Microsoft security alert.
October 8, 2024
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 112 vulnerabilities that were fixed in 11 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 11 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft SharePoint Server Security Update for October 2024
- Severity
- Critical 4
- Qualys ID
- 110478
- Vendor Reference
- KB5002645, KB5002647, KB5002649
- CVE Reference
- CVE-2024-43503
- CVSS Scores
- Base 7.2 / Temporal 5.3
- Description
-
Microsoft has released October 2024 security update to fix an elevation of privilege vulnerability in its Sharepoint Server Versions 2016, 2019, and Sharepoint Subscription Edition.
This security update contains the following KBs:
QID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Sharepoint via the Windows Registry. Below is the mapping of the Filename, patched version, and KB details checked for each applicable Product:
ONETUTIL.DLL - 16.0.5469.1000 (KB5002645)
ONETUTIL.DLL - 16.0.10415.20001 (KB5002647)
mssmsg.dll - 16.0.17928.20162 (KB5002649) - Consequence
-
Vulnerable SharePoint may be prone to Elevation of Privilege Vulnerability.
- Solution
-
Customers are advised to refer to the below Article:
CVE-2024-43503 for more information regarding the vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-43503
-
Microsoft Office Security Update for October 2024
- Severity
- Critical 4
- Qualys ID
- 110479
- Vendor Reference
- KB5002635, KB5002643, Office Click-2-Run and Office 365 Release Notes
- CVE Reference
- CVE-2024-43504, CVE-2024-43505, CVE-2024-43576, CVE-2024-43609, CVE-2024-43616
- CVSS Scores
- Base 7.2 / Temporal 5.3
- Description
-
Microsoft has released October 2024 security updates to fix Remote Code Execution, and Spoofing vulnerabilities.
This security update contains the following:
KB5002635
KB5002643
and Office Click-2-Run and Office 365 Release Notes and
QID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office.Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
- Consequence
-
Vulnerable products may be prone to Remote Code Execution, and/or Spoofing Vulnerabilities.
- Solution
-
Customers are advised to refer to these the Article(s):
CVE-2024-43616,
CVE-2024-43609,
CVE-2024-43576,
CVE-2024-43505, and
CVE-2024-43504 for more information regarding these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-43504
CVE-2024-43505
CVE-2024-43576
CVE-2024-43609
CVE-2024-43616
-
Microsoft Visual Studio Code Security Update for October 2024
- Severity
- Critical 4
- Qualys ID
- 380598
- Vendor Reference
- CVE-2024-43601
- CVE Reference
- CVE-2024-43601
- CVSS Scores
- Base 7.5 / Temporal 5.5
- Description
-
Visual Studio Code is a lightweight but powerful source code editor which runs on your desktop and is available for Windows, macOS and Linux.
Affected Versions:
Visual studio code prior to version 1.94.1QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of Visual Studio Code.
- Consequence
-
A successful attack may allow remote code execution
- Solution
-
Customers are advised to refer to CVE-2024-43601for more information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-43601
-
Microsoft Azure Monitor Agent Privilege Elevation Vulnerability for October 2024 (CVE-2024-38097)
- Severity
- Serious 3
- Qualys ID
- 380599
- Vendor Reference
- CVE-2024-38097
- CVE Reference
- CVE-2024-38097
- CVSS Scores
- Base 6.2 / Temporal 4.6
- Description
-
Azure Monitor Agent (AMA) collects monitoring data from the guest operating system of Azure and hybrid virtual machines and delivers it to Azure Monitor for use by features, insights, and other services, such as Microsoft Sentinel and Microsoft Defender for Cloud.
CVE-2024-38097 : A privilege elevation vulnerability was discovered in Azure Monitor Agent.
Affected Versions:
Azure Monitor Agent versions prior to v1.30.0QID Detection Logic - Windows (Authenticated):
This QID checks for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AzureMonitorAgent and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall to check the vulnerable version of the product. - Consequence
- An authenticated attacker would be able to delete targeted files on a system which could result in them gaining SYSTEM privileges.
