Microsoft security alert.
October 10, 2023
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 96 vulnerabilities that were fixed in 12 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 12 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Office Security Update for October 2023
- Severity
- Critical 4
- Qualys ID
- 110449
- Vendor Reference
- CVE-2023-36565, CVE-2023-36568, CVE-2023-36569
- CVE Reference
- CVE-2023-36565, CVE-2023-36568, CVE-2023-36569
- CVSS Scores
- Base 7.2 / Temporal 5.3
- Description
-
Microsoft has released October 2023 security updates to fix Elevation of Privilege vulnerabilities.
This security update contains the following:
Office Click-2-Run and Office 365 Release Notes
QID Detection Logic (Authenticated):
Operating System: Windows
- Consequence
-
Successful exploitation allows an attacker to perform Elevation of Privileges.
- Solution
-
Customers are advised to refer to these CVE Articles:
CVE-2023-36569, CVE-2023-36568, and CVE-2023-36565 for more information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft office October 2023
-
Microsoft Skype for Business Server Security Update for October 2023
- Severity
- Critical 4
- Qualys ID
- 110450
- Vendor Reference
- CVE-2023-36780, CVE-2023-36786, CVE-2023-36789, CVE-2023-41763
- CVE Reference
- CVE-2023-36780, CVE-2023-36786, CVE-2023-36789, CVE-2023-41763
- CVSS Scores
- Base 6.5 / Temporal 5.1
- Description
-
Microsoft has released updates to fix multiples updates to fix issues on Microsoft Skype for Business Server and Microsoft Lync Server..
Affected Software:
Microsoft Skype for Business Server 2015 CU13
Microsoft Skype for Business Server 2019 CU7 - Consequence
-
Successful exploitation of vulnerability can lead to Escalation of Privileges or Remote Code Execution Vulnerability
- Solution
-
Customers are advised to refer to these CVE Articles:
CVE-2023-41763, CVE-2023-36780, CVE-2023-36789 and CVE-2023-36786 for more information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2023-36780
CVE-2023-36786
CVE-2023-36789
CVE-2023-41763
-
Microsoft SQL Server, ODBC and OLE DB Driver for SQL Server Multiple Vulnerabilities for October 2023
- Severity
- Critical 4
- Qualys ID
- 378931
- Vendor Reference
- CVE-2023-36417, CVE-2023-36420, CVE-2023-36728, CVE-2023-36730, CVE-2023-36785
- CVE Reference
- CVE-2023-36417, CVE-2023-36420, CVE-2023-36728, CVE-2023-36730, CVE-2023-36785
- CVSS Scores
- Base 4.6 / Temporal 3.4
- Description
-
Microsoft has released a security update to addressed a Remote Code Execution Vulnerability in OLE DB and ODBC driver for SQL Server. Both of these are APIs for Microsoft SQL server that provide access to a range of data sources.
Affected Software:
Microsoft ODBC Driver 17 for SQL Server on Windows version prior to 17.10.5.1
Microsoft ODBC Driver 18 for SQL Server on Windows version prior to 18.3.2.1
Microsoft ODBC Driver 17 for SQL Server on Linux version prior to 17.10.5.1
Microsoft ODBC Driver 18 for SQL Server on Linux version prior to 18.3.2.1
Microsoft SQL Server 2022 for x64-based Systems (GDR)
Microsoft SQL Server 2019 for x64-based Systems (GDR)
Microsoft SQL Server 2022 for x64-based Systems ( (CU 8))
Microsoft SQL Server 2019 for x64-based Systems (CU 22)
Microsoft SQL Server 2017 for x64-based Systems (CU 31)
Microsoft SQL Server 2017 for x32-based Systems (CU 31)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack
Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU 4)
Microsoft SQL Server 2014 Service Pack 3 for x32-based Systems (GDR) Microsoft OLE DB Driver 19 for SQL Server version prior to 19.3.2.0
Microsoft OLE DB Driver 18 for SQL Server version prior to 18.6.7.0
QID Detection Logic (Authenticated):
On Windows, this QID checks for the vulnerable version of ODBC and OLE DB via the registry keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft and HKEY_LOCAL_MACHINE\WOW6432Node\SOFTWARE\Microsoft and the related sub keys for ODBC and OLE DB.
