Advisory overview
Qualys Vulnerability R&D Lab has released new
vulnerability checks in the Enterprise TruRisk Platform to protect
organizations against
94 vulnerabilities
that were fixed in
11 bulletins
announced today by Microsoft. Customers can immediately audit
their networks for these and other new vulnerabilities by accessing
their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 11 security
bulletins
to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Internet Explorer Security Update for November 2020
-
Severity
-
Critical
4
-
Qualys ID
-
100412
-
Vendor Reference
-
KB4586768,
KB4586781,
KB4586785,
KB4586786,
KB4586787,
KB4586793,
KB4586827,
KB4586830,
KB4586834,
KB4586845
-
CVE Reference
-
CVE-2020-17052,
CVE-2020-17053,
CVE-2020-17058
-
CVSS Scores
-
Base 7.6 /
Temporal 5.6
-
Description
-
Microsoft releases the security update for Internet Explorer November 2020
The KB Articles associated with the update:
KB4586793
KB4586845
KB4586787
KB4586827
KB4586834
KB4586785
KB4586768
KB4586830
KB4586781
KB4586786
This QID checks for the file version of Mshtml.dll
The following versions of Mshtml.dll with their corresponding KBs are verified:
KB4586845 - 11.0.9600.19867
KB4586787 - 11.0.10240.18756
KB4586827 - 11.0.9600.19867
KB4586834 - 10.0.9200.22975 , 11.0.9600.19867
KB4586785 - 11.0.17134.1845
KB4586768 - 11.0.9600.19867
KB4586830 - 11.0.14393.4046
KB4586786 - 11.0.18362.1198 , 11.0.18362.1110 , 11.0.18362.1016
The following versions of Chakra.dll with their corresponding KBs are verified:
KB4586793 - 11.0.17763.1577
KB4586781 - 11.0.19041.630
-
Consequence
-
An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
-
Solution
-
Please refer to the KB4586793
KB4586845
KB4586787
KB4586827
KB4586834
KB4586785
KB4586768
KB4586830
KB4586781
KB4586786
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Security Update Guide WIndows
-
Microsoft SharePoint Enterprise Server and Foundation Multiple Vulnerabilities November 2020
-
Severity
-
Critical
4
-
Qualys ID
-
110365
-
Vendor Reference
-
KB4486706,
KB4486714,
KB4486717,
KB4486723,
KB4486733,
KB4486744
-
CVE Reference
-
CVE-2020-16979,
CVE-2020-17015,
CVE-2020-17016,
CVE-2020-17017,
CVE-2020-17060,
CVE-2020-17061
-
CVSS Scores
-
Base 6.8 /
Temporal 5
-
Description
-
Microsoft has released November 2020 security updates to fix multiple security vulnerabilities.
This security update contains the following KBs:
KB4486717
KB4486733
KB4486714
KB4486723
KB4486706
KB4486744
QID Detection Logic:
This authenticated QID checks the file versions from above Microsoft KB article with the versions on affected SharePoint system.
-
Consequence
-
Successful exploitation allows an attacker to execute code remotely.
-
Solution
-
Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft SharePoint Foundation and SharePoint Server November 2020
-
Microsoft Office and Microsoft Office Services and Web Apps Security Update November 2020
-
Severity
-
Critical
4
-
Qualys ID
-
110366
-
Vendor Reference
-
KB4484455,
KB4484508,
KB4484520,
KB4484534,
KB4486713,
KB4486718,
KB4486719,
KB4486722,
KB4486725,
KB4486727,
KB4486730,
KB4486734,
KB4486737,
KB4486740,
KB4486743
-
CVE Reference
-
CVE-2020-17019,
CVE-2020-17020,
CVE-2020-17062,
CVE-2020-17063,
CVE-2020-17064,
CVE-2020-17065,
CVE-2020-17066,
CVE-2020-17067
-
CVSS Scores
-
Base 9.3 /
Temporal 6.9
-
Description
-
Microsoft has released November 2020 security updates to fix multiple security vulnerabilities.
This security update contains the following KBs:
KB4486734
KB4486743
KB4486718
KB4486727
KB4486725
KB4486737
KB4486722
KB4486713
KB4486730
KB4486740
KB4486719
KB4484455
KB4484520
KB4484534
KB4484508
QID Detection Logic:
This authenticated QID checks the file versions from the Microsoft advisory with the versions on affected office system.
Note: Office click-2-run and Office 365 installations need to be either updated manually or need to be set to automatic update. There is no direct download for the patch.
-
Consequence
-
Successful exploitation allows an attacker to execute code remotely.
-
Solution
-
Refer to Microsoft Security Guide for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update October 2020
-
Microsoft Exchange Server Security Update for November 2020
-
Severity
-
Critical
4
-
Qualys ID
-
50103
-
Vendor Reference
-
KB4588741
-
CVE Reference
-
CVE-2020-17083,
CVE-2020-17084,
CVE-2020-17085
-
CVSS Scores
-
Base 9 /
Temporal 7.1
-
Description
-
An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages.
