.20170).
Office LTSC 2021 Volume Licensed: Version 2108 (Build 14332.20546).
Office 2019 Volume Licensed: Version 1808 (Build 10401.20025).
Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
- Consequence
-
Successful exploitation allows an attacker to execute code remotely.
- Solution
-
KB5002451
KB5002463
KB5002435
KB5002445
KB5002464
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft office July 2023
-
Microsoft Edge Based on Chromium Prior to 115.0.1901.200/Extended Stable Version 114.0.1823.106 Multiple Vulnerabilities
- Severity
- Critical 4
- Qualys ID
- 378744
- Vendor Reference
- Edge (chromium based) 115.0.1901.200
- CVE Reference
- CVE-2023-4068, CVE-2023-4069, CVE-2023-4070, CVE-2023-4071, CVE-2023-4072, CVE-2023-4073, CVE-2023-4074, CVE-2023-4075, CVE-2023-4076, CVE-2023-4077, CVE-2023-4078, CVE-2023-38157
- CVSS Scores
- Base 5.4 / Temporal 4.3
- Description
-
EdgeChromium has released security update for Mac and Windows to fix the vulnerabilities.
QID Detection Logic: (Authenticated).
It checks package versions to check for the vulnerable packages.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. - Consequence
- Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
- Solution
-
Customers are advised to upgrade to version 115.0.1901.200 or later
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Edge (chromium based) 115.0.1901.200
-
Microsoft Teams Remote Code Execution (RCE) Vulnerability for August 2023
- Severity
- Critical 4
- Qualys ID
- 378755
- Vendor Reference
- CVE-2023-29328, CVE-2023-29330
- CVE Reference
- CVE-2023-29328, CVE-2023-29330
- CVSS Scores
- Base 7.8 / Temporal 5.8
- Description
-
Microsoft Teams is a proprietary business communication platform and primarily competes with the similar service Slack, offering workspace chat and videoconferencing, file storage, and application integration.
Affected Versions:
Microsoft Teams for Desktop Versions Prior to 1.6.00.18681
QID Detection Logic(Auth):
QID checks for the vulnerable version of Teams.
- Consequence
-
Vulnerable versions of Microsoft Teams are prone to Remote Code Execution Vulnerability
- Solution
-
The vendor has addressed this vulnerability in Microsoft Teams
For more information, please visit CVE-2023-29328 For more information, please visit CVE-2023-29330Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2023-29328
CVE-2023-29330
-
Microsoft Exchange Server Multiple Vulnerabilities for August 2023
- Severity
- Urgent 5
- Qualys ID
- 50127
- Vendor Reference
- KB5029388
- CVE Reference
- CVE-2023-21709, CVE-2023-35368, CVE-2023-35388, CVE-2023-38181, CVE-2023-38182, CVE-2023-38185
- CVSS Scores
- Base 7.5 / Temporal 5.5
- Description
-
Microsoft Exchange Server 2016 and 2019 are affected by multiple vulnerabilities.
KB Articles associated with this update are: KB5029388 or KB5030524
Affected Versions:
Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 12
Microsoft Exchange Server 2019 Cumulative Update 13QID Detection Logic (Authenticated):
The QID checks for vulnerable version of Microsoft Exchange Server by checking the file version of Exsetup.exe.Note: For CVE-2023-21709: There is script available, run the CVE-2023-21709.ps1 script
- Consequence
-
Successful exploitation of the vulnerability may allow remote code execution, elevation of privilege and spoofing
- Solution
-
Microsoft has released patch, customers are advised to refer to 5029388 or 5030524for information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5029388
KB5030524
-
Microsoft .NET Framework Security Update for August 2023
- Severity
- Serious 3
- Qualys ID
- 92042
- Vendor Reference
- KB5028948, KB5028952, KB5029566, KB5029567, KB5029568, KB5029569, KB5029647, KB5029648, KB5029649, KB5029650, KB5029651, KB5029652, KB5029653, KB5029654, KB5029655
- CVE Reference
- CVE-2023-36873, CVE-2023-36899
- CVSS Scores
- Base 7.1 / Temporal 5.6
- Description
-
An Elevation of Privileges and Spoofing Vulnerabilities exist in Microsoft .Net Framework.
