Microsoft security alert.
May 14, 2024
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 55 vulnerabilities that were fixed in 5 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 5 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Office Remote Code Execution (RCE) Vulnerability for May 2024
- Severity
- Critical 4
- Qualys ID
- 110465
- Vendor Reference
- KB5002503, KB5002587, Office Click-2-Run and Office 365 Release Notes
- CVE Reference
- CVE-2024-30042
- CVSS Scores
- Base 7.2 / Temporal 5.3
- Description
-
Microsoft has released May 2024 security updates to fix a Remote Code Execution vulnerability.
This security update contains the following:
KB5002587
KB5002503
and Office Click-2-Run and Office 365 Release Notes and
Patched Versions for Microsoft 365 (C2R) are:
Current Channel: Version 2404 (Build 17531.20152)
Monthly Enterprise Channel: Version 2403 (Build 17425.20236)
Monthly Enterprise Channel: Version 2402 (Build 17328.20346)
Semi-Annual Enterprise Channel (Preview): Version 2402 (Build 17328.20346)
Semi-Annual Enterprise Channel: Version 2308 (Build 16731.20674)
Semi-Annual Enterprise Channel: Version 2302 (Build 16130.20990)
Office 2021 Retail: Version 2404 (Build 17531.20152)
Office 2019 Retail: Version 2404 (Build 17531.20152)
Office 2016 Retail: Version 2404 (Build 17531.20152)
Office LTSC 2021 Volume Licensed: Version 2108 (Build 14332.20706)
Office 2019 Volume Licensed: Version 1808 (Build 10410.20026)Patched Version for Office(Excel) on Mac is: 16.84.1
Note: Microsoft has mentioned that there is a security update for Mac Excel for the month of May 2024, but has no release information. Hence, considering the version 16.84.1 as patched version because the previous Excel version for Mac is 16.84. We will be monitoring its release notes and will update the Signature once the information becomes available.QID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office.Operating System: MacOS
This QID checks for the vulnerable version of office application (Excel).Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
- Consequence
-
Vulnerable products may be prone to Remote Code Execution Vulnerability.
- Solution
-
Customers are advised to refer to these the Article(s): CVE-2024-30042 for more information regarding this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-30042
-
Microsoft SharePoint Server Security Update for May 2024
- Severity
- Critical 4
- Qualys ID
- 110466
- Vendor Reference
- KB5002596, KB5002598, KB5002599
- CVE Reference
- CVE-2024-30043, CVE-2024-30044
- CVSS Scores
- Base 9 / Temporal 7.1
- Description
-
Microsoft has released May 2024 security update to fix a remote code execution and an information disclosure vulnerability in its Sharepoint Server Versions 2016, 2019, and Sharepoint Subscription Edition.
This security update contains the following KBs:
QID Detection Logic (Authenticated):
Operating System: Windows
- Consequence
-
Vulnerable applications may be prone to remote code execution and /or an information disclosure vulnerability.
- Solution
-
Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Sharepoint May 2024
-
Microsoft .NET Security Update for May 2024
- Severity
- Serious 3
- Qualys ID
- 92135
- Vendor Reference
- CVE-2024-30045, CVE-2024-30046
- CVE Reference
- CVE-2024-30045, CVE-2024-30046
- CVSS Scores
- Base 7.5 / Temporal 5.5
- Description
-
Microsoft has released a security update for .NET which resolves Remote Code Execution vulnerability.
Affected versions:
.NET 7.0 before version 7.0.19
.NET 8.0 before version 8.0.5QID Detection Logic: Authenticated
On Windows, this QID detects vulnerable versions of Microsoft .NET by checking the file version.
On Linux, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" and "/root/shared/Microsoft.NETCore.App" folders.
On Mac, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" folder.
- Consequence
-
Vulnerable versions of Microsoft .NET are prone to Remote Code Execution vulnerability.
- Solution
-
Customers are advised to refer to CVE-2024-30045 for more details pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-30045
CVE-2024-30046
-
Microsoft Visual Studio Security Update for May 2024
- Severity
- Critical 4
- Qualys ID
- 92136
- Vendor Reference
- CVE-2024-30045, CVE-2024-30046, CVE-2024-32002, CVE-2024-32004
- CVE Reference
- CVE-2024-30045, CVE-2024-30046, CVE-2024-32002, CVE-2024-32004
- CVSS Scores
- Base 7.6 / Temporal 6
- Description
-
Microsoft has released March 2024 security updates for Visual Studio to fix multiple security vulnerabilities.