- Solution
-
The vendor has released fixed version of the product in CVE-2024-38097
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-38097
-
Microsoft Azure Service Fabric for Linux Remote Code Execution (RCE) Vulnerability
- Severity
- Critical 4
- Qualys ID
- 380602
- Vendor Reference
- CVE-2024-43480
- CVE Reference
- CVE-2024-43480
- CVSS Scores
- Base 7.1 / Temporal 5.3
- Description
-
Azure Service Fabric is Microsoft's platform-as-a-service (PaaS) and a container orchestrator solution used to build and deploy microservices-based cloud applications across a cluster of machines.
Affected Versions:
QID Detection Logic:
Azure Service Fabric 10.1 for Linux prior to 10.1.2308.1
Azure Service Fabric 10.0 for Linux prior to 10.0.2345.1
Azure Service Fabric 9.1 for Linux prior to 9.1.2498.1
This authenticated Unix QID identifies FabricHost package versions that are older than the affected version specified above. - Consequence
- Successful exploitation of this vulnerability requires the attacker
- Solution
-
Customers are advised to update to latest version of Azure Service Fabric. Refer to The Latest Supported Azure Service Fabric Downloads for more details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-43480
-
Microsoft .NET Framework Update for October 2024
- Severity
- Serious 3
- Qualys ID
- 92176
- Vendor Reference
- 5044021, 5044028, 5044030, 5044033, 5044085, 5044086, 5044089, 5044090, 5044091, 5044092, 5044095, 5044096, 5044097, 5044098, 5044099, 5044286, 5044293
- CVE Reference
- CVE-2024-43483, CVE-2024-43484
- CVSS Scores
- Base 5 / Temporal 3.7
- Description
-
A Denial of Service Vulnerability exist in Microsoft .Net Framework.
Following KBs are covered in this detection:
5044033
5044090
5044092
5044021
5044030
5044099
5044089
5044095
5044085
5044096
5044097
5044098
5044086
5044286
5044028
5044091
5044293
This security update is rated Important for supported versions of Microsoft .NET Framework.
.NET Framework 2.0, 3.0, 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, and 4.8.1QID Detection Logic (Authenticated):
Checks for vulnerable file version of ntoskrnl.exe or Mscorlib.dll or System.dll or System.web.dll for the respective .Net Framework KBs
- Consequence
- Successful exploitation may result in Denial of Service
- Solution
-
Customers are advised to refer to these the Article(s):
CVE-2024-43484,
CVE-2024-43483for more information regarding these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-43483
CVE-2024-43484
-
Microsoft Visual Studio Security Update for October 2024
- Severity
- Critical 4
- Qualys ID
- 92177
- Vendor Reference
- CVE-2024-38229, CVE-2024-43483, CVE-2024-43484, CVE-2024-43485, CVE-2024-43590, CVE-2024-43603
- CVE Reference
- CVE-2024-38229, CVE-2024-43483, CVE-2024-43484, CVE-2024-43485, CVE-2024-43590, CVE-2024-43603
- CVSS Scores
- Base 7.6 / Temporal 5.6
- Description
-
Microsoft has released October 2024 security updates for Visual Studio to fix Remote Code Execution, Denial of Service, and Elevation of Privilege vulnerabilities.
Affected Versions:
Microsoft Visual Studio 2022 version 17.11
Microsoft Visual Studio 2022 version 17.10
Microsoft Visual Studio 2022 version 17.8
Microsoft Visual Studio 2022 version 17.6
Microsoft Visual Studio 2019 version 16.11
Microsoft Visual Studio 2017 version 15.9
Microsoft Visual Studio 2015 Update 3QID Detection Logic (Authenticated):
Windows
This QID detects vulnerable versions of Microsoft Visual Studio by checking the registry key HKLM\SOFTWARE\Microsoft and file devenv.exe to check the version of the Visual Studio. For Visual Studio 2015 Update 3, this QID checks the version of DiagnosticsHub.StandardCollector.Runtime.dll file.
- Consequence
-
Vulnerable versions of Visual Studio may be prone to one or more of these vulnerabilities: Remote Code Execution, Denial of Service, and/or Elevation of Privileges.
