Microsoft security alert.
November 12, 2024
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 83 vulnerabilities that were fixed in 12 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 12 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Office Security Update for November 2024
- Severity
- Critical 4
- Qualys ID
- 110480
- Vendor Reference
- KB5002619, KB5002642, KB5002648, KB5002653, Office Click-2-Run and Office 365 Release Notes
- CVE Reference
- CVE-2024-49026, CVE-2024-49027, CVE-2024-49028, CVE-2024-49029, CVE-2024-49030, CVE-2024-49031, CVE-2024-49032, CVE-2024-49033
- CVSS Scores
- Base 7.2 / Temporal 5.3
- Description
-
Microsoft has released November 2024 security updates to fix Remote Code Execution, and Security Feature Bypass vulnerabilities.
This security update contains the following:
KB5002619
KB5002642
KB5002648
KB5002653
and Office Click-2-Run and Office 365 Release Notes and
QID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office.Operating System: MacOS
This QID checks for the vulnerable versions of affected Office Applications.Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
- Consequence
-
Vulnerable products may be prone to Remote Code Execution, and Security Feature Bypass Vulnerabilities.
- Solution
-
Customers are advised to refer to these the Article(s):
CVE-2024-49026,
CVE-2024-49027,
CVE-2024-49028,
CVE-2024-49029,
CVE-2024-49030,
CVE-2024-49031,
CVE-2024-49032, and
CVE-2024-49033 for more information regarding these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-49026
CVE-2024-49027
CVE-2024-49028
CVE-2024-49029
CVE-2024-49030
CVE-2024-49031
CVE-2024-49032
CVE-2024-49033
-
Microsoft SharePoint Server Security Update for November 2024
- Severity
- Medium 2
- Qualys ID
- 110481
- Vendor Reference
- ADV240001
- CVE Reference
- N/A
- CVSS Scores
- Base / Temporal
- Description
-
Microsoft has released November 2024 security update for Microsoft SharePoint Server. The update provides a defense in depth enhancement regarding redirections.
This security update contains the following enhancements:
- Consequence
- Not Applicable
- Solution
-
Customers are advised to refer to the below Article:
ADV240001 for more information regarding the vulnerability.
-
Microsoft SQL Server Multiple Vulnerabilities for November 2024
- Severity
- Critical 4
- Qualys ID
- 382336
- Vendor Reference
- CVE-2024-38255, CVE-2024-43459, CVE-2024-43462, CVE-2024-48993, CVE-2024-48994, CVE-2024-48995, CVE-2024-48996, CVE-2024-48997, CVE-2024-48998, CVE-2024-48999, CVE-2024-49000, CVE-2024-49001, CVE-2024-49002, CVE-2024-49003, CVE-2024-49004, CVE-2024-49005, CVE-2024-49006, CVE-2024-49007, CVE-2024-49008, CVE-2024-49009, CVE-2024-49010, CVE-2024-49011, CVE-2024-49012, CVE-2024-49013, CVE-2024-49014, CVE-2024-49015, CVE-2024-49016, CVE-2024-49017, CVE-2024-49018, CVE-2024-49021
- CVE Reference
- CVE-2024-38255, CVE-2024-43459, CVE-2024-43462, CVE-2024-48993, CVE-2024-48994, CVE-2024-48995, CVE-2024-48996, CVE-2024-48997, CVE-2024-48998, CVE-2024-48999, CVE-2024-49000, CVE-2024-49001, CVE-2024-49002, CVE-2024-49003, CVE-2024-49004, CVE-2024-49005, CVE-2024-49006, CVE-2024-49007, CVE-2024-49008, CVE-2024-49009, CVE-2024-49010, CVE-2024-49011, CVE-2024-49012, CVE-2024-49013, CVE-2024-49014, CVE-2024-49015, CVE-2024-49016, CVE-2024-49017, CVE-2024-49018, CVE-2024-49021, CVE-2024-49043
- CVSS Scores
- Base 10 / Temporal 7.4
- Description
-
Microsoft has released a security update to address Remote code execution, Information disclosure, and Privilege escalation vulnerabilities in SQL Server.
