Microsoft security alert.
July 9, 2024
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 146 vulnerabilities that were fixed in 11 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 11 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Office Security Update for July 2024
- Severity
- Urgent 5
- Qualys ID
- 110470
- Vendor Reference
- KB5002620, Office Click-2-Run and Office 365 Release Notes
- CVE Reference
- CVE-2024-38020, CVE-2024-38021
- CVSS Scores
- Base 9.4 / Temporal 7.4
- Description
-
Microsoft has released July 2024 security updates to fix Remote Code Execution and Spoofing vulnerabilities.
This security update contains the following:
5002620
Office Click-2-Run and Office 365 Release Notes and
Patched Versions for Microsoft 365 (C2R) are:
Current Channel: Version 2406 (Build 17726.20160)
Monthly Enterprise Channel: Version 2405 (Build 17628.20188)
Monthly Enterprise Channel: Version 2404 (Build 17531.20210)
Semi-Annual Enterprise Channel (Preview): Version 2402 (Build 17328.20452)
Semi-Annual Enterprise Channel: Version 2402 (Build 17328.20452)
Semi-Annual Enterprise Channel: Version 2308 (Build 16731.20738)
Semi-Annual Enterprise Channel: Version 2302 (Build 16130.21042)
Office 2021 Retail: Version 2406 (Build 17726.20160)
Office 2019 Retail: Version 2406 (Build 17726.20160)
Office 2016 Retail: Version 2406 (Build 17726.20160)
Office LTSC 2021 Volume Licensed: Version 2108 (Build 14332.20736)
Office 2019 Volume Licensed: Version 1808 (Build 10412.20006)QID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office.Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
- Consequence
-
Vulnerable products may be prone to Remote Code Execution and/or Spoofing Vulnerabilities.
- Solution
-
Customers are advised to refer to these the Article(s): CVE-2024-38021 and CVE-2024-38020 for more information regarding these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-38020
CVE-2024-38021
-
Microsoft Outlook Security Update for July 2024
- Severity
- Serious 3
- Qualys ID
- 110471
- Vendor Reference
- KB5002621, Office Click-2-Run and Office 365 Release Notes
- CVE Reference
- CVE-2024-38020
- CVSS Scores
- Base 7.8 / Temporal 5.8
- Description
-
Microsoft has released July 2024 security updates for outlook to fix a Spoofing Vulnerability.
This security update contains the following:
KB5002621 and
Office Click-2-Run and Office 365 Release NotesPatched Versions for Microsoft 365 (C2R) are:
Current Channel: Version 2406 (Build 17726.20160)
Monthly Enterprise Channel: Version 2405 (Build 17628.20188)
Monthly Enterprise Channel: Version 2404 (Build 17531.20210)
Semi-Annual Enterprise Channel (Preview): Version 2402 (Build 17328.20452)
Semi-Annual Enterprise Channel: Version 2402 (Build 17328.20452)
Semi-Annual Enterprise Channel: Version 2308 (Build 16731.20738)
Semi-Annual Enterprise Channel: Version 2302 (Build 16130.21042)
Office 2021 Retail: Version 2406 (Build 17726.20160)
Office 2019 Retail: Version 2406 (Build 17726.20160)
Office 2016 Retail: Version 2406 (Build 17726.20160)
Office LTSC 2021 Volume Licensed: Version 2108 (Build 14332.20736)
Office 2019 Volume Licensed: Version 1808 (Build 10412.20006)QID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "outlook.exe" to identify vulnerable versions of Microsoft Outlook.Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
- Consequence
-
Vulnerable outlook may be prone to Spoofing Vulnerability.
- Solution
-
Customers are advised to refer to the the Article(s): CVE-2024-38020 for more information regarding this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-38020
-
Microsoft SharePoint Server Security Update for July 2024
- Severity
- Critical 4
- Qualys ID
- 110472
- Vendor Reference
- KB5002606, KB5002615, KB5002618
- CVE Reference
- CVE-2024-32987, CVE-2024-38023, CVE-2024-38024, CVE-2024-38094
- CVSS Scores
- Base 7.8 / Temporal 6.4
- Description
-
Microsoft has released July 2024 security update to fix a remote code execution and an information disclosure vulnerability in its Sharepoint Server Versions 2016, 2019, and Sharepoint Subscription Edition.
