Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Compliance
Cloud Security

Microsoft security alert.

February 13, 2024

Advisory overview

Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 55 vulnerabilities that were fixed in 9 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.

Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.

Vulnerability details

Microsoft has released 9 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:

  • Microsoft Outlook Security Update for February 2024

    Severity
    Urgent 5
    Qualys ID
    110457
    Vendor Reference
    KB5002543
    CVE Reference
    CVE-2024-21378, CVE-2024-21402, CVE-2024-21413
    CVSS Scores
    Base 9 / Temporal 7
    Description
    Microsoft has released February 2024 security updates for outlook to fix a Remote Code Execution Vulnerability.

    This security update contains the following:

    CVE-2023-35636: Information Disclosure Vulnerability
    KB5002543 and
    Office Click-2-Run and Office 365 Release Notes

    Patched Versions for Microsoft 365 (C2R) are:
    Current Channel: Version 2401 (Build 17231.20236)
    Monthly Enterprise Channel: Version 2312 (Build 17126.20190)
    Monthly Enterprise Channel: Version 2311 (Build 17029.20178)
    Semi-Annual Enterprise Channel (Preview): Version 2308 (Build 16731.20550)
    Semi-Annual Enterprise Channel: Version 2308 (Build 16731.20550)
    Semi-Annual Enterprise Channel: Version 2302 (Build 16130.20916)
    Semi-Annual Enterprise Channel: Version 2208 (Build 15601.20870)
    Office 2021 Retail: Version 2401 (Build 17231.20236)
    Office 2019 Retail: Version 2401 (Build 17231.20236)
    Office 2016 Retail: Version 2401 (Build 17231.20236)
    Office LTSC 2021 Volume Licensed: Version 2108 (Build 14332.20637)
    Office 2019 Volume Licensed: Version 1808 (Build 10407.20032)

    QID Detection Logic (Authenticated):
    Operating System: Windows
    The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office.

    Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.

    Consequence
    Successful exploitation will lead to Remote Code Execution and/or Elevation of Privilege Vulnerabilities.

    Solution
    Refer to Microsoft Security Guide, and KB5002543
    for more details pertaining to this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    Microsoft Outlook February 2024

  • Microsoft Office Remote Code Execution (RCE) Vulnerability for February 2024

    Severity
    Urgent 5
    Qualys ID
    110458
    Vendor Reference
    KB5002467, KB5002469, KB5002491, KB5002492, KB5002495, KB5002519, KB5002522, KB5002536, KB5002537, KB5002542, Office Click-2-Run and Office 365 Release Notes
    CVE Reference
    CVE-2024-20673, CVE-2024-21379, CVE-2024-21384, CVE-2024-21413
    CVSS Scores
    Base 10 / Temporal 7.8
    Description
    Microsoft has released February 2024 security updates to fix multiple security vulnerabilities.

    This security update contains the following:
    Office Click-2-Run and Office 365 Release Notes and
    KB5002492
    KB5002542
    KB5002491
    KB5002495
    KB5002537
    KB5002467
    KB5002522
    KB5002469
    KB5002536
    KB5002519

    Patched Versions for Microsoft 365 (C2R) are:
    Current Channel: Version 2401 (Build 17231.20236)
    Monthly Enterprise Channel: Version 2312 (Build 17126.20190)
    Monthly Enterprise Channel: Version 2311 (Build 17029.20178)
    Semi-Annual Enterprise Channel (Preview): Version 2308 (Build 16731.20550)
    Semi-Annual Enterprise Channel: Version 2308 (Build 16731.20550)
    Semi-Annual Enterprise Channel: Version 2302 (Build 16130.20916)
    Semi-Annual Enterprise Channel: Version 2208 (Build 15601.20870)
    Office 2021 Retail: Version 2401 (Build 17231.20236)
    Office 2019 Retail: Version 2401 (Build 17231.20236)
    Office 2016 Retail: Version 2401 (Build 17231.20236)
    Office LTSC 2021 Volume Licensed: Version 2108 (Build 14332.20637)
    Office 2019 Volume Licensed: Version 1808 (Build 10407.20032)

    QID Detection Logic (Authenticated):
    Operating System: Windows
    The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office.

    Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.

    Consequence
    Vulnerable products may be prone to Remote Code Execution Vulnerability.

    Solution
    Customers are advised to refer to these KB Article(s):
    KB5002492
    KB5002542
    KB5002491
    KB5002495
    KB5002537
    KB5002467
    KB5002522
    KB5002469
    KB5002536
    KB5002519
    and Office Click-2-Run and Office 365 Release Notes for more information regarding these vulnerabilities.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    Microsoft office February 2024

  • Microsoft Exchange Server Vulnerability for Feb 2024

    Severity
    Urgent 5
    Qualys ID
    50136
    Vendor Reference
    CVE-2024-21410
    CVE Reference
    CVE-2024-21410
    CVSS Scores
    Base 10 / Temporal 7.8
    Description
    Microsoft Exchange Server 2019 and 2016 are affected by multiple vulnerabilities.

    KB Articles associated with this update are: KB5035606

    Affected Versions:
    Microsoft Exchange Server 2019 Cumulative Update 14 Microsoft Exchange Server 2019 Cumulative Update 13 Microsoft Exchange Server 2016 Cumulative Update 23

    QID Detection Logic (Authenticated):
    The QID checks for vulnerable version of Microsoft Exchange Server 2019 by checking the file version of Exsetup.exe.

    For Microsoft Exchange Server 2016, please see the vendor advisory for CVE-2024-21410.

    QID Detection Logic: (Unauthenticated)
    This QID sends a HTTP GET request to "/owa" endpoint and checks for vulnerable version of Microsoft Exchange Server.

    Consequence
    Successful exploitation of the vulnerability may allow remote code execution and spoofing

    Solution
    Microsoft has released patch, customers are advised to refer to KB5035606 for information pertaining to this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    KB5035606

  • Microsoft Visual Studio Security Update for February 2024

    Severity
    Critical 4
    Qualys ID
    92110
    Vendor Reference
    CVE-2024-21386, CVE-2024-21404
    CVE Reference
    CVE-2024-21386, CVE-2024-21404
    CVSS Scores
    Base 7.8 / Temporal 5.8
    Description
    Microsoft has released February 2024 security updates for Visual Studio to fix multiple security vulnerabilities.

    Affected Software:
    Microsoft Visual Studio 2022 version 17.4
    Microsoft Visual Studio 2022 version 17.6
    Microsoft Visual Studio 2022 version 17.8
    Microsoft Visual Studio 2022 version 17.9

    QID Detection Logic: Authenticated : Windows
    This QID detects vulnerable versions of Microsoft Visual Studio by checking the registry key "HKLM\SOFTWARE\Microsoft" and file "devenv.exe" to check the version of the Visual Studio.

    Consequence
    Vulnerable versions of Microsoft Visual Studio are prone to Denial of Service vulnerability.

    Solution
    Customers are advised to refer to CVE-2024-21404, CVE-2024-213866 for more information on the vulnerability and it's patch.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2024-21386
    CVE-2024-21404

  • Microsoft Windows Security Update for February 2024

    Severity
    Urgent 5
    Qualys ID
    92111
    Vendor Reference
    KB5034763, KB5034765, KB5034766, KB5034767, KB5034768, KB5034769, KB5034770, KB5034774, KB5034795, KB5034809, KB5034819, KB5034830, KB5034831, KB5034833
    CVE Reference
    CVE-2024-20684, CVE-2024-21304, CVE-2024-21315, CVE-2024-21338, CVE-2024-21339, CVE-2024-21340, CVE-2024-21341, CVE-2024-21342, CVE-2024-21343, CVE-2024-21344, CVE-2024-21346, CVE-2024-21347, CVE-2024-21348, CVE-2024-21349, CVE-2024-21350, CVE-2024-21351, CVE-2024-21352, CVE-2024-21354, CVE-2024-21355, CVE-2024-21356, CVE-2024-21357, CVE-2024-21358, CVE-2024-21359, CVE-2024-21360, CVE-2024-21361, CVE-2024-21362, CVE-2024-21363, CVE-2024-21365, CVE-2024-21366, CVE-2024-21367, CVE-2024-21368, CVE-2024-21369, CVE-2024-21370, CVE-2024-21371, CVE-2024-21372, CVE-2024-21375, CVE-2024-21377, CVE-2024-21391, CVE-2024-21405, CVE-2024-21406, CVE-2024-21412, CVE-2024-21420
    CVSS Scores
    Base 7.5 / Temporal 6.2
    Description
    Microsoft Windows Security Update - February 2024

