Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Compliance
Cloud Security

Microsoft security alert.

August 13, 2024

Advisory overview

Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 70 vulnerabilities that were fixed in 13 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.

Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.

Vulnerability details

Microsoft has released 13 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:

  • Microsoft Office Security Update for August 2024

    Severity
    Critical 4
    Qualys ID
    110473
    Vendor Reference
    KB5002570, KB5002586, KB5002625, Office Click-2-Run and Office 365 Release Notes
    CVE Reference
    CVE-2024-38169, CVE-2024-38170, CVE-2024-38171, CVE-2024-38172, CVE-2024-38189, CVE-2024-38200
    CVSS Scores
    Base 7.8 / Temporal 6.4
    Description
    Microsoft has released August 2024 security updates to fix Remote Code Execution and Spoofing vulnerabilities.

    This security update contains the following:
    5002586
    5002625
    5002570
    Office Click-2-Run and Office 365 Release Notes and

    Current Channel: Version 2407 (Build 17830.20166)
    Monthly Enterprise Channel: Version 2406 (Build 17726.20206)
    Monthly Enterprise Channel: Version 2405 (Build 17628.20206)
    Semi-Annual Enterprise Channel (Preview): Version 2402 (Build 17328.20550)
    Semi-Annual Enterprise Channel: Version 2402 (Build 17328.20550)
    Semi-Annual Enterprise Channel: Version 2308 (Build 16731.20792)
    Semi-Annual Enterprise Channel: Version 2302 (Build 16130.21094)
    Office 2021 Retail: Version 2407 (Build 17830.20166)
    Office 2019 Retail: Version 2407 (Build 17830.20166)
    Office 2016 Retail: Version 2407 (Build 17830.20166)
    Office LTSC 2021 Volume Licensed: Version 2108 (Build 14332.20763)
    Office 2019 Volume Licensed: Version 1808 (Build 10413.20020)

    QID Detection Logic (Authenticated):
    Operating System: Windows
    The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office.

    Operating System: MacOS
    This QID checks for the vulnerable versions of affected Office Applications.

    Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.

    Consequence
    Vulnerable products may be prone to Remote Code Execution and/or Spoofing Vulnerabilities.

    Solution
    Customers are advised to refer to these the Article(s): CVE-2024-38189, CVE-2024-38171, CVE-2024-38170, CVE-2024-38169, CVE-2024-38172, and CVE-2024-38200 for more information regarding these vulnerabilities.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2024-38169
    CVE-2024-38170
    CVE-2024-38171
    CVE-2024-38172
    CVE-2024-38189
    CVE-2024-38200

  • Microsoft Outlook Remote Code Execution (RCE) Vulnerability for August 2024

    Severity
    Serious 3
    Qualys ID
    110474
    Vendor Reference
    CVE-2024-38173
    CVE Reference
    CVE-2024-38173
    CVSS Scores
    Base 6.5 / Temporal 4.8
    Description
    Microsoft has released August 2024 security updates for outlook to fix a Remote Code Execution Vulnerability.

    This security update contains the following:

    KB5002626 and
    Office Click-2-Run and Office 365 Release Notes

    Patched Versions for Microsoft 365 (C2R) are:
    Current Channel: Version 2407 (Build 17830.20166)
    Monthly Enterprise Channel: Version 2406 (Build 17726.20206)
    Monthly Enterprise Channel: Version 2405 (Build 17628.20206)
    Semi-Annual Enterprise Channel (Preview): Version 2402 (Build 17328.20550)
    Semi-Annual Enterprise Channel: Version 2402 (Build 17328.20550)
    Semi-Annual Enterprise Channel: Version 2308 (Build 16731.20792)
    Semi-Annual Enterprise Channel: Version 2302 (Build 16130.21094)
    Office 2021 Retail: Version 2407 (Build 17830.20166)
    Office 2019 Retail: Version 2407 (Build 17830.20166)
    Office 2016 Retail: Version 2407 (Build 17830.20166)
    Office LTSC 2021 Volume Licensed: Version 2108 (Build 14332.20763)
    Office 2019 Volume Licensed: Version 1808 (Build 10413.20020)

    QID Detection Logic (Authenticated):
    Operating System: Windows
    The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "outlook.exe" to identify vulnerable versions of Microsoft Outlook.

    Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.

    Consequence
    Vulnerable outlook may be prone to Remote Code Execution Vulnerability.

    Solution
    Customers are advised to refer to the the Article(s): CVE-2024-38173 for more information regarding this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2024-38173

  • Microsoft Azure CycleCloud Remote Code Execution (RCE) Vulnerability for August 2024

    Severity
    Critical 4
    Qualys ID
    380329
    Vendor Reference
    CVE-2024-38195
    CVE Reference
    CVE-2024-38195
    CVSS Scores
    Base 7.2 / Temporal 5.3
    Description
    Azure CycleCloud is an enterprise-friendly tool for orchestrating and managing High Performance Computing (HPC) environments on Azure.

    An authenticated attacker with Azure CycleCloud instance command execution capabilities might send a specially crafted request to return storage account credentials and runtime data.

    Affected Software:

    Azure CycleCloud from 8.0.0 prior to 8.0.2
    Azure CycleCloud from 8.1.0 prior to 8.1.1
    Azure CycleCloud from 8.2.0 prior to 8.2.2
    Azure CycleCloud 8.3.0
    Azure CycleCloud from 8.4.0 prior to 8.4.2
    Azure CycleCloud 8.5.0
    Azure CycleCloud 8.6.0 prior to 8.6.2

    QID Detection Logic (Authenticated):
    On Linux, this authenticated QID flags vulnerable version of Azure CycleCloud.

    Consequence
    Successful exploitation of this vulnerability could enable remote code execution to be performed on any cluster in the CycleCloud instance.

    Solution
    Customers are advised to refer to CVE-2024-38195 for more details pertaining to this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2024-38195

  • Microsoft .NET Security Update for August 2024

    Severity
    Critical 4
    Qualys ID
    92156
    Vendor Reference
    CVE-2024-38167, CVE-2024-38168
    CVE Reference
    CVE-2024-38167, CVE-2024-38168
    CVSS Scores
    Base 7.8 / Temporal 5.8
    Description
    Microsoft has released a security update for .NET that addresses vulnerabilities related to Information Disclosure, and Denial of Service. Affected versions:
    .NET 8.0 before version 8.0.8

    QID Detection Logic: Authenticated
    On Windows, this QID detects vulnerable versions of Microsoft .NET by checking the file version.
    On Linux, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" and "/root/shared/Microsoft.NETCore.App" folders.
    On Mac, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" folder.

    Consequence

    Vulnerable versions of Microsoft .NET are prone to Information Disclosure, and Denial of Service.

    Solution
    Customers are advised to refer to CVE-2024-38167, CVE-2024-38168,

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2024-38167
    CVE-2024-38168

  • Microsoft Dynamics 365 (On-Premises) Cross-Site Scripting (XSS) Vulnerability for August 2024

    Severity
    Critical 4
    Qualys ID
    92157
    Vendor Reference
    CVE-2024-38211
    CVE Reference
    CVE-2024-38211
    CVSS Scores
    Base 7.5 / Temporal 5.5
    Description
    Microsoft Dynamics 365 is a product line of enterprise resource planning and customer relationship management intelligent business applications.

    The vulnerability exists if malicious scripts are executed in the Victim's browser. To excute the malicious scripts the user would have to click on a specially crafted URL to be compromised by the attacker.

    Affected Software:
    Microsoft Dynamics CRM (on-premises) version 9.1

    QID Detection Logic(Authenticated):
    This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.Crm.Setup.Server.exe

    Consequence
    The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site. The user would have to click on a specially crafted URL to be compromised by the attacker.