This security update contains the following KBs:
QID Detection Logic (Authenticated):
Operating System: Windows
- Consequence
-
Vulnerable SharePoint may be prone to Remote Code Execution and/or Information Disclosure Vulnerabilities.
- Solution
-
Customers are advised to refer to the the Article(s): CVE-2024-38094, CVE-2024-32987, CVE-2024-38024, and CVE-2024-38023 for more information regarding these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-32987
CVE-2024-38023
CVE-2024-38024
CVE-2024-38094
-
Microsoft Azure CycleCloud Elevation of Privilege Vulnerability July 2024
- Severity
- Critical 4
- Qualys ID
- 380159
- Vendor Reference
- CVE-2024-38092
- CVE Reference
- CVE-2024-38092
- CVSS Scores
- Base 4.6 / Temporal 3.4
- Description
-
Azure CycleCloud is an enterprise-friendly tool for orchestrating and managing High Performance Computing (HPC) environments on Azure.
CVE-2024-38092 : The attacker who successfully exploited the vulnerability could elevate privileges to the Administrator role in the vulnerable Azure CycleCloud instance.
Affected Software:
Azure CycleCloud from 7.9.0 prior to 7.9.11
Azure CycleCloud from 8.0.0 prior to 8.0.2
Azure CycleCloud from 8.1.0 prior to 8.1.1
Azure CycleCloud from 8.2.0 prior to 8.2.2
Azure CycleCloud 8.3.0
Azure CycleCloud from 8.4.0 prior to 8.4.2
Azure CycleCloud 8.5.0
Azure CycleCloud 8.6.0QID Detection Logic(Authenticated):
This authenticated QID flags vulnerable version of Azure CycleCloud
- Consequence
-
Successful exploitation of this vulnerability could elevate privileges to the Administrator role in the vulnerable Azure CycleCloud instance.
- Solution
-
Customers are advised to refer to CVE-2024-38092 for more details pertaining to this vulnerability
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-38092
-
Microsoft SQL Server ODBC and OLE DB Driver for SQL Server Multiple Vulnerabilities for July 2024
- Severity
- Critical 4
- Qualys ID
- 380160
- Vendor Reference
- CVE-2024-20701, CVE-2024-21303, CVE-2024-21308, CVE-2024-21317, CVE-2024-21331, CVE-2024-21332, CVE-2024-21333, CVE-2024-21335, CVE-2024-21373, CVE-2024-21398, CVE-2024-21414, CVE-2024-21415, CVE-2024-21425, CVE-2024-21428, CVE-2024-21449, CVE-2024-28928, CVE-2024-35256, CVE-2024-35271, CVE-2024-35272, CVE-2024-37318, CVE-2024-37319, CVE-2024-37320, CVE-2024-37321, CVE-2024-37322, CVE-2024-37323, CVE-2024-37324, CVE-2024-37326, CVE-2024-37327, CVE-2024-37328, CVE-2024-37329, CVE-2024-37330, CVE-2024-37331, CVE-2024-37332, CVE-2024-37333, CVE-2024-37334, CVE-2024-37336, CVE-2024-38087, CVE-2024-38088
- CVE Reference
- CVE-2024-20701, CVE-2024-21303, CVE-2024-21308, CVE-2024-21317, CVE-2024-21331, CVE-2024-21332, CVE-2024-21333, CVE-2024-21335, CVE-2024-21373, CVE-2024-21398, CVE-2024-21414, CVE-2024-21415, CVE-2024-21425, CVE-2024-21428, CVE-2024-21449, CVE-2024-28928, CVE-2024-35256, CVE-2024-35271, CVE-2024-35272, CVE-2024-37318, CVE-2024-37319, CVE-2024-37320, CVE-2024-37321, CVE-2024-37322, CVE-2024-37323, CVE-2024-37324, CVE-2024-37326, CVE-2024-37327, CVE-2024-37328, CVE-2024-37329, CVE-2024-37330, CVE-2024-37331, CVE-2024-37332, CVE-2024-37333, CVE-2024-37334, CVE-2024-37336, CVE-2024-38087, CVE-2024-38088
- CVSS Scores
- Base 4.6 / Temporal 3.4
- Description
-
Microsoft has released a security update to addressed a Remote Code Execution Vulnerability in OLE DB and ODBC driver for SQL Server. Both of these are APIs for Microsoft SQL server that provide access to a range of data sources.
