Cloud Platform
Platform
Solutions
Resources
Customers
Partners
Community
Support
Company
Login
Contact us
Try it
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview

  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Compliance
Cloud Security
Cyber Risk Series | PCI DSS 4.0 Compliance Edition | December 11 | Register Now

Microsoft security alert.

November 14, 2023

Advisory overview

Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 58 vulnerabilities that were fixed in 13 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.

Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.

Vulnerability details

Microsoft has released 13 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:

  • Microsoft Office Security Update for November 2023

    Severity
    Critical 4
    Qualys ID
    110451
    Vendor Reference
    5002518, 5002521
    CVE Reference
    CVE-2023-36037, CVE-2023-36041, CVE-2023-36045, CVE-2023-36413
    CVSS Scores
    Base 6.8 / Temporal 5.3
    Description
    Microsoft has released September 2023 security updates to fix multiple security vulnerabilities.

    This security update contains the following:
    Office Click-2-Run and Office 365 Release Notes
    KB5002518
    KB5002521
    QID Detection Logic (Authenticated):
    Operating System: Windows
    The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office.
    Patched Versions for Microsoft 365 (C2R) are:
    Current Channel: Version 2310 (Build 16924.20150)
    Monthly Enterprise Channel: Version 2309 (Build 16827.20278)
    Monthly Enterprise Channel: Version 2308 (Build 16731.20398)
    Semi-Annual Enterprise Channel (Preview): Version 2308 (Build 16731.20398)
    Semi-Annual Enterprise Channel: Version 2302 (Build 16130.20846)
    Semi-Annual Enterprise Channel: Version 2208 (Build 15601.20816)
    Office 2021 Retail: Version 2310 (Build 16924.20150)
    Office 2019 Retail: Version 2310 (Build 16924.20150)
    Office 2016 Retail: Version 2310 (Build 16924.20150)
    Office LTSC 2021 Volume Licensed: Version 2108 (Build 14332.20604)
    Office 2019 Volume Licensed: Version 1808 (Build 10404.20013)

    Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.

    Consequence
    Vulnerable products may be prone to Remote Code Execution and/or Security Feature Bypass Vulnerability.

    Solution
    Customers are advised to refer to these KB Articles:
    KB5002518, and KB5002521

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    Microsoft office November 2023

  • Microsoft SharePoint Server Security Update for November 2023

    Severity
    Serious 3
    Qualys ID
    110452
    Vendor Reference
    5002517, 5002526, 5002527
    CVE Reference
    CVE-2023-38177
    CVSS Scores
    Base 6.7 / Temporal 5
    Description
    Microsoft has released November 2023 security updates security updates to fix multiple security vulnerabilities.

    This security update contains the following KBs:

    KB5002526
    KB5002527
    KB5002517

    QID Detection Logic (Authenticated):
    Operating System: Windows

    Consequence
    Successful exploitation allows an attacker to perform Remote Code Execution.

    Solution
    Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.

    KB5002526
    KB5002527
    KB5002517

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    Microsoft Sharepoint November 2023

  • Microsoft Edge Based on Chromium Prior to 119.0.2151.58/Extended stable Version 118.0.2088.102 Multiple Vulnerabilities

    Severity
    Critical 4
    Qualys ID
    379003
    Vendor Reference
    Edge (chromium based) 119.0.2151.58 and 118.0.2088.102
    CVE Reference
    CVE-2023-5996, CVE-2023-36014, CVE-2023-36024, CVE-2023-36027
    CVSS Scores
    Base 6.5 / Temporal 4.8
    Description
    EdgeChromium has released security update for Mac and Windows to fix the vulnerabilities.
    QID Detection Logic: (Authenticated).
    It checks package versions to check for the vulnerable packages.


    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Customers are advised to upgrade to version 119.0.2151.58/118.0.2088.102 or later

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    Edge (chromium based) 119.0.2151.58/118.0.2088.102

  • Microsoft Visual Studio Code Jupyter Extension Elevation of Privilege Vulnerability for November 2023

    Severity
    Critical 4
    Qualys ID
    379005
    Vendor Reference
    CVE-2023-36018
    CVE Reference
    CVE-2023-36018
    CVSS Scores
    Base 4.3 / Temporal 3.2
    Description
    An attacker who successfully exploited this vulnerability could execute code in the context of another Visual Studio Code user on the vulnerable system.

    Affected Versions:
    Prior to 2023.10.1100000000

    QID Detection Logic(Authenticated):
    This QID checks for the vulnerable versions of Visual Studio Code with Jupyter extension.