On Linux, this QID checks for the vulnerable version of ODBC based on the installed package.
- Consequence
-
Successful exploitation may lead to remote code execution and denial of service.
- Solution
-
Customers are advised to refer to CVE-2023-36728, CVE-2023-36730, CVE-2023-36420, CVE-2023-36785, CVE-2023-36417, for more information regarding the vulnerabilities and their patches.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2023-36417
CVE-2023-36420
CVE-2023-36728
CVE-2023-36730
CVE-2023-36785
-
Microsoft Windows HTTP/2 Protocol Disabled via Registry
- Severity
- Minimal 1
- Qualys ID
- 45590
- Vendor Reference
- N/A
- CVE Reference
- N/A
- CVSS Scores
- Base / Temporal
- Description
-
HTTP/2 is a major revision of the HTTP network protocol used by the World Wide Web.
HTTP/2 protocol can be updated via Registry on your web server by using the Registry Editor.
Set DWORD type values EnableHttp2TIs and EnableHttp2Cleartext to one of the following:
Set to 0 to disable HTTP/2
Set to 1 to enable HTTP/2
QID Detection Logic:(Authenticated)
Through the registry key "HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters", this QID determines if the HTTP/2 protocol is disabled on the computer.
- Consequence
- NA
- Solution
-
Customers are advised to refer to HTTP/2 for using the registry editor to update a registry key.
-
Microsoft Exchange Server Remote Code Execution (RCE) Vulnerability
- Severity
- Critical 4
- Qualys ID
- 50130
- Vendor Reference
- 5030877
- CVE Reference
- CVE-2023-36778
- CVSS Scores
- Base 5.8 / Temporal 4.3
- Description
-
Microsoft Exchange Server 2016 and 2019 are affected by multiple vulnerabilities.
KB Articles associated with this update are: KB5030524
Affected Versions:
Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 12
Microsoft Exchange Server 2019 Cumulative Update 13QID Detection Logic (Authenticated):
The QID checks for vulnerable version of Microsoft Exchange Server by checking the file version of Exsetup.exe. - Consequence
-
Successful exploitation of the vulnerability may allow remote code execution and spoofing
- Solution
-
Microsoft has released patch, customers are advised to refer to KB5030877 for information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
5030877
-
Microsoft Dynamics 365 Security Update for October 2023
- Severity
- Serious 3
- Qualys ID
- 92066
- Vendor Reference
- CVE-2023-36429
- CVE Reference
- CVE-2023-36429
- CVSS Scores
- Base 5.5 / Temporal 4.1
- Description
-
Microsoft Dynamics 365 is a product line of enterprise resource planning and customer relationship management intelligent business applications.
Affected Software:
Microsoft Dynamics 365 (on-premises) prior to 9.0.50.03
Microsoft Dynamics 365 (on-premises) prior to 9.1.22.04QID Detection Logic(Authenticated):
This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.Crm.Setup.Server.exe:
- Consequence
-
Successful exploitation of this vulnerability could lead to a Cross-site Scripting Vulnerability
- Solution
-
Customers are advised to refer to CVE-2023-36429 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2023-36429
CVE-2023-36433
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36416
-
Microsoft HTTP/2 Protocol Distributed Denial of Service (DoS) Vulnerability
- Severity
- Critical 4
- Qualys ID
- 92067
- Vendor Reference
- Microsoft Security Advisory
- CVE Reference
- CVE-2023-44487
- CVSS Scores
- Base 5 / Temporal 4.1
- Description
-
CVE-2023-44487: The HTTP/2 protocol is vulnerable to Distributed Denial of Service (DDoS) attack also known as 'HTTP/2 Rapid Reset' attack. This allows malicious actors to launch a DDoS attack targeting HTTP/2 servers.