    Solution
    Customers are advised to refer to refer to CVE-2024-38211 for more details pertaining to this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2024-38211

  • Microsoft Windows Domain Name System (DNS) Spoofing Vulnerability for August 2024

    Severity
    Critical 4
    Qualys ID
    92158
    Vendor Reference
    CVE-2024-37968
    CVE Reference
    CVE-2024-37968
    CVSS Scores
    Base 3.5 / Temporal 2.6
    Description
    Microsoft Windows Domain Name System (DNS) Server Security Update - August 2024

    Affected Operating Systems: Windows Server 2012 R2 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 (Server Core installation), Windows Server 2012, Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation), Windows Server 2022 23H2 Edition (Server Core installation), Windows Server 2022 (Server Core installation), Windows Server 2022, Windows Server 2019 (Server Core installation), Windows Server 2019

    The KB Articles associated with the update:
    Patch version is 10.0.9600.22134 for KB5041828
    Patch version is 10.0.9200.25031 for KB5041851
    Patch version is 10.0.7601.27277 for KB5041838,KB5041823
    Patch version is 10.0.6003.22825 for KB5041850 , KB5041847
    Patch version is 10.0.25398.1085 and 10.0.14393.7259 for KB5041773
    Patch version is 10.0.20348.2655 for KB5041160
    Patch version is 10.0.17763.6189 for KB5041578

    QID Detection Logic:
    Authenticated: This QID checks for the file version of dns.exe

    Unauthenticated: This QID checks for vulnerable version of Microsoft DNS by checking the DNS version exposed in the banner.

    Consequence
    Successful exploitation of this vulnerability may affect Integrity and Availability.
    Solution
    Vendor has released patch. Please refer to the following advisories for more information.
    CVE-2024-37968

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2024-37968

  • Microsoft Visual Studio Security Update for August 2024

    Severity
    Critical 4
    Qualys ID
    92159
    Vendor Reference
    CVE-2024-38167, CVE-2024-38168
    CVE Reference
    CVE-2024-38167, CVE-2024-38168
    CVSS Scores
    Base 7.8 / Temporal 5.8
    Description

    Microsoft has released a security update for Visual Studio that addresses vulnerabilities related to Information Disclosure, and Denial of Service.

    Affected Versions:
    Microsoft Visual Studio 2022 version 17.10
    Microsoft Visual Studio 2022 version 17.8
    Microsoft Visual Studio 2022 version 17.6

    QID Detection Logic (Authenticated):

    Windows
    This QID detects vulnerable versions of Microsoft Visual Studio by checking the registry key "HKLM\SOFTWARE\Microsoft" and file "devenv.exe" to check the version of the Visual Studio.

    Consequence

    Vulnerable versions of Microsoft Visual Studio are prone to Information Disclosure, and Denial of Service.

    Solution
    Customers are advised to refer to CVE-2024-38167, CVE-2024-38168,

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2024-38167
    CVE-2024-38168

  • Microsoft Windows Security Update for August 2024

    Severity
    Urgent 5
    Qualys ID
    92160
    Vendor Reference
    KB5041160, KB5041571, KB5041573, KB5041578, KB5041580, KB5041585, KB5041592, KB5041773, KB5041782, KB5041823, KB5041828, KB5041838, KB5041847, KB5041850, KB5041851
    CVE Reference
    CVE-2022-2601, CVE-2022-3775, CVE-2023-40547, CVE-2024-29995, CVE-2024-38106, CVE-2024-38107, CVE-2024-38114, CVE-2024-38115, CVE-2024-38116, CVE-2024-38117, CVE-2024-38118, CVE-2024-38120, CVE-2024-38121, CVE-2024-38122, CVE-2024-38123, CVE-2024-38125, CVE-2024-38126, CVE-2024-38127, CVE-2024-38128, CVE-2024-38130, CVE-2024-38131, CVE-2024-38132, CVE-2024-38133, CVE-2024-38134, CVE-2024-38135, CVE-2024-38136, CVE-2024-38137, CVE-2024-38138, CVE-2024-38140, CVE-2024-38141, CVE-2024-38142, CVE-2024-38143, CVE-2024-38144, CVE-2024-38145, CVE-2024-38146, CVE-2024-38147, CVE-2024-38148, CVE-2024-38150, CVE-2024-38151, CVE-2024-38152, CVE-2024-38153, CVE-2024-38154, CVE-2024-38155, CVE-2024-38178, CVE-2024-38180, CVE-2024-38193, CVE-2024-38196, CVE-2024-38198, CVE-2024-38214, CVE-2024-38215, CVE-2024-38223
    CVSS Scores
    Base 7.5 / Temporal 6.2
    Description
    Microsoft Windows Security Update - August 2024

