Advisory overview
Qualys Vulnerability R&D Lab has released new
vulnerability checks in the Enterprise TruRisk Platform to protect
organizations against
54 vulnerabilities
that were fixed in
11 bulletins
announced today by Microsoft. Customers can immediately audit
their networks for these and other new vulnerabilities by accessing
their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 11 security
bulletins
to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Internet Explorer Cumulative Security Update (KB5034120) for January 2024
-
Severity
-
Serious
3
-
Qualys ID
-
100419
-
Vendor Reference
-
KB5034120
-
CVE Reference
-
CVE-2024-20652
-
CVSS Scores
-
Base 5.1 /
Temporal 3.8
-
Description
-
Internet Explorer is a web browser developed by Microsoft which is included in Microsoft Windows Operating Systems.
Microsoft has released KB5034120 for Internet Explorer 11 and 9
Affected Versions:
Internet Explorer 11 on Windows Server 2012 R2, Windows Server 2008 R2 SP1, Windows Server 2012
Internet Explorer 9 on Windows Server 2008 SP2
-
Consequence
-
The MapURLToZone method could be bypassed by an attacker if the API returned a Zone value of 'Intranet' by a passing URL with a device path to the Lanman redirector device object.
-
Solution
-
For more information, Customers are advised to refer the KB5034120
Patches:
The following are links for downloading patches to fix these vulnerabilities:
5034120
-
Microsoft SharePoint Server Remote Code Execution (RCE) Vulnerability for January 2024
-
Severity
-
Critical
4
-
Qualys ID
-
110455
-
Vendor Reference
-
KB5002539,
KB5002540,
KB5002541
-
CVE Reference
-
CVE-2024-21318
-
CVSS Scores
-
Base 9 /
Temporal 6.7
-
Description
-
Microsoft has released January 2024 security updates to fix a remote code execution vulnerability in its Sharepoint Server Versions 2016, 2019, and Sharepoint Subscription Edition.
This security update contains the following KBs:
KB5002540
KB5002539
KB5002541
QID Detection Logic (Authenticated):
Operating System: Windows
-
Consequence
-
Successful exploitation allows an attacker to perform Remote Code Execution.
-
Solution
-
Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
KB5002540
KB5002539
KB5002541
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Sharepoint January 2024
-
Microsoft Office Remote Code Execution (RCE) Vulnerability for January 2024
-
Severity
-
Critical
4
-
Qualys ID
-
110456
-
Vendor Reference
-
Office Click-2-Run and Office 365 Release Notes
-
CVE Reference
-
CVE-2024-20677
-
CVSS Scores
-
Base 7.2 /
Temporal 5.3
-
Description
-
Microsoft has released January 2024 security updates to fix a Remote Code Execution Vulnerability in its Office Product.
This security update contains the following:
Office Click-2-Run and Office 365 Release Notes
QID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office.
Patched Versions for Microsoft 365 (C2R) are:
Current Channel: Version 2312 (Build 17126.20132)
Monthly Enterprise Channel: Version 2311 (Build 17029.20140)
Monthly Enterprise Channel: Version 2310 (Build 16924.20202)
Semi-Annual Enterprise Channel (Preview): Version 2308 (Build 16731.20504)
Semi-Annual Enterprise Channel: Version 2308 (Build 16731.20504)
Semi-Annual Enterprise Channel: Version 2302 (Build 16130.20884)
Semi-Annual Enterprise Channel: Version 2208 (Build 15601.20848)
Office 2021 Retail: Version 2312 (Build 17126.20132)
Office 2019 Retail: Version 2312 (Build 17126.20132)
Office 2016 Retail: Version 2312 (Build 17126.20132)
Office LTSC 2021 Volume Licensed: Version 2108 (Build 14332.20624)
Office 2019 Volume Licensed: Version 1808 (Build 10406.20006)
Operating System: MacOS
Microsoft Office LTSC for Mac 2021: This QID checks whether the Office suite's installed vulnerable application version is less than 16.81.
Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
-
Consequence
-
Vulnerable products may be prone to Remote Code Execution Vulnerability.
-
Solution
-
Customers are advised to refer to these KB Article(s):
CVE-2024-2067 and Office Click-2-Run and Office 365 Release Notes for more information regarding this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft office January 2024
-
Microsoft SQL Server Data Provider Security Feature Bypass Vulnerability - January 2024
-
Severity
-
Critical
4
-
Qualys ID
-
379234
-
Vendor Reference
-
CVE-2024-0056
-
CVE Reference
-
CVE-2024-0056
-
CVSS Scores
-
Base 7.6 /
Temporal 5.6
-
Description
-
A successful attack could exploit a vulnerability in the SQL Data Provider which allows the attacker to exploit the SQL Server.
Affected Software:
SQL Server 2022 CU10
SQL Server 2022 GDR
QID Detection Logic (Authenticated):
On Windows,this QID checks for Microsoft SQL Server instances and checks sqlservr.exe file version
On Linux, this QID checks for the vulnerable version of ODBC based on the installed package.
-
Consequence
-
An attacker who successfully exploited this vulnerability could carry out a machine-in-the-middle (MITM) attack and could decrypt and read or modify TLS traffic between the client and server.
-
Solution
-
Customers are advised to refer to
KB5033592
KB5032968
for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5032968
KB5033592
-
Microsoft .NET Framework Update for January 2024
-
Severity
-
Critical
4
-
Qualys ID
-
92097
-
Vendor Reference
-
5033910,
5033920,
5034119,
5034269,
5034270,
5034272,
5034273,
5034274,
5034275,
5034276,
5034277,
5034278,
5034279,
5034280
-
CVE Reference
-
CVE-2023-36042,
CVE-2024-0056,
CVE-2024-0057,
CVE-2024-21312
-
CVSS Scores
-
Base 8.5 /
Temporal 6.3
-
Description
-
A Denial of Service Vulnerability exist in Microsoft .Net Framework.
Following KBs are covered in this detection:
5034280
5034270
5033920
5034272
5034275
5034274
5034276
5034279
5034278
5034269
5034119
5034273
5034277
5033910
This security update is rated Important for supported versions of Microsoft .NET Framework.
.NET Framework 2.0, 3.0, 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, and 4.8.1
QID Detection Logic (Authenticated):
Checks for vulnerable file version of ntoskrnl.exe or Mscorlib.dll or System.dll or System.web.dll for the respective .Net Framework KBs
-
Consequence
-
Successful exploitation may allow a attacker to perform Denial of Service.
-
Solution
-
Customers are advised to refer to CVE-2024-0056, CVE-2024-21312, CVE-2024-0057 for more details pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-0056
CVE-2024-0057
CVE-2024-21312
-
Microsoft Windows Security Update for January 2024
-
Severity
-
Urgent
5
-
Qualys ID
-
92099
-
Vendor Reference
-
KB5034119,
KB5034121,
KB5034122,
KB5034123,
KB5034127,
KB5034129,
KB5034130,
KB5034134,
KB5034167,
KB5034169,
KB5034171,
KB5034173,
KB5034176,
KB5034184
-
CVE Reference
-
CVE-2022-35737,
CVE-2024-20652,
CVE-2024-20653,
CVE-2024-20654,
CVE-2024-20657,
CVE-2024-20658,
CVE-2024-20660,
CVE-2024-20661,
CVE-2024-20663,
CVE-2024-20664,
CVE-2024-20666,
CVE-2024-20674,
CVE-2024-20680,
CVE-2024-20681,
CVE-2024-20682,
CVE-2024-20683,
CVE-2024-20687,
CVE-2024-20691,
CVE-2024-20692,
CVE-2024-20694,
CVE-2024-20696,
CVE-2024-20697,
CVE-2024-20698,
CVE-2024-20699,
CVE-2024-20700,
CVE-2024-21305,
CVE-2024-21306,
CVE-2024-21307,
CVE-2024-21309,
CVE-2024-21310,
CVE-2024-21311,
CVE-2024-21313,
CVE-2024-21314,
CVE-2024-21316,
CVE-2024-21320
-
CVSS Scores
-
Base 7.7 /
Temporal 6
-
Description
-
Microsoft Windows Security Update - January 2024
Patch version is 10.0.20348.2227 for KB5034129
Patch version is 10.0.17763.5329 for KB5034127
Patch version is 10.0.14393.6614 for KB5034119
Patch version is 10.0.10240.20402 for KB5034134
Patch version is 10.0.22631.3007 for KB5034123
Patch version is 10.0.19045.3930 for KB5034122
Patch version is 10.0.22000.2713 for KB5034121
Patch version is 10.0.25398.643 for KB5034130
Patch version is 6.3.9600.21765 for KB5034171
Patch version is 6.2.9200.24664 for KB5034184
Patch version is 6.1.7601.26910 for KB5034169
Patch version is 6.1.7601.26910 for KB5034167
Patch version is 6.0.6003.22464 for KB5034173
Patch version is 6.0.6003.22464 for KB5034176
QID Detection Logic (Authenticated):
This QID checks for the file version of 'ntoskrnl.exe'.