Affected Products:
Windows Server 2019
Windows Server 2016
Windows Server 2022
Windows 11 Version 21H2
Windows 11 Version 22H2
Windows 10 Version 21H2
Windows 10 Version 22H2
Windows 10 Version 1607
Microsoft Windows 10 Version 1809
.NET 7.0 and 6.0
ASP.NET Core 7.0 and 6.0
Microsoft Visual Studio 2022 version 17.2
Microsoft Visual Studio 2022 version 17.4
Microsoft Visual Studio 2022 version 17.6
Microsoft Visual Studio 2022 version 17.7QID Detection Logic:
Windows: This QID checks for the file version of 'http.sys'. and also checks for the HTTP/2 protocol is enabled via registry key "HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters"
.Net:
On Windows, this QID detects vulnerable versions of Microsoft .NET by checking the file version.
On Linux, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" and "/root/shared/Microsoft.NETCore.App" folders.
On Mac, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" folder.
Asp.Net: The qid looks for sub directories under %programfiles%\dotnet\shared\Microsoft.NETCore.App, %programfiles(x86)%\dotnet\shared\Microsoft.NETCore.App and checks for vulnerable versions in .version file on Windows.
Visual Studio: This QID detects vulnerable versions of Microsoft Visual Studio by checking the registry key "HKLM\SOFTWARE\Microsoft" and file "evenv.exe" to check the version of the Visual Studio.
- Consequence
- Successful exploitation of this vulnerability may allow an attacker targeting HTTP/2 servers to consume server resource significantly leads to denial of service.
- Solution
-
Customers are advised to refer to Microsoft Security Advisory for more information pertaining to this vulnerability.
Workaround:
Microsoft strongly recommends that you install the updates for this vulnerability as soon as possible even if you plan to leave either of these workarounds in place:1. Disable the HTTP/2 protocol on your web server by using the Registry Editor
2. Include a protocols setting for each Kestral endpoint to limit your application to HTTP1.1Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Security Advisory
-
Azure DevOps Server Security Update for October 2023
- Severity
- Critical 4
- Qualys ID
- 92068
- Vendor Reference
- CVE-2023-36561
- CVE Reference
- CVE-2023-36561
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
Azure DevOps Server is a Microsoft product that provides version control, reporting, requirements management, project management, automated builds, testing, and release management capabilities.
Affected Software:
Azure DevOps Server 2020.1.2
Azure DevOps Server 2020.0.2
Azure DevOps Server 2022.0.1QID Detection Logic(Authenticated):
This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.TeamFoundation.Framework.Server.dll.
- Consequence
-
An attacker who successfully exploited this vulnerability could gain users privileges.
- Solution
-
Customers are advised to refer to CVE-2023-36561 for more details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2023-36561
-
Microsoft Windows Security Update for October 2023
- Severity
- Urgent 5
- Qualys ID
- 92069
- Vendor Reference
- KB5031354, KB5031356, KB5031358, KB5031361, KB5031362, KB5031364, KB5031377, KB5031407, KB5031408, KB5031411, KB5031416, KB5031419, KB5031427, KB5031441, KB5031442
- CVE Reference
