Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 70 vulnerabilities that were fixed in 13 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Microsoft has released 13 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
This security update contains the following:
5002586
5002625
5002570
Office Click-2-Run and Office 365 Release Notes and
Current Channel: Version 2407 (Build 17830.20166)
Monthly Enterprise Channel: Version 2406 (Build 17726.20206)
Monthly Enterprise Channel: Version 2405 (Build 17628.20206)
Semi-Annual Enterprise Channel (Preview): Version 2402 (Build 17328.20550)
Semi-Annual Enterprise Channel: Version 2402 (Build 17328.20550)
Semi-Annual Enterprise Channel: Version 2308 (Build 16731.20792)
Semi-Annual Enterprise Channel: Version 2302 (Build 16130.21094)
Office 2021 Retail: Version 2407 (Build 17830.20166)
Office 2019 Retail: Version 2407 (Build 17830.20166)
Office 2016 Retail: Version 2407 (Build 17830.20166)
Office LTSC 2021 Volume Licensed: Version 2108 (Build 14332.20763)
Office 2019 Volume Licensed: Version 1808 (Build 10413.20020)
QID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office.
Operating System: MacOS
This QID checks for the vulnerable versions of affected Office Applications.
Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-38169
CVE-2024-38170
CVE-2024-38171
CVE-2024-38172
CVE-2024-38189
CVE-2024-38200
This security update contains the following:
KB5002626 and
Office Click-2-Run and Office 365 Release Notes
Patched Versions for Microsoft 365 (C2R) are:
Current Channel: Version 2407 (Build 17830.20166)
Monthly Enterprise Channel: Version 2406 (Build 17726.20206)
Monthly Enterprise Channel: Version 2405 (Build 17628.20206)
Semi-Annual Enterprise Channel (Preview): Version 2402 (Build 17328.20550)
Semi-Annual Enterprise Channel: Version 2402 (Build 17328.20550)
Semi-Annual Enterprise Channel: Version 2308 (Build 16731.20792)
Semi-Annual Enterprise Channel: Version 2302 (Build 16130.21094)
Office 2021 Retail: Version 2407 (Build 17830.20166)
Office 2019 Retail: Version 2407 (Build 17830.20166)
Office 2016 Retail: Version 2407 (Build 17830.20166)
Office LTSC 2021 Volume Licensed: Version 2108 (Build 14332.20763)
Office 2019 Volume Licensed: Version 1808 (Build 10413.20020)
QID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "outlook.exe" to identify vulnerable versions of Microsoft Outlook.
Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-38173
An authenticated attacker with Azure CycleCloud instance command execution capabilities might send a specially crafted request to return storage account credentials and runtime data.
Affected Software:
Azure CycleCloud from 8.0.0 prior to 8.0.2
Azure CycleCloud from 8.1.0 prior to 8.1.1
Azure CycleCloud from 8.2.0 prior to 8.2.2
Azure CycleCloud 8.3.0
Azure CycleCloud from 8.4.0 prior to 8.4.2
Azure CycleCloud 8.5.0
Azure CycleCloud 8.6.0 prior to 8.6.2
QID Detection Logic (Authenticated):
On Linux, this authenticated QID flags vulnerable version of Azure CycleCloud.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-38195
QID Detection Logic: Authenticated
On Windows, this QID detects vulnerable versions of Microsoft .NET by checking the file version.
On Linux, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" and "/root/shared/Microsoft.NETCore.App" folders.
On Mac, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" folder.
Vulnerable versions of Microsoft .NET are prone to Information Disclosure, and Denial of Service.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-38167
CVE-2024-38168
The vulnerability exists if malicious scripts are executed in the Victim's browser. To excute the malicious scripts the user would have to click on a specially crafted URL to be compromised by the attacker.
