Microsoft security alert.
January 14, 2025
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 159 vulnerabilities that were fixed in 14 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 14 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Outlook for Mac Remote Code Execution (RCE) Vulnerability for January 2025
- Severity
- Critical 4
- Qualys ID
- 110484
- Vendor Reference
- CVE-2025-21361
- CVE Reference
- CVE-2025-21361
- CVSS Scores
- Base 7.2 / Temporal 5.3
- Description
-
Microsoft has released January 2025 security updates for outlook on Mac OS to fix a Remote Code Execution Vulnerability.
Product Affected:
Outlook for Mac version prior to 16.93Detection Logic:
The QID checks for the Vulnerable Outlook Application version and also checks if its a legacy version of outlook by the command "defaults read /Applications/Microsoft\ Outlook.app/Contents/Info CFBundleIdentifier".Note:
This vulnerability only affects the Legacy version of Outlook for Mac. Customers who have enabled the new Outlook experience are not affected. - Consequence
-
An attacker would be able to bypass the protection in Outlook that prevents a potentially dangerous file extension from being attached enabling a remote code execution.
- Solution
-
Customers are advised to refer to the the Article(s): CVE-2025-21361 for more information regarding this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-21361
-
Microsoft SharePoint Server Security Update for January 2025
- Severity
- Critical 4
- Qualys ID
- 110485
- Vendor Reference
- KB5002666, KB5002667, KB5002671, KB5002672, KB5002676
- CVE Reference
- CVE-2025-21344, CVE-2025-21348, CVE-2025-21393
- CVSS Scores
- Base 7.2 / Temporal 5.3
- Description
-
Microsoft has released January 2025 security update to fix Spoofing, and Remote Code Execution vulnerabilities in its Sharepoint Server Versions 2016, 2019, and Sharepoint Subscription Edition.
This security update contains the following KBs:
KB5002671
KB5002672
KB5002667
KB5002666
KB5002676QID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Sharepoint via the Windows Registry. Below is the mapping of the Filename, patched version, and KB details checked for each applicable Product:
ONETUTIL.DLL - 16.0.5483.1000 (KB5002672)
WSSSETUP.DLL - 16.0.5483.1001 (KB5002671)
ONETUTIL.DLL - 16.0.10416.20041 (KB5002666)
wwintl.dll - 16.0.10416.20041 (KB5002667)
mssmsg.dll - 16.0.17928.20356 (KB5002676) - Consequence
-
Vulnerable SharePoint may be prone to Spoofing, and Remote Code Execution Vulnerabilities.
- Solution
-
Customers are advised to refer to the below Article(s):
CVE-2025-21393,
CVE-2025-21348, and
CVE-2025-21344 for more information regarding these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-21344
CVE-2025-21348
CVE-2025-21393
-
Microsoft Office Security Update for January 2025
- Severity
- Critical 4
- Qualys ID
- 110486
- Vendor Reference
- KB5002595, KB5002670, KB5002673, KB5002675, KB5002677
- CVE Reference
- CVE-2025-21186, CVE-2025-21338, CVE-2025-21345, CVE-2025-21346, CVE-2025-21354, CVE-2025-21356, CVE-2025-21362, CVE-2025-21363, CVE-2025-21364, CVE-2025-21365, CVE-2025-21366, CVE-2025-21395, CVE-2025-21402
- CVSS Scores
- Base 7.2 / Temporal 5.3
- Description
-
Microsoft has released January 2025 security updates to fix Remote Code Execution, and Security Feature Bypass vulnerabilities.
This security update contains the following:
KB5002670
KB5002673
KB5002677
KB5002675
KB5002595
Office Release Notes for Mac and
Office Click-2-Run and Office 365 Release NotesQID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office.Operating System: MacOS
This QID checks for the vulnerable versions of affected Office Applications.Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
- Consequence
-
Vulnerable products may be prone to Remote Code Execution, and Security Feature Bypass Vulnerabilities.
