Advisory overview
Qualys Vulnerability R&D Lab has released new
vulnerability checks in the Enterprise TruRisk Platform to protect
organizations against
108 vulnerabilities
that were fixed in
14 bulletins
announced today by Microsoft. Customers can immediately audit
their networks for these and other new vulnerabilities by accessing
their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 14 security
bulletins
to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft SharePoint Enterprise Server Multiple Vulnerabilities April 2021
-
Severity
-
Critical
4
-
Qualys ID
-
110377
-
Vendor Reference
-
KB4493170,
KB4493201,
KB4504701,
KB4504709,
KB4504715,
KB4504716,
KB4504719,
KB4504723
-
CVE Reference
-
CVE-2021-28450,
CVE-2021-28453
-
CVSS Scores
-
Base 6.8 /
Temporal 5
-
Description
-
Microsoft has released April 2021 security updates to fix multiple security vulnerabilities.
This security update contains the following KBs:
KB4504709
KB4504716
KB4493170
KB4504719
KB4504701
KB4504715
KB4493201
KB4504723
QID Detection Logic:
This authenticated QID checks the file versions from the above Microsoft KB article with the versions on the affected SharePoint system.
-
Consequence
-
Successful exploitation allows an attacker to execute code remotely.
-
Solution
-
Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update April 2021
-
Microsoft Outlook Remote Code Execution Vulnerability Security Update April 2021
-
Severity
-
Critical
4
-
Qualys ID
-
110378
-
Vendor Reference
-
KB4493185,
KB4504712,
KB4504733
-
CVE Reference
-
CVE-2021-28452
-
CVSS Scores
-
Base 6.8 /
Temporal 5
-
Description
-
Microsoft has released April 2021 security updates for outlook to fix a Remote Code Execution vulnerability.
This security update contains the following KBs:
KB4493185
KB4504733
KB4504712
QID Detection Logic:
This authenticated QID checks the file versions from the Microsoft advisory with the versions on affected outlook applications.
Note: Office click-2-run and Office 365 installations need to be either updated manually or need to be set to automatic update. There is no direct download for the patch.
-
Consequence
-
Successful exploitation will lead to Remote Code Execution.
-
Solution
-
Refer to Microsoft Security Guide for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update April 2021
-
Microsoft Office and Microsoft Office Services and Web Apps Security Update April 2021
-
Severity
-
Critical
4
-
Qualys ID
-
110379
-
Vendor Reference
-
KB2553491,
KB2589361,
KB3017810,
KB3178639,
KB3178643,
KB4493198,
KB4493208,
KB4493215,
KB4493218,
KB4504705,
KB4504714,
KB4504721,
KB4504722,
KB4504724,
KB4504726,
KB4504727,
KB4504729,
KB4504735,
KB4504738,
KB4504739
-
CVE Reference
-
CVE-2021-28449,
CVE-2021-28451,
CVE-2021-28452,
CVE-2021-28453,
CVE-2021-28454,
CVE-2021-28456
-
CVSS Scores
-
Base 6.8 /
Temporal 5
-
Description
-
Microsoft has released April 2021 security updates to fix multiple security vulnerabilities.
This security update contains the following KBs:
KB4504727
KB4493218
KB4504729
KB4504735
KB4504721
KB4504714
KB4504726
KB3178643
KB3178639
KB2553491
KB2589361
KB4504738
KB4504705
KB4493215
KB4493198
KB4504739
KB3017810
KB4504724
KB4493208
KB4504722
QID Detection Logic:
This authenticated QID checks the file versions from the Microsoft advisory with the versions on the affected office system.
Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
-
Consequence
-
Successful exploitation allows an attacker to execute code remotely.
-
Solution
-
Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update April 2021
-
Microsoft Edge Based On Chromium Prior to 89.0.774.77 Multiple Vulnerabilities
-
Severity
-
Critical
4
-
Qualys ID
-
375446
-
Vendor Reference
-
CVE-2021-21206,
CVE-2021-21220
-
CVE Reference
-
CVE-2021-21206,
CVE-2021-21220
-
CVSS Scores
-
Base 6.8 /
Temporal 5.6
-
Description
-
Microsoft Edge based on Chromium is affected by the following vulnerabilities:
CVE-2021-21206: Use after free in Blink.
CVE-2021-21220: Insufficient validation of untrusted input in V8 for x86_64.
Affected Version:
Microsoft Edge based on Chromium prior to version 89.0.774.77
QID Detection Logic: (authenticated)
Operating System: Windows
The install path is checked via registry "HKLM\SOFTWARE\Clients\StartMenuInternet\Microsoft Edge\shell\open\command". The version is checked via file msedge.exe.