Affected Software:
Microsoft Dynamics CRM (on-premises) version 9.1
QID Detection Logic(Authenticated):
This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.Crm.Setup.Server.exe
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-38211
Affected Operating Systems: Windows Server 2012 R2 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 (Server Core installation), Windows Server 2012, Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation), Windows Server 2022 23H2 Edition (Server Core installation), Windows Server 2022 (Server Core installation), Windows Server 2022, Windows Server 2019 (Server Core installation), Windows Server 2019
The KB Articles associated with the update:
Patch version is 10.0.9600.22134 for KB5041828
Patch version is 10.0.9200.25031 for KB5041851
Patch version is 10.0.7601.27277 for KB5041838,KB5041823
Patch version is 10.0.6003.22825 for KB5041850 , KB5041847
Patch version is 10.0.25398.1085 and 10.0.14393.7259 for KB5041773
Patch version is 10.0.20348.2655 for KB5041160
Patch version is 10.0.17763.6189 for KB5041578
QID Detection Logic:
Authenticated: This QID checks for the file version of dns.exe
Unauthenticated: This QID checks for vulnerable version of Microsoft DNS by checking the DNS version exposed in the banner.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-37968
Microsoft has released a security update for Visual Studio that addresses vulnerabilities related to Information Disclosure, and Denial of Service.
Affected Versions:
Windows
This QID detects vulnerable versions of Microsoft Visual Studio by checking the registry key "HKLM\SOFTWARE\Microsoft" and file "devenv.exe" to check the version of the Visual Studio.
Vulnerable versions of Microsoft Visual Studio are prone to Information Disclosure, and Denial of Service.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-38167
CVE-2024-38168
KB5041571
KB5041585
KB5041580
KB5041592
KB5041160
KB5041773
KB5041782
KB5041573
KB5041578
KB5041851
KB5041838
KB5041823
KB5041850
KB5041847
KB5041828
QID Detection Logic (Authenticated):
This QID checks for the file version of 'ntoskrnl.exe'.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5041160
KB5041571
KB5041573
KB5041578
KB5041580
KB5041585
KB5041592
KB5041773
KB5041782
KB5041823
KB5041828
KB5041838
KB5041847
KB5041850
KB5041851
Affected Operating Systems: Windows Server 2016 (Server Core installation), Windows Server 2016, Windows 10 Version 1607 for x64-based Systems, Windows 10 Version 1607 for 32-bit Systems
The KB Articles associated with the update:
Patch version is 10.0.14393.7259 for KB5041773
QID Detection Logic:
Authenticated: This QID checks for the file version of Windows Network Virtualization
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-38159
CVE-2024-38160
Affected versions:
All versions before version 1.45
QID Detection Logic: Authenticated
On Windows, this QID detects vulnerable versions by checking the file version.
On Linux, this QID detects vulnerable versions by checking the Azure Arc-enabled version present in "/usr/share/dotnet/shared/Azure Arc-enabled/" and "/root/shared/Azure Arc-enabled" folders.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-38098
CVE-2024-38162
QID Detection Logic (authenticated):
The detection gets the version of Microsoft.DesktopAppInstaller by querying wmi class Win32_InstalledStoreProgram.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-38177
Affected Products:
All Operating Systems mentioned in CVE-2024-38199
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-38199
Patch version is 10.0.26100.1455 for KB5041571
Patch version is 10.0.22621.4036 for KB5041585
Patch version is 10.0.19041.4780 for KB5041580
Patch version is 10.0.22000.3147 for KB5041592
Patch version is 10.0.20348.2652 for KB5041160
Patch version is 10.0.14393.7254 for KB5041773
Patch version is 10.0.10240.20747 for KB5041782
Patch version is 10.0.25398.1085 for KB5041573
Patch version is 10.0.17763.6189 for KB5041578
Patch version is 6.2.9200.25016 for KB5041851
Patch version is 6.1.7601.27265 for KB5041838
Patch version is 6.1.7601.27265 for KB5041823
Patch version is 6.0.6003.22814 for KB5041850
Patch version is 6.0.6003.22814 for KB5041847
Patch version is 6.3.9600.22131 for KB5041828
QID Detection Logic (Authenticated):
This QID checks for the file version of ntoskrnl.exe. The QID additionally checks if IPv6 is enabled on the host.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-38063
These new vulnerability checks are included in Qualys vulnerability signature 2.6.116-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
To perform a selective vulnerability scan, configure a scan profile to use the following options:
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Platforms and Platform Identification
For more information, customers may contact Qualys Technical Support.
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.