- Solution
-
Customers are advised to refer to these the Article(s):
CVE-2025-21395,
CVE-2025-21366,
CVE-2025-21365,
CVE-2025-21338,
CVE-2025-21364,
CVE-2025-21363,
CVE-2025-21362,
CVE-2025-21402,
CVE-2025-21356,
CVE-2025-21354,
CVE-2025-21186,
CVE-2025-21346, and
CVE-2025-21345 for more information regarding these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-21186
CVE-2025-21338
CVE-2025-21345
CVE-2025-21346
CVE-2025-21354
CVE-2025-21356
CVE-2025-21362
CVE-2025-21363
CVE-2025-21364
CVE-2025-21365
CVE-2025-21366
CVE-2025-21395
CVE-2025-21402
-
Microsoft Outlook Security Update for January 2025
- Severity
- Serious 3
- Qualys ID
- 110487
- Vendor Reference
- KB5002656
- CVE Reference
- CVE-2025-21357
- CVSS Scores
- Base 6 / Temporal 4.4
- Description
-
Microsoft has released January 2025 security updates for outlook to fix a Remote Code Execution Vulnerability.
This security update contains the following:
KB5002656 and
Office Click-2-Run and Office 365 Release NotesPatched Versions for Microsoft 365 (C2R) are:
Current Channel: Version 2412 (Build 18324.20190)
Monthly Enterprise Channel: Version 2411 (Build 18227.20222)
Monthly Enterprise Channel: Version 2410 (Build 18129.20242)
Semi-Annual Enterprise Channel (Preview): Version 2408 (Build 17928.20392)
Semi-Annual Enterprise Channel: Version 2408 (Build 17928.20392)
Semi-Annual Enterprise Channel: Version 2402 (Build 17328.20688)
Semi-Annual Enterprise Channel: Version 2308 (Build 16731.21064)
Office 2024 Retail: Version 2412 (Build 18324.20190)
Office 2021 Retail: Version 2412 (Build 18324.20190)
Office 2019 Retail: Version 2412 (Build 18324.20190)
Office 2016 Retail: Version 2412 (Build 18324.20190)
Office LTSC 2024 Volume Licensed: Version 2408 (Build 17932.20222)
Office LTSC 2021 Volume Licensed: Version 2108 (Build 14332.20839)
Office 2019 Volume Licensed: Version 1808 (Build 10416.20047)QID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "outlook.exe" to identify vulnerable versions of Microsoft Outlook.Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
- Consequence
-
Vulnerable outlook may be prone to Remote Code Execution Vulnerability.
- Solution
-
Customers are advised to refer to the the Article(s): CVE-2025-21357 for more information regarding this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-21357
-
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability (CVE-2025-21360)
- Severity
- Critical 4
- Qualys ID
- 382665
- Vendor Reference
- CVE-2025-21360
- CVE Reference
- CVE-2025-21360
- CVSS Scores
- Base 7.2 / Temporal 5.3
- Description
-
An elevation of privilege vulnerability exists in Microsoft AutoUpdate (MAU) application for Mac perform commands as Root in the target environment.
Affected Software:
Microsoft AutoUpdate for Mac version prior to 4.76QID Detection Logic (Authenticated):
The authenticated check looks for installed Mac packages. - Consequence
- Successful exploitation of this vulnerability could enable a low-privileged attacker to escalate their privileges and execute commands as root.
- Solution
-
Vendor has released patch. Please refer to the Microsoft Security Advisory for further information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-21360
-
Microsoft Windows Security Update for January 2025
- Severity
- Urgent 5
- Qualys ID
- 92203
- Vendor Reference
- KB5049981, KB5049993, KB5050008, KB5050009, KB5050013, KB5050021
- CVE Reference