QID Detection Logic: (authenticated)
Operating System: MacOS
The QID checks for vulnerable version of Microsoft Edge from installed application list.
-
Consequence
-
Successful exploitation of this vulnerability affects confidentiality, integrity and availability.
-
Solution
-
Customers are advised to upgrade to version
For further details refer to 89.0.774.77 or later
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-21206
CVE-2021-21220
-
Visual Studio Code Remote Code Execution Vulnerability
-
Severity
-
Critical
4
-
Qualys ID
-
375452
-
Vendor Reference
-
CVE-2021-28469
-
CVE Reference
-
CVE-2021-28457,
CVE-2021-28469,
CVE-2021-28471,
CVE-2021-28473,
CVE-2021-28475,
CVE-2021-28477
-
CVSS Scores
-
Base 6.8 /
Temporal 5
-
Description
-
Visual Studio Code is a lightweight but powerful source code editor which runs on your desktop and is available for Windows, macOS and Linux.
Affected Versions:
Visual studio code prior to version 1.55.2
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of visual studio code.
-
Consequence
-
A local attacker who successfully exploited the vulnerability could inject arbitrary code to run in the context of the current user.
-
Solution
-
Please refer to Microsoft advisory for Visual Studio Code for more details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-28469 MAC OS X
CVE-2021-28469 WIndows
-
Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability
-
Severity
-
Critical
4
-
Qualys ID
-
375453
-
Vendor Reference
-
CVE-2021-28471
-
CVE Reference
-
CVE-2021-28470
-
CVSS Scores
-
Base 6.8 /
Temporal 5
-
Description
-
Visual Studio Code is a lightweight but powerful source code editor which runs on your desktop and is available for Windows, macOS and Linux.
Affected Versions:
GitHub Pull Requests and Issues Extension for Visual Studio Code prior to version 0.25.1
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of GitHub Pull Requests and Issues Extension for Visual Studio Code.
-
Consequence
-
A local attacker who successfully exploited the vulnerability could inject arbitrary code to run in the context of the current user.
-
Solution
-
Please refer to Microsoft advisory for Visual Studio Code for more details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-28470 WIndows
-
Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability
-
Severity
-
Critical
4
-
Qualys ID
-
375454
-
Vendor Reference
-
CVE-2021-28448
-
CVE Reference
-
CVE-2021-28448
-
CVSS Scores
-
Base 6.8 /
Temporal 5
-
Description
-
Visual Studio Code is a lightweight but powerful source code editor which runs on your desktop and is available for Windows, macOS and Linux.
Affected Versions:
Kubernetes Tools for Visual Studio Code prior to version 1.3.0
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of Kubernetes Tools for Visual Studio Code.
-
Consequence
-
A local attacker who successfully exploited the vulnerability could inject arbitrary code to run in the context of the current user.
-
Solution
-
Please refer to Microsoft advisory for Visual Studio Code for more details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-28448 WIndows
-
Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability
-
Severity
-
Critical
4
-
Qualys ID
-
375455
-
Vendor Reference
-
CVE-2021-28472
-
CVE Reference
-
CVE-2021-28472
-
CVSS Scores
-
Base 6.8 /
Temporal 5
-
Description
-
Visual Studio Code is a lightweight but powerful source code editor which runs on your desktop and is available for Windows, macOS and Linux.
Affected Versions:
Maven for Java Extension for Visual Studio Code prior to version 0.29.0
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of Maven for Java Extension for Visual Studio Code.
-
Consequence
-
A local attacker who successfully exploited the vulnerability could inject arbitrary code to run in the context of the current user.
-
Solution
-
Please refer to Microsoft advisory for Visual Studio Code for more details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-28472 WIndows
-
Microsoft Exchange Server Remote Code Execution Vulnerability - April 2021
-
Severity
-
Urgent
5
-
Qualys ID
-
50109
-
Vendor Reference
-
KB5001779
-
CVE Reference
-
CVE-2021-28480,
CVE-2021-28481,
CVE-2021-28482,
CVE-2021-28483
-
CVSS Scores
-
Base 10 /
Temporal 7.8
-
Description
-
Microsoft Exchange Server is prone to remote code execution vulnerability.
KB Articles associated with this update are: KB5001779
Affected Versions:
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2016 Cumulative Update 19
Microsoft Exchange Server 2016 Cumulative Update 20
Microsoft Exchange Server 2019 Cumulative Update 8
Microsoft Exchange Server 2019 Cumulative Update 9
QID Detection Logic (authenticated):
The QID checks for the version of file Exsetup.exe.