- CVE-2023-29348, CVE-2023-35349, CVE-2023-36431, CVE-2023-36434, CVE-2023-36435, CVE-2023-36436, CVE-2023-36438, CVE-2023-36557, CVE-2023-36563, CVE-2023-36564, CVE-2023-36567, CVE-2023-36570, CVE-2023-36571, CVE-2023-36572, CVE-2023-36573, CVE-2023-36574, CVE-2023-36575, CVE-2023-36576, CVE-2023-36577, CVE-2023-36578, CVE-2023-36579, CVE-2023-36581, CVE-2023-36582, CVE-2023-36583, CVE-2023-36584, CVE-2023-36585, CVE-2023-36589, CVE-2023-36590, CVE-2023-36591, CVE-2023-36592, CVE-2023-36593, CVE-2023-36594, CVE-2023-36596, CVE-2023-36598, CVE-2023-36602, CVE-2023-36603, CVE-2023-36605, CVE-2023-36606, CVE-2023-36697, CVE-2023-36698, CVE-2023-36701, CVE-2023-36702, CVE-2023-36703, CVE-2023-36704, CVE-2023-36706, CVE-2023-36707, CVE-2023-36709, CVE-2023-36710, CVE-2023-36711, CVE-2023-36712, CVE-2023-36713, CVE-2023-36717, CVE-2023-36718, CVE-2023-36720, CVE-2023-36721, CVE-2023-36722, CVE-2023-36723, CVE-2023-36724, CVE-2023-36725, CVE-2023-36726, CVE-2023-36729, CVE-2023-36731, CVE-2023-36732, CVE-2023-36743, CVE-2023-36776, CVE-2023-36790, CVE-2023-36902, CVE-2023-38159, CVE-2023-38166, CVE-2023-38171, CVE-2023-41765, CVE-2023-41766, CVE-2023-41767, CVE-2023-41768, CVE-2023-41769, CVE-2023-41770, CVE-2023-41771, CVE-2023-41772, CVE-2023-41773, CVE-2023-41774
- CVSS Scores
- Base 7.5 / Temporal 6.2
- Description
-
Microsoft Windows Security Update - October 2023
Patch version is 6.3.9600.21620 for KB5031419
Patch version is 6.3.9600.21620 for KB5031407
Patch version is 6.2.9200.24523 for KB5031442
Patch version is 6.2.9200.24523 for KB5031427
Patch version is 6.1.7601.26769 for KB5031408
Patch version is 6.1.7601.26769 for KB5031441
Patch version is 6.0.6003.22317 for KB5031416
Patch version is 6.0.6003.22317 for KB5031411
Patch version is 10.0.14393.6343 for KB5031362
Patch version is 10.0.10240.20232 for KB5031377
Patch version is 10.0.19041.3570 for KB5031356
Patch version is 10.0.22621.2428 for KB5031354
Patch version is 10.0.22000.2538 for KB5031358
Patch version is 10.0.20348.2031 for KB5031364
Patch version is 10.0.17763.4974 for KB5031361QID Detection Logic (Authenticated):
This QID checks for the file version of 'ntoskrnl.exe'.
- Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
- Solution
-
Please refer to the following KB Articles associated with the update:
KB5031419
KB5031407
KB5031442
KB5031427
KB5031408
KB5031441
KB5031416
KB5031411
KB5031362
KB5031377
KB5031356
KB5031354
KB5031358
KB5031364
KB5031361Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5031354
KB5031356
KB5031358
KB5031361
KB5031362
KB5031364
KB5031377
KB5031407
KB5031408
KB5031411
KB5031416
KB5031419
KB5031427
KB5031441
KB5031442
-
Microsoft Azure Stack Hub Security Updates for October 2023
- Severity
- Urgent 5
- Qualys ID
- 92070
- Vendor Reference
- Azure Stack Hub
- CVE Reference
- CVE-2023-29348, CVE-2023-35349, CVE-2023-36431, CVE-2023-36434, CVE-2023-36436, CVE-2023-36438, CVE-2023-36557, CVE-2023-36563, CVE-2023-36564, CVE-2023-36567, CVE-2023-36570, CVE-2023-36571, CVE-2023-36572, CVE-2023-36573, CVE-2023-36574, CVE-2023-36575, CVE-2023-36576, CVE-2023-36577, CVE-2023-36578, CVE-2023-36579, CVE-2023-36581, CVE-2023-36582, CVE-2023-36583, CVE-2023-36584, CVE-2023-36585, CVE-2023-36589, CVE-2023-36590, CVE-2023-36591, CVE-2023-36592, CVE-2023-36593, CVE-2023-36594, CVE-2023-36596, CVE-2023-36598, CVE-2023-36602, CVE-2023-36603, CVE-2023-36605, CVE-2023-36606, CVE-2023-36697, CVE-2023-36698, CVE-2023-36701, CVE-2023-36702, CVE-2023-36703, CVE-2023-36704, CVE-2023-36706, CVE-2023-36707, CVE-2023-36709, CVE-2023-36710, CVE-2023-36711, CVE-2023-36712, CVE-2023-36713, CVE-2023-36717, CVE-2023-36718, CVE-2023-36720, CVE-2023-36721, CVE-2023-36722, CVE-2023-36723, CVE-2023-36724, CVE-2023-36725, CVE-2023-36726, CVE-2023-36729, CVE-2023-36731, CVE-2023-36732, CVE-2023-36743, CVE-2023-36776, CVE-2023-36902, CVE-2023-38159, CVE-2023-38166, CVE-2023-41765, CVE-2023-41766, CVE-2023-41767, CVE-2023-41768, CVE-2023-41769, CVE-2023-41770, CVE-2023-41771, CVE-2023-41772, CVE-2023-41773, CVE-2023-41774, CVE-2023-44487