- CVE-2024-7344, CVE-2025-21189, CVE-2025-21202, CVE-2025-21207, CVE-2025-21210, CVE-2025-21211, CVE-2025-21213, CVE-2025-21214, CVE-2025-21215, CVE-2025-21217, CVE-2025-21219, CVE-2025-21220, CVE-2025-21223, CVE-2025-21224, CVE-2025-21226, CVE-2025-21227, CVE-2025-21228, CVE-2025-21229, CVE-2025-21230, CVE-2025-21231, CVE-2025-21232, CVE-2025-21233, CVE-2025-21234, CVE-2025-21235, CVE-2025-21236, CVE-2025-21237, CVE-2025-21238, CVE-2025-21239, CVE-2025-21240, CVE-2025-21241, CVE-2025-21242, CVE-2025-21243, CVE-2025-21244, CVE-2025-21245, CVE-2025-21246, CVE-2025-21248, CVE-2025-21249, CVE-2025-21250, CVE-2025-21251, CVE-2025-21252, CVE-2025-21255, CVE-2025-21256, CVE-2025-21257, CVE-2025-21258, CVE-2025-21260, CVE-2025-21261, CVE-2025-21263, CVE-2025-21265, CVE-2025-21266, CVE-2025-21268, CVE-2025-21269, CVE-2025-21270, CVE-2025-21271, CVE-2025-21272, CVE-2025-21273, CVE-2025-21274, CVE-2025-21275, CVE-2025-21276, CVE-2025-21277, CVE-2025-21278, CVE-2025-21280, CVE-2025-21281, CVE-2025-21282, CVE-2025-21284, CVE-2025-21285, CVE-2025-21286, CVE-2025-21287, CVE-2025-21288, CVE-2025-21289, CVE-2025-21290, CVE-2025-21291, CVE-2025-21292, CVE-2025-21293, CVE-2025-21294, CVE-2025-21295, CVE-2025-21296, CVE-2025-21298, CVE-2025-21299, CVE-2025-21300, CVE-2025-21301, CVE-2025-21302, CVE-2025-21303, CVE-2025-21304, CVE-2025-21305, CVE-2025-21306, CVE-2025-21308, CVE-2025-21310, CVE-2025-21312, CVE-2025-21313, CVE-2025-21314, CVE-2025-21315, CVE-2025-21316, CVE-2025-21317, CVE-2025-21318, CVE-2025-21319, CVE-2025-21320, CVE-2025-21321, CVE-2025-21323, CVE-2025-21324, CVE-2025-21327, CVE-2025-21328, CVE-2025-21329, CVE-2025-21330, CVE-2025-21331, CVE-2025-21332, CVE-2025-21333, CVE-2025-21334, CVE-2025-21335, CVE-2025-21336, CVE-2025-21338, CVE-2025-21339, CVE-2025-21340, CVE-2025-21341, CVE-2025-21343, CVE-2025-21370, CVE-2025-21372, CVE-2025-21374, CVE-2025-21378, CVE-2025-21382, CVE-2025-21389, CVE-2025-21409, CVE-2025-21411, CVE-2025-21413, CVE-2025-21417
- CVSS Scores
- Base 5.4 / Temporal 4.7
- Description
-
Microsoft Windows Security Update for January 2025
Affected Operating System: Windows 10 Version 1809, Windows 11 version 24H2, Windows 10 Version 1607, Windows 11 version 23H2, Windows 10, Windows 10 version 22H2 and Windows 10 version 21H2
The KB Articles associated with the update:
Patch version is 10.0.10240.20883 for KB5050013
Patch version is 10.0.26100.2894 for KB5050009
Patch version is 10.0.22621.4746 for KB5050021
Patch version is 10.0.14393.7693 for KB5049993
Patch version is 10.0.19041.5369 for KB5049981
Patch version is 10.0.17763.6766 for KB5050008
QID Detection Logic (Authenticated):
This QID checks for the file version of 'ntoskrnl.exe'. - Consequence
- Successful exploitation of this vulnerability could lead to a security breach or may affect integrity, availability, and confidentiality.
- Solution
-
Please refer to the following KB Articles associated with the update:
KB5050013
KB5050009
KB5050021
KB5049993
KB5049981
KB5050008
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5049981
KB5049993
KB5050008
KB5050009
KB5050013
KB5050021
-
Microsoft Windows Server Security Update for January 2025
- Severity
- Urgent 5
- Qualys ID
- 92204
- Vendor Reference
- KB5049983, KB5049984, KB5049993, KB5050004, KB5050006, KB5050008, KB5050009, KB5050048, KB5050049, KB5050061, KB5050063
- CVE Reference