-
Consequence
-
Successful exploitation allows attackers to execute remote code.
-
Solution
-
Customers are advised to refer to KB5001779 for information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5001779
-
Microsoft Visual Studio Security Update for April 2021
-
Severity
-
Critical
4
-
Qualys ID
-
91757
-
Vendor Reference
-
CVE-2021-27064
-
CVE Reference
-
CVE-2021-27064
-
CVSS Scores
-
Base 4.6 /
Temporal 3.6
-
Description
-
Microsoft has released security update for Visual Studio which resolves multiple security vulnerabilities.
Affected Software:
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 - 16.6)
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)
QID Detection Logic:Authenticated
This QID detects vulnerable versions of Microsoft Visual Studio by checking file version of devenv.exe.
-
Consequence
-
Successful exploitation can affect confidentiality, integrity and availability.
-
Solution
-
Customers are advised to refer to CVE-2021-27064 for more information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-27064 WIndows
-
Microsoft Windows Security Update for April 2021
-
Severity
-
Critical
4
-
Qualys ID
-
91758
-
Vendor Reference
-
KB5001330,
KB5001332,
KB5001335,
KB5001337,
KB5001339,
KB5001340,
KB5001342,
KB5001347,
KB5001382,
KB5001383,
KB5001387,
KB5001389,
KB5001392,
KB5001393
-
CVE Reference
-
CVE-2021-26413,
CVE-2021-26415,
CVE-2021-26416,
CVE-2021-26417,
CVE-2021-27072,
CVE-2021-27079,
CVE-2021-27086,
CVE-2021-27088,
CVE-2021-27089,
CVE-2021-27090,
CVE-2021-27091,
CVE-2021-27092,
CVE-2021-27093,
CVE-2021-27094,
CVE-2021-27095,
CVE-2021-27096,
CVE-2021-28309,
CVE-2021-28310,
CVE-2021-28311,
CVE-2021-28312,
CVE-2021-28313,
CVE-2021-28314,
CVE-2021-28315,
CVE-2021-28316,
CVE-2021-28317,
CVE-2021-28318,
CVE-2021-28319,
CVE-2021-28320,
CVE-2021-28321,
CVE-2021-28322,
CVE-2021-28323,
CVE-2021-28324,
CVE-2021-28325,
CVE-2021-28326,
CVE-2021-28327,
CVE-2021-28328,
CVE-2021-28329,
CVE-2021-28330,
CVE-2021-28331,
CVE-2021-28332,
CVE-2021-28333,
CVE-2021-28334,
CVE-2021-28335,
CVE-2021-28336,
CVE-2021-28337,
CVE-2021-28338,
CVE-2021-28339,
CVE-2021-28340,
CVE-2021-28341,
CVE-2021-28342,
CVE-2021-28343,
CVE-2021-28344,
CVE-2021-28345,
CVE-2021-28346,
CVE-2021-28347,
CVE-2021-28348,
CVE-2021-28349,
CVE-2021-28350,
CVE-2021-28351,
CVE-2021-28352,
CVE-2021-28353,
CVE-2021-28354,
CVE-2021-28355,
CVE-2021-28356,
CVE-2021-28357,
CVE-2021-28358,
CVE-2021-28434,
CVE-2021-28435,
CVE-2021-28436,
CVE-2021-28437,
CVE-2021-28438,
CVE-2021-28439,
CVE-2021-28440,
CVE-2021-28441,
CVE-2021-28442,
CVE-2021-28443,
CVE-2021-28444,
CVE-2021-28445,
CVE-2021-28446,
CVE-2021-28447,
CVE-2021-28464,
CVE-2021-28466,
CVE-2021-28468
-
CVSS Scores
-
Base 7.8 /
Temporal 6.8
-
Description
-
Microsoft releases the security update for Windows April 2021
The KB Articles associated with the update:
KB5001387
KB5001382
KB5001339
KB5001337
KB5001347
KB5001383
KB5001342
KB5001392
KB5001335
KB5001330
KB5001389
KB5001332
KB5001393
KB5001340
This QID checks for the file version of ntoskrnl.exe
The following versions of ntoskrnl.exe with their corresponding KBs are verified:
KB5001387 - 6.2.9200.23327
KB5001382 - 6.3.9600.19994
KB5001339 - 10.0.17134.2145
KB5001337 - 10.0.18362.1500
KB5001347 - 10.0.14393.4350
KB5001383 - 6.2.9200.23327
KB5001342 - 10.0.17763.1879
KB5001392 - 6.1.7601.24576
KB5001335 - 6.1.7601.24576
KB5001330 - 10.0.19041.928
KB5001389 - 6.0.6003.21095
KB5001332 - 6.0.6003.21095
KB5001393 - 6.3.9600.19994
KB5001340 - 10.0.10240.18906
-
Consequence
-
A remote attacker could exploit this vulnerability and execute code on the target system.