    Consequence
    Visual Studio Code Jupyter extension is prone to Privilege Escalation Vulnerability
    Solution
    Customers are advised to refer to CVE-2023-36018for more information pertaining to these vulnerabilities.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2023-36018

  • Microsoft Exchange Server Multiple Vulnerabilities for November 2023

    Severity
    Critical 4
    Qualys ID
    50133
    Vendor Reference
    5032147
    CVE Reference
    CVE-2023-36035, CVE-2023-36039, CVE-2023-36050, CVE-2023-36439
    CVSS Scores
    Base 7.7 / Temporal 5.7
    Description
    Microsoft Exchange Server 2019 and 2016 are affected by multiple vulnerabilities.

    KB Articles associated with this update are: KB5032146, KB5032147

    Affected Versions:
    Microsoft Exchange Server 2019 Cumulative Update 13 Microsoft Exchange Server 2019 Cumulative Update 12 Microsoft Exchange Server 2016 Cumulative Update 23

    QID Detection Logic (Authenticated):
    The QID checks for vulnerable version of Microsoft Exchange Server by checking the file version of Exsetup.exe.

    Consequence
    Successful exploitation of the vulnerability may allow remote code execution and spoofing

    Solution
    Microsoft has released patch, customers are advised to refer to KB5032146 for information pertaining to this vulnerability.
    Microsoft has released patch, customers are advised to refer to KB5032147 for information pertaining to this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    KB5032146
    KB5032147

  • Microsoft Windows Security Update for November 2023

    Severity
    Urgent 5
    Qualys ID
    92075
    Vendor Reference
    KB5032189, KB5032190, KB5032192, KB5032196, KB5032197, KB5032198, KB5032199, KB5032247, KB5032248, KB5032249, KB5032250, KB5032252, KB5032254
    CVE Reference
    CVE-2023-24023, CVE-2023-36017, CVE-2023-36025, CVE-2023-36028, CVE-2023-36033, CVE-2023-36036, CVE-2023-36046, CVE-2023-36047, CVE-2023-36392, CVE-2023-36393, CVE-2023-36394, CVE-2023-36395, CVE-2023-36396, CVE-2023-36397, CVE-2023-36398, CVE-2023-36399, CVE-2023-36400, CVE-2023-36401, CVE-2023-36402, CVE-2023-36403, CVE-2023-36404, CVE-2023-36405, CVE-2023-36406, CVE-2023-36407, CVE-2023-36408, CVE-2023-36423, CVE-2023-36424, CVE-2023-36425, CVE-2023-36427, CVE-2023-36428, CVE-2023-36705, CVE-2023-36719
    CVSS Scores
    Base 10 / Temporal 8.3
    Description
    Microsoft Windows Security Update - November 2023

    Patch version is 10.0.22621.2715 for KB5032190
    Patch version is 6.3.9600.21662 for KB5032249
    Patch version is 6.2.9200.24565 for KB5032247
    Patch version is 6.1.7601.26812 for KB5032252
    Patch version is 6.1.7601.26812 for KB5032250
    Patch version is 6.0.6003.22366 for KB5032254
    Patch version is 6.0.6003.22366 for KB5032248
    Patch version is 10.0.14393.6451 for KB5032197
    Patch version is 10.0.10240.20307 for KB5032199
    Patch version is 10.0.19041.3693 for KB5032189
    Patch version is 10.0.22000.2600 for KB5032192
    Patch version is 10.0.20348.2110 for KB5032198
    Patch version is 10.0.17763.5122 for KB5032196
    QID Detection Logic (Authenticated):

    This QID checks for the file version of 'ntoskrnl.exe'.

    Consequence
    Successful exploit could compromise Confidentiality, Integrity and Availability

    Solution
    Please refer to the following KB Articles associated with the update:
    Patch version is 10.0.22621.2715 for KB5032190
    Patch version is 6.3.9600.21662 for KB5032249
    Patch version is 6.2.9200.24565 for KB5032247
    Patch version is 6.1.7601.26812 for KB5032252
    Patch version is 6.1.7601.26812 for KB5032250
    Patch version is 6.0.6003.22366 for KB5032254
    Patch version is 6.0.6003.22366 for KB5032248
    Patch version is 10.0.14393.6451 for KB5032197
    Patch version is 10.0.10240.20307 for KB5032199
    Patch version is 10.0.19041.3693 for KB5032189
    Patch version is 10.0.22000.2600 for KB5032192
    Patch version is 10.0.20348.2110 for KB5032198
    Patch version is 10.0.17763.5122 for KB5032196

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    KB5032189
    KB5032190
    KB5032192
    KB5032196
    KB5032197
    KB5032198
    KB5032199
    KB5032247
    KB5032248
    KB5032249
    KB5032250
    KB5032252
    KB5032254

  • Microsoft Host Integration Server 2020 Remote Code Execution (RCE) Vulnerability (November 2023)