-
Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
-
Solution
-
Please refer to the following KB Articles associated with the update:
KB5034129
KB5034127
KB5034119
KB5034134
KB5034123
KB5034122
KB5034121
KB5034130
KB5034171
KB5034184
KB5034169
KB5034167
KB5034173
KB5034176
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5034119
KB5034121
KB5034122
KB5034123
KB5034127
KB5034129
KB5034130
KB5034134
KB5034167
KB5034169
KB5034171
KB5034173
KB5034176
KB5034184
KB5034184
-
Microsoft .NET Core Security Update for January 2024
-
Severity
-
Urgent
5
-
Qualys ID
-
92100
-
Vendor Reference
-
CVE-2024-0057,
CVE-2024-20672,
CVE-2024-21319
-
CVE Reference
-
CVE-2024-0057,
CVE-2024-20672,
CVE-2024-21319
-
CVSS Scores
-
Base 9.4 /
Temporal 7
-
Description
-
Microsoft has released January 2024 security updates for .NET Core to fix multiple security vulnerabilities.
Affected versions:
.NET 6.0 before version 6.0.26
.NET 7.0 before version 7.0.15
.NET 8.0 before version 8.0.1
QID Detection Logic: Authenticated
On Windows, this QID detects vulnerable versions of Microsoft .NET by checking the file version.
On Linux, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" and "/root/shared/Microsoft.NETCore.App" folders.
On Mac, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" folder.
-
Consequence
-
Vulnerable versions of Microsoft .NET are prone to Security Feature Bypass and Denial of Service vulnerability.
-
Solution
-
Customers are advised to refer to CVE-2024-0057, CVE-2024-20672, and CVE-2024-21319 for more details pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-0057
CVE-2024-20672
CVE-2024-21319
-
Microsoft Windows Privilege Escalation January 2024
-
Severity
-
Critical
4
-
Qualys ID
-
92101
-
Vendor Reference
-
CVE-2024-20686
-
CVE Reference
-
CVE-2024-20686
-
CVSS Scores
-
Base 4.6 /
Temporal 3.4
-
Description
-
Windows Server 2022, 23H2 Edition Security update
Patch version is 10.0.25398.643 for KB5034130
QID Detection Logic (Authenticated):
This QID checks for the file version of 'ntoskrnl.exe'.
-
Consequence
-
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
-
Solution
-
Please refer to the following KB Articles associated with the update:
KB5034130
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5034130
-
Microsoft Visual Studio Security Update for January 2024
-
Severity
-
Critical
4
-
Qualys ID
-
92102
-
Vendor Reference
-
CVE-2024-0057,
CVE-2024-20656,
CVE-2024-21319
-
CVE Reference
-
CVE-2023-29349,
CVE-2023-29356,
CVE-2023-32025,
CVE-2023-32026,
CVE-2023-32027,
CVE-2023-32028,
CVE-2024-0057,
CVE-2024-20656,
CVE-2024-21319
-
CVSS Scores
-
Base 9.4 /
Temporal 7.4
-
Description
-
Microsoft has released January 2024 security updates for Visual Studio to fix multiple security vulnerabilities.
