Microsoft security alert.

Advisory overview

Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 96 vulnerabilities that were fixed in 12 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.

Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.

Vulnerability details

Microsoft has released 12 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:

• Microsoft Office Security Update for October 2023

  Severity

  Critical 4

  Qualys ID

  110449

  Vendor Reference

  CVE-2023-36565, CVE-2023-36568, CVE-2023-36569

  CVE Reference

  CVE-2023-36565, CVE-2023-36568, CVE-2023-36569

  CVSS Scores

  Base 7.2 / Temporal 5.3

  Description

  Microsoft has released October 2023 security updates to fix Elevation of Privilege vulnerabilities.

  This security update contains the following:

  Office Click-2-Run and Office 365 Release Notes

  QID Detection Logic (Authenticated):
  Operating System: Windows
  

  Consequence

  Successful exploitation allows an attacker to perform Elevation of Privileges.

  Solution

  Customers are advised to refer to these CVE Articles:
  CVE-2023-36569, CVE-2023-36568, and CVE-2023-36565 for more information pertaining to this vulnerability.
  

  Patches:
  The following are links for downloading patches to fix these vulnerabilities:
  Microsoft office October 2023

• Microsoft Skype for Business Server Security Update for October 2023

  Severity

  Critical 4

  Qualys ID

  110450

  Vendor Reference

  CVE-2023-36780, CVE-2023-36786, CVE-2023-36789, CVE-2023-41763

  CVE Reference

  CVE-2023-36780, CVE-2023-36786, CVE-2023-36789, CVE-2023-41763

  CVSS Scores

  Base 6.5 / Temporal 5.1

  Description

  Microsoft has released updates to fix multiples updates to fix issues on Microsoft Skype for Business Server and Microsoft Lync Server..

  Affected Software:
  Microsoft Skype for Business Server 2015 CU13
  Microsoft Skype for Business Server 2019 CU7

  Consequence

  Successful exploitation of vulnerability can lead to Escalation of Privileges or Remote Code Execution Vulnerability

  Solution

  Customers are advised to refer to these CVE Articles:
  CVE-2023-41763, CVE-2023-36780, CVE-2023-36789 and CVE-2023-36786 for more information pertaining to this vulnerability.
  

  Patches:
  The following are links for downloading patches to fix these vulnerabilities:
  CVE-2023-36780
  CVE-2023-36786
  CVE-2023-36789
  CVE-2023-41763

• Microsoft SQL Server, ODBC and OLE DB Driver for SQL Server Multiple Vulnerabilities for October 2023

  Severity

  Critical 4

  Qualys ID

  378931

  Vendor Reference

  CVE-2023-36417, CVE-2023-36420, CVE-2023-36728, CVE-2023-36730, CVE-2023-36785

  CVE Reference

  CVE-2023-36417, CVE-2023-36420, CVE-2023-36728, CVE-2023-36730, CVE-2023-36785

  CVSS Scores

  Base 4.6 / Temporal 3.4

  Description

  Microsoft has released a security update to addressed a Remote Code Execution Vulnerability in OLE DB and ODBC driver for SQL Server. Both of these are APIs for Microsoft SQL server that provide access to a range of data sources.

  Affected Software:
  Microsoft ODBC Driver 17 for SQL Server on Windows version prior to 17.10.5.1
  Microsoft ODBC Driver 18 for SQL Server on Windows version prior to 18.3.2.1
  Microsoft ODBC Driver 17 for SQL Server on Linux version prior to 17.10.5.1
  Microsoft ODBC Driver 18 for SQL Server on Linux version prior to 18.3.2.1
  Microsoft SQL Server 2022 for x64-based Systems (GDR)
  Microsoft SQL Server 2019 for x64-based Systems (GDR)
  Microsoft SQL Server 2022 for x64-based Systems ( (CU 8))
  Microsoft SQL Server 2019 for x64-based Systems (CU 22)
  Microsoft SQL Server 2017 for x64-based Systems (CU 31)
  Microsoft SQL Server 2017 for x32-based Systems (CU 31)
  Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR)
  Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack
  Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU 4)
  Microsoft SQL Server 2014 Service Pack 3 for x32-based Systems (GDR) Microsoft OLE DB Driver 19 for SQL Server version prior to 19.3.2.0
  Microsoft OLE DB Driver 18 for SQL Server version prior to 18.6.7.0
  

  QID Detection Logic (Authenticated):
  On Windows, this QID checks for the vulnerable version of ODBC and OLE DB via the registry keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft and HKEY_LOCAL_MACHINE\WOW6432Node\SOFTWARE\Microsoft and the related sub keys for ODBC and OLE DB.
  On Linux, this QID checks for the vulnerable version of ODBC based on the installed package.
  