- Solution
-
Customers are advised to refer to:
CVE-2024-43603,
CVE-2024-43484,
CVE-2024-43483,
CVE-2024-38229,
CVE-2024-43590, and
CVE-2024-43485
for further patch details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-38229
CVE-2024-43483
CVE-2024-43484
CVE-2024-43485
CVE-2024-43590
CVE-2024-43603
-
Microsoft Windows Server Security Update for October 2024
- Severity
- Urgent 5
- Qualys ID
- 92178
- Vendor Reference
- KB5044277, KB5044281, KB5044288, KB5044293, KB5044306, KB5044320, KB5044321, KB5044342, KB5044343, KB5044356
- CVE Reference
- CVE-2024-6197, CVE-2024-30092, CVE-2024-37976, CVE-2024-37979, CVE-2024-37982, CVE-2024-37983, CVE-2024-38029, CVE-2024-38124, CVE-2024-38129, CVE-2024-38149, CVE-2024-38179, CVE-2024-38212, CVE-2024-38261, CVE-2024-38262, CVE-2024-38265, CVE-2024-43453, CVE-2024-43456, CVE-2024-43501, CVE-2024-43506, CVE-2024-43509, CVE-2024-43511, CVE-2024-43512, CVE-2024-43513, CVE-2024-43514, CVE-2024-43515, CVE-2024-43516, CVE-2024-43517, CVE-2024-43518, CVE-2024-43519, CVE-2024-43520, CVE-2024-43521, CVE-2024-43532, CVE-2024-43534, CVE-2024-43535, CVE-2024-43541, CVE-2024-43544, CVE-2024-43545, CVE-2024-43547, CVE-2024-43549, CVE-2024-43550, CVE-2024-43551, CVE-2024-43553, CVE-2024-43554, CVE-2024-43556, CVE-2024-43560, CVE-2024-43562, CVE-2024-43563, CVE-2024-43564, CVE-2024-43565, CVE-2024-43567, CVE-2024-43570, CVE-2024-43572, CVE-2024-43573, CVE-2024-43575, CVE-2024-43583, CVE-2024-43585, CVE-2024-43589, CVE-2024-43592, CVE-2024-43593, CVE-2024-43599, CVE-2024-43607, CVE-2024-43608, CVE-2024-43611, CVE-2024-43615
- CVSS Scores
- Base 7.5 / Temporal 6.2
- Description
-
Microsoft Windows Security Update - October 2024
KB5044343
KB5044342
KB5044356
KB5044321
KB5044320
KB5044306
KB5044293
KB5044288
KB5044281
KB5044277
QID Detection Logic (Authenticated):
This QID checks for the file version of 'ntoskrnl.exe'.
- Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
- Solution
-
Please refer to the following KB Articles associated with the update:
KB5044343
KB5044342
KB5044356
KB5044321
KB5044320
KB5044306
KB5044293
KB5044288
KB5044281
KB5044277
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5044277
KB5044281
KB5044288
KB5044293
KB5044306
KB5044320
KB5044321
KB5044342
KB5044343
KB5044356
-
Microsoft Power BI Report Server Update for October 2024
- Severity
- Serious 3
- Qualys ID
- 92179
- Vendor Reference
- CVE-2024-43481, CVE-2024-43612
- CVE Reference
- CVE-2024-43481, CVE-2024-43612
- CVSS Scores
- Base 7.5 / Temporal 5.5
- Description
-
Power BI Report Server, available as part of Power BI Premium, enables on-premises web and mobile viewing of Power BI reports, plus the enterprise reporting capabilities of SQL Server Reporting Services.
Affected Versions:
Power BI Report Server (October 2024) - file version: 15.0.1116.121 QID Detection Logic:
This authenticated QID detects vulnerable versions of RSHostingService.exe by fetching the service installed path from the HKLM\SYSTEM\CurrentControlSet\Services\PowerBIReportServer registry key. - Consequence
-
Successful exploitation can lead to Server Spoofing Vulnerability
- Solution
-
Customers are advised to refer to CVE-2024-43481 for more information pertaining to this vulnerability.