    Patch version is 6.0.6003.22510 for KB5034795
    Patch version is 6.0.6003.22510 for KB5034833
    Patch version is 10.0.14393.6707 for KB5034767
    Patch version is 10.0.10240.20466 for KB5034774
    Patch version is 10.0.25398.709 for KB5034769
    Patch version is 10.0.22621.3155 for KB5034765
    Patch version is 10.0.19041.4046 for KB5034763
    Patch version is 10.0.22000.2777 for KB5034766
    Patch version is 10.0.20348.2322 for KB5034770
    Patch version is 10.0.17763.5458 for KB5034768
    Patch version is 6.3.9600.21811 for KB5034819
    Patch version is 6.2.9200.24709 for KB5034830
    Patch version is 6.1.7601.26958 for KB5034831
    Patch version is 6.1.7601.26958 for KB5034809

    QID Detection Logic (Authenticated):

    This QID checks for the file version of 'ntoskrnl.exe'.

    Note: This QID checks for windows Server 2022 Azuro Hotpatch through below registry key
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Update\TargetingInfo\DynamicInstalled\Hotpatch.amd64

    Consequence
    Successful exploit could compromise Confidentiality, Integrity and Availability

    Solution
    Please refer to the following KB Articles associated with the update:
    KB5034795
    KB5034833
    KB5034767
    KB5034774
    KB5034769
    KB5034765
    KB5034763
    KB5034766
    KB5034770
    KB5034768
    KB5034819
    KB5034830
    KB5034831
    KB5034809

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    KB5034763
    KB5034765
    KB5034766
    KB5034767
    KB5034768
    KB5034769
    KB5034770
    KB5034774
    KB5034795
    KB5034809
    KB5034819
    KB5034830
    KB5034831
    KB5034833

  • Microsoft .NET Core and ASP.NET Core Security Update for February 2024

    Severity
    Critical 4
    Qualys ID
    92112
    Vendor Reference
    CVE-2024-21386, CVE-2024-21404
    CVE Reference
    CVE-2024-21386, CVE-2024-21404
    CVSS Scores
    Base 7.8 / Temporal 5.8
    Description
    Microsoft has released February 2024 security updates for .NET Core and ASP.NET Core to fix multiple security vulnerabilities.

    Affected versions:
    ASP.NET Core and .NET Core 8.0 before version 8.0.2
    ASP.NET Core and .NET Core 7.0 before version 7.0.16
    ASP.NET Core and .NET Core 6.0 before version 6.0.27

    QID Detection Logic: Authenticated
    On Windows, this QID detects vulnerable versions of Microsoft .NET by checking the file version.
    On Linux, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" and "/root/shared/Microsoft.NETCore.App" folders.
    On Mac, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" folder.

    Consequence
    Vulnerable versions of Microsoft .NET Core and ASP.NET Core are prone to Denial of Service vulnerability.