Affected Software:
Microsoft SQL Server 2017 for x64-based Systems (CU 30)
Microsoft SQL Server 2019 for x64-based Systems (CU 26)
Microsoft SQL Server 2022 for x64-based Systems (CU 12)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) Version 2015.130.6441.0 and below
Microsoft SQL Server 2017 for x64-based Systems (GDR) Version 2017.140.2056.1 and below
Microsoft SQL Server 2019 for x64-based Systems (GDR) Version 2019.150.2116.1 and below
Microsoft SQL Server 2022 for x64-based Systems (GDR) Version 2022.160.1121.3 and below
Microsoft OLE DB Driver 18 for SQL Server version prior to 18.7.0004.0 (18.7.4)
Microsoft OLE DB Driver 19 for SQL Server version prior to 19.3.0005.0 (19.3.5)
QID Detection Logic (Authenticated):
On Windows, this QID checks for the vulnerable version of OLE DB via the registry keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft and HKEY_LOCAL_MACHINE\WOW6432Node\SOFTWARE\Microsoft and the related sub keys for OLE DB.
- Consequence
-
Successful exploitation may lead to remote code execution.
- Solution
-
Customers are advised to refer to CVE-2024-37320, CVE-2024-20701, CVE-2024-21317, CVE-2024-21331, CVE-2024-21425, CVE-2024-37319, CVE-2024-35272, CVE-2024-35271, CVE-2024-38087, CVE-2024-21303, CVE-2024-37321, CVE-2024-21428, CVE-2024-21415, CVE-2024-37324, CVE-2024-21449, CVE-2024-37326, CVE-2024-37327, CVE-2024-37328, CVE-2024-37329, CVE-2024-37330, CVE-2024-37334, CVE-2024-37333, CVE-2024-37336, CVE-2024-28928, CVE-2024-35256, CVE-2024-38088, CVE-2024-37322, CVE-2024-21332 for more information regarding the vulnerabilities and their patches.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-37320
-
Microsoft .NET Security Update for July 2024
- Severity
- Critical 4
- Qualys ID
- 92148
- Vendor Reference
- CVE-2024-30105, CVE-2024-35264, CVE-2024-38081, CVE-2024-38095
- CVE Reference
- CVE-2024-30105, CVE-2024-35264, CVE-2024-38081, CVE-2024-38095
- CVSS Scores
- Base 5.1 / Temporal 3.8
- Description
-
Microsoft has released a security update for .NET that addresses vulnerabilities related to Elevation of Privilege, Denial of Service, and Remote Code Execution.
Affected versions:
.NET 8.0 before version 8.0.7
QID Detection Logic: Authenticated
On Windows, this QID detects vulnerable versions of Microsoft .NET by checking the file version.
On Linux, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" and "/root/shared/Microsoft.NETCore.App" folders.
On Mac, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" folder.
- Consequence
-
Vulnerable versions of Microsoft .NET are prone to Elevation of Privilege, Denial of Service, and Remote Code Execution..
