Cloud Platform
Platform
Solutions
Resources
Customers
Partners
Community
Support
Company
Login
Contact us
Try it
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview

  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Compliance
Cloud Security
Cyber Risk Series | Cloud Security Edition | February 28 | Register Now

Microsoft security alert.

March 12, 2024

Advisory overview

Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 52 vulnerabilities that were fixed in 12 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.

Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.

Vulnerability details

Microsoft has released 12 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:

  • Microsoft Office Security Update for March 2024

    Severity
    Critical 4
    Qualys ID
    110460
    Vendor Reference
    Office Click-2-Run and Office 365 Release Notes
    CVE Reference
    CVE-2024-26199
    CVSS Scores
    Base 7.2 / Temporal 5.3
    Description
    Microsoft has released March 2024 security updates to fix an Elevation of Privilege vulnerability.

    This security update contains the following:
    Office Click-2-Run and Office 365 Release Notes and

    Patched Versions for Microsoft 365 (C2R) are:
    Current Channel: Version 2402 (Build 17328.20184)
    Monthly Enterprise Channel: Version 2401 (Build 17231.20290)
    Monthly Enterprise Channel: Version 2312 (Build 17126.20216)
    Semi-Annual Enterprise Channel (Preview): Version 2402 (Build 17328.20184)
    Semi-Annual Enterprise Channel: Version 2308 (Build 16731.20600)
    Semi-Annual Enterprise Channel: Version 2302 (Build 16130.20928)
    Office 2021 Retail: Version 2402 (Build 17328.20184)
    Office 2019 Retail: Version 2402 (Build 17328.20184)
    Office 2016 Retail: Version 2402 (Build 17328.20184)

    QID Detection Logic (Authenticated):
    Operating System: Windows
    The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office.

    Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.

    Consequence
    Vulnerable products may be prone to Elevation of Privilege Vulnerability.

    Solution
    Customers are advised to refer to these the Article(s): Office Click-2-Run and Office 365 Release Notes for more information regarding this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    Microsoft office March 2024

  • Microsoft SharePoint Server Remote Code Execution (RCE) Vulnerability for March 2024

    Severity
    Critical 4
    Qualys ID
    110461
    Vendor Reference
    KB5002559, KB5002562, KB5002564
    CVE Reference
    CVE-2024-21426
    CVSS Scores
    Base 7.2 / Temporal 5.3
    Description
    Microsoft has released March 2024 security update to fix a remote code execution vulnerability in its Sharepoint Server Versions 2016, 2019, and Sharepoint Subscription Edition.

    This security update contains the following KBs:

    KB5002564
    KB5002562
    KB5002559

    QID Detection Logic (Authenticated):
    Operating System: Windows

    Consequence
    Successful exploitation allows an attacker to perform Remote Code Execution.

    Solution
    Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.

    KB5002564
    KB5002562
    KB5002559

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    Microsoft Sharepoint March 2024

  • Microsoft Visual Studio Code Security Update for March 2024

    Severity
    Critical 4
    Qualys ID
    379492
    Vendor Reference
    CVE-2024-26165
    CVE Reference
    CVE-2024-26165
    CVSS Scores
    Base 6.5 / Temporal 4.8
    Description
    Visual Studio Code is a lightweight but powerful source code editor which runs on your desktop and is available for Windows, macOS and Linux.

    Affected Versions:
    Visual studio code prior to version 1.87.2

    QID Detection Logic(Authenticated):
    This QID checks for the vulnerable versions of Visual Studio Code.

    Consequence

    A successful attack will cause attacker to gain Elevated Privileges

    Solution
    Customers are advised to refer to CVE-2024-26165for more information pertaining to this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2024-26165

  • Skype for Consumer Remote Code Execution Vulnerability March 2024

    Severity
    Critical 4
    Qualys ID
    379494
    Vendor Reference
    CVE-2024-21411
    CVE Reference
    CVE-2024-21411
    CVSS Scores
    Base 10 / Temporal 7.4
    Description
    Skype is peer-to-peer communications software that supports Internet-based voice communications.

    Skype versions prior to 8.113.0.210 for Windows are affected.

    Consequence
    An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality.
    Solution
    Users are advised to check CVE-2024-21411 for more information.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2024-21411

  • Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability for March 2024

    Severity
    Critical 4
    Qualys ID
    379495
    Vendor Reference
    CVE-2024-21330, CVE-2024-21334
    CVE Reference
    CVE-2024-21330, CVE-2024-21334
    CVSS Scores
    Base 7.2 / Temporal 5.3
    Description
    Open Management Infrastructure (OMI) is an open-source Web-Based Enterprise Management (WBEM) implementation for managing Linux and UNIX systems. SCOM uses this framework to orchestrate configuration management and log collection on Linux VMs.

    Affected Software:
    System Center Operations Manager (SCOM) 2019
    System Center Operations Manager (SCOM) 2022

    QID Detection Logic (Authenticated):
    The QID checks for vulnerable version of Open Management Infrastructure (OMI version prior to v1.8.1-0 are affected).

    Consequence
    Successful exploitation of this vulnerability will locally elevate the attacker's privileges to communicate as Root with OMI server.