- CVE-2024-7344, CVE-2025-21189, CVE-2025-21193, CVE-2025-21202, CVE-2025-21207, CVE-2025-21210, CVE-2025-21211, CVE-2025-21213, CVE-2025-21214, CVE-2025-21215, CVE-2025-21217, CVE-2025-21218, CVE-2025-21219, CVE-2025-21220, CVE-2025-21223, CVE-2025-21224, CVE-2025-21225, CVE-2025-21226, CVE-2025-21227, CVE-2025-21228, CVE-2025-21229, CVE-2025-21230, CVE-2025-21231, CVE-2025-21232, CVE-2025-21233, CVE-2025-21234, CVE-2025-21235, CVE-2025-21236, CVE-2025-21237, CVE-2025-21238, CVE-2025-21239, CVE-2025-21240, CVE-2025-21241, CVE-2025-21242, CVE-2025-21243, CVE-2025-21244, CVE-2025-21245, CVE-2025-21246, CVE-2025-21248, CVE-2025-21249, CVE-2025-21250, CVE-2025-21251, CVE-2025-21252, CVE-2025-21255, CVE-2025-21256, CVE-2025-21257, CVE-2025-21258, CVE-2025-21260, CVE-2025-21261, CVE-2025-21263, CVE-2025-21265, CVE-2025-21266, CVE-2025-21268, CVE-2025-21269, CVE-2025-21270, CVE-2025-21271, CVE-2025-21272, CVE-2025-21273, CVE-2025-21274, CVE-2025-21275, CVE-2025-21276, CVE-2025-21277, CVE-2025-21278, CVE-2025-21280, CVE-2025-21281, CVE-2025-21282, CVE-2025-21284, CVE-2025-21285, CVE-2025-21286, CVE-2025-21287, CVE-2025-21288, CVE-2025-21289, CVE-2025-21290, CVE-2025-21291, CVE-2025-21292, CVE-2025-21293, CVE-2025-21294, CVE-2025-21295, CVE-2025-21296, CVE-2025-21297, CVE-2025-21298, CVE-2025-21299, CVE-2025-21300, CVE-2025-21301, CVE-2025-21302, CVE-2025-21303, CVE-2025-21304, CVE-2025-21305, CVE-2025-21306, CVE-2025-21308, CVE-2025-21309, CVE-2025-21310, CVE-2025-21312, CVE-2025-21313, CVE-2025-21314, CVE-2025-21315, CVE-2025-21316, CVE-2025-21317, CVE-2025-21318, CVE-2025-21319, CVE-2025-21320, CVE-2025-21321, CVE-2025-21323, CVE-2025-21324, CVE-2025-21326, CVE-2025-21327, CVE-2025-21328, CVE-2025-21329, CVE-2025-21330, CVE-2025-21331, CVE-2025-21332, CVE-2025-21333, CVE-2025-21334, CVE-2025-21335, CVE-2025-21336, CVE-2025-21338, CVE-2025-21339, CVE-2025-21340, CVE-2025-21341, CVE-2025-21372, CVE-2025-21374, CVE-2025-21378, CVE-2025-21382, CVE-2025-21389, CVE-2025-21409, CVE-2025-21411, CVE-2025-21413, CVE-2025-21417
- CVSS Scores
- Base 5.4 / Temporal 4.7
- Description
-
Microsoft Windows Server Security Update for January 2025
Affected Operating System: Windows Server 2008, Windows Server 2019, Windows Server 2016, Windows Server version 23H2, Windows Server 2012, Windows Server 2022 and Windows Server 2025.
The KB Articles associated with the update:
Patch version is 10.0.26100.2894 for KB5050009
Patch version is 10.0.25398.1369 for KB5049984
Patch version is 10.0.14393.7693 for KB5049993
Patch version is 10.0.20348.3089 for KB5049983
Patch version is 6.0.6003.23070 for KB5050063
Patch version is 6.0.6003.23070 for KB5050061
Patch version is 6.3.9600.22370 for KB5050048
Patch version is 10.0.17763.6766 for KB5050008
Patch version is 6.2.9200.25273 for KB5050004
Patch version is 6.1.7601.27520 for KB5050049
Patch version is 6.1.7601.27520 for KB5050006
QID Detection Logic (Authenticated):
This QID checks for the file version of 'ntoskrnl.exe'. - Consequence
- Successful exploitation of this vulnerability could lead to a security breach or may affect integrity, availability, and confidentiality.
- Solution
-
Please refer to the following KB Articles associated with the update:
KB5050009
KB5049984
KB5049993
KB5049983
KB5050063
KB5050061
KB5050048
KB5050008
KB5050004
KB5050049
KB5050006Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5049983
KB5049984
KB5049993
KB5050004
KB5050006
KB5050008
KB5050009
KB5050048
KB5050049
KB5050061
KB5050063
-
Microsoft Windows NTLM V1 Elevation of Privilege Vulnerability (CVE-2025-21311)
- Severity
- Urgent 5
- Qualys ID
- 92205
- Vendor Reference
- CVE-2025-21311, KB5049984, KB5050009
- CVE Reference
- CVE-2025-21311
- CVSS Scores
- Base 5.4 / Temporal 4
- Description
-
Microsoft Windows NTLM V1 Elevation of Privilege Vulnerability CVE-2025-21311.
Affected Operating System: Windows Server version 23H2, Windows Server 2025 and Windows 11 version 24H2.
The KB Articles associated with the update:
Patch version is 10.0.25398.1369 for KB5049984.
