Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 52 vulnerabilities that were fixed in 12 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Microsoft has released 12 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
This security update contains the following:
Office Click-2-Run and Office 365 Release Notes and
Patched Versions for Microsoft 365 (C2R) are:
Current Channel: Version 2402 (Build 17328.20184)
Monthly Enterprise Channel: Version 2401 (Build 17231.20290)
Monthly Enterprise Channel: Version 2312 (Build 17126.20216)
Semi-Annual Enterprise Channel (Preview): Version 2402 (Build 17328.20184)
Semi-Annual Enterprise Channel: Version 2308 (Build 16731.20600)
Semi-Annual Enterprise Channel: Version 2302 (Build 16130.20928)
Office 2021 Retail: Version 2402 (Build 17328.20184)
Office 2019 Retail: Version 2402 (Build 17328.20184)
Office 2016 Retail: Version 2402 (Build 17328.20184)
QID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office.
Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft office March 2024
This security update contains the following KBs:
QID Detection Logic (Authenticated):
Operating System: Windows
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Sharepoint March 2024
Affected Versions:
Visual studio code prior to version 1.87.2
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of Visual Studio Code.
A successful attack will cause attacker to gain Elevated Privileges
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-26165
Skype versions prior to 8.113.0.210 for Windows are affected.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-21411
Affected Software:
System Center Operations Manager (SCOM) 2019
System Center Operations Manager (SCOM) 2022
QID Detection Logic (Authenticated):
The QID checks for vulnerable version of Open Management Infrastructure (OMI version prior to v1.8.1-0 are affected).
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-21330
CVE-2024-21334
KB Articles associated with this update are: KB5036402, KB5036401, KB5036386
Affected Versions:
Microsoft Exchange Server 2019 Cumulative Update 14
Microsoft Exchange Server 2019 Cumulative Update 13
Microsoft Exchange Server 2016 Cumulative Update 23
QID Detection Logic (Authenticated):
The QID checks for vulnerable version of Microsoft Exchange Server 2019 by checking the file version of Exsetup.exe.
For Microsoft Exchange Server 2016, please see the vendor advisory for CVE-2024-26198.
QID Detection Logic: (Unauthenticated)
This QID sends a HTTP GET request to "/owa" endpoint and checks for vulnerable version of Microsoft Exchange Server.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5036386
KB5036401
KB5036402
Patch version is 10.0.17763.5576 for KB5035849
Patch version is for 10.0.20348.2340 KB5035857
Patch version is for 10.0.22000.2836 KB5035854
Patch version is for 10.0.19041.4170 KB5035845
Patch version is for 10.0.22621.3296 KB5035853
Patch version is for 10.0.25398.763 KB5035856
Patch version is for 10.0.10240.20526 KB5035858
Patch version is for 10.0.14393.6795 KB5035855
Patch version is for 6.2.9200.24768 KB5035930
Patch version is for 6.3.9600.21871 KB5035885
Patch version is for 6.0.6003.22567 KB5035920
Patch version is for 6.0.6003.22567 KB5035933
Patch version is for 6.1.7601.27017 KB5035888
Patch version is for 6.1.7601.27017 KB5035919
QID Detection Logic (Authenticated):
This QID checks for the file version of 'ntoskrnl.exe'.
Note: This QID checks for windows Server 2022 Azure Hotpatch through below registry key
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Update\TargetingInfo\DynamicInstalled\Hotpatch.amd64
Patches:
The following are links for downloading patches to fix these vulnerabilities:
5035845
5035849
5035853
5035854
5035855
5035856
5035857
5035858
5035885
5035888
5035919
5035920
5035930
5035933
The March 2024 update for Microsoft Dynamics 365 fixes the following vulnerability:
QID Detection Logic(Authenticated):
This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.Crm.Setup.Server.exe:
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-21419
Affected Versions / Software:
Microsoft Malware Protection Platform prior to Version 4.18.24010.12
QID Detection Logic (Authenticated):
The authenticated check looks for the version of "ProtectionManagement.dll" file.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-20671
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-26164
Affected versions:
.NET 7.0 before version 7.0.17
.NET 8.0 before version 8.0.3
QID Detection Logic: Authenticated
On Windows, this QID detects vulnerable versions of Microsoft .NET by checking the file version.
On Linux, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" and "/root/shared/Microsoft.NETCore.App" folders.
On Mac, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" folder.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-21392
CVE-2024-26190
Affected Software:
Microsoft Visual Studio 2022 version 17.4
Microsoft Visual Studio 2022 version 17.8
Microsoft Visual Studio 2022 version 17.9
Microsoft Visual Studio 2022 version 17.6
QID Detection Logic: Authenticated : Windows
This QID detects vulnerable versions of Microsoft Visual Studio by checking the registry key "HKLM\SOFTWARE\Microsoft" and file "devenv.exe" to check the version of the Visual Studio.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-21392
CVE-2024-26190
These new vulnerability checks are included in Qualys vulnerability signature 2.6.2-4. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
To perform a selective vulnerability scan, configure a scan profile to use the following options:
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Platforms and Platform Identification
For more information, customers may contact Qualys Technical Support.
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.