    Solution
    Customers are advised to refer to CVE-2024-21404, CVE-2024-213866 for more information on the vulnerability and it's patch.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2024-21386
    CVE-2024-21404

  • Azure Connected Machine Agent Elevation of Privilege Vulnerability

    Severity
    Serious 3
    Qualys ID
    92113
    Vendor Reference
    CVE-2024-21329
    CVE Reference
    CVE-2024-21329
    CVSS Scores
    Base 4.3 / Temporal 3.2
    Description
    The Azure Connected Machine agent enables you to manage your Windows and Linux machines hosted outside of Azure on your corporate network or other cloud providers. Affected versions:
    All versions before version 1.38

    QID Detection Logic: Authenticated
    On Windows, this QID detects vulnerable versions by checking the file version.
    On Linux, this QID detects vulnerable versions by checking the Azure Arc-enabled version present in "/usr/share/dotnet/shared/Azure Arc-enabled/" and "/root/shared/Azure Arc-enabled" folders.

    Consequence
    Prone to Agent Elevation of Privilege Vulnerability
    Solution
    Customers are advised to refer to CVE-2024-21329

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2024-21329

  • Microsoft Windows Server Security Update for February 2024

    Severity
    Urgent 5
    Qualys ID
    92115
    Vendor Reference
    CVE-2024-21345, CVE-2024-21353
    CVE Reference
    CVE-2024-21345, CVE-2024-21353
    CVSS Scores
    Base 6.5 / Temporal 5.1
    Description
    Microsoft Windows Server Security Update for February 2024

    Affected OS : Windows Server 2022, 23H2 Edition (Server Core installation)

    Patch version is 10.0.25398.709 for KB5034769

    QID Detection Logic (Authenticated):

    This QID checks for the file version of 'ntoskrnl.exe'.

    Consequence
    Successful exploitation of these vulnerabilities may allow an attacker to gain SYSTEM privileges or execute arbitrary code within the context of the user's SQL client application

    Solution
    Please refer to the following KB Articles associated with the update:
    KB5034769

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    KB5034769

  • Microsoft Windows Domain Name System (DNS) Server Denial of Service (DoS) Vulnerability for February 2024

    Severity
    Serious 3
    Qualys ID
    92116
    Vendor Reference
    Microsoft Windows DNS Server Security Advisory
    CVE Reference
    CVE-2023-50387
    CVSS Scores
    Base 5 / Temporal 3.9
    Description
    Microsoft Windows Domain Name System (DNS) Server Security Update - February 2024

    Affected Operating Systems: Windows Server 2012, Windows Server 2012 R2, Windows Server 2008 R2 Service Pack 1, Windows Server 2016, Windows Server 2022, Windows Server 2019, Windows Server 2022, 23H2 Edition (Server Core installation)

    The KB Articles associated with the update:
    Patch version is 6.3.9600.21812 for KB5034819
    Patch version is 6.2.9200.24709 for KB5034830
    Patch version is 6.1.7601.26959 for KB5034831
    Patch version is 6.1.7601.26959 for KB5034809
    Patch version is 10.0.14393.6707 for KB5034767
    Patch version is 10.0.25398.709 for KB5034769
    Patch version is 10.0.20348.2322 for KB5034770
    Patch version is 10.0.17763.5458 for KB5034768

    QID Detection Logic:
    Authenticated: This QID checks for the file version of dns.exe

    Unauthenticated: This QID checks for vulnerable version of Microsoft DNS by checking the DNS version exposed in the banner.

    Consequence
    Successful exploitation of this vulnerability may allow an attacker to exhaust CPU and cause Denial of Service (DoS).
    Solution
    Vendor has released patch. Please refer to Microsoft Windows DNS Server Security Advisory for more information.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    Microsoft Windows DNS Server Security Advisory

These new vulnerability checks are included in Qualys vulnerability signature 2.5.981-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.

Selective Scan Instructions Using Qualys

To perform a selective vulnerability scan, configure a scan profile to use the following options:

  1. Ensure access to TCP ports 135 and 139 are available.
  2. Enable Windows Authentication (specify Authentication Records).
  3. Enable the following Qualys IDs:
    • 110457
    • 110458
    • 50136
    • 92110
    • 92111
    • 92112
    • 92113
    • 92115
    • 92116
  4. If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
  5. If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.

In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.

Access for Qualys Customers

Platforms and Platform Identification

Technical Support

For more information, customers may contact Qualys Technical Support.

About Qualys

The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.