- Solution
-
Customers are advised to refer to CVE-2024-38081, CVE-2024-38095, CVE-2024-30105, CVE-2024-35264 for more details pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-30105
CVE-2024-35264
CVE-2024-38081
CVE-2024-38095
-
Microsoft Windows Security Update for July 2024
- Severity
- Urgent 5
- Qualys ID
- 92149
- Vendor Reference
- KB5040427, KB5040430, KB5040431, KB5040434, KB5040437, KB5040438, KB5040442, KB5040448, KB5040456, KB5040485, KB5040490, KB5040497, KB5040498, KB5040499
- CVE Reference
- CVE-2024-3596, CVE-2024-21417, CVE-2024-26184, CVE-2024-28899, CVE-2024-30013, CVE-2024-30071, CVE-2024-30079, CVE-2024-30081, CVE-2024-30098, CVE-2024-35270, CVE-2024-37969, CVE-2024-37970, CVE-2024-37971, CVE-2024-37972, CVE-2024-37973, CVE-2024-37974, CVE-2024-37975, CVE-2024-37977, CVE-2024-37978, CVE-2024-37981, CVE-2024-37984, CVE-2024-37985, CVE-2024-37986, CVE-2024-37987, CVE-2024-37988, CVE-2024-37989, CVE-2024-38010, CVE-2024-38011, CVE-2024-38013, CVE-2024-38015, CVE-2024-38017, CVE-2024-38019, CVE-2024-38022, CVE-2024-38025, CVE-2024-38027, CVE-2024-38028, CVE-2024-38030, CVE-2024-38031, CVE-2024-38032, CVE-2024-38033, CVE-2024-38034, CVE-2024-38041, CVE-2024-38043, CVE-2024-38044, CVE-2024-38047, CVE-2024-38048, CVE-2024-38049, CVE-2024-38050, CVE-2024-38051, CVE-2024-38052, CVE-2024-38053, CVE-2024-38054, CVE-2024-38055, CVE-2024-38056, CVE-2024-38057, CVE-2024-38058, CVE-2024-38059, CVE-2024-38060, CVE-2024-38061, CVE-2024-38062, CVE-2024-38064, CVE-2024-38065, CVE-2024-38066, CVE-2024-38067, CVE-2024-38068, CVE-2024-38069, CVE-2024-38070, CVE-2024-38071, CVE-2024-38072, CVE-2024-38073, CVE-2024-38074, CVE-2024-38076, CVE-2024-38077, CVE-2024-38078, CVE-2024-38079, CVE-2024-38080, CVE-2024-38085, CVE-2024-38091, CVE-2024-38099, CVE-2024-38100, CVE-2024-38101, CVE-2024-38102, CVE-2024-38104, CVE-2024-38105, CVE-2024-38112, CVE-2024-38161, CVE-2024-38165, CVE-2024-38184, CVE-2024-38185, CVE-2024-38186, CVE-2024-38187, CVE-2024-38191, CVE-2024-38517, CVE-2024-39684
- CVSS Scores
- Base 7.5 / Temporal 6.2
- Description
-
Microsoft Windows Security Update - July 2024
Patch version is 10.0.17763.6054 for KB5040430
Patch version is 10.0.14393.7155 for KB5040434
Patch version is 10.0.10240.20708 for KB5040448
Patch version is 10.0.25398.1009 for KB5040438
Patch version is 10.0.22621.3880 for KB5040442
Patch version is 10.0.19041.4648 for KB5040427
Patch version is 10.0.22000.3079 for KB5040431
Patch version is 10.0.20348.2582 for KB5040437
Patch version is 6.3.9600.22073 for KB5040456
Patch version is 6.2.9200.24975 for KB5040485
Patch version is 6.1.7601.27216 for KB5040497
Patch version is 6.1.7601.27216 for KB5040498
Patch version is 6.0.6003.22768 for KB5040499
Patch version is 6.0.6003.22768 for KB5040490QID Detection Logic (Authenticated):
This QID checks for the file version of 'ntoskrnl.exe'.
- Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
- Solution
-
Please refer to the following KB Articles associated with the update:
KB5040430
KB5040434
KB5040448
KB5040438
KB5040442
KB5040427
KB5040431
KB5040437
KB5040456
KB5040485
KB5040497
KB5040498
KB5040499
KB5040490
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5040427
KB5040430
KB5040431
KB5040434
KB5040437
KB5040438
KB5040442
KB5040448
KB5040456
KB5040485
KB5040490
KB5040497
KB5040498
KB5040499
-
Microsoft .NET Framework Update for July 2024
- Severity
- Serious 3
- Qualys ID
- 92150
- Vendor Reference
- 5039885, 5039895, 5040434, 5040448, 5041016, 5041017, 5041018, 5041019, 5041020, 5041021, 5041022, 5041023, 5041024, 5041026, 5041027
- CVE Reference
- CVE-2024-38081
- CVSS Scores
- Base 4.6 / Temporal 3.4
- Description
-
A Remote Code Execution Vulnerability exist in Microsoft .Net Framework.
