Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 39 vulnerabilities that were fixed in 11 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Microsoft has released 11 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
This security update contains the following KBs:
QID Detection Logic:
This authenticated QID checks the file versions from the above Microsoft KB article with the versions on the affected SharePoint system.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update August 2021
This security update contains the following:
MacOS Release Notes
Office Click-2-Run and Office 365 Release Notes
QID Detection Logic:
This authenticated QID checks the file versions from the Microsoft advisory with the versions on the affected office system.
Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
MacOS Release Notes
Office Click-2-Run and Office 365 Release Notes
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update August 2021
CVE-2021-36943:Azure CycleCloud Elevation of Privilege Vulnerability.
CVE-2021-33762:Azure CycleCloud Elevation of Privilege Vulnerability.
Affected Software:
Azure CycleCloud prior to 8.2.0
Azure CycleCloud prior to 7.9.10
QID Detection Logic(Authenticated):
This authenticated QID flags vulnerable version of Azure CycleCloud
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-33762
CVE-2021-36943
CVE-2021-36946:Microsoft Dynamics Business Central Cross-site Scripting Vulnerability.
Affected Software:
Dynamics 365 Business Central 2019 Spring Update.
Microsoft Dynamics 365 Business Central 2020 Release Wave 1 - Update 16.15
Microsoft Dynamics 365 Business Central 2020 Release Wave 2 - Update 17.9.
Microsoft Dynamics NAV 2017
Microsoft Dynamics NAV 2018
QID Detection Logic(Authenticated):
This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.Dynamics.Nav.Server.exe
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-36946
The KB Articles associated with the update:
KB5005033
KB5005031
KB5005030
KB5005043
KB5005040
KB5005076
KB5005106
KB5005099
KB5005094
KB5005088
KB5005095
KB5005090
KB5005089
QID Detection logic (Authenticated) :
This QID checks for the file version of ntoskrnl.exe, win32k.sys and spoolsv.exe.
The following versions of ntoskrnl.exe with their corresponding KBs are verified:
KB5005033-10.0.19041.1165
KB5005031-10.0.18362.1734
KB5005030-10.0.17763.2114
KB5005043-10.0.14393.4583
KB5005040-10.0.10240.19022
KB5005076-6.3.9600.20094
KB5005106-6.3.9600.20094
KB5005099-6.2.9200.23431
KB5005094-6.2.9200.23431
KB5005090-6.0.6003.21192
KB5005095-6.0.6003.21192
KB5005088-6.1.7601.25685
KB5005089-6.1.7601.25685
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5005031
KB5005033
KB5005036
KB5005040
KB5005043
KB5005076
KB5005088
KB5005089
KB5005090
KB5005094
KB5005095
KB5005099
KB5005106
The KB Articles associated with the update:
KB5005076
KB5005106
KB5005099
KB5005094
KB5005043
KB5005033
KB5005030
KB5005088
KB5005095
KB5005090
KB5005089
This QID checks for the file version of ntoskrnl.exe
The following versions of ntoskrnl.exe with their corresponding KBs are verified:
KB5005076
KB5005106
KB5005099
KB5005094
KB5005043
KB5005033
KB5005030
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5005030
KB5005033
KB5005043
KB5005076
KB5005088
KB5005089
KB5005090
KB5005094
KB5005095
KB5005099
KB5005106
Affected Software:
Windows Defender
QID Detection Logic (Authenticated):
Detection checks for mpengine.dll file version less than 1.1.18400.4
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-34471
Affected Software:
Windows Update Assistant
QID Detection Logic (Authenticated):
Detection checks for vulnerable version by fetching the details from Uninstall registry key
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-36945
QID Detection Logic (Authenticated):
This QID checks file version of AzureADConnect.exe.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-36949
Affected versions:
.NET Core 2.1 before version 2.1.29
.NET Core 3.1 before version 3.1.18
.NET 5.0 before version 5.0.9
ASP.NET Core 2.1 before version 2.1.29
ASP.NET Core 3.1 before version 3.1.18
ASP.NET Core 5.0 before version 5.0.9
QID Detection Logic (Authenticated):
The qid looks for sub directories under %programfiles%\dotnet\shared\Microsoft.NETCore.App, %programfiles(x86)%\dotnet\shared\Microsoft.NETCore.App and checks for vulnerable versions in .version file on Windows.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-26423 Windows
CVE-2021-34485 Windows
CVE-2021-34532 Windows
Affected Software:
Microsoft Visual Studio on Mac prior to version 8.10.6.10
Microsoft Visual Studio 2019 prior to version 16.10 (includes 16.0-16.9)
Microsoft Visual Studio 2019 prior to version 16.9 (includes 16.0-16.8)
Microsoft Visual Studio 2019 prior to version 16.7 (includes 16.0-16.6)
Microsoft Visual Studio 2019 prior to version 16.4 (includes 16.0-16.3)
Microsoft Visual Studio 2017 prior to version 15.9 (includes 15.0-15.8)
QID Detection Logic:Authenticated
This QID detects vulnerable versions of Microsoft Visual Studio by checking file version of Visual Studio.app.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-26423
CVE-2021-34485
CVE-2021-34532
These new vulnerability checks are included in Qualys vulnerability signature 2.5.252-6. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
To perform a selective vulnerability scan, configure a scan profile to use the following options:
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Platforms and Platform Identification
For more information, customers may contact Qualys Technical Support.
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.