Affected Software:
Microsoft Visual Studio 2022 version 17.9
Microsoft Visual Studio 2022 version 17.8
Microsoft Visual Studio 2022 version 17.6
Microsoft Visual Studio 2022 version 17.4
Microsoft Visual Studio 2019 version 16.11
Microsoft Visual Studio 2019 version 15.9QID Detection Logic: Authenticated : Windows
This QID detects vulnerable versions of Microsoft Visual Studio by checking the registry key "HKLM\SOFTWARE\Microsoft" and file "devenv.exe" to check the version of the Visual Studio.
- Consequence
- Successfully exploiting this vulnerability within the context of the exploited CVE could lead to Denial of Service or Remote Code Execution.
- Solution
-
Customers are advised to refer to CVE-2024-30045, CVE-2024-30046, CVE-2024-32004, and CVE-2024-32002 for more information on the vulnerability and it's patch.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-30045
CVE-2024-30046
CVE-2024-32002
CVE-2024-32004
-
Microsoft Windows Security Update for May 2024
- Severity
- Critical 4
- Qualys ID
- 92139
- Vendor Reference
- KB5037763, KB5037765, KB5037768, KB5037770, KB5037771, KB5037778, KB5037780, KB5037781, KB5037782, KB5037788, KB5037800, KB5037803, KB5037823, KB5037836
- CVE Reference
- CVE-2024-26238, CVE-2024-29994, CVE-2024-29996, CVE-2024-29997, CVE-2024-29998, CVE-2024-29999, CVE-2024-30000, CVE-2024-30001, CVE-2024-30002, CVE-2024-30003, CVE-2024-30004, CVE-2024-30005, CVE-2024-30006, CVE-2024-30007, CVE-2024-30008, CVE-2024-30009, CVE-2024-30010, CVE-2024-30011, CVE-2024-30012, CVE-2024-30014, CVE-2024-30015, CVE-2024-30016, CVE-2024-30017, CVE-2024-30018, CVE-2024-30019, CVE-2024-30020, CVE-2024-30021, CVE-2024-30022, CVE-2024-30023, CVE-2024-30024, CVE-2024-30025, CVE-2024-30027, CVE-2024-30028, CVE-2024-30029, CVE-2024-30030, CVE-2024-30031, CVE-2024-30032, CVE-2024-30033, CVE-2024-30034, CVE-2024-30035, CVE-2024-30036, CVE-2024-30037, CVE-2024-30038, CVE-2024-30039, CVE-2024-30040, CVE-2024-30049, CVE-2024-30050, CVE-2024-30051
- CVSS Scores
- Base 7.2 / Temporal 6
- Description
-
Microsoft Windows Security Update - May 2024
KB5037765
KB5037782
KB5037770
KB5037768
KB5037771
KB5037781
KB5037788
KB5037763
KB5037800
KB5037836
KB5037780
KB5037803
KB5037778
KB5037823
QID Detection Logic (Authenticated):
This QID checks for the file version of 'ntoskrnl.exe'.
- Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
- Solution
-
Please refer to the following KB Articles associated with the update:
KB5037765
KB5037782
KB5037770
KB5037768
KB5037771
KB5037781
KB5037788
KB5037763
KB5037800
KB5037836
KB5037780
KB5037803
KB5037778
KB5037823
Workaround:
https://support.microsoft.com/en-us/topic/may-23-2024-kb5039705-os-build-17763-5830-out-of-band-2285667a-13a3-4fd9-98a0-e980eb996aacPatches:
The following are links for downloading patches to fix these vulnerabilities:
KB5037763
KB5037765
KB5037768
KB5037770
KB5037771
KB5037778
KB5037780
KB5037781
KB5037782
KB5037788
KB5037800
KB5037803
KB5037823
KB5037836
These new vulnerability checks are included in Qualys vulnerability signature 2.6.49-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 110465
- 110466
- 92135
- 92136
- 92139
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.