-
Solution
-
Please refer to the Security Update Guide for more information pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Security Update Guide Windows
-
Microsoft Windows Servicing Stack Security Update April 2021
-
Severity
-
Medium
2
-
Qualys ID
-
91759
-
Vendor Reference
-
ADV990001
-
CVE Reference
-
N/A
-
CVSS Scores
-
Base 2.1 /
Temporal 1.6
-
Description
-
Servicing stack updates improve the reliability of the update process to mitigate potential issues while installing the latest quality updates and feature updates. If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes.
Microsoft has released Servicing Stack security updates for Windows.
Related KBs:
KB5001401,KB5001403,KB5001399,KB5001402,KB5001400,KB5001404,5001406
QID Detection Logic (Authenticated):
This authenticated QID will check for file version of CbsCore.dll
-
Consequence
-
Successful exploitation may allow unauthorized disclosure of information, unauthorized modification or disruption of service.
-
Solution
-
Customers are advised to refer to advisory ADV990001 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
ADV990001
-
Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability - April 2021
-
Severity
-
Serious
3
-
Qualys ID
-
91760
-
Vendor Reference
-
CVE-2021-27067,
CVE-2021-28459
-
CVE Reference
-
CVE-2021-27067,
CVE-2021-28459
-
CVSS Scores
-
Base 4.3 /
Temporal 3.4
-
Description
-
Azure DevOps Server and Team Foundation Server are prone to information disclosure vulnerability.
Azure DevOps Server 2020.0.1
Azure DevOps Server 2020
Azure DevOps Server 2019.0.1
Azure DevOps Server 2019 Update 1
Azure DevOps Server 2019 Update 1.1
Team Foundation Server 2018 Update 3.2
Team Foundation Server 2018 Update 1.2
Team Foundation Server 2017 Update 3.1
Team Foundation Server 2015 Update 4.2
-
Consequence
-
Successful exploitation allows attacker to get access to Azure DevOps Server pipeline configuration variables and secrets.
-
Solution
-
Customers are advised to refer to CVE-2021-27067, CVE-2021-28459 for information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Azure DevOps Server 2019 Update 1
Azure DevOps Server 2019 Update 1.1
Azure DevOps Server 2019.0.1
Azure DevOps Server 2020
Azure DevOps Server 2020.0.1
Team Foundation Server 2015 Update 4.2
Team Foundation Server 2017 Update 3.1
Team Foundation Server 2018 Update 1.2
Team Foundation Server 2018 Update 3.2
-
Microsoft Windows Codecs Library and VP9 Video Extensions Multiple Vulnerabilities
-
Severity
-
Critical
4
-
Qualys ID
-
91761
-
Vendor Reference
-
CVE-2021-28464,
CVE-2021-28466,
CVE-2021-28468
-
CVE Reference
-
CVE-2021-28464,
CVE-2021-28466,
CVE-2021-28468
-
CVSS Scores
-
Base 6.8 /
Temporal 5
-
Description
-
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory.
Microsoft has disclosed Information Disclosure and Remote Code Execution in Windows Codecs Library and VP9 Video Extensions.
Affected Product:
VP9 Video Extensions prior to version 1.0.40631.0
Raw Image Extension prior to version 1.0.40392.0
QID detection Logic:
The gets the version of HEVCVideoExtension by querying wmi class Win32_InstalledStoreProgram.
-
Consequence
-
An attacker who successfully exploited this vulnerability could obtain information to further compromise the user system.
-
Solution
-
Users are advised to check CVE-2021-26902 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2021-27079 Windows
CVE-2021-28317 Windows
CVE-2021-28464 Windows
CVE-2021-28466 Windows
CVE-2021-28468 Windows
These new vulnerability checks are included in Qualys
vulnerability signature
2.5.155-3.
Each Qualys account is automatically updated with the latest
vulnerability signatures as they become available. To view the
vulnerability signature version in your account, from the
Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
-
Ensure access to TCP ports 135 and 139 are available.
-
Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
-
110377
-
110378
-
110379
-
375446
-
375452
-
375453
-
375454
-
375455
-
50109
-
91757
-
91758
-
91759
-
91760
-
91761
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.
OVERVIEW
CAPABILITIES
PLATFORM APPS
Use Cases
Segments
Resources
Research
Enterprise TruRisk Platform
Free Services