Customers are advised to refer to CVE-2024-43612 for more information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-43481
CVE-2024-43612
-
Microsoft .NET Security Update for October 2024
- Severity
- Critical 4
- Qualys ID
- 92180
- Vendor Reference
- CVE-2024-38229, CVE-2024-43483, CVE-2024-43484, CVE-2024-43485
- CVE Reference
- CVE-2024-38229, CVE-2024-43483, CVE-2024-43484, CVE-2024-43485
- CVSS Scores
- Base 7.6 / Temporal 5.6
- Description
-
Microsoft has released a security update for .NET that addresses vulnerabilities related to Information Disclosure, and Denial of Service.
Affected versions:
.NET 6.0 before version 6.0.35
.NET 8.0 before version 8.0.10
QID Detection Logic: Authenticated
On Windows, this QID detects vulnerable versions of Microsoft .NET by checking the file version.
On Linux, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" and "/root/shared/Microsoft.NETCore.App" folders.
On Mac, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" folder.
- Consequence
-
Vulnerable versions of Microsoft .NET are prone to Remote Code Execution, and Denial of Service.
- Solution
-
Customers are advised to refer to CVE-2024-38229, CVE-2024-43483, CVE-2024-43484 , CVE-2024-43485
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-38229
CVE-2024-43483
CVE-2024-43484
CVE-2024-43485
-
Microsoft Windows Security Update for October 2024
- Severity
- Urgent 5
- Qualys ID
- 92181
- Vendor Reference
- KB5044273, KB5044277, KB5044280, KB5044284, KB5044285, KB5044286, KB5044293
- CVE Reference
- CVE-2024-6197, CVE-2024-20659, CVE-2024-30092, CVE-2024-37976, CVE-2024-37982, CVE-2024-37983, CVE-2024-38149, CVE-2024-43500, CVE-2024-43501, CVE-2024-43502, CVE-2024-43506, CVE-2024-43508, CVE-2024-43509, CVE-2024-43511, CVE-2024-43513, CVE-2024-43514, CVE-2024-43515, CVE-2024-43516, CVE-2024-43517, CVE-2024-43518, CVE-2024-43519, CVE-2024-43520, CVE-2024-43522, CVE-2024-43523, CVE-2024-43524, CVE-2024-43525, CVE-2024-43526, CVE-2024-43527, CVE-2024-43528, CVE-2024-43529, CVE-2024-43532, CVE-2024-43533, CVE-2024-43534, CVE-2024-43535, CVE-2024-43536, CVE-2024-43537, CVE-2024-43538, CVE-2024-43540, CVE-2024-43542, CVE-2024-43543, CVE-2024-43546, CVE-2024-43547, CVE-2024-43550, CVE-2024-43551, CVE-2024-43552, CVE-2024-43553, CVE-2024-43554, CVE-2024-43555, CVE-2024-43556, CVE-2024-43557, CVE-2024-43558, CVE-2024-43559, CVE-2024-43560, CVE-2024-43561, CVE-2024-43562, CVE-2024-43563, CVE-2024-43565, CVE-2024-43570, CVE-2024-43571, CVE-2024-43572, CVE-2024-43573, CVE-2024-43574, CVE-2024-43581, CVE-2024-43582, CVE-2024-43583, CVE-2024-43584, CVE-2024-43585, CVE-2024-43599, CVE-2024-43615
- CVSS Scores
- Base 5.1 / Temporal 4.2
- Description
-
Microsoft Windows Security Update - October 2024
KB5044285
KB5044273
KB5044280
KB5044286
KB5044284
KB5044277
KB5044293
QID Detection Logic (Authenticated):
This QID checks for the file version of 'ntoskrnl.exe'.
- Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
- Solution
-
Please refer to the following KB Articles associated with the update:
KB5044285
KB5044273
KB5044280
KB5044286
KB5044284
KB5044277
KB5044293
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5044273
KB5044277
KB5044280
KB5044284
KB5044285
KB5044286
KB5044293
These new vulnerability checks are included in Qualys vulnerability signature 2.6.158-4. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 110478
- 110479
- 380598
- 380599
- 380602
- 92176
- 92177
- 92178
- 92179
- 92180
- 92181
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.