Patch version is 10.0.26100.2894 for KB5050009.QID Detection Logic (Authenticated):
This QID checks for the file version of 'ntoskrnl.exe'. - Consequence
- Successful exploitation of this vulnerability could enable a low-privileged attacker to escalate their privileges and execute commands.
- Solution
-
Vendor has released patch. Please refer to the Microsoft Security Advisory for further information.
Workaround:
Set the LmCompatabilityLvl to its maximum value (5) for all machines. This will prevent the usage of the older NTLMv1 protocol, while still allowing NTLMv2. Please refer to the Microsoft Security Advisory for further information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-21311
-
Microsoft Power Automate Remote Code Execution (RCE) Vulnerability
- Severity
- Critical 4
- Qualys ID
- 92206
- Vendor Reference
- CVE-2025-21187
- CVE Reference
- CVE-2025-21187
- CVSS Scores
- Base 6.1 / Temporal 4.5
- Description
-
Power Automate allows you to automate web and desktop applications on your Windows desktop by mimicking the user interface actions like clicks, and keyboard input.
Power Automate for Desktop Affected Versions:
QID Detection Logic (Authenticated):
Versions starting from 2.46 up to but not including 2.46.184.25013
Versions starting from 2.47 up to but not including 2.47.126.25010
Versions starting from 2.48 up to but not including 2.48.164.25010
Versions starting from 2.49 up to but not including 2.49.182.25010
Versions starting from 2.50 up to but not including 2.50.139.25010
Versions starting from 2.51 up to but not including 2.51.349.24355
Versions starting from 2.52 up to but not including 2.52.62.25009
The QID checks for vulnerable version of Windows Power Automate for Desktop by checking the file version of "PAD.AutomationServer.exe". - Consequence
- An attacker who effectively exploits this vulnerability can exploit through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.
- Solution
-
For more information, Customers are advised to refer the CVE-2025-21187
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-21187
-
Microsoft .NET Security Update for January 2025
- Severity
- Critical 4
- Qualys ID
- 92207
- Vendor Reference
- CVE-2025-21171, CVE-2025-21172, CVE-2025-21173, CVE-2025-21176
- CVE Reference
- CVE-2025-21171, CVE-2025-21172, CVE-2025-21173, CVE-2025-21176
- CVSS Scores
- Base 10 / Temporal 7.4
- Description
-
Microsoft has released a security update for .NET that addresses vulnerabilities related to Information Disclosure, and Denial of Service.
Affected versions:
- .NET 9.0 before version 9.0.1
- .NET 8.0 before version 8.0.12
QID Detection Logic: Authenticated
On Windows, this QID detects vulnerable versions of Microsoft .NET by checking the file version.
On Linux, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" and "/root/shared/Microsoft.NETCore.App" folders.
On Mac, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" folder.
- Consequence
-
Vulnerable versions of Microsoft .NET are prone to Remote Code Execution, and Privilege Escalation.
- Solution
-
Customers are advised to refer to:
CVE-2025-21171,
CVE-2025-21172,
CVE-2025-21173,
CVE-2025-21176 for further patch details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-21171
CVE-2025-21172
CVE-2025-21173
CVE-2025-21176
-
Microsoft .NET Framework Remote Code Execution (RCE) Vulnerability for January 2025
- Severity
- Critical 4
- Qualys ID
- 92208
- Vendor Reference
- CVE-2025-21176
- CVE Reference
- CVE-2025-21176
- CVSS Scores
- Base 10 / Temporal 7.4
- Description
-
A Remote Code Execution (RCE) Vulnerability exist in Microsoft .Net Framework.
Following KBs are covered in this detection:
KB5050013
KB5050186
KB5050181
KB5049620
KB5049624
KB5050188
KB5050416
KB5050187
KB5050185
KB5050184
KB5050183
KB5050180
KB5049993
KB5050182
KB5049614
KB5049622
This security update is rated Important for supported versions of Microsoft .NET Framework.
.NET Framework 2.0, 3.0, 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, and 4.8.1QID Detection Logic (Authenticated):
Checks for vulnerable file version of ntoskrnl.exe or Mscorlib.dll or System.dll or System.web.dll for the respective .Net Framework KBs
- Consequence
-
A vulnerable .NET Framework version may be prone to Remote Code Execution (RCE) Vulnerability.
- Solution
-
Customers are advised to refer to the the Article(s): CVE-2025-21176 for more information regarding this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-21176
-
Microsoft On-Premises Data Gateway Information Disclosure Vulnerability
- Severity
- Serious 3
- Qualys ID
- 92209
- Vendor Reference
- CVE-2025-21403
- CVE Reference
- CVE-2025-21403
- CVSS Scores
- Base 2.1 / Temporal 1.6
- Description
-
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the data contained in the targeted PowerBI dashboard. The scope of PowerBI data which could be accessed is dependent on the privileges of compromised user.