    Severity
    Critical 4
    Qualys ID
    92076
    Vendor Reference
    KB5032921
    CVE Reference
    CVE-2023-38151
    CVSS Scores
    Base 10 / Temporal 7.4
    Description
    Microsoft Host Integration Server 2020 is vulnerable to Remote Code Execution Vulnerability

    Affected Version:
    Microsoft Host Integration Server 2020

    Consequence
    Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the target

    Solution
    Patch version is for KB5032921

  • Microsoft Visual Studio Security Updates for November 2023

    Severity
    Serious 3
    Qualys ID
    92077
    Vendor Reference
    CVE-2023-36038, CVE-2023-36042, CVE-2023-36049, CVE-2023-36558
    CVE Reference
    CVE-2023-36038, CVE-2023-36042, CVE-2023-36049, CVE-2023-36558
    CVSS Scores
    Base 4.9 / Temporal 3.7
    Description
    Microsoft has released November 2023 security updates for Visual Studio to fix multiple security vulnerabilities.

    Affected Software:
    Microsoft Visual Studio 2022 version 17.7
    Microsoft Visual Studio 2022 version 17.6
    Microsoft Visual Studio 2022 version 17.4
    Microsoft Visual Studio 2022 version 17.2
    Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)

    QID Detection Logic: Authenticated : Windows
    This QID detects vulnerable versions of Microsoft Visual Studio by checking the registry key "HKLM\SOFTWARE\Microsoft" and file "devenv.exe" to check the version of the Visual Studio.

    Consequence
    Vulnerable versions of Microsoft Visual Studio are prone to Denial of Service, Security Feature Bypass, and Elevation of Privilege vulnerability.

    Solution
    Customers are advised to refer to CVE-2023-36042, CVE-2023-36558, CVE-2023-36049, CVE-2023-36038 for more information on the vulnerability and it's patch.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2023-36038
    CVE-2023-36042
    CVE-2023-36049
    CVE-2023-36558

  • Microsoft .NET Framework Update for November 2023

    Severity
    Serious 3
    Qualys ID
    92078
    Vendor Reference
    5031989, 5032004, 5032007, 5032185, 5032186, 5032197, 5032199, 5032336, 5032337, 5032338, 5032339, 5032340, 5032341, 5032342, 5032343, 5032344
    CVE Reference
    CVE-2023-36049, CVE-2023-36560
    CVSS Scores
    Base 6.5 / Temporal 4.8
    Description
    A Remote Code Execution Vulnerability exist in Microsoft .Net Framework.

    Following KBs are covered in this detection:
    5032004
    5032336
    5032337
    5032197
    5031989
    5032343
    5032342
    5032344
    5032186
    5032341
    5032185
    5032340
    5032007
    5032199
    5032339
    5032338

    This security update is rated Important for supported versions of Microsoft .NET Framework.
    .NET Framework 2.0, 3.0, 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, and 4.8.1

    QID Detection Logic (Authenticated):
    Checks for vulnerable file version of ntoskrnl.exe or Mscorlib.dll or System.core.dll or System.web.dll for the respective .Net Framework KBs

    Consequence
    Successful exploitation may allow a attacker to perform Elevation of Privileges.
    Solution
    Customers are advised to refer to CVE-2023-36049, CVE-2023-36560 for more details pertaining to these vulnerabilities.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2023-36049
    CVE-2023-36560

  • Microsoft Windows Defender Elevation of Privilege Vulnerability for November 2023

    Severity
    Critical 4
    Qualys ID
    92079
    Vendor Reference
    CVE-2023-36422
    CVE Reference
    CVE-2023-36422
    CVSS Scores
    Base 6.8 / Temporal 5
    Description
    Microsoft Defender Antivirus (formerly Windows Defender) is an antivirus software component of Microsoft Windows.

    Successful exploitation of this vulnerability could allow a local attacker to execute code with SYSTEM privileges.

    Affected Software:
    Microsoft Malware Protection Engine version prior to Version 1.1.23100.2009

    QID Detection Logic (Authenticated):
    This authenticated detection checks if the "mpengine.dll" file version is lesser than 1.1.23100.2009.

    Consequence
    A local attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

    Solution
    Customers are advised to follow CVE-2023-36422 for more information.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2023-36422

  • Microsoft .NET Core and ASP.NET Core Security Update for November 2023

    Severity
    Critical 4
    Qualys ID
    92080
    Vendor Reference
    CVE-2023-36038, CVE-2023-36049, CVE-2023-36558
    CVE Reference
    CVE-2023-36038, CVE-2023-36049, CVE-2023-36558
    CVSS Scores
    Base 9 / Temporal 6.6
    Description
    Microsoft has released November 2023 security updates for .NET Core and ASP.NET Core to fix multiple security vulnerabilities.