    KB5041571
    KB5041585
    KB5041580
    KB5041592
    KB5041160
    KB5041773
    KB5041782
    KB5041573
    KB5041578
    KB5041851
    KB5041838
    KB5041823
    KB5041850
    KB5041847
    KB5041828
    QID Detection Logic (Authenticated):

    This QID checks for the file version of 'ntoskrnl.exe'.

    Consequence
    Successful exploit could compromise Confidentiality, Integrity and Availability

    Solution
    Please refer to the following KB Articles associated with the update:
    KB5041571
    KB5041585
    KB5041580
    KB5041592
    KB5041160
    KB5041773
    KB5041782
    KB5041573
    KB5041578
    KB5041851
    KB5041838
    KB5041823
    KB5041850
    KB5041847
    KB5041828

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    KB5041160
    KB5041571
    KB5041573
    KB5041578
    KB5041580
    KB5041585
    KB5041592
    KB5041773
    KB5041782
    KB5041823
    KB5041828
    KB5041838
    KB5041847
    KB5041850
    KB5041851

  • Microsoft Windows Network Virtualization Remote Code Execution (RCE) Vulnerability for August 2024

    Severity
    Urgent 5
    Qualys ID
    92161
    Vendor Reference
    CVE-2024-38159, CVE-2024-38160
    CVE Reference
    CVE-2024-38159, CVE-2024-38160
    CVSS Scores
    Base 4.1 / Temporal 3
    Description
    Microsoft Windows Network Virtualization Security Update - August 2024

    Affected Operating Systems: Windows Server 2016 (Server Core installation), Windows Server 2016, Windows 10 Version 1607 for x64-based Systems, Windows 10 Version 1607 for 32-bit Systems

    The KB Articles associated with the update:
    Patch version is 10.0.14393.7259 for KB5041773

    QID Detection Logic:
    Authenticated: This QID checks for the file version of Windows Network Virtualization

    Consequence
    An attacker could exploit the vulnerability by taking advantage of the unchecked return value in the wnv.sys component of Windows Server 2016

    Solution
    Vendor has released patch. Please refer to the following advisories for more information.
    CVE-2024-38160
    CVE-2024-38159

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2024-38159
    CVE-2024-38160

  • Microsoft Azure Connected Machine Agent Elevation of Privilege Vulnerability for August 2024

    Severity
    Critical 4
    Qualys ID
    92162
    Vendor Reference
    CVE-2024-38098, CVE-2024-38162
    CVE Reference
    CVE-2024-38098, CVE-2024-38162
    CVSS Scores
    Base 7.2 / Temporal 5.3
    Description
    The Azure Connected Machine agent enables you to manage your Windows and Linux machines hosted outside of Azure on your corporate network or other cloud providers.

    Affected versions:
    All versions before version 1.45

    QID Detection Logic: Authenticated
    On Windows, this QID detects vulnerable versions by checking the file version.
    On Linux, this QID detects vulnerable versions by checking the Azure Arc-enabled version present in "/usr/share/dotnet/shared/Azure Arc-enabled/" and "/root/shared/Azure Arc-enabled" folders.

    Consequence
    An attacker who successfully exploited this vulnerability could create or delete files in the security context of the NT AUTHORITY\ SYSTEM account and gain system privileges.