Affected Software:
Microsoft Visual Studio 2015 Update 3
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Microsoft Visual Studio 2022 version 17.2
Microsoft Visual Studio 2022 version 17.4
Microsoft Visual Studio 2022 version 17.6
Microsoft Visual Studio 2022 version 17.8
QID Detection Logic: Authenticated : Windows
This QID detects vulnerable versions of Microsoft Visual Studio by checking the registry key "HKLM\SOFTWARE\Microsoft" and file "devenv.exe" to check the version of the Visual Studio.
-
Consequence
-
Vulnerable versions of Microsoft Visual Studio are prone to Security feature bypass and Elevation of privilege vulnerability.
-
Solution
-
Customers are advised to refer to CVE-2024-0057, CVE-2024-20656, and CVE-2024-21319 for more information on the vulnerability and it's patch.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-0057
CVE-2024-20656
CVE-2024-21319
-
Microsoft Windows Server Security Update for January 2024
-
Severity
-
Serious
3
-
Qualys ID
-
92103
-
Vendor Reference
-
CVE-2024-20655,
CVE-2024-20662
-
CVE Reference
-
CVE-2024-20655,
CVE-2024-20662
-
CVSS Scores
-
Base 7.5 /
Temporal 5.5
-
Description
-
Microsoft Windows Security Update - January 2024
Patch version is 10.0.20348.2227 for KB5034129
Patch version is 10.0.17763.5329 for KB5034127
Patch version is 10.0.14393.6614 for KB5034119
Patch version is 6.3.9600.21765 for KB5034171
Patch version is 6.2.9200.24664 for KB5034184
Patch version is 6.1.7601.26910 for KB5034169
Patch version is 6.1.7601.26910 for KB5034167
Patch version is 6.0.6003.22464 for KB5034173
Patch version is 10.0.25398.643 for KB5034130
Patch version is 6.0.6003.22464 for KB5034176
QID Detection Logic (Authenticated):
This QID checks for the file version of 'ntoskrnl.exe'.
-
Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
-
Solution
-
Please refer to the following KB Articles associated with the update:
KB5034129
KB5034127
KB5034119
KB5034130
KB5034171
KB5034184
KB5034169
KB5034167
KB5034173
KB5034176
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5034119
KB5034127
KB5034129
KB5034130
KB5034167
KB5034169
KB5034171
KB5034173
KB5034176
KB5034184
-
Microsoft Windows Nearby Sharing Spoofing Vulnerability Security Update for January 2024
-
Severity
-
Serious
3
-
Qualys ID
-
92104
-
Vendor Reference
-
CVE-2024-20690
-
CVE Reference
-
CVE-2024-20690
-
CVSS Scores
-
Base 5 /
Temporal 3.7
-
Description
-
Microsoft Windows OS Security Update - January 2024
Patch version is 10.0.17763.5329 for KB5034127
Patch version is 10.0.22631.3007 for KB5034123
Patch version is 10.0.19045.3930 for KB5034122
Patch version is 10.0.22000.2713 for KB5034121
QID Detection Logic (Authenticated):
This QID checks for the file version of 'ntoskrnl.exe'.
-
Consequence
-
Successful exploit could compromise Integrity
-
Solution
-
Please refer to the following KB Articles associated with the update:
KB5034127
KB5034123
KB5034122
KB5034121
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5034121
KB5034122
KB5034123
KB5034127
These new vulnerability checks are included in Qualys
vulnerability signature
2.5.955-3.
Each Qualys account is automatically updated with the latest
vulnerability signatures as they become available. To view the
vulnerability signature version in your account, from the
Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
-
Ensure access to TCP ports 135 and 139 are available.
-
Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
-
100419
-
110455
-
110456
-
379234
-
92097
-
92099
-
92100
-
92101
-
92102
-
92103
-
92104
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.