Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 55 vulnerabilities that were fixed in 9 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Microsoft has released 9 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
This security update contains the following:
CVE-2023-35636: Information Disclosure Vulnerability
KB5002543 and
Office Click-2-Run and Office 365 Release Notes
Patched Versions for Microsoft 365 (C2R) are:
Current Channel: Version 2401 (Build 17231.20236)
Monthly Enterprise Channel: Version 2312 (Build 17126.20190)
Monthly Enterprise Channel: Version 2311 (Build 17029.20178)
Semi-Annual Enterprise Channel (Preview): Version 2308 (Build 16731.20550)
Semi-Annual Enterprise Channel: Version 2308 (Build 16731.20550)
Semi-Annual Enterprise Channel: Version 2302 (Build 16130.20916)
Semi-Annual Enterprise Channel: Version 2208 (Build 15601.20870)
Office 2021 Retail: Version 2401 (Build 17231.20236)
Office 2019 Retail: Version 2401 (Build 17231.20236)
Office 2016 Retail: Version 2401 (Build 17231.20236)
Office LTSC 2021 Volume Licensed: Version 2108 (Build 14332.20637)
Office 2019 Volume Licensed: Version 1808 (Build 10407.20032)
QID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office.
Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Outlook February 2024
This security update contains the following:
Office Click-2-Run and Office 365 Release Notes and
KB5002492
KB5002542
KB5002491
KB5002495
KB5002537
KB5002467
KB5002522
KB5002469
KB5002536
KB5002519
Patched Versions for Microsoft 365 (C2R) are:
Current Channel: Version 2401 (Build 17231.20236)
Monthly Enterprise Channel: Version 2312 (Build 17126.20190)
Monthly Enterprise Channel: Version 2311 (Build 17029.20178)
Semi-Annual Enterprise Channel (Preview): Version 2308 (Build 16731.20550)
Semi-Annual Enterprise Channel: Version 2308 (Build 16731.20550)
Semi-Annual Enterprise Channel: Version 2302 (Build 16130.20916)
Semi-Annual Enterprise Channel: Version 2208 (Build 15601.20870)
Office 2021 Retail: Version 2401 (Build 17231.20236)
Office 2019 Retail: Version 2401 (Build 17231.20236)
Office 2016 Retail: Version 2401 (Build 17231.20236)
Office LTSC 2021 Volume Licensed: Version 2108 (Build 14332.20637)
Office 2019 Volume Licensed: Version 1808 (Build 10407.20032)
QID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office.
Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft office February 2024
KB Articles associated with this update are: KB5035606
Affected Versions:
Microsoft Exchange Server 2019 Cumulative Update 14
Microsoft Exchange Server 2019 Cumulative Update 13
Microsoft Exchange Server 2016 Cumulative Update 23
QID Detection Logic (Authenticated):
The QID checks for vulnerable version of Microsoft Exchange Server 2019 by checking the file version of Exsetup.exe.
For Microsoft Exchange Server 2016, please see the vendor advisory for CVE-2024-21410.
QID Detection Logic: (Unauthenticated)
This QID sends a HTTP GET request to "/owa" endpoint and checks for vulnerable version of Microsoft Exchange Server.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5035606
Affected Software:
Microsoft Visual Studio 2022 version 17.4
Microsoft Visual Studio 2022 version 17.6
Microsoft Visual Studio 2022 version 17.8
Microsoft Visual Studio 2022 version 17.9
QID Detection Logic: Authenticated : Windows
This QID detects vulnerable versions of Microsoft Visual Studio by checking the registry key "HKLM\SOFTWARE\Microsoft" and file "devenv.exe" to check the version of the Visual Studio.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-21386
CVE-2024-21404
Patch version is 6.0.6003.22510 for KB5034795
Patch version is 6.0.6003.22510 for KB5034833
Patch version is 10.0.14393.6707 for KB5034767
Patch version is 10.0.10240.20466 for KB5034774
Patch version is 10.0.25398.709 for KB5034769
Patch version is 10.0.22621.3155 for KB5034765
Patch version is 10.0.19041.4046 for KB5034763
Patch version is 10.0.22000.2777 for KB5034766
Patch version is 10.0.20348.2322 for KB5034770
Patch version is 10.0.17763.5458 for KB5034768
Patch version is 6.3.9600.21811 for KB5034819
Patch version is 6.2.9200.24709 for KB5034830
Patch version is 6.1.7601.26958 for KB5034831
Patch version is 6.1.7601.26958 for KB5034809
QID Detection Logic (Authenticated):
This QID checks for the file version of 'ntoskrnl.exe'.
Note: This QID checks for windows Server 2022 Azuro Hotpatch through below registry key
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Update\TargetingInfo\DynamicInstalled\Hotpatch.amd64
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5034763
KB5034765
KB5034766
KB5034767
KB5034768
KB5034769
KB5034770
KB5034774
KB5034795
KB5034809
KB5034819
KB5034830
KB5034831
KB5034833
Affected versions:
ASP.NET Core and .NET Core 8.0 before version 8.0.2
ASP.NET Core and .NET Core 7.0 before version 7.0.16
ASP.NET Core and .NET Core 6.0 before version 6.0.27
QID Detection Logic: Authenticated
On Windows, this QID detects vulnerable versions of Microsoft .NET by checking the file version.
On Linux, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" and "/root/shared/Microsoft.NETCore.App" folders.
On Mac, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" folder.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-21386
CVE-2024-21404
QID Detection Logic: Authenticated
On Windows, this QID detects vulnerable versions by checking the file version.
On Linux, this QID detects vulnerable versions by checking the Azure Arc-enabled version present in "/usr/share/dotnet/shared/Azure Arc-enabled/" and "/root/shared/Azure Arc-enabled" folders.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-21329
Affected OS : Windows Server 2022, 23H2 Edition (Server Core installation)
Patch version is 10.0.25398.709 for KB5034769
QID Detection Logic (Authenticated):
This QID checks for the file version of 'ntoskrnl.exe'.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5034769
Affected Operating Systems: Windows Server 2012, Windows Server 2012 R2, Windows Server 2008 R2 Service Pack 1, Windows Server 2016, Windows Server 2022, Windows Server 2019, Windows Server 2022, 23H2 Edition (Server Core installation)
The KB Articles associated with the update:
Patch version is 6.3.9600.21812 for KB5034819
Patch version is 6.2.9200.24709 for KB5034830
Patch version is 6.1.7601.26959 for KB5034831
Patch version is 6.1.7601.26959 for KB5034809
Patch version is 10.0.14393.6707 for KB5034767
Patch version is 10.0.25398.709 for KB5034769
Patch version is 10.0.20348.2322 for KB5034770
Patch version is 10.0.17763.5458 for KB5034768
QID Detection Logic:
Authenticated: This QID checks for the file version of dns.exe
Unauthenticated: This QID checks for vulnerable version of Microsoft DNS by checking the DNS version exposed in the banner.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Windows DNS Server Security Advisory
These new vulnerability checks are included in Qualys vulnerability signature 2.5.981-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
To perform a selective vulnerability scan, configure a scan profile to use the following options:
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Platforms and Platform Identification
For more information, customers may contact Qualys Technical Support.
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.