Cloud Platform
Platform
Solutions
Resources
Customers
Partners
Community
Support
Company
Login
Contact us
Try it
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview

  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Compliance
Cloud Security
Cyber Risk Series | Cloud Security Edition | February 28 | Register Now

Microsoft security alert.

June 11, 2024

Advisory overview

Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 50 vulnerabilities that were fixed in 9 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.

Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.

Vulnerability details

Microsoft has released 9 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:

  • Microsoft Office Remote Code Execution (RCE) Vulnerability for June 2024

    Severity
    Urgent 5
    Qualys ID
    110467
    Vendor Reference
    KB5002575, KB5002591, Office Click-2-Run and Office 365 Release Notes
    CVE Reference
    CVE-2024-30101, CVE-2024-30102, CVE-2024-30104
    CVSS Scores
    Base 9 / Temporal 7
    Description
    Microsoft has released June 2024 security updates to fix a Remote Code Execution vulnerability.

    This security update contains the following:
    KB5002591
    KB5002575
    and Office Click-2-Run and Office 365 Release Notes and

    Patched Versions for Microsoft 365 (C2R) are:
    Current Channel: Version 2405 (Build 17628.20144)
    Monthly Enterprise Channel: Version 2404 (Build 17531.20190)
    Monthly Enterprise Channel: Version 2403 (Build 17425.20258)
    Semi-Annual Enterprise Channel (Preview): Version 2402 (Build 17328.20414)
    Semi-Annual Enterprise Channel: Version 2308 (Build 16731.20716)
    Semi-Annual Enterprise Channel: Version 2302 (Build 16130.21026)
    Office 2021 Retail: Version 2405 (Build 17628.20144)
    Office 2019 Retail: Version 2405 (Build 17628.20144)
    Office 2016 Retail: Version 2405 (Build 17628.20144)
    Office LTSC 2021 Volume Licensed: Version 2108 (Build 14332.20721)
    Office 2019 Volume Licensed: Version 1808 (Build 10411.20011)

    QID Detection Logic (Authenticated):
    Operating System: Windows
    The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office.

    Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.

    Consequence
    Vulnerable products may be prone to Remote Code Execution Vulnerability.

    Solution
    Customers are advised to refer to these the Article(s): CVE-2024-30104, CVE-2024-30102, and CVE-2024-30101 for more information regarding these vulnerabilities.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2024-30101
    CVE-2024-30102
    CVE-2024-30104

  • Microsoft Outlook Remote Code Execution (RCE) Vulnerability for June 2024

    Severity
    Urgent 5
    Qualys ID
    110468
    Vendor Reference
    KB5002600
    CVE Reference
    CVE-2024-30103
    CVSS Scores
    Base 9 / Temporal 7.1
    Description
    Microsoft has released June 2024 security updates for outlook to fix a Remote Code Execution Vulnerability.

    This security update contains the following:

    KB5002600 and
    Office Click-2-Run and Office 365 Release Notes

    Patched Versions for Microsoft 365 (C2R) are:
    Current Channel: Version 2405 (Build 17628.20144)
    Monthly Enterprise Channel: Version 2404 (Build 17531.20190)
    Monthly Enterprise Channel: Version 2403 (Build 17425.20258)
    Semi-Annual Enterprise Channel (Preview): Version 2402 (Build 17328.20414)
    Semi-Annual Enterprise Channel: Version 2308 (Build 16731.20716)
    Semi-Annual Enterprise Channel: Version 2302 (Build 16130.21026)
    Office 2021 Retail: Version 2405 (Build 17628.20144)
    Office 2019 Retail: Version 2405 (Build 17628.20144)
    Office 2016 Retail: Version 2405 (Build 17628.20144)
    Office LTSC 2021 Volume Licensed: Version 2108 (Build 14332.20721)
    Office 2019 Volume Licensed: Version 1808 (Build 10411.20011)

    QID Detection Logic (Authenticated):
    Operating System: Windows
    The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office.

    Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.

    Consequence
    Vulnerable outlook may be prone to Remote Code Execution Vulnerability.

    Solution
    Customers are advised to refer to the the Article(s): CVE-2024-30103 for more information regarding this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2024-30103

  • Microsoft SharePoint Server Remote Code Execution (RCE) Vulnerability for June 2024

    Severity
    Critical 4
    Qualys ID
    110469
    Vendor Reference
    KB5002602, KB5002603, KB5002604
    CVE Reference
    CVE-2024-30100
    CVSS Scores
    Base 7.2 / Temporal 5.3
    Description
    Microsoft has released June 2024 security update to fix a remote code execution and an information disclosure vulnerability in its Sharepoint Server Versions 2016, 2019, and Sharepoint Subscription Edition.

    This security update contains the following KBs:

    KB5002603
    KB5002602
    KB5002604

    QID Detection Logic (Authenticated):
    Operating System: Windows

    Consequence
    Vulnerable SharePoint may be prone to Remote Code Execution Vulnerability.