  Consequence

  Successful exploitation may lead to remote code execution and denial of service.

  Solution

  Customers are advised to refer to CVE-2023-36728, CVE-2023-36730, CVE-2023-36420, CVE-2023-36785, CVE-2023-36417, for more information regarding the vulnerabilities and their patches.

  Patches:
  The following are links for downloading patches to fix these vulnerabilities:
  CVE-2023-36417
  CVE-2023-36420
  CVE-2023-36728
  CVE-2023-36730
  CVE-2023-36785

• Microsoft Windows HTTP/2 Protocol Disabled via Registry

  Severity

  Minimal 1

  Qualys ID

  45590

  Vendor Reference

  N/A

  CVE Reference

  N/A

  CVSS Scores

  Base / Temporal

  Description

  HTTP/2 is a major revision of the HTTP network protocol used by the World Wide Web.
  HTTP/2 protocol can be updated via Registry on your web server by using the Registry Editor.
  Set DWORD type values EnableHttp2TIs and EnableHttp2Cleartext to one of the following:
  Set to 0 to disable HTTP/2
  Set to 1 to enable HTTP/2
  

  QID Detection Logic:(Authenticated)
  Through the registry key "HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters", this QID determines if the HTTP/2 protocol is disabled on the computer.
  

  Consequence

  NA

  Solution

  Customers are advised to refer to HTTP/2 for using the registry editor to update a registry key.

• Microsoft Exchange Server Remote Code Execution (RCE) Vulnerability

  Severity

  Critical 4

  Qualys ID

  50130

  Vendor Reference

  5030877

  CVE Reference

  CVE-2023-36778

  CVSS Scores

  Base 5.8 / Temporal 4.3

  Description

  Microsoft Exchange Server 2016 and 2019 are affected by multiple vulnerabilities.

  KB Articles associated with this update are: KB5030524

  Affected Versions:
  Microsoft Exchange Server 2016 Cumulative Update 23
  Microsoft Exchange Server 2019 Cumulative Update 12
  Microsoft Exchange Server 2019 Cumulative Update 13
  

  QID Detection Logic (Authenticated):
  The QID checks for vulnerable version of Microsoft Exchange Server by checking the file version of Exsetup.exe.

  Consequence

  Successful exploitation of the vulnerability may allow remote code execution and spoofing

  Solution

  Microsoft has released patch, customers are advised to refer to KB5030877 for information pertaining to this vulnerability.
  

  Patches:
  The following are links for downloading patches to fix these vulnerabilities:
  5030877

• Microsoft Dynamics 365 Security Update for October 2023

  Severity

  Serious 3

  Qualys ID

  92066

  Vendor Reference

  CVE-2023-36429

  CVE Reference

  CVE-2023-36429

  CVSS Scores

  Base 5.5 / Temporal 4.1

  Description

  Microsoft Dynamics 365 is a product line of enterprise resource planning and customer relationship management intelligent business applications.

  Affected Software:
  Microsoft Dynamics 365 (on-premises) prior to 9.0.50.03
  Microsoft Dynamics 365 (on-premises) prior to 9.1.22.04

  QID Detection Logic(Authenticated):
  This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.Crm.Setup.Server.exe:
  

  Consequence

  Successful exploitation of this vulnerability could lead to a Cross-site Scripting Vulnerability

  Solution

  Customers are advised to refer to CVE-2023-36429 for more details pertaining to this vulnerability.

  Patches:
  The following are links for downloading patches to fix these vulnerabilities:
  CVE-2023-36429
  CVE-2023-36433
  https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36416

• Microsoft HTTP/2 Protocol Distributed Denial of Service (DoS) Vulnerability

  Severity

  Critical 4

  Qualys ID

  92067

  Vendor Reference

  Microsoft Security Advisory

  CVE Reference

  CVE-2023-44487

  CVSS Scores

  Base 5 / Temporal 4.1

  Description

  CVE-2023-44487: The HTTP/2 protocol is vulnerable to Distributed Denial of Service (DDoS) attack also known as 'HTTP/2 Rapid Reset' attack. This allows malicious actors to launch a DDoS attack targeting HTTP/2 servers.