Affected Versions:
QID Detection Logic (Authenticated):
On-Premises Data Gateway Versions before November 2024 update (3000.246)
The QID checks for vulnerable version of On-Premises Data GatewayNote: Only customers who have configured a SAP HANA data source to use single sign-on (SSO) are affected and must update their On-Premises Data Gateway to protect against this vulnerability.
- Consequence
- An attacker who effectively exploits this vulnerability is the data contained in the targeted PowerBI dashboard and could be accessed is dependent on the privileges of compromised user.
- Solution
-
For more information, Customers are advised to refer the CVE-2025-21403
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-21403
-
Microsoft Visual Studio Security Update for January 2025
- Severity
- Critical 4
- Qualys ID
- 92210
- Vendor Reference
- CVE-2024-50338, CVE-2025-21171, CVE-2025-21172, CVE-2025-21173, CVE-2025-21176, CVE-2025-21178, CVE-2025-21405
- CVE Reference
- CVE-2024-50338, CVE-2025-21171, CVE-2025-21172, CVE-2025-21173, CVE-2025-21176, CVE-2025-21178, CVE-2025-21405
- CVSS Scores
- Base 9 / Temporal 7.1
- Description
-
Microsoft has released October 2024 security updates for Visual Studio to fix Remote Code Execution, Information Disclosure, and Elevation of Privilege vulnerabilities.
Affected Versions Prior To:
Microsoft Visual Studio 2022 version 17.12.4
Microsoft Visual Studio 2022 version 17.10.10
Microsoft Visual Studio 2022 version 17.8.17
Microsoft Visual Studio 2022 version 17.6.22
Microsoft Visual Studio 2019 version 16.11.43
Microsoft Visual Studio 2017 version 15.9.69
QID Detection Logic (Authenticated):
Windows
This QID detects vulnerable versions of Microsoft Visual Studio by checking the registry key HKLM\SOFTWARE\Microsoft and file devenv.exe to check the version of the Visual Studio. For Visual Studio 2015 Update 3, this QID checks the version of DiagnosticsHub.StandardCollector.Runtime.dll file. - Consequence
-
Vulnerable versions of Visual Studio may be prone to one or more of these vulnerabilities: Remote Code Execution, Information Disclosure, and Elevation of Privileges.
- Solution
-
Customers are advised to refer to:
CVE-2025-21171,
CVE-2025-21172,
CVE-2025-21173,
CVE-2025-21176,
CVE-2025-21178,
CVE-2025-21405,
CVE-2024-50338,
for further patch details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-50338
CVE-2025-21171
CVE-2025-21172
CVE-2025-21173
CVE-2025-21176
CVE-2025-21178
CVE-2025-21405
-
Microsoft Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution (RCE) Vulnerability
- Severity
- Urgent 5
- Qualys ID
- 92211
- Vendor Reference
- CVE-2025-21307, KB5049981, KB5049983, KB5049984, KB5049993, KB5050004, KB5050006, KB5050008, KB5050009, KB5050013, KB5050021, KB5050048, KB5050049, KB5050061, KB5050063
- CVE Reference
- CVE-2025-21307
- CVSS Scores
- Base 5.4 / Temporal 4
- Description
-
Microsoft Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution (RCE) Vulnerability CVE-2025-21307
An unauthenticated attacker could exploit the vulnerability by sending specially crafted packets to a Windows Pragmatic General Multicast (PGM) open socket on the server, without any interaction from the user.
Affected Operating System: Windows Server 2008, Windows 10, Windows 11, Windows Server 2025, Windows Server 2016, Windows Server version 23H2, Windows Server 2012 and Windows Server 2022.
QID Detection Logic (Authenticated):
This QID checks for the file version of 'rmcast.sys'. - Consequence
- Successful exploitation of this vulnerability may allow an unauthenticated attacker to execute arbitrary code on the target system.
- Solution
-
Vendor has released patch. Please refer to the Microsoft Security Advisory for further information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-21307
These new vulnerability checks are included in Qualys vulnerability signature 2.6.234-4. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 110484
- 110485
- 110486
- 110487
- 382665
- 92203
- 92204
- 92205
- 92206
- 92207
- 92208
- 92209
- 92210
- 92211
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.