    Solution
    Customers are advised to refer to CVE-2024-38162 and CVE-2024-38098 for more information on these vulnerabilities and their patches.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2024-38098
    CVE-2024-38162

  • Microsoft Windows App Installer Spoofing Vulnerability for August 2024

    Severity
    Critical 4
    Qualys ID
    92163
    Vendor Reference
    CVE-2024-38177
    CVE Reference
    CVE-2024-38177
    CVSS Scores
    Base 4.6 / Temporal 3.4
    Description
    CVE-2024-38177: Windows App Installer Spoofing Vulnerability

    QID Detection Logic (authenticated):
    The detection gets the version of Microsoft.DesktopAppInstaller by querying wmi class Win32_InstalledStoreProgram.

    Consequence
    An attacker could craft a malicious attachment to be used in phishing campaigns
    Solution
    Please refer to the CVE-2024-38177.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2024-38177

  • Microsoft Windows Line Printer Daemon (LPD) Service Remote Code Execution (RCE) Vulnerability

    Severity
    Urgent 5
    Qualys ID
    92164
    Vendor Reference
    CVE-2024-38199
    CVE Reference
    CVE-2024-38199
    CVSS Scores
    Base 7.5 / Temporal 5.5
    Description
    An unauthenticated attacker could send a specially crafted print task to a shared vulnerable Windows Line Printer Daemon (LPD) service across a network. Successful exploitation could result in remote code execution on the server.

    Affected Products:
    All Operating Systems mentioned in CVE-2024-38199

    Consequence
    Successful exploit could compromise Confidentiality, Integrity and Availability

    Solution
    Please refer to this advisory page for more information and updates on this Vulnerability, CVE-2024-38199

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2024-38199

  • Microsoft Windows Transmission Control Protocol/Internet Protocol (TCP/IP) Remote Code Execution (RCE) Vulnerability for August 2024

    Severity
    Urgent 5
    Qualys ID
    92165
    Vendor Reference
    CVE-2024-38063
    CVE Reference
    CVE-2024-38063
    CVSS Scores
    Base 10 / Temporal 7.8
    Description
    A remote code execution vulnerability exists in Microsoft Windows TCP/IP.

    Patch version is 10.0.26100.1455 for KB5041571
    Patch version is 10.0.22621.4036 for KB5041585
    Patch version is 10.0.19041.4780 for KB5041580
    Patch version is 10.0.22000.3147 for KB5041592
    Patch version is 10.0.20348.2652 for KB5041160
    Patch version is 10.0.14393.7254 for KB5041773
    Patch version is 10.0.10240.20747 for KB5041782
    Patch version is 10.0.25398.1085 for KB5041573
    Patch version is 10.0.17763.6189 for KB5041578
    Patch version is 6.2.9200.25016 for KB5041851
    Patch version is 6.1.7601.27265 for KB5041838
    Patch version is 6.1.7601.27265 for KB5041823
    Patch version is 6.0.6003.22814 for KB5041850
    Patch version is 6.0.6003.22814 for KB5041847
    Patch version is 6.3.9600.22131 for KB5041828
    QID Detection Logic (Authenticated):
    This QID checks for the file version of ntoskrnl.exe. The QID additionally checks if IPv6 is enabled on the host.

    Consequence
    An unauthenticated attacker could repeatedly send IPv6 packets, that include specially crafted packets, to a Windows machine which could enable remote code execution.
    Solution
    Customers are advised to refer to CVE-2024-38063 for more information pertaining to this vulnerability.

    Patches:
    The following are links for downloading patches to fix these vulnerabilities:
    CVE-2024-38063

These new vulnerability checks are included in Qualys vulnerability signature 2.6.116-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.

Selective Scan Instructions Using Qualys

To perform a selective vulnerability scan, configure a scan profile to use the following options:

  1. Ensure access to TCP ports 135 and 139 are available.
  2. Enable Windows Authentication (specify Authentication Records).
  3. Enable the following Qualys IDs:
    • 110473
    • 110474
    • 380329
    • 92156
    • 92157
    • 92158
    • 92159
    • 92160
    • 92161
    • 92162
    • 92163
    • 92164
    • 92165
  4. If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
  5. If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.

In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.

Access for Qualys Customers

Platforms and Platform Identification

Technical Support

For more information, customers may contact Qualys Technical Support.

About Qualys

The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.