    Solution
    Customers are advised to refer to the the Article(s): CVE-2024-30100 for more information regarding this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2024-30100

  • Microsoft Azure Monitor Agent Privilege Elevation Vulnerability for June 2024 (CVE-2024-35254)

    Severity
    Serious 3
    Qualys ID
    379940
    Vendor Reference
    CVE-2024-35254
    CVE Reference
    CVE-2024-35254
    CVSS Scores
    Base 4.6 / Temporal 3.4
    Description
    Azure Monitor Agent (AMA) collects monitoring data from the guest operating system of Azure and hybrid virtual machines and delivers it to Azure Monitor for use by features, insights, and other services, such as Microsoft Sentinel and Microsoft Defender for Cloud.

    CVE-2024-35254: A privilege elevation vulnerability was discovered in Azure Monitor Agent.

    Affected Versions:
    Azure Monitor Agent versions prior to v1.26.0

    QID Detection Logic - Windows (Authenticated):
    This QID checks for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AzureMonitorAgent and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall to check the vulnerable version of the product.

    Consequence
    An authenticated attacker would be able to delete targeted files on a system which could result in them gaining SYSTEM privileges.
    Solution
    The vendor has released fixed version of the product in CVE-2024-35254

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2024-35254

  • Amazon Web Services (AWS) FreeRTOS Heap Overflow Vulnerability

    Severity
    Critical 4
    Qualys ID
    731579
    Vendor Reference
    FreeRTOS v10.4.3
    CVE Reference
    CVE-2021-32020
    CVSS Scores
    Base 7.5 / Temporal 5.5
    Description
    The kernel in Amazon Web Services (AWS) FreeRTOS fails to insufficiently perform bounds checking during management of heap memory. This may relate to the following functions calling unprivileged code xTaskCreateRestricted, xTaskCreateRestrictedStatic, vTaskAllocateMPURegions.

    Affected Versions:
    Amazon Web Services (AWS) FreeRTOS prior to 10.4.3

    QID detection logic:
    Qid checks for the vulnerable banner of FreeRTOS on HTTP service.

    Consequence
    Successful exploitation could allow an attacker to write to a memory location that is outside of the intended boundary of the buffer.

    Solution
    Customers are advised to upgrade to AWS FreeRTOS v10.4.3 or later versions to remediate these vulnerabilities.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    AWS FreeRTOS v10.4.3 or later

  • Microsoft Windows Security Update for June 2024

    Severity
    Critical 4
    Qualys ID
    92142
    Vendor Reference
    KB5039211, KB5039212, KB5039213, KB5039214, KB5039217, KB5039225, KB5039227, KB5039236, KB5039245, KB5039260, KB5039266, KB5039274, KB5039289, KB5039294
    CVE Reference
    CVE-2023-50868, CVE-2024-30062, CVE-2024-30063, CVE-2024-30064, CVE-2024-30065, CVE-2024-30066, CVE-2024-30067, CVE-2024-30068, CVE-2024-30069, CVE-2024-30070, CVE-2024-30072, CVE-2024-30074, CVE-2024-30075, CVE-2024-30076, CVE-2024-30077, CVE-2024-30078, CVE-2024-30080, CVE-2024-30082, CVE-2024-30083, CVE-2024-30084, CVE-2024-30085, CVE-2024-30086, CVE-2024-30087, CVE-2024-30088, CVE-2024-30089, CVE-2024-30090, CVE-2024-30091, CVE-2024-30093, CVE-2024-30094, CVE-2024-30095, CVE-2024-30096, CVE-2024-30097, CVE-2024-30099, CVE-2024-35250, CVE-2024-35265, CVE-2024-38213
    CVSS Scores
    Base 7.5 / Temporal 6.2
    Description
    Microsoft Windows Security Update - May 2024

    KB5039214
    KB5039225
    KB5039236
    KB5039212
    KB5039211
    KB5039213
    KB5039227
    KB5039217
    KB5039294
    KB5039260
    KB5039289
    KB5039274
    KB5039245
    KB5039266
    QID Detection Logic (Authenticated):

    This QID checks for the file version of 'ntoskrnl.exe'.

    Consequence
    Successful exploit could compromise Confidentiality, Integrity and Availability

    Solution
    Please refer to the following KB Articles associated with the update:
    KB5039214
    KB5039225
    KB5039236
    KB5039212
    KB5039211
    KB5039213
    KB5039227
    KB5039217
    KB5039294
    KB5039260
    KB5039289
    KB5039274
    KB5039245
    KB5039266

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    KB5039211
    KB5039212
    KB5039213
    KB5039214
    KB5039217
    KB5039227
    KB5039235
    KB5039236
    KB5039245
    KB5039260
    KB5039266
    KB5039274
    KB5039289
    KB5039294

  • Microsoft Visual Studio Security Update for June 2024

    Severity
    Critical 4
    Qualys ID
    92143
    Vendor Reference
    CVE-2024-29060, CVE-2024-29187, CVE-2024-30052
    CVE Reference
    CVE-2024-29060, CVE-2024-29187, CVE-2024-30052
    CVSS Scores
    Base 5.7 / Temporal 4.5
    Description
    Microsoft has released March 2024 security updates for Visual Studio to fix multiple security vulnerabilities.