Following KBs are covered in this detection:
KB5029654
KB5029569
KB5029649
KB5029655
KB5029653
KB5029568
KB5029647
KB5029650
KB5028952
KB5028948
KB5029648
KB5029652
KB5029567
KB5029651
KB5029566This security update is rated Important for supported versions of Microsoft .NET Framework.
.NET Framework 2.0, 3.0, 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, and 4.8.1QID Detection Logic (Authenticated):
Checks for vulnerable file version of ntoskrnl.exe or Mscorlib.dll or System.core.dll or System.web.dll for the respective .Net Framework KBs
- Consequence
-
Successful exploitation may allow a attacker to exploit Elevation of Privileges and/or Spoofing vulnerabilities.
- Solution
-
Customers are advised to refer to CVE-2023-36899 and CVE-2023-36873 for more details pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2023-36873
CVE-2023-36899
-
Microsoft Dynamics Business Central Elevation of Privilege Vulnerability for August 2023
- Severity
- Critical 4
- Qualys ID
- 92043
- Vendor Reference
- CVE-2023-38167
- CVE Reference
- CVE-2023-38167
- CVSS Scores
- Base 6.5 / Temporal 4.8
- Description
-
Microsoft Dynamics 365 Business Central is an enterprise resource planning system from Microsoft. The product is part of the Microsoft Dynamics family, and shares the same codebase as NAV.
CVE-2023-38167:Microsoft Dynamics Business Central Elevation Of Privilege Vulnerability.Affected Software:
Microsoft Dynamics 365 Business Central 2023 Release Wave 1 - Update
QID Detection Logic(Authenticated):
This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.Dynamics.Nav.Server.exe - Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
- Solution
-
Customers are advised to refer to CVE-2023-38167 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5029765
-
Azure DevOps Server Spoofing Vulnerability for August 2023
- Severity
- Serious 3
- Qualys ID
- 92044
- Vendor Reference
- CVE-2023-36869
- CVE Reference
- CVE-2023-36869
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
Azure DevOps Server is a Microsoft product that provides version control, reporting, requirements management, project management, automated builds, testing, and release management capabilities.
CVE-2023-36869: Azure DevOps Server Spoofing Vulnerability.Affected Software:
Azure DevOps Server 2019.0.1
Azure DevOps Server 2019.1.2
Azure DevOps Server 2020.1.2
Azure DevOps Server 2022.0.1QID Detection Logic(Authenticated):
This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.TeamFoundation.Framework.Server.dll.
- Consequence
-
Successful exploitation could allow spoofing vulnerability.
- Solution
-
Customers are advised to refer to CVE-2023-36869 for more details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2023-36869
-
Microsoft Azure Stack Hub Security Updates for August 2023
- Severity
- Critical 4
- Qualys ID
- 92045
- Vendor Reference
- Azure Stack Hub
- CVE Reference
- CVE-2023-20569, CVE-2023-35359, CVE-2023-35376, CVE-2023-35377, CVE-2023-35378, CVE-2023-35380, CVE-2023-35381, CVE-2023-35382, CVE-2023-35383, CVE-2023-35384, CVE-2023-35385, CVE-2023-35386, CVE-2023-35387, CVE-2023-36882, CVE-2023-36889, CVE-2023-36900, CVE-2023-36903, CVE-2023-36904, CVE-2023-36905, CVE-2023-36906, CVE-2023-36907, CVE-2023-36908, CVE-2023-36909, CVE-2023-36910, CVE-2023-36911, CVE-2023-36912, CVE-2023-36913, CVE-2023-38154, CVE-2023-38172, CVE-2023-38184, CVE-2023-38254
- CVSS Scores
- Base 7.8 / Temporal 6.4
- Description
-
Azure Stack Hub is an extension of Azure that provides a way to run apps in an on-premises environment and deliver Azure services in your datacenter.