Affected Software:
Microsoft SQL Server 2017 for x64-based Systems (CU 31)
Microsoft SQL Server 2019 for x64-based Systems (CU 29)
Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR)
Microsoft SQL Server 2017 for x64-based Systems (GDR)
Microsoft SQL Server 2019 for x64-based Systems (GDR)
Microsoft SQL Server 2022 for x64-based Systems (GDR)
QID Detection Logic (Authenticated):
On Windows, this QID checks for the vulnerable version of SQL server via the registry keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft SQL Server and HKEY_LOCAL_MACHINE\WOW6432Node\SOFTWARE\Microsoft SQL Server and the related sub keys for SQL server.
- Consequence
-
Successful exploitation may lead to remote code execution vulnerability.
- Solution
-
Refer to,
CVE-2024-38255
CVE-2024-43459
CVE-2024-43462
CVE-2024-48993
CVE-2024-48994
CVE-2024-48995
CVE-2024-48996
CVE-2024-48997
CVE-2024-48998
CVE-2024-48999
CVE-2024-49000
CVE-2024-49001
CVE-2024-49002
CVE-2024-49003
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-38255
-
Microsoft Exchange Server Security Update for November 2024
- Severity
- Critical 4
- Qualys ID
- 50139
- Vendor Reference
- CVE-2024-49040
- CVE Reference
- CVE-2024-49040
- CVSS Scores
- Base 7.8 / Temporal 5.8
- Description
-
Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft. It runs exclusively on Windows Server operating systems.
These vulnerabilities affect Exchange Server. A new feature was implemented to detect non-RFC 5322 compliant P2 FROM headers in incoming email messages.
Affected Software:
Exchange Server 2019
Exchange Server 2016QID Detection Logic: (Authenticated)
This QID detects vulnerable versions of Microsoft Exchange Server by retrieving the file version of Exsetup.exe.QID Detection Logic: (Unauthenticated)
This QID sends a HTTP GET request to "/owa" endpoint to detect vulnerable versions of Microsoft Exchange Server. - Consequence
-
Successful exploitation of this vulnerability allows an unauthenticated, remote attacker to forge email messages and conduct phishing or impersonation attacks against a targeted user.
- Solution
-
Customers are advised to refer to CVE-2024-49040 and Exchange Server non-RFC compliant P2 FROM header detection for more details pertaining to this update.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
5044062
-
Microsoft Windows Security Update for November 2024
- Severity
- Urgent 5
- Qualys ID
- 92186
- Vendor Reference
- KB5046612, KB5046613, KB5046615, KB5046617, KB5046633, KB5046665
- CVE Reference
- CVE-2024-38203, CVE-2024-38264, CVE-2024-43449, CVE-2024-43451, CVE-2024-43452, CVE-2024-43530, CVE-2024-43620, CVE-2024-43621, CVE-2024-43622, CVE-2024-43623, CVE-2024-43624, CVE-2024-43625, CVE-2024-43626, CVE-2024-43627, CVE-2024-43628, CVE-2024-43629, CVE-2024-43630, CVE-2024-43631, CVE-2024-43633, CVE-2024-43634, CVE-2024-43635, CVE-2024-43636, CVE-2024-43637, CVE-2024-43638, CVE-2024-43640, CVE-2024-43641, CVE-2024-43642, CVE-2024-43643, CVE-2024-43644, CVE-2024-43645, CVE-2024-43646, CVE-2024-49039, CVE-2024-49046
- CVSS Scores
- Base 7.5 / Temporal 6.2
- Description
-
Microsoft Windows Security Update - November 2024
Patch version is 10.0.17763.6530 for KB5046615
Patch version is 10.0.14393.7513 for KB5046612
Patch version is 10.0.10240.20822 for KB5046665
Patch version is 10.0.19041.5129 for KB5046613
Patch version is 10.0.22621.4455 for KB5046633
Patch version is 10.0.26100.2314 for KB5046617QID Detection Logic (Authenticated):
This QID checks for the file version of 'ntoskrnl.exe'.
- Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
- Solution
-
Please refer to the following KB Articles associated with the update:
KB5046615
KB5046612
KB5046665
KB5046613
KB5046633
KB5046617Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5046612
KB5046613
KB5046615
KB5046617
KB5046633
KB5046665
-
Microsoft Visual Studio Security Update for November 2024
- Severity
- Critical 4
- Qualys ID
- 92187
- Vendor Reference
- CVE-2024-43498, CVE-2024-43499, CVE-2024-49044
- CVE Reference
- CVE-2024-43498, CVE-2024-43499, CVE-2024-49044
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
Microsoft has released October 2024 security updates for Visual Studio to fix Remote Code Execution, Denial of Service, and Elevation of Privilege vulnerabilities.