Following KBs are covered in this detection:
5040448
5040434
5041017
5041020
5041016
5041023
5041022
5041021
5041026
5039885
5041024
5041027
5039895
5041019
5041018
This security update is rated Important for supported versions of Microsoft .NET Framework.
.NET Framework 2.0, 3.0, 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, and 4.8.1QID Detection Logic (Authenticated):
Checks for vulnerable file version of ntoskrnl.exe or Mscorlib.dll or System.dll or System.web.dll for the respective .Net Framework KBs
- Consequence
- Successful exploitation may allow a attacker to have Elevated Privileges.
- Solution
-
Customers are advised to refer to CVE-2024-38081 for more details pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-38081
-
Microsoft Azure DevOps Server Security Update for July 2024
- Severity
- Serious 3
- Qualys ID
- 92151
- Vendor Reference
- CVE-2024-35266, CVE-2024-35267
- CVE Reference
- CVE-2024-35266, CVE-2024-35267
- CVSS Scores
- Base 9.7 / Temporal 7.2
- Description
-
Azure DevOps Server is a Microsoft product that provides version control, reporting, requirements management, project management, automated builds, testing, and release management capabilities.
Affected Software:
Azure DevOps Server 2022.1QID Detection Logic(Authenticated):
This authenticated QID flags vulnerable systems by detecting vulnerable versions for file Microsoft.TeamFoundation.Framework.Server.dll. - Consequence
-
An attacker who successfully exploited this vulnerability could view sensitive information, make changes to disclosed information, and they might be able to force a crash within the server.
- Solution
-
Customers are advised to refer to CVE-2024-35266, CVE-2024-35267 for more details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-35266
CVE-2024-35267
-
Microsoft Visual Studio Security Update for July 2024
- Severity
- Critical 4
- Qualys ID
- 92152
- Vendor Reference
- CVE-2024-30105, CVE-2024-35264, CVE-2024-38081, CVE-2024-38095
- CVE Reference
- CVE-2024-30105, CVE-2024-35264, CVE-2024-38081, CVE-2024-38095
- CVSS Scores
- Base 5.1 / Temporal 3.8
- Description
-
Microsoft has released July 2024 security updates for Visual Studio to fix multiple security vulnerabilities.
Affected Versions:
Microsoft Visual Studio 2022 version 17.10
Microsoft Visual Studio 2022 version 17.8
Microsoft Visual Studio 2022 version 17.6
Microsoft Visual Studio 2022 version 17.4QID Detection Logic (Authenticated):
Windows
This QID detects vulnerable versions of Microsoft Visual Studio by checking the registry key "HKLM\SOFTWARE\Microsoft" and file "devenv.exe" to check the version of the Visual Studio.
- Consequence
- Successful exploitation of these vulnerabilities may allow an attacker to cause denial of service, privilege escalation or code execution on the targeted system.
- Solution
-
Customers are advised to refer to CVE-2024-38095, CVE-2024-38081,CVE-2024-35264 and CVE-2024-30105 for further pactch details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-30105
CVE-2024-35264
CVE-2024-38081
CVE-2024-38095
-
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability for July 2024
- Severity
- Critical 4
- Qualys ID
- 92153
- Vendor Reference
- CVE-2024-30061
- CVE Reference
- CVE-2024-30061
- CVSS Scores
- Base 9.4 / Temporal 7
- Description
-
Microsoft Dynamics 365 is a product line of enterprise resource planning and customer relationship management intelligent business applications.
The vulnerability exists because of improper authorization, which could allow an attacker to access sensitive information by monitoring domain network traffic, monitoring for user generated network traffic.
Affected Software:
Microsoft Dynamics CRM (on-premises) version 9.1QID Detection Logic(Authenticated):
This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.Crm.Setup.Server.exe - Consequence
-
Successful exploitation allows an unauthenticated, remote attacker to gain access to data stored in the underlying datasets in Dataverse, that could include Personal Identifiable Information.
- Solution
-
Customers are advised to refer to refer to CVE-2024-30061 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-30061
These new vulnerability checks are included in Qualys vulnerability signature 2.6.90-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 110470
- 110471
- 110472
- 380159
- 380160
- 92148
- 92149
- 92150
- 92151
- 92152
- 92153
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.