A complete Qualys vulnerability scan report for Microsoft Azure Stack Hub can be obtained at Azure Stack Vulnerability Scan Report.
QID Detection Logic (Authenticated):
This QID checks for the file version of ntoskrnl.exe, if this file version is less than 10.0.17763.11626, it is considered as vulnerable.
- Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
- Solution
-
Customers are encouraged to connect with Microsoft for obtaining more information about patches and upcoming releases.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Azure Stack Hub
-
Microsoft Windows Security Update for August 2023
- Severity
- Urgent 5
- Qualys ID
- 92046
- Vendor Reference
- KB5029242, KB5029244, KB5029247, KB5029250, KB5029253, KB5029259, KB5029263, KB5029295, KB5029296, KB5029301, KB5029304, KB5029307, KB5029308, KB5029312, KB5029318
- CVE Reference
- CVE-2023-20569, CVE-2023-35359, CVE-2023-35376, CVE-2023-35377, CVE-2023-35378, CVE-2023-35379, CVE-2023-35380, CVE-2023-35381, CVE-2023-35382, CVE-2023-35383, CVE-2023-35384, CVE-2023-35385, CVE-2023-35386, CVE-2023-35387, CVE-2023-36876, CVE-2023-36882, CVE-2023-36889, CVE-2023-36898, CVE-2023-36900, CVE-2023-36903, CVE-2023-36904, CVE-2023-36905, CVE-2023-36906, CVE-2023-36907, CVE-2023-36908, CVE-2023-36909, CVE-2023-36910, CVE-2023-36911, CVE-2023-36912, CVE-2023-36913, CVE-2023-36914, CVE-2023-38154, CVE-2023-38170, CVE-2023-38172, CVE-2023-38184, CVE-2023-38186, CVE-2023-38254
- CVSS Scores
- Base 7.5 / Temporal 6.2
- Description
-
Microsoft Windows Security Update - August 2023
The patch version is 6.3.9600.21501 for 5029312
The patch version is 6.3.9600.21501 for 5029304
The patch version is 6.2.9200.24412 for 5029295
The patch version is 6.2.9200.24412 for 5029308
The patch version is 6.1.7601.26662 for 5029296
The patch version is 6.1.7601.26662 for 5029307
The patch version is 6.0.6003.22214 for 5029318
The patch version is 6.0.6003.22214 for 5029301
The patch version is 10.0.14393.6167 for 5029242
The patch version is 10.0.10240.20107 for 5029259
The patch version is 10.0.19041.3324 for 5029244
The patch version is 10.0.22621.2134 for 5029263
The patch version is 10.0.22000.2295 for 5029253
The patch version is 10.0.20348.1906 for 5029250
The patch version is 10.0.17763.4737 for 5029247QID Detection Logic (Authenticated):
This QID checks for the file version of 'ntoskrnl.exe'.
- Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
- Solution
-
Please refer to the following KB Articles associated with the update:
5029312
5029304
5029295
5029308
5029296
5029307
5029318
5029301
5029242
5029259
5029244
5029263
5029253
5029250
5029247
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5029242
KB5029244
KB5029247
KB5029250
KB5029253
KB5029259
KB5029263
KB5029295
KB5029296
KB5029301
KB5029304
KB5029307
KB5029308
KB5029312
KB5029318
-
Microsoft .NET Security Update for August 2023
- Severity
- Serious 3
- Qualys ID
- 92047
- Vendor Reference
- CVE-2023-35390, CVE-2023-35391, CVE-2023-38178, CVE-2023-38180
- CVE Reference
- CVE-2023-35390, CVE-2023-35391, CVE-2023-38178, CVE-2023-38180
- CVSS Scores
- Base 7.2 / Temporal 5.3
- Description
-
Microsoft has released a security Update for .NET which resolves Information Disclosure, Remote Code Execution, and Denial of Service vulnerabilities.