  Affected Products:
  Windows Server 2019
  Windows Server 2016
  Windows Server 2022
  Windows 11 Version 21H2
  Windows 11 Version 22H2
  Windows 10 Version 21H2
  Windows 10 Version 22H2
  Windows 10 Version 1607
  Microsoft Windows 10 Version 1809
  .NET 7.0 and 6.0
  ASP.NET Core 7.0 and 6.0
  Microsoft Visual Studio 2022 version 17.2
  Microsoft Visual Studio 2022 version 17.4
  Microsoft Visual Studio 2022 version 17.6
  Microsoft Visual Studio 2022 version 17.7

  QID Detection Logic:
  Windows: This QID checks for the file version of 'http.sys'. and also checks for the HTTP/2 protocol is enabled via registry key "HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters"
  .Net:
  On Windows, this QID detects vulnerable versions of Microsoft .NET by checking the file version.
  On Linux, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" and "/root/shared/Microsoft.NETCore.App" folders.
  On Mac, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" folder.
  Asp.Net: The qid looks for sub directories under %programfiles%\dotnet\shared\Microsoft.NETCore.App, %programfiles(x86)%\dotnet\shared\Microsoft.NETCore.App and checks for vulnerable versions in .version file on Windows.
  Visual Studio: This QID detects vulnerable versions of Microsoft Visual Studio by checking the registry key "HKLM\SOFTWARE\Microsoft" and file "evenv.exe" to check the version of the Visual Studio.
  

  Consequence

  Successful exploitation of this vulnerability may allow an attacker targeting HTTP/2 servers to consume server resource significantly leads to denial of service.

  Solution

  Customers are advised to refer to Microsoft Security Advisory for more information pertaining to this vulnerability.
  Workaround:
  Microsoft strongly recommends that you install the updates for this vulnerability as soon as possible even if you plan to leave either of these workarounds in place:

  1. Disable the HTTP/2 protocol on your web server by using the Registry Editor
  2. Include a protocols setting for each Kestral endpoint to limit your application to HTTP1.1

  Patches:
  The following are links for downloading patches to fix these vulnerabilities:
  Microsoft Security Advisory

• Azure DevOps Server Security Update for October 2023

  Severity

  Critical 4

  Qualys ID

  92068

  Vendor Reference

  CVE-2023-36561

  CVE Reference

  CVE-2023-36561

  CVSS Scores

  Base 6.8 / Temporal 5

  Description

  Azure DevOps Server is a Microsoft product that provides version control, reporting, requirements management, project management, automated builds, testing, and release management capabilities.
  Affected Software:
  Azure DevOps Server 2020.1.2
  Azure DevOps Server 2020.0.2
  Azure DevOps Server 2022.0.1

  QID Detection Logic(Authenticated):
  This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.TeamFoundation.Framework.Server.dll.
  

  Consequence

  An attacker who successfully exploited this vulnerability could gain users privileges.

  Solution

  Customers are advised to refer to CVE-2023-36561 for more details.

  Patches:
  The following are links for downloading patches to fix these vulnerabilities:
  CVE-2023-36561

• Microsoft Windows Security Update for October 2023

  Severity

  Urgent 5

  Qualys ID

  92069

  Vendor Reference

  KB5031354, KB5031356, KB5031358, KB5031361, KB5031362, KB5031364, KB5031377, KB5031407, KB5031408, KB5031411, KB5031416, KB5031419, KB5031427, KB5031441, KB5031442