Affected Versions:
Microsoft Visual Studio 2022 version 17.11
Microsoft Visual Studio 2022 version 17.10
Microsoft Visual Studio 2022 version 17.8
Microsoft Visual Studio 2022 version 17.6
QID Detection Logic (Authenticated):
Windows
This QID detects vulnerable versions of Microsoft Visual Studio by checking the registry key HKLM\SOFTWARE\Microsoft and file devenv.exe to check the version of the Visual Studio. For Visual Studio 2015 Update 3, this QID checks the version of DiagnosticsHub.StandardCollector.Runtime.dll file. - Consequence
-
Vulnerable versions of Visual Studio may be prone to one or more of these vulnerabilities: Remote Code Execution, Denial of Service, and/or Elevation of Privileges.
- Solution
-
Customers are advised to refer to:
CVE-2024-49044,
CVE-2024-43499, and
CVE-2024-43498
for further patch details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-43498
CVE-2024-43499
CVE-2024-49044
-
Microsoft Visual Studio Code Python Extension Remote Code Execution (RCE) Vulnerability (CVE-2024-49049)
- Severity
- Critical 4
- Qualys ID
- 92188
- Vendor Reference
- CVE-2024-49050
- CVE Reference
- CVE-2024-49050
- CVSS Scores
- Base 10 / Temporal 7.4
- Description
-
An attacker who successfully exploits this vulnerability could execute arbitrary code with the privileges of the current user. If the user has administrative rights, the attacker could gain full control of the affected system. This could allow them to install programs, view, modify, or delete data, and create new accounts with full user permissions.
Affected Versions:
Visual Studio Code prior to version 2024.20.0QID Detection Logic (Authenticated):
This checks for a vulnerable version of the Visual Studio Code executable. - Consequence
- An attacker who successfully exploits this vulnerability could execute arbitrary code with the privileges of the current user.
- Solution
-
Please refer to /CVE-2024-49050 for more information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-49050
-
Microsoft Windows Server Security Update for November 2024
- Severity
- Urgent 5
- Qualys ID
- 92189
- Vendor Reference
- KB5046612, KB5046615, KB5046616, KB5046617, KB5046618, KB5046639, KB5046661, KB5046682, KB5046687, KB5046697, KB5046705
- CVE Reference
- CVE-2024-38203, CVE-2024-38264, CVE-2024-43447, CVE-2024-43449, CVE-2024-43450, CVE-2024-43451, CVE-2024-43452, CVE-2024-43530, CVE-2024-43620, CVE-2024-43621, CVE-2024-43622, CVE-2024-43623, CVE-2024-43624, CVE-2024-43625, CVE-2024-43626, CVE-2024-43627, CVE-2024-43628, CVE-2024-43629, CVE-2024-43630, CVE-2024-43631, CVE-2024-43634, CVE-2024-43635, CVE-2024-43636, CVE-2024-43637, CVE-2024-43638, CVE-2024-43639, CVE-2024-43640, CVE-2024-43641, CVE-2024-43642, CVE-2024-43643, CVE-2024-43644, CVE-2024-43645, CVE-2024-43646, CVE-2024-49019, CVE-2024-49039, CVE-2024-49046
- CVSS Scores
- Base 7.5 / Temporal 6.2
- Description
-
Microsoft Windows Server Security Update - November 2024
Patch version is 6.3.9600.22265 for KB5046682
Patch version is 6.2.9200.25163 for KB5046697
Patch version is 6.1.7601.27412 for KB5046687
Patch version is 6.1.7601.27412 for KB5046705
Patch version is 10.0.14393.7513 for KB5046612
Patch version is 10.0.25398.1251 for KB5046618
Patch version is 10.0.26100.2314 for KB5046617
Patch version is 6.0.6003.22963 for KB5046661
Patch version is 6.0.6003.22963 for KB5046639
Patch version is 10.0.20348.2849 for KB5046616
Patch version is 10.0.17763.6530 for KB5046615QID Detection Logic (Authenticated):
This QID checks for the file version of 'ntoskrnl.exe'.
- Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
- Solution
-
Please refer to the following KB Articles associated with the update:
KB5046682
KB5046697
KB5046687
KB5046705
KB5046612
KB5046618
KB5046617
KB5046661
KB5046639
KB5046616
KB5046615
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5046612
KB5046615
KB5046616
KB5046617
KB5046618
KB5046639
KB5046661
KB5046682
KB5046687
KB5046697
KB5046705
-
Microsoft .NET Security Update for November 2024
- Severity
- Critical 4
- Qualys ID
- 92190
- Vendor Reference
- CVE-2024-43498, CVE-2024-43499
- CVE Reference
- CVE-2024-43498, CVE-2024-43499
- CVSS Scores
- Base 7.5 / Temporal 5.5
- Description
-
Microsoft has released a security update for .NET that addresses vulnerabilities related to Remote Code Execution and Denial of Service.
Affected versions:
.NET 9.0 before version 9.0.0
QID Detection Logic: Authenticated
On Windows, this QID detects vulnerable versions of Microsoft .NET by checking the file version.
On Linux, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" and "/root/shared/Microsoft.NETCore.App" folders.
On Mac, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" folder.
- Consequence
-
Vulnerable versions of Microsoft .NET are prone to Remote Code Execution, and Denial of Service.
- Solution
-
Customers are advised to refer to CVE-2024-43498, CVE-2024-43499
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-43498
CVE-2024-43499
-
Microsoft Visual Studio Code Remote SSH Extension Vulnerability for November 2024
- Severity
- Critical 4
- Qualys ID
- 92191
- Vendor Reference
- CVE-2024-49049
- CVE Reference
- CVE-2024-49049
- CVSS Scores
- Base 4.6 / Temporal 3.4
- Description
-
An attacker who successfully exploits this vulnerability gain control of the affected system. This could allow them to install programs, view, modify, or delete data, and create new accounts with full user permissions.
Affected Versions:
Visual Studio Code Remote SSH Extension prior to version 0.116.1QID Detection Logic (Authenticated):
This checks for a vulnerable version of the Visual Studio Code executable. - Consequence
- An attacker who successfully exploits this vulnerability could gain elevated privileges.
- Solution
-
Please refer to /CVE-2024-49049 for more information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-49049
-
Microsoft PC Manager Elevation of Privilege Vulnerability for November 2024
- Severity
- Critical 4
- Qualys ID
- 92192
- Vendor Reference
- CVE-2024-49051
- CVE Reference
- CVE-2024-49051
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
Microsoft PC Manager is a utility app for your PC. It offers features such as one-click boost, storage clean-up, file management, and protection of your default settings from unauthorized changes.
QID Detection Logic:
This authenticated QID runs a WMI query to fetch the Microsoft PC Manager app version. - Consequence
-
An authenticated attacker could exploit this vulnerability to execute arbitrary code on the targeted system with elevated privileges.
- Solution
-
Customers are advised to refer to CVE-2024-49051 for more information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft PC Manager
-
Microsoft Windows Domain Name System (DNS) Spoofing Vulnerability for November 2024
- Severity
- Critical 4
- Qualys ID
- 92193
- Vendor Reference
- CVE-2024-43450
- CVE Reference
- CVE-2024-43450
- CVSS Scores
- Base 3.5 / Temporal 2.6
- Description
-
Microsoft Windows Domain Name System (DNS) Server Security Update - November 2024
Affected Operating Systems: Windows Server 2025 (Server Core installation),Windows Server 2025,Windows Server 2012 R2 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 (Server Core installation),Windows Server 2012,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2016 (Server Core installation),Windows Server 2016,Windows Server 2022, 23H2 Edition (Server Core installation),Windows Server 2022 (Server Core installation),Windows Server 2022,Windows Server 2019 (Server Core installation),Windows Server 2019. The KB Articles associated with the update:
Patch version is 10.0.26100.2314 for KB5046617
Patch version is 10.0.26100.2240 for KB5046696
Patch version is 6.3.9600.22267 for KB5046682
Patch version is 6.2.9200.25165 for KB5046697
Patch version is 6.1.7601.27415 for KB5046687,KB5046705QID Detection Logic:
Authenticated: This QID checks for the file version of dns.exeUnauthenticated: This QID checks for vulnerable version of Microsoft DNS by checking the DNS version exposed in the banner.
- Consequence
- Successful exploitation of this vulnerability may affect Integrity and Availability.
- Solution
-
Vendor has released patch. Please refer to the following advisories for more information.
CVE-2024-43450Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-43450
These new vulnerability checks are included in Qualys vulnerability signature 2.6.185-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 110480
- 110481
- 382336
- 50139
- 92186
- 92187
- 92188
- 92189
- 92190
- 92191
- 92192
- 92193
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.