Affected versions:
.NET 6.0 before version 6.0.21
.NET 7.0 before version 7.0.10
QID Detection Logic: Authenticated
On Windows, this QID detects vulnerable versions of Microsoft .NET by checking the file version.
On Linux, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" and "/root/shared/Microsoft.NETCore.App" folders.
On Mac, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" folder.
- Consequence
-
Vulnerable versions of Microsoft Visual Studio are prone to Information Disclosure, Remote Code Execution, and Denial of Service vulnerabilities.
- Solution
-
Customers are advised to refer to CVE-2023-35391, CVE-2023-35390, CVE-2023-38178, and CVE-2023-38180 for more information on these vulnerabilities and their patches.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2023-35390
CVE-2023-35391
CVE-2023-38178
CVE-2023-38180
-
Microsoft Windows Codecs Library HEVC Video Extensions Remote Code Execution (RCE) Vulnerability for August 2023
- Severity
- Critical 4
- Qualys ID
- 92049
- Vendor Reference
- CVE-2023-38170
- CVE Reference
- CVE-2023-38170
- CVSS Scores
- Base 4.6 / Temporal 3.4
- Description
-
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory.
Affected Product:
HEVC Video Extensions before 2.0.61931.0
HEVC Video Extensions before 2.0.61933.0
QID detection Logic:
The gets the version of HEVCVideoExtension and AV1VideoExtension by querying wmi class Win32_InstalledStoreProgram. - Consequence
-
An attacker who successfully exploited this vulnerability can compromise confidentiality, integrity and availability of the system
- Solution
-
Users are advised to check CVE-2023-38170
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2023-38170
-
Microsoft Visual Studio Security Updates for August 2023
- Severity
- Critical 4
- Qualys ID
- 92052
- Vendor Reference
- CVE-2023-35390, CVE-2023-35391, CVE-2023-38178, CVE-2023-38180
- CVE Reference
- CVE-2023-35390, CVE-2023-35391, CVE-2023-38178, CVE-2023-38180
- CVSS Scores
- Base 8.7 / Temporal 6.8
- Description
-
Microsoft has released security Updates for Visual Studio which resolve Security Feature Bypass and Escalation of Privileges Vulnerabilities.
Affected Software:
Microsoft Visual Studio 2022 version 17.6
Microsoft Visual Studio 2022 version 17.4
Microsoft Visual Studio 2022 version 17.2
QID Detection Logic: Authenticated : Windows
This QID detects vulnerable versions of Microsoft Visual Studio by checking the registry key "HKLM\SOFTWARE\Microsoft" and file "evenv.exe" to check the version of the Visual Studio.
- Consequence
-
An unauthenticated attacker could bypass validation as a trusted source through a crafted certificate that could mislead a user to believing the file, they are installing is legitimate.
- Solution
-
Customers are advised to refer to CVE-2023-35391,CVE-2023-38178,CVE-2023-38180,CVE-2023-35390 for more information on these vulnerabilities and their patches.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2023-35390
CVE-2023-35391
CVE-2023-36897
CVE-2023-38178
CVE-2023-38180
-
Microsoft Windows Defender Elevation of Privilege Vulnerability for August 2023
- Severity
- Critical 4
- Qualys ID
- 92053
- Vendor Reference
- CVE-2023-38175
- CVE Reference
- CVE-2023-38175
- CVSS Scores
- Base 4.6 / Temporal 3.4
- Description
-
Microsoft Defender is prone to Elevation of Privilege Vulnerability.
Affected Software:
Windows Defende Antimalware PlatformAffected Version:
Windows Defender prior to build 1.1.23060.3001
QID Detection Logic (Authenticated):
The authenticated check looks for a vulnerable version of file under system32 directory MpSigStub.exe
- Consequence
- An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.
- Solution
-
Users are advised to check CVE-2023-38175 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2023-38175
These new vulnerability checks are included in Qualys vulnerability signature 2.5.835-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 110443
- 110444
- 110445
- 378744
- 378755
- 50127
- 92042
- 92043
- 92044
- 92045
- 92046
- 92047
- 92049
- 92052
- 92053
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.