Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 135 vulnerabilities that were fixed in 9 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Microsoft has released 9 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
This security update contains the following:
Office Click-2-Run and Office 365 Release Notes and
Patched Versions for Microsoft 365 (C2R) are:
Current Channel: Version 2403 (Build 17425.20176)
Monthly Enterprise Channel: Version 2402 (Build 17328.20282)
Monthly Enterprise Channel: Version 2401 (Build 17231.20304)
Semi-Annual Enterprise Channel (Preview): Version 2402 (Build 17328.20282)
Semi-Annual Enterprise Channel: Version 2308 (Build 16731.20636)
Semi-Annual Enterprise Channel: Version 2302 (Build 16130.20960)
Office 2021 Retail: Version 2403 (Build 17425.20176)
Office 2019 Retail: Version 2403 (Build 17425.20176)
Volume Licensed Office 2019: Version 1808 (Build 10409.20028)
Volume Licensed Office LTSC 2021: Version 2108 (Build 14332.20685)
Office 2016 Retail: Version 2403 (Build 17425.20176)
Patched Version for Office(Excel) on Mac is: 16.83.1
Microsoft mentioned that Excel is vulnerable too, but update is yet to be released, this QID considers the latest version of excel 16.83 as vulnerable. We will update the QID with correct version as soon as there is an update on the advisory.
QID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office.
Operating System: MacOS
This QID checks for the vulnerable version of office application (Excel).
Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft office April 2024
This security update contains the following KBs:
QID Detection Logic (Authenticated):
Operating System: Windows
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Sharepoint April 2024
Affected Software:
Microsoft ODBC Driver 17 for SQL Server on Windows version prior to 17.10.6.1
Microsoft ODBC Driver 18 for SQL Server on Windows version prior to 18.3.3.1
Microsoft ODBC Driver 17 for SQL Server on Linux version prior to 17.10.6.1
Microsoft ODBC Driver 18 for SQL Server on Linux version prior to 18.3.3.1
Microsoft SQL Server 2022 for x64-based Systems (GDR)
Microsoft SQL Server 2019 for x64-based Systems (GDR)
Microsoft SQL Server 2022 for x64-based Systems ( (CU 12))
Microsoft SQL Server 2019 for x64-based Systems (CU 25)
Microsoft OLE DB Driver 19 for SQL Server version prior to 19.3.3.0
Microsoft OLE DB Driver 18 for SQL Server version prior to 18.7.2.0
QID Detection Logic (Authenticated):
On Windows, this QID checks for the vulnerable version of ODBC and OLE DB via the registry keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft and HKEY_LOCAL_MACHINE\WOW6432Node\SOFTWARE\Microsoft and the related sub keys for ODBC and OLE DB.
On Linux, this QID checks for the vulnerable version of ODBC based on the installed package.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-28906
Patch version is 10.0.19041.4291 for KB5036892
Patch version is 10.0.17763.5696 for KB5036896
Patch version is 10.0.14393.6897 for KB5036899
Patch version is 10.0.10240.20593 for KB5036925
Patch version is 10.0.25398.830 for KB5036910
Patch version is 10.0.22621.3447 for KB5036893
Patch version is 10.0.22000.2899 for KB5036894
Patch version is 6.1.7601.27066 for KB5036967
Patch version is 6.1.7601.27066 for KB5036922
Patch version is 6.0.6003.22616 for KB5036932
Patch version is 6.0.6003.22616 for KB5036950
Patch version is 6.2.9200.24819 for KB5036969
Patch version is 6.3.9600.21919 for KB5036960
Patch version is 10.0.20348.2400 for KB5036909
QID Detection Logic (Authenticated):
This QID checks for the file version of 'ntoskrnl.exe'.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5036892
KB5036893
KB5036894
KB5036896
KB5036899
KB5036909
KB5036910
KB5036922
KB5036925
KB5036932
KB5036950
KB5036960
KB5036967
KB5036969
Affected versions:
.NET 6.0 before version 6.0.29
.NET 7.0 before version 7.0.18
.NET 8.0 before version 8.0.4
QID Detection Logic: Authenticated
On Windows, this QID detects vulnerable versions of Microsoft .NET by checking the file version.
On Linux, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" and "/root/shared/Microsoft.NETCore.App" folders.
On Mac, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" folder.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-21409
Following KBs are covered in this detection:
5037034
5037040
5037039
5037127
5037038
5036899
5037033
5036609
5037036
5037035
5037037
5037041
5037128
5036620
This security update is rated Important for supported versions of Microsoft .NET Framework.
.NET Framework 2.0, 3.0, 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, and 4.8.1
QID Detection Logic (Authenticated):
Checks for vulnerable file version of ntoskrnl.exe or Mscorlib.dll or System.dll or System.web.dll for the respective .Net Framework KBs
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-21409
Affected Operating Systems: Windows Server 2022 (Server Core installation), Windows Server 2016 (Server Core installation) Windows Server 2016, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2022, Windows Server 2019 (Server Core installation), Windows Server 2019
The KB Articles associated with the update:
Patch version is 10.0.20348.2400 for KB5036909
Patch version is 10.0.14393.6897 for KB5036899
Patch version is 10.0.25398.830 for KB5036910
Patch version is 10.0.17763.5696 for KB5036896
QID Detection Logic:
Authenticated: This QID checks for the file version of dns.exe
Unauthenticated: This QID checks for vulnerable version of Microsoft DNS by checking the DNS version exposed in the banner.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-26221
CVE-2024-26222
CVE-2024-26223
CVE-2024-26224
CVE-2024-26227
CVE-2024-26231
CVE-2024-26233
QID Detection Logic: Authenticated : Windows
This QID detects vulnerable versions of Microsoft Visual Studio by checking the registry key "HKLM\SOFTWARE\Microsoft" and file "evenv.exe" to check the version of the Visual Studio.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-21409
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-20670
These new vulnerability checks are included in Qualys vulnerability signature 2.6.22-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
To perform a selective vulnerability scan, configure a scan profile to use the following options:
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Platforms and Platform Identification
For more information, customers may contact Qualys Technical Support.
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.