  CVE Reference

  CVE-2023-29348, CVE-2023-35349, CVE-2023-36431, CVE-2023-36434, CVE-2023-36435, CVE-2023-36436, CVE-2023-36438, CVE-2023-36557, CVE-2023-36563, CVE-2023-36564, CVE-2023-36567, CVE-2023-36570, CVE-2023-36571, CVE-2023-36572, CVE-2023-36573, CVE-2023-36574, CVE-2023-36575, CVE-2023-36576, CVE-2023-36577, CVE-2023-36578, CVE-2023-36579, CVE-2023-36581, CVE-2023-36582, CVE-2023-36583, CVE-2023-36584, CVE-2023-36585, CVE-2023-36589, CVE-2023-36590, CVE-2023-36591, CVE-2023-36592, CVE-2023-36593, CVE-2023-36594, CVE-2023-36596, CVE-2023-36598, CVE-2023-36602, CVE-2023-36603, CVE-2023-36605, CVE-2023-36606, CVE-2023-36697, CVE-2023-36698, CVE-2023-36701, CVE-2023-36702, CVE-2023-36703, CVE-2023-36704, CVE-2023-36706, CVE-2023-36707, CVE-2023-36709, CVE-2023-36710, CVE-2023-36711, CVE-2023-36712, CVE-2023-36713, CVE-2023-36717, CVE-2023-36718, CVE-2023-36720, CVE-2023-36721, CVE-2023-36722, CVE-2023-36723, CVE-2023-36724, CVE-2023-36725, CVE-2023-36726, CVE-2023-36729, CVE-2023-36731, CVE-2023-36732, CVE-2023-36743, CVE-2023-36776, CVE-2023-36790, CVE-2023-36902, CVE-2023-38159, CVE-2023-38166, CVE-2023-38171, CVE-2023-41765, CVE-2023-41766, CVE-2023-41767, CVE-2023-41768, CVE-2023-41769, CVE-2023-41770, CVE-2023-41771, CVE-2023-41772, CVE-2023-41773, CVE-2023-41774

  CVSS Scores

  Base 7.5 / Temporal 6.2

  Description

  Microsoft Windows Security Update - October 2023

  Patch version is 6.3.9600.21620 for KB5031419
  Patch version is 6.3.9600.21620 for KB5031407
  Patch version is 6.2.9200.24523 for KB5031442
  Patch version is 6.2.9200.24523 for KB5031427
  Patch version is 6.1.7601.26769 for KB5031408
  Patch version is 6.1.7601.26769 for KB5031441
  Patch version is 6.0.6003.22317 for KB5031416
  Patch version is 6.0.6003.22317 for KB5031411
  Patch version is 10.0.14393.6343 for KB5031362
  Patch version is 10.0.10240.20232 for KB5031377
  Patch version is 10.0.19041.3570 for KB5031356
  Patch version is 10.0.22621.2428 for KB5031354
  Patch version is 10.0.22000.2538 for KB5031358
  Patch version is 10.0.20348.2031 for KB5031364
  Patch version is 10.0.17763.4974 for KB5031361

  QID Detection Logic (Authenticated):
  

  This QID checks for the file version of 'ntoskrnl.exe'.

  Consequence

  Successful exploit could compromise Confidentiality, Integrity and Availability

  Solution

  Please refer to the following KB Articles associated with the update:
  KB5031419
  KB5031407
  KB5031442
  KB5031427
  KB5031408
  KB5031441
  KB5031416
  KB5031411
  KB5031362
  KB5031377
  KB5031356
  KB5031354
  KB5031358
  KB5031364
  KB5031361

  Patches:
  The following are links for downloading patches to fix these vulnerabilities:
  KB5031354
  KB5031356
  KB5031358
  KB5031361
  KB5031362
  KB5031364
  KB5031377
  KB5031407
  KB5031408
  KB5031411
  KB5031416
  KB5031419
  KB5031427
  KB5031441
  KB5031442