    Solution
    Users are advised to check the advisory for more information.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2024-21330
    CVE-2024-21334

  • Microsoft Exchange Server Multiple Vulnerabilities for March 2024

    Severity
    Critical 4
    Qualys ID
    50137
    Vendor Reference
    CVE-2024-26198
    CVE Reference
    CVE-2024-26198
    CVSS Scores
    Base 10 / Temporal 7.4
    Description
    Microsoft Exchange Server 2019 and 2016 are affected by multiple vulnerabilities.

    KB Articles associated with this update are: KB5036402, KB5036401, KB5036386

    Affected Versions:
    Microsoft Exchange Server 2019 Cumulative Update 14
    Microsoft Exchange Server 2019 Cumulative Update 13
    Microsoft Exchange Server 2016 Cumulative Update 23

    QID Detection Logic (Authenticated):
    The QID checks for vulnerable version of Microsoft Exchange Server 2019 by checking the file version of Exsetup.exe.

    For Microsoft Exchange Server 2016, please see the vendor advisory for CVE-2024-26198.

    QID Detection Logic: (Unauthenticated)
    This QID sends a HTTP GET request to "/owa" endpoint and checks for vulnerable version of Microsoft Exchange Server.

    Consequence
    Successful exploitation of the vulnerability may allow remote code execution and spoofing.

    Solution
    Microsoft has released patch, customers are advised to refer to KB5036402, KB5036401, KB5036386 for information pertaining to this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    KB5036386
    KB5036401
    KB5036402

  • Microsoft Windows Security Update for March 2024

    Severity
    Critical 4
    Qualys ID
    92121
    Vendor Reference
    KB5035845, KB5035849, KB5035853, KB5035854, KB5035855, KB5035856, KB5035857, KB5035858, KB5035885, KB5035888, KB5035919, KB5035920, KB5035930, KB5035933
    CVE Reference
    CVE-2023-28746, CVE-2024-21407, CVE-2024-21408, CVE-2024-21427, CVE-2024-21429, CVE-2024-21430, CVE-2024-21431, CVE-2024-21432, CVE-2024-21433, CVE-2024-21434, CVE-2024-21435, CVE-2024-21436, CVE-2024-21437, CVE-2024-21438, CVE-2024-21439, CVE-2024-21440, CVE-2024-21441, CVE-2024-21442, CVE-2024-21443, CVE-2024-21444, CVE-2024-21445, CVE-2024-21446, CVE-2024-21450, CVE-2024-21451, CVE-2024-26159, CVE-2024-26160, CVE-2024-26161, CVE-2024-26162, CVE-2024-26166, CVE-2024-26169, CVE-2024-26170, CVE-2024-26173, CVE-2024-26174, CVE-2024-26176, CVE-2024-26177, CVE-2024-26178, CVE-2024-26181, CVE-2024-26182, CVE-2024-26185, CVE-2024-26190, CVE-2024-26197
    CVSS Scores
    Base 7.6 / Temporal 5.6
    Description
    Microsoft Windows Security Update - March 2024

    Patch version is 10.0.17763.5576 for KB5035849
    Patch version is for 10.0.20348.2340 KB5035857
    Patch version is for 10.0.22000.2836 KB5035854
    Patch version is for 10.0.19041.4170 KB5035845
    Patch version is for 10.0.22621.3296 KB5035853
    Patch version is for 10.0.25398.763 KB5035856
    Patch version is for 10.0.10240.20526 KB5035858
    Patch version is for 10.0.14393.6795 KB5035855
    Patch version is for 6.2.9200.24768 KB5035930
    Patch version is for 6.3.9600.21871 KB5035885
    Patch version is for 6.0.6003.22567 KB5035920
    Patch version is for 6.0.6003.22567 KB5035933
    Patch version is for 6.1.7601.27017 KB5035888
    Patch version is for 6.1.7601.27017 KB5035919
    QID Detection Logic (Authenticated):

    This QID checks for the file version of 'ntoskrnl.exe'.

    Note: This QID checks for windows Server 2022 Azure Hotpatch through below registry key
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Update\TargetingInfo\DynamicInstalled\Hotpatch.amd64

    Consequence
    Successful exploit could compromise Confidentiality, Integrity and Availability

    Solution
    Please refer to the following KB Articles associated with the update:
    KB5035849
    KB5035857
    KB5035854
    KB5035845
    KB5035853
    KB5035856
    KB5035858
    KB5035855
    KB5035930
    KB5035885
    KB5035920
    KB5035933
    KB5035888
    KB5035919

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    5035845
    5035849
    5035853
    5035854
    5035855
    5035856
    5035857
    5035858
    5035885
    5035888
    5035919
    5035920
    5035930
    5035933

  • Microsoft Dynamics 365 Security Update for March 2024

    Severity
    Critical 4
    Qualys ID
    92122
    Vendor Reference
    CVE-2024-21419
    CVE Reference
    CVE-2024-21419
    CVSS Scores
    Base 4.3 / Temporal 3.2
    Description
    Microsoft Dynamics 365 is a product line of enterprise resource planning and customer relationship management intelligent business applications.