    Affected versions:
    ASP.NET Core and .NET Core 8.0 before version 8.0.0
    ASP.NET Core and .NET Core 7.0 before version 7.0.14
    ASP.NET Core and .NET Core 6.0 before version 6.0.25

    QID Detection Logic: Authenticated
    On Windows, this QID detects vulnerable versions of Microsoft .NET by checking the file version.
    On Linux, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" and "/root/shared/Microsoft.NETCore.App" folders.
    On Mac, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" folder.

    Consequence
    Vulnerable versions of Microsoft ASP.NET Core and .NET Core are prone to Elevation of Privilege, Security Feature Bypass and Denial of Service vulnerability.

    Solution
    Customers are advised to refer to CVE-2023-36049, CVE-2023-36558, CVE-2023-36038 for more details pertaining to these vulnerabilities.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2023-36038
    CVE-2023-36049
    CVE-2023-36558

  • Microsoft Azure Stack Hub Security Updates for November 2023

    Severity
    Critical 4
    Qualys ID
    92081
    Vendor Reference
    Azure Stack Hub
    CVE Reference
    CVE-2023-24023, CVE-2023-36017, CVE-2023-36025, CVE-2023-36028, CVE-2023-36033, CVE-2023-36036, CVE-2023-36047, CVE-2023-36392, CVE-2023-36393, CVE-2023-36394, CVE-2023-36395, CVE-2023-36397, CVE-2023-36398, CVE-2023-36400, CVE-2023-36401, CVE-2023-36402, CVE-2023-36403, CVE-2023-36404, CVE-2023-36405, CVE-2023-36408, CVE-2023-36423, CVE-2023-36424, CVE-2023-36425, CVE-2023-36427, CVE-2023-36428, CVE-2023-36705, CVE-2023-36719
    CVSS Scores
    Base 10 / Temporal 8.3
    Description
    Azure Stack Hub is an extension of Azure that provides a way to run apps in an on-premises environment and deliver Azure services in your datacenter.

    A complete Qualys vulnerability scan report for Microsoft Azure Stack Hub can be obtained at Azure Stack Vulnerability Scan Report.

    QID Detection Logic (Authenticated):
    This QID checks for the file version of ntoskrnl.exe, if this file version is less than 10.0.17763.11820, it is considered as vulnerable.

    Consequence
    Successful exploit could compromise Confidentiality, Integrity and Availability

    Solution
    Customers are encouraged to connect with Microsoft for obtaining more information about patches and upcoming releases.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    Azure Stack Hub

  • Microsoft Dynamics 365 Security Update for November 2023

    Severity
    Critical 4
    Qualys ID
    92083
    Vendor Reference
    CVE-2023-36007, CVE-2023-36016, CVE-2023-36030, CVE-2023-36031, CVE-2023-36410
    CVE Reference
    CVE-2023-36007, CVE-2023-36016, CVE-2023-36030, CVE-2023-36031, CVE-2023-36410
    CVSS Scores
    Base 6.8 / Temporal 5
    Description
    Microsoft Dynamics 365 is a product line of enterprise resource planning and customer relationship management intelligent business applications.

    Affected Software:
    Microsoft Dynamics 365 (on-premises) prior to 9.0
    Microsoft Dynamics 365 (on-premises) prior to 9.1

    QID Detection Logic(Authenticated):
    This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.Crm.Setup.Server.exe:

    Consequence
    Depending on the vulnerability being exploited, a remote attacker could conduct cross-site scripting (XSS) or spoofing attacks against a vulnerable resource.

    Solution
    Customers are advised to refer to refer to CVE-2023-36030, CVE-2023-36031, CVE-2023-36007, CVE-2023-36016, CVE-2023-36030 or CVE-2023-36410 for more details pertaining to this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2023-36007
    CVE-2023-36016
    CVE-2023-36030
    CVE-2023-36031
    CVE-2023-36410

These new vulnerability checks are included in Qualys vulnerability signature 2.5.911-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.

Selective Scan Instructions Using Qualys

To perform a selective vulnerability scan, configure a scan profile to use the following options:

  1. Ensure access to TCP ports 135 and 139 are available.
  2. Enable Windows Authentication (specify Authentication Records).
  3. Enable the following Qualys IDs:
    • 110451
    • 110452
    • 379003
    • 379005
    • 50133
    • 92075
    • 92076
    • 92077
    • 92078
    • 92079
    • 92080
    • 92081
    • 92083
  4. If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
  5. If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.

In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.

Access for Qualys Customers

Platforms and Platform Identification

Technical Support

For more information, customers may contact Qualys Technical Support.

About Qualys

The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.