• Microsoft Azure Stack Hub Security Updates for October 2023

  Severity

  Urgent 5

  Qualys ID

  92070

  Vendor Reference

  Azure Stack Hub

  CVE Reference

  CVE-2023-29348, CVE-2023-35349, CVE-2023-36431, CVE-2023-36434, CVE-2023-36436, CVE-2023-36438, CVE-2023-36557, CVE-2023-36563, CVE-2023-36564, CVE-2023-36567, CVE-2023-36570, CVE-2023-36571, CVE-2023-36572, CVE-2023-36573, CVE-2023-36574, CVE-2023-36575, CVE-2023-36576, CVE-2023-36577, CVE-2023-36578, CVE-2023-36579, CVE-2023-36581, CVE-2023-36582, CVE-2023-36583, CVE-2023-36584, CVE-2023-36585, CVE-2023-36589, CVE-2023-36590, CVE-2023-36591, CVE-2023-36592, CVE-2023-36593, CVE-2023-36594, CVE-2023-36596, CVE-2023-36598, CVE-2023-36602, CVE-2023-36603, CVE-2023-36605, CVE-2023-36606, CVE-2023-36697, CVE-2023-36698, CVE-2023-36701, CVE-2023-36702, CVE-2023-36703, CVE-2023-36704, CVE-2023-36706, CVE-2023-36707, CVE-2023-36709, CVE-2023-36710, CVE-2023-36711, CVE-2023-36712, CVE-2023-36713, CVE-2023-36717, CVE-2023-36718, CVE-2023-36720, CVE-2023-36721, CVE-2023-36722, CVE-2023-36723, CVE-2023-36724, CVE-2023-36725, CVE-2023-36726, CVE-2023-36729, CVE-2023-36731, CVE-2023-36732, CVE-2023-36743, CVE-2023-36776, CVE-2023-36902, CVE-2023-38159, CVE-2023-38166, CVE-2023-41765, CVE-2023-41766, CVE-2023-41767, CVE-2023-41768, CVE-2023-41769, CVE-2023-41770, CVE-2023-41771, CVE-2023-41772, CVE-2023-41773, CVE-2023-41774, CVE-2023-44487

  CVSS Scores

  Base 10 / Temporal 8.3

  Description

  Azure Stack Hub is an extension of Azure that provides a way to run apps in an on-premises environment and deliver Azure services in your datacenter.

  A complete Qualys vulnerability scan report for Microsoft Azure Stack Hub can be obtained at Azure Stack Vulnerability Scan Report.

  QID Detection Logic (Authenticated):
  This QID checks for the file version of ntoskrnl.exe, if this file version is less than 10.0.17763.11748, it is considered as vulnerable.
  

  Consequence

  Successful exploit could compromise Confidentiality, Integrity and Availability

  Solution

  Customers are encouraged to connect with Microsoft for obtaining more information about patches and upcoming releases.

  Patches:
  The following are links for downloading patches to fix these vulnerabilities:
  Azure Stack Hub

• Microsoft Visual Studio Security Updates for October 2023

  Severity

  Serious 3

  Qualys ID

  92071

  Vendor Reference

  CVE-2023-38171

  CVE Reference

  CVE-2023-38171

  CVSS Scores

  Base 6.8 / Temporal 5

  Description

  Microsoft has released security updates for Visual Studio which resolves the Denial of Service vulnerability.

  Affected Software:
  Microsoft Visual Studio 2022 version 17.7
  Microsoft Visual Studio 2022 version 17.6
  Microsoft Visual Studio 2022 version 17.4
  Microsoft Visual Studio 2022 version 17.2

  QID Detection Logic: Authenticated : Windows
  This QID detects vulnerable versions of Microsoft Visual Studio by checking the registry key "HKLM\SOFTWARE\Microsoft" and file "devenv.exe" to check the version of the Visual Studio.
  

  Consequence

  Vulnerable versions of Microsoft Visual Studio are prone to Denial of Service vulnerability.

  Solution

  Customers are advised to refer to CVE-2023-38171 for more information on the vulnerability and it's patch.

  Patches:
  The following are links for downloading patches to fix these vulnerabilities:
  CVE-2023-38171

• Microsoft .NET Security Update for October 2023

  Severity

  Serious 3

  Qualys ID

  92072

  Vendor Reference

  CVE-2023-36435, CVE-2023-38171

  CVE Reference

  CVE-2023-36435, CVE-2023-38171

  CVSS Scores

  Base 6.8 / Temporal 5

  Description

  Microsoft has released a security update for .NET which resolves the Denial of Service vulnerability.

  Affected versions:
  .NET 7.0 before version 7.0.12
  

  QID Detection Logic: Authenticated
  On Windows, this QID detects vulnerable versions of Microsoft .NET by checking the file version.
  On Linux, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" and "/root/shared/Microsoft.NETCore.App" folders.
  On Mac, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" folder.
  

  Consequence

  Vulnerable versions of Microsoft .NET are prone to Denial of Service vulnerability.

  Solution

  Customers are advised to refer to CVE-2023-38171, CVE-2023-36435 for more details pertaining to these vulnerabilities.
  

  Patches:
  The following are links for downloading patches to fix these vulnerabilities:
  CVE-2023-36435
  CVE-2023-38171

Access for Qualys Customers

Platforms and Platform Identification

Technical Support

For more information, customers may contact Qualys Technical Support.

About Qualys

The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.