The security update corrects the way that Exchange handles these token validations.
Affected Software:
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2016 Cumulative Update 17
Microsoft Exchange Server 2016 Cumulative Update 18
Microsoft Exchange Server 2019 Cumulative Update 6
Microsoft Exchange Server 2019 Cumulative Update 7
KB articles covered: 4588741.
QID Detection Logic (authenticated):
The QID checks for the version of file Exsetup.exe if it is lesser than:
The version for Microsoft Exchange Server 2013 Cumulative Update 23 is 15.0.1497.8
The version for Microsoft Exchange Server 2016 Cumulative Update 17 is 15.1.2044.8
The version for Microsoft Exchange Server 2016 Cumulative Update 18 is 15.1.2106.4
The version for Microsoft Exchange Server 2019 Cumulative Update 6 is 15.2.659.8
The version for Microsoft Exchange Server 2019 Cumulative Update 7 is 15.2.721.4
-
Consequence
-
Successful exploitation allows an attacker to leverage this vulnerability and gain further information from a user.
-
Solution
-
Customers are advised to refer to KB4588741 for information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB4588741 windows
-
Microsoft Windows Security Update for November 2020
-
Severity
-
Critical
4
-
Qualys ID
-
91691
-
Vendor Reference
-
KB4586781,
KB4586785,
KB4586786,
KB4586787,
KB4586793,
KB4586805,
KB4586807,
KB4586808,
KB4586817,
KB4586823,
KB4586827,
KB4586830,
KB4586834,
KB4586845
-
CVE Reference
-
CVE-2020-1599,
CVE-2020-16997,
CVE-2020-16998,
CVE-2020-16999,
CVE-2020-17000,
CVE-2020-17001,
CVE-2020-17004,
CVE-2020-17007,
CVE-2020-17010,
CVE-2020-17011,
CVE-2020-17012,
CVE-2020-17013,
CVE-2020-17014,
CVE-2020-17024,
CVE-2020-17025,
CVE-2020-17026,
CVE-2020-17027,
CVE-2020-17028,
CVE-2020-17029,
CVE-2020-17030,
CVE-2020-17031,
CVE-2020-17032,
CVE-2020-17033,
CVE-2020-17034,
CVE-2020-17035,
CVE-2020-17036,
CVE-2020-17037,
CVE-2020-17038,
CVE-2020-17040,
CVE-2020-17041,
CVE-2020-17042,
CVE-2020-17043,
CVE-2020-17044,
CVE-2020-17045,
CVE-2020-17046,
CVE-2020-17047,
CVE-2020-17049,
CVE-2020-17051,
CVE-2020-17055,
CVE-2020-17056,
CVE-2020-17057,
CVE-2020-17068,
CVE-2020-17069,
CVE-2020-17070,
CVE-2020-17071,
CVE-2020-17073,
CVE-2020-17074,
CVE-2020-17075,
CVE-2020-17076,
CVE-2020-17077,
CVE-2020-17087,
CVE-2020-17088,
CVE-2020-17090,
CVE-2020-17113
-
CVSS Scores
-
Base 10 /
Temporal 8.3
-
Description
-
Microsoft releases the security updates for Windows November 2020 to address the multiple CVEs.
The KB Articles associated with the update:
KB4586793
KB4586845
KB4586817
KB4586827
KB4586834
KB4586785
KB4586830
KB4586787
KB4586781
KB4586807
KB4586786
KB4586823
KB4586805
KB4586808
QID detection Logic:
This QID checks for the file version of "ntoskrnl.exe" and "cng.sys"
The following versions of "ntoskrnl.exe" with their corresponding KBs are verified:
KB4586793 - 10.0.17763.1577
KB4586817 - 6.0.6003.20981
KB4586827 - 6.1.7601.24562
KB4586785 - 10.0.17134.1845
KB4586830 - 10.0.14393.4046
KB4586787 - 10.0.10240.18756
KB4586781 - 10.0.19041.630
KB4586807 - 6.0.6003.20981
KB4586786 - 10.0.18362.1198
KB4586805 - 6.1.7601.24562
The following versions of "cng.sys" with their corresponding KBs are verified:
KB4586845 - 6.3.9600.19871
KB4586823 - 6.3.9600.19871
KB4586834 - 6.2.9200.23199
KB4586808 - 6.2.9200.23199
Note:Qualys found a regression issue in Microsoft December 2020 updates. This makes the Windows 2012 hosts who have December 2020 patch installed are still vulnerable to CVE-2020-17087. We have co-ordinated with Microsoft and Microsoft released an update on January 2021.Please refer to the Qualys Blog January 2021 Patch Tuesday for more information.