    The March 2024 update for Microsoft Dynamics 365 fixes the following vulnerability:

    • CVE-2024-21419: Microsoft Dynamics 365 (on-premises) cross-site scripting (XSS) vulnerability
    Affected Software:
    Microsoft Dynamics 365 (on-premises) version 9.1

    QID Detection Logic(Authenticated):
    This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.Crm.Setup.Server.exe:

    Consequence
    Successful exploitation allows an unauthenticated, remote attacker to conduct cross-site scripting (XSS) vulnerability attacks on a targeted system.

    Solution
    Customers are advised to refer to refer to CVE-2024-21419 for more details pertaining to this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2024-21419

  • Microsoft Defender Security Feature Bypass Vulnerability March 2024

    Severity
    Serious 3
    Qualys ID
    92123
    Vendor Reference
    CVE-2024-20671
    CVE Reference
    CVE-2024-20671
    CVSS Scores
    Base 4.6 / Temporal 3.4
    Description
    Microsoft Malware Protection Platform is affected by a security feature bypass vulnerability CVE-2024-20671.

    Affected Versions / Software:
    Microsoft Malware Protection Platform prior to Version 4.18.24010.12

    QID Detection Logic (Authenticated):
    The authenticated check looks for the version of "ProtectionManagement.dll" file.

    Consequence
    Successful exploitation of this vulnerability could prevent Microsoft Defender from starting.

    Solution
    Users are advised to check CVE-2024-20671 for more information.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2024-20671

  • Microsoft Django Backend for SQL Server Remote Code Execution (RCE) Vulnerability

    Severity
    Critical 4
    Qualys ID
    92124
    Vendor Reference
    CVE-2024-26164
    CVE Reference
    CVE-2024-26164
    CVSS Scores
    Base 6.8 / Temporal 5
    Description
    Microsoft Django Backend for SQL Server contains a remote code execution vulnerability.
    Consequence
    Successful exploitation allows an unauthenticated, remote attacker to execute arbitrary code on the targeted system.

    Solution
    Microsoft has released patch, customers are advised to refer to CVE-2024-26164 for information pertaining to this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2024-26164

  • Microsoft .NET Security Update for March 2024

    Severity
    Serious 3
    Qualys ID
    92126
    Vendor Reference
    CVE-2024-21392, CVE-2024-26190
    CVE Reference
    CVE-2024-21392, CVE-2024-26190
    CVSS Scores
    Base 5 / Temporal 3.7
    Description
    Microsoft has released a security Update for .NET which resolves Denial of Service vulnerabilities.

    Affected versions:
    .NET 7.0 before version 7.0.17
    .NET 8.0 before version 8.0.3

    QID Detection Logic: Authenticated
    On Windows, this QID detects vulnerable versions of Microsoft .NET by checking the file version.
    On Linux, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" and "/root/shared/Microsoft.NETCore.App" folders.
    On Mac, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" folder.

    Consequence
    Vulnerable versions of Microsoft .NET are prone to Denial of Service vulnerabilities.

    Solution
    Customers are advised to refer to CVE-2024-26190, CVE-2024-21392 for more details pertaining to these vulnerabilities.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2024-21392
    CVE-2024-26190

  • Microsoft Visual Studio Security Update for March 2024

    Severity
    Critical 4
    Qualys ID
    92127
    Vendor Reference
    CVE-2024-21392, CVE-2024-26190
    CVE Reference
    CVE-2024-21392, CVE-2024-26190
    CVSS Scores
    Base 7.8 / Temporal 5.8
    Description
    Microsoft has released March 2024 security updates for Visual Studio to fix multiple security vulnerabilities.

    Affected Software:
    Microsoft Visual Studio 2022 version 17.4
    Microsoft Visual Studio 2022 version 17.8
    Microsoft Visual Studio 2022 version 17.9
    Microsoft Visual Studio 2022 version 17.6

    QID Detection Logic: Authenticated : Windows
    This QID detects vulnerable versions of Microsoft Visual Studio by checking the registry key "HKLM\SOFTWARE\Microsoft" and file "devenv.exe" to check the version of the Visual Studio.

    Consequence
    Successful exploitation of this vulnerability can lead to Denial of Service.
    Solution
    Customers are advised to refer to CVE-2024-26190 and https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21392 for more information on the vulnerability and it's patch.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2024-21392
    CVE-2024-26190

These new vulnerability checks are included in Qualys vulnerability signature 2.6.2-4. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.

Selective Scan Instructions Using Qualys

To perform a selective vulnerability scan, configure a scan profile to use the following options:

  1. Ensure access to TCP ports 135 and 139 are available.
  2. Enable Windows Authentication (specify Authentication Records).
  3. Enable the following Qualys IDs:
    • 110460
    • 110461
    • 379492
    • 379494
    • 379495
    • 50137
    • 92121
    • 92122
    • 92123
    • 92124
    • 92126
    • 92127
  4. If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
  5. If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.

In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.

Access for Qualys Customers

Platforms and Platform Identification

Technical Support

For more information, customers may contact Qualys Technical Support.

About Qualys

The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.