Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 50 vulnerabilities that were fixed in 9 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Microsoft has released 9 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
This security update contains the following:
KB5002591
KB5002575
and
Office Click-2-Run and Office 365 Release Notes and
Patched Versions for Microsoft 365 (C2R) are:
Current Channel: Version 2405 (Build 17628.20144)
Monthly Enterprise Channel: Version 2404 (Build 17531.20190)
Monthly Enterprise Channel: Version 2403 (Build 17425.20258)
Semi-Annual Enterprise Channel (Preview): Version 2402 (Build 17328.20414)
Semi-Annual Enterprise Channel: Version 2308 (Build 16731.20716)
Semi-Annual Enterprise Channel: Version 2302 (Build 16130.21026)
Office 2021 Retail: Version 2405 (Build 17628.20144)
Office 2019 Retail: Version 2405 (Build 17628.20144)
Office 2016 Retail: Version 2405 (Build 17628.20144)
Office LTSC 2021 Volume Licensed: Version 2108 (Build 14332.20721)
Office 2019 Volume Licensed: Version 1808 (Build 10411.20011)
QID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office.
Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-30101
CVE-2024-30102
CVE-2024-30104
This security update contains the following:
KB5002600 and
Office Click-2-Run and Office 365 Release Notes
Patched Versions for Microsoft 365 (C2R) are:
Current Channel: Version 2405 (Build 17628.20144)
Monthly Enterprise Channel: Version 2404 (Build 17531.20190)
Monthly Enterprise Channel: Version 2403 (Build 17425.20258)
Semi-Annual Enterprise Channel (Preview): Version 2402 (Build 17328.20414)
Semi-Annual Enterprise Channel: Version 2308 (Build 16731.20716)
Semi-Annual Enterprise Channel: Version 2302 (Build 16130.21026)
Office 2021 Retail: Version 2405 (Build 17628.20144)
Office 2019 Retail: Version 2405 (Build 17628.20144)
Office 2016 Retail: Version 2405 (Build 17628.20144)
Office LTSC 2021 Volume Licensed: Version 2108 (Build 14332.20721)
Office 2019 Volume Licensed: Version 1808 (Build 10411.20011)
QID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office.
Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-30103
This security update contains the following KBs:
QID Detection Logic (Authenticated):
Operating System: Windows
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-30100
CVE-2024-35254: A privilege elevation vulnerability was discovered in Azure Monitor Agent.
Affected Versions:
Azure Monitor Agent versions prior to v1.26.0
QID Detection Logic - Windows (Authenticated):
This QID checks for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AzureMonitorAgent and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall to check the vulnerable version of the product.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-35254
Affected Versions:
Amazon Web Services (AWS) FreeRTOS prior to 10.4.3
QID detection logic:
Qid checks for the vulnerable banner of FreeRTOS on HTTP service.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
AWS FreeRTOS v10.4.3 or later
KB5039214
KB5039225
KB5039236
KB5039212
KB5039211
KB5039213
KB5039227
KB5039217
KB5039294
KB5039260
KB5039289
KB5039274
KB5039245
KB5039266
QID Detection Logic (Authenticated):
This QID checks for the file version of 'ntoskrnl.exe'.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5039211
KB5039212
KB5039213
KB5039214
KB5039217
KB5039227
KB5039235
KB5039236
KB5039245
KB5039260
KB5039266
KB5039274
KB5039289
KB5039294
Affected Software:
Microsoft Visual Studio 2022 version 17.10
Microsoft Visual Studio 2022 version 17.8
Microsoft Visual Studio 2022 version 17.6
Microsoft Visual Studio 2022 version 17.4
Microsoft Visual Studio 2019 version 16.11
Microsoft Visual Studio 2019 version 15.9
QID Detection Logic: Authenticated : Windows
This QID detects vulnerable versions of Microsoft Visual Studio by checking the registry key "HKLM\SOFTWARE\Microsoft" and file "devenv.exe" to check the version of the Visual Studio.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-29060
CVE-2024-29187
CVE-2024-30052
The June 2024 update for Microsoft Dynamics 365 fixes the following vulnerability:
QID Detection Logic(Authenticated):
This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.Crm.VssWriterService.exe
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-35248
CVE-2024-35249
CVE-2024-35263
Affected :
Azure File Sync from v16.0 prior to 17.3
Azure File Sync from v18.0 prior to 18.1
QID Detection Logic (Authenticated):
This QID checks for the file version of FileSyncSvc.exe, if this file version is from v16.0 prior to 17.2 and v18.0 it is considered as vulnerable.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-35253
These new vulnerability checks are included in Qualys vulnerability signature 2.6.70-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
To perform a selective vulnerability scan, configure a scan profile to use the following options:
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Platforms and Platform Identification
For more information, customers may contact Qualys Technical Support.
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.