    Affected Software:
    Microsoft Visual Studio 2022 version 17.10
    Microsoft Visual Studio 2022 version 17.8
    Microsoft Visual Studio 2022 version 17.6
    Microsoft Visual Studio 2022 version 17.4
    Microsoft Visual Studio 2019 version 16.11
    Microsoft Visual Studio 2019 version 15.9

    QID Detection Logic: Authenticated : Windows
    This QID detects vulnerable versions of Microsoft Visual Studio by checking the registry key "HKLM\SOFTWARE\Microsoft" and file "devenv.exe" to check the version of the Visual Studio.

    Consequence
    Successfully exploiting this vulnerability within the context of the exploited CVE could lead to Remote Code Execution or Elevation of privileges.
    Solution
    Customers are advised to refer to CVE-2024-29060, CVE-2024-30052, and CVE-2024-29187

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2024-29060
    CVE-2024-29187
    CVE-2024-30052

  • Microsoft Dynamics 365 Security Update for June 2024

    Severity
    Critical 4
    Qualys ID
    92144
    Vendor Reference
    CVE-2024-35248, CVE-2024-35249, CVE-2024-35263
    CVE Reference
    CVE-2024-35248, CVE-2024-35249, CVE-2024-35263
    CVSS Scores
    Base 6.8 / Temporal 5.3
    Description
    Microsoft Dynamics 365 is a product line of enterprise resource planning and customer relationship management intelligent business applications.

    The June 2024 update for Microsoft Dynamics 365 fixes the following vulnerability:

    • CVE-2024-35248: Microsoft Dynamics 365 Business Central elevation of privilege vulnerability
    • CVE-2024-35249: Microsoft Dynamics 365 Business Central remote code execution vulnerability
    • CVE-2024-35263: Microsoft Dynamics 365 (On-Premises) Information disclosure vulnerability
    Affected Software:
    Microsoft Dynamics 365 (on-premises) version 9.1
    Microsoft Dynamics 365 Business Central 2023 Release Wave 1
    Microsoft Dynamics 365 Business Central 2023 Release Wave 2
    Microsoft Dynamics 365 Business Central 2024 Release Wave 1

    QID Detection Logic(Authenticated):
    This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.Crm.VssWriterService.exe

    Consequence
    Depending on the vulnerability being exploited, an unauthenticated, remote attacker could exploit these vulnerabilities to access sensitive information, elevate privileges or execute arbitrary code on the targeted system.

    Solution
    Customers are advised to refer to refer to CVE-2024-35248, CVE-2024-35249 or CVE-2024-35263 for more details pertaining to this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2024-35248
    CVE-2024-35249
    CVE-2024-35263

  • Microsoft Azure File Sync Elevation of Privilege Vulnerability for June 2024

    Severity
    Serious 3
    Qualys ID
    92145
    Vendor Reference
    CVE-2024-35253
    CVE Reference
    CVE-2024-35253
    CVSS Scores
    Base 3.7 / Temporal 2.7
    Description
    Azure File Sync enables you to centralize your organization's file shares in Azure Files, while keeping the flexibility, performance, and compatibility of a Windows file server.

    Affected : Azure File Sync from v16.0 prior to 17.3
    Azure File Sync from v18.0 prior to 18.1

    QID Detection Logic (Authenticated):
    This QID checks for the file version of FileSyncSvc.exe, if this file version is from v16.0 prior to 17.2 and v18.0 it is considered as vulnerable.

    Consequence
    Exploiting this vulnerability would allow the attacker to perform arbitrary deletion of files that are not accessible to unprivileged users on the victim machine.
    Solution
    Customers are advised to refer to CVE-2024-35253 for more details pertaining to this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2024-35253

These new vulnerability checks are included in Qualys vulnerability signature 2.6.70-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.

Selective Scan Instructions Using Qualys

To perform a selective vulnerability scan, configure a scan profile to use the following options:

  1. Ensure access to TCP ports 135 and 139 are available.
  2. Enable Windows Authentication (specify Authentication Records).
  3. Enable the following Qualys IDs:
    • 110467
    • 110468
    • 110469
    • 379940
    • 731579
    • 92142
    • 92143
    • 92144
    • 92145
  4. If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
  5. If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.

In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.

Access for Qualys Customers

Platforms and Platform Identification

Technical Support

For more information, customers may contact Qualys Technical Support.

About Qualys

The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.