- CVSS Scores
- Base 10 / Temporal 8.3
- Description
-
Azure Stack Hub is an extension of Azure that provides a way to run apps in an on-premises environment and deliver Azure services in your datacenter.
A complete Qualys vulnerability scan report for Microsoft Azure Stack Hub can be obtained at Azure Stack Vulnerability Scan Report.
QID Detection Logic (Authenticated):
This QID checks for the file version of ntoskrnl.exe, if this file version is less than 10.0.17763.11748, it is considered as vulnerable.
- Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
- Solution
-
Customers are encouraged to connect with Microsoft for obtaining more information about patches and upcoming releases.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Azure Stack Hub
-
Microsoft Visual Studio Security Updates for October 2023
- Severity
- Serious 3
- Qualys ID
- 92071
- Vendor Reference
- CVE-2023-38171
- CVE Reference
- CVE-2023-38171
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
Microsoft has released security updates for Visual Studio which resolves the Denial of Service vulnerability.
Affected Software:
Microsoft Visual Studio 2022 version 17.7
Microsoft Visual Studio 2022 version 17.6
Microsoft Visual Studio 2022 version 17.4
Microsoft Visual Studio 2022 version 17.2QID Detection Logic: Authenticated : Windows
This QID detects vulnerable versions of Microsoft Visual Studio by checking the registry key "HKLM\SOFTWARE\Microsoft" and file "devenv.exe" to check the version of the Visual Studio.
- Consequence
-
Vulnerable versions of Microsoft Visual Studio are prone to Denial of Service vulnerability.
- Solution
-
Customers are advised to refer to CVE-2023-38171 for more information on the vulnerability and it's patch.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2023-38171
-
Microsoft .NET Security Update for October 2023
- Severity
- Serious 3
- Qualys ID
- 92072
- Vendor Reference
- CVE-2023-36435, CVE-2023-38171
- CVE Reference
- CVE-2023-36435, CVE-2023-38171
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
Microsoft has released a security update for .NET which resolves the Denial of Service vulnerability.
Affected versions:
.NET 7.0 before version 7.0.12
QID Detection Logic: Authenticated
On Windows, this QID detects vulnerable versions of Microsoft .NET by checking the file version.
On Linux, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" and "/root/shared/Microsoft.NETCore.App" folders.
On Mac, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" folder.
- Consequence
-
Vulnerable versions of Microsoft .NET are prone to Denial of Service vulnerability.
- Solution
-
Customers are advised to refer to CVE-2023-38171, CVE-2023-36435 for more details pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2023-36435
CVE-2023-38171
These new vulnerability checks are included in Qualys vulnerability signature 2.5.884-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 110449
- 110450
- 378931
- 45590
- 50130
- 92066
- 92067
- 92068
- 92069
- 92070
- 92071
- 92072
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.