Microsoft security alert.
December 10, 2024
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 68 vulnerabilities that were fixed in 6 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 6 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft SharePoint Server Security Update for December 2024
- Severity
- Critical 4
- Qualys ID
- 110482
- Vendor Reference
- KB5002544, KB5002657, KB5002658, KB5002659, KB5002664
- CVE Reference
- CVE-2024-49062, CVE-2024-49064, CVE-2024-49065, CVE-2024-49068, CVE-2024-49070
- CVSS Scores
- Base 8.5 / Temporal 6.3
- Description
-
Microsoft has released December 2024 security update to fix Information Disclosure, Elevation of Privilege, and Remote Code Execution vulnerabilities in its Sharepoint Server Versions 2016, 2019, and Sharepoint Subscription Edition.
This security update contains the following KBs:
KB5002659
KB5002544
KB5002657
KB5002664
KB5002658QID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Sharepoint via the Windows Registry. Below is the mapping of the Filename, patched version, and KB details checked for each applicable Product:
ONETUTIL.DLL - 16.0.5478.1000 (KB5002659)
WSSSETUP.DLL - 16.0.5478.1000 (KB5002544)
ONETUTIL.DLL - 16.0.10416.20026 (KB5002657)
Microsoft.sharepoint.msg.dll - 16.0.10416.20026 (KB5002664)
mssmsg.dll - 16.0.17928.20290 (KB5002658) - Consequence
-
Vulnerable SharePoint may be prone to Information Disclosure, Elevation of Privilege, and Remote Code Execution Vulnerabilities.
- Solution
-
Customers are advised to refer to the below Article(s):
CVE-2024-49062,
CVE-2024-49064,
CVE-2024-49065,
CVE-2024-49068, and
CVE-2024-49070 for more information regarding these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-49062
CVE-2024-49064
CVE-2024-49065
CVE-2024-49068
CVE-2024-49070
-
Microsoft Office Security Update for December 2024
- Severity
- Critical 4
- Qualys ID
- 110483
- Vendor Reference
- KB2920716, KB4475587, KB5002641, KB5002652, KB5002660, KB5002661, Office Click-2-Run and Office 365 Release Notes, Office Release Notes for Mac
- CVE Reference
- CVE-2024-43600, CVE-2024-49059, CVE-2024-49065, CVE-2024-49069, CVE-2024-49142
- CVSS Scores
- Base 7.2 / Temporal 5.3
- Description
-
Microsoft has released December 2024 security updates to fix Remote Code Execution, and Elevation of Privilege vulnerabilities.
This security update contains the following:
KB4475587
KB5002661
KB5002652
KB5002641
KB5002660
Office Release Notes for Mac and
Office Click-2-Run and Office 365 Release NotesQID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office.Operating System: MacOS
This QID checks for the vulnerable versions of affected Office Applications.Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
- Consequence
-
Vulnerable products may be prone to Remote Code Execution, and Elevation of Privilege Vulnerabilities.
- Solution
-
Customers are advised to refer to these the Article(s):
CVE-2024-49059,
CVE-2024-49065,
CVE-2024-49069,
CVE-2024-49142, and
CVE-2024-43600 for more information regarding these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-43600
CVE-2024-49059
CVE-2024-49065
CVE-2024-49069
CVE-2024-49142
-
Microsoft Windows Security Update for December 2024
- Severity
- Critical 4
- Qualys ID
- 92197
- Vendor Reference
- KB5048652, KB5048661, KB5048667, KB5048671, KB5048685, KB5048703
- CVE Reference
- CVE-2024-49072, CVE-2024-49073, CVE-2024-49074, CVE-2024-49075, CVE-2024-49076, CVE-2024-49077, CVE-2024-49078, CVE-2024-49079, CVE-2024-49080, CVE-2024-49081, CVE-2024-49082, CVE-2024-49083, CVE-2024-49084, CVE-2024-49085, CVE-2024-49086, CVE-2024-49087, CVE-2024-49088, CVE-2024-49089, CVE-2024-49090, CVE-2024-49091, CVE-2024-49092, CVE-2024-49093, CVE-2024-49094, CVE-2024-49095, CVE-2024-49096, CVE-2024-49097, CVE-2024-49098, CVE-2024-49099, CVE-2024-49101, CVE-2024-49102, CVE-2024-49103, CVE-2024-49104, CVE-2024-49106, CVE-2024-49107, CVE-2024-49108, CVE-2024-49109, CVE-2024-49110, CVE-2024-49111, CVE-2024-49112, CVE-2024-49113, CVE-2024-49114, CVE-2024-49115, CVE-2024-49116, CVE-2024-49117, CVE-2024-49118, CVE-2024-49119, CVE-2024-49120, CVE-2024-49121, CVE-2024-49122, CVE-2024-49123, CVE-2024-49124, CVE-2024-49125, CVE-2024-49126, CVE-2024-49127, CVE-2024-49128, CVE-2024-49129, CVE-2024-49132, CVE-2024-49138
- CVSS Scores
- Base 10 / Temporal 8.3
- Description
-
Microsoft Windows Security Update - December 2024
KB5048685
KB5048652
KB5048661
KB5048667
KB5048671
KB5048703
QID Detection Logic (Authenticated):
This QID checks for the file version of 'ntoskrnl.exe'.
- Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
- Solution
-
Please refer to the following KB Articles associated with the update:
KB5048685
KB5048652
KB5048661
KB5048667
KB5048671
KB5048703
Patches:
The following are links for downloading patches to fix these vulnerabilities:
5048652
5048661
5048667
5048671
5048685
5048703
-
Microsoft Windows Domain Name Service (DNS) Remote Code Execution Vulnerability for December 2024
- Severity
- Critical 4
- Qualys ID
- 92198
- Vendor Reference
- CVE-2024-49091
- CVE Reference
- CVE-2024-49091
- CVSS Scores
- Base 4.6 / Temporal 3.4
- Description
-
Microsoft Windows Domain Name System (DNS) Server Security Update - December 2024
Affected Operating Systems: Windows Server 2025 (Server Core installation),Windows Server 2025, Windows Server 2016 (Server Core installation), Windows Server 2016, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2022 (Server Core installation), Windows Server 2022,Windows Server 2019 (Server Core installation), Windows Server 2019, Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation) The KB Articles associated with the update:
Patch version is 10.0.26100.2605 for KB5048667
Patch version is 10.0.26100.2528 for KB5048794
Patch version is 10.0.20348.2965 for KB5048654
Patch version is 10.0.20348.2908 for KB5048800
Patch version is 10.0.17763.6640 for KB5048661
Patch version is 10.0.14393.7604 for KB5048671
Patch version is 10.0.25398.1308 for KB5048653
Patch version is 6.3.9600.22313 for KB5048735
Patch version is 6.2.9200.25217 for KB5048699QID Detection Logic:
Authenticated: This QID checks for the file version of dns.exeUnauthenticated: This QID checks for vulnerable version of Microsoft DNS by checking the DNS version exposed in the banner.
- Consequence
- Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. However exploitation of this vulnerability may affect Integrity and Availability.
- Solution
-
Vendor has released patch. Please refer to the following advisories for more information.
CVE-2024-49091Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-49091
-
Microsoft Windows Server Security Update for December 2024
- Severity
- Critical 4
- Qualys ID
- 92199
- Vendor Reference
- KB5048653, KB5048654, KB5048661, KB5048671, KB5048676, KB5048695, KB5048699, KB5048710, KB5048735, KB5048744
- CVE Reference
- CVE-2024-49072, CVE-2024-49073, CVE-2024-49075, CVE-2024-49076, CVE-2024-49077, CVE-2024-49078, CVE-2024-49079, CVE-2024-49080, CVE-2024-49081, CVE-2024-49082, CVE-2024-49083, CVE-2024-49084, CVE-2024-49085, CVE-2024-49086, CVE-2024-49087, CVE-2024-49088, CVE-2024-49089, CVE-2024-49090, CVE-2024-49091, CVE-2024-49092, CVE-2024-49093, CVE-2024-49094, CVE-2024-49095, CVE-2024-49096, CVE-2024-49097, CVE-2024-49098, CVE-2024-49099, CVE-2024-49101, CVE-2024-49102, CVE-2024-49103, CVE-2024-49104, CVE-2024-49106, CVE-2024-49107, CVE-2024-49108, CVE-2024-49109, CVE-2024-49110, CVE-2024-49111, CVE-2024-49112, CVE-2024-49113, CVE-2024-49114, CVE-2024-49115, CVE-2024-49116, CVE-2024-49117, CVE-2024-49118, CVE-2024-49119, CVE-2024-49120, CVE-2024-49121, CVE-2024-49122, CVE-2024-49123, CVE-2024-49124, CVE-2024-49125, CVE-2024-49126, CVE-2024-49127, CVE-2024-49128, CVE-2024-49129, CVE-2024-49132, CVE-2024-49138
- CVSS Scores
- Base 10 / Temporal 8.3
- Description
-
Microsoft Windows Security Update - December 2024
KB5048654
KB5048653
KB5048735
KB5048699
KB5048695
KB5048676
KB5048710
KB5048744
KB5048671
KB5048661
QID Detection Logic (Authenticated):
This QID checks for the file version of 'ntoskrnl.exe'.
- Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
- Solution
-
Please refer to the following KB Articles associated with the update:
KB5048654
KB5048653
KB5048735
KB5048699
KB5048695
KB5048676
KB5048710
KB5048744
KB5048671
KB5048661
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5048653
KB5048654
KB5048661
KB5048671
KB5048676
KB5048695
KB5048699
KB5048710
KB5048735
KB5048744
-
Microsoft Remote Desktop Client Remote Code Execution (RCE) Vulnerability for December 2024
- Severity
- Critical 4
- Qualys ID
- 92200
- Vendor Reference
- Microsoft Remote Desktop Client
- CVE Reference
- CVE-2024-49105
- CVSS Scores
- Base 8.3 / Temporal 6.1
- Description
-
Remote Desktop client for Windows Desktop to access Windows apps and desktops remotely from a different Windows device.
CVE-2024-49105: Remote Desktop Client for Windows Desktop.
Affected Versions:-
Remote Desktop client Prior to 1.2.5716.0
QID Detection Logic:(Authenticated)
This QID checks for a vulnerable Remote Desktop client - Consequence
-
An authenticated attacker could exploit the vulnerability by triggering remote code execution (RCE) on the server via a Remote Desktop connection using Microsoft Management Console (MMC). Alternatively, an authenticated attacker could trigger guest-to-host RCE via a malicious program by connecting to the host using MMC.
- Solution
-
Customers are advised to refer to Microsoft Advisory CVE-2024-49105
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-49105
These new vulnerability checks are included in Qualys vulnerability signature 2.6.208-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 110482
- 110483
- 92197
- 92198
- 92199
- 92200
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.