-
Consequence
-
An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
-
Solution
-
Please refer to the Security Update Guide for more information pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Security Update Guide Windows
-
Microsoft Visual Studio Security Update for November 2020
-
Severity
-
Critical
4
-
Qualys ID
-
91693
-
Vendor Reference
-
CVE-2020-1133,
CVE-2020-16856,
CVE-2020-16874,
CVE-2020-17100
-
CVE Reference
-
CVE-2020-17100
-
CVSS Scores
-
Base 2.1 /
Temporal 1.6
-
Description
-
Microsoft has released security update for Visual Studio which resolves multiple security vulnerabilities.
Affected Software:
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 - 16.6)
Microsoft Visual Studio 2019 version 16.0
Microsoft Visual Studio 2019 version 16.8
QID Detection Logic:Authenticated
This QID detects vulnerable versions of Microsoft Visual Studio by checking file version of devenv.exe.
-
Consequence
-
Successful exploitation can affect confidentiality, integrity and availability.
-
Solution
-
Customers are advised to refer to CVE-2020-17100 for more information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2020-17100 windows
-
Microsoft Dynamics 365 Security Update for November 2020
-
Severity
-
Critical
4
-
Qualys ID
-
91694
-
Vendor Reference
-
KB4577009,
KB4584611,
KB4584612
-
CVE Reference
-
CVE-2020-17005,
CVE-2020-17006,
CVE-2020-17018,
CVE-2020-17021
-
CVSS Scores
-
Base 3.5 /
Temporal 2.6
-
Description
-
The following vulnerabilities exist in Microsoft Dynamics 365 (on-premises) and Dynamics 365 Commerce:
CVE-2020-17018,CVE-2020-17005,CVE-2020-17021,CVE-2020-17006: A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server.
Affected Versions:
Microsoft Dynamics 365 (on-premises) version
Microsoft Dynamics 365 (on-premises) version
KB Articles:KB4584612,KB4584611,KB4577009
QID Detection Logic:
This authenticated QID flags vulnerable systems by detecting Microsoft.Crm.Setup.Server.exe versions lesser than:
Microsoft Dynamics 365 (on-premises) version
Microsoft Dynamics 365 (on-premises) version
-
Consequence
-
Depending on the vulnerability being exploited, an attacker to conduct cross-site scripting attacks or update data without proper authorization.
-
Solution
-
Customers are advised to refer to KB
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Release Notes
-
Microsoft Windows Servicing Stack Security Update November 2020
-
Severity
-
Medium
2
-
Qualys ID
-
91695
-
Vendor Reference
-
ADV990001
-
CVE Reference
-
N/A
-
CVSS Scores
-
Base 3.7 /
Temporal 2.7
-
Description
-
Servicing stack updates improve the reliability of the update process to mitigate potential issues while installing the latest quality updates and feature updates. If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes.
Microsoft has released Servicing Stack security updates for Windows.
QID Detection Logic (Authenticated):
This authenticated QID will check for file version of CbsCore.dll
-
Consequence
-
Successful exploitation may allow unauthorized disclosure of information, unauthorized modification or disruption of service.
-
Solution
-
Customers are advised to refer to advisory ADV990001 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
ADV990001
-
Microsoft Edge Security Update for November 2020
-
Severity
-
Critical
4
-
Qualys ID
-
91697
-
Vendor Reference
-
KB4586781,
KB4586785,
KB4586786,
KB4586787,
KB4586793,
KB4586830
-
CVE Reference
-
CVE-2020-17048,
CVE-2020-17052,
CVE-2020-17054,
CVE-2020-17058
-
CVSS Scores
-
Base 7.6 /
Temporal 5.6
-
Description
-
Microsoft releases the security update for Microsoft Edge September 2020
The KB Articles associated with the update:
KB4586830
KB4586787
KB4586781
KB4586786
KB4586793
KB4586785
QID Detection Logic:Authenticated
This QID checks for the file version of edgehtml.dll
-
Consequence
-
On successfull exploitation, An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website.
Additionally an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
-
Solution
-
Please refer to the CVE-2020-17058,
CVE-2020-17054,
CVE-2020-17052,
and CVE-2020-17048 for more information pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2020-17048
CVE-2020-17052
CVE-2020-17054
CVE-2020-17058
-
Microsoft Windows Codecs Library Remote Code Execution Vulnerabilities - November 2020
-
Severity
-
Critical
4
-
Qualys ID
-
91698
-
Vendor Reference
-
CVE-2020-17078,
CVE-2020-17079,
CVE-2020-17081,
CVE-2020-17082,
CVE-2020-17086,
CVE-2020-17101,
CVE-2020-17102,
CVE-2020-17105,
CVE-2020-17106,
CVE-2020-17107,
CVE-2020-17108,
CVE-2020-17109,
CVE-2020-17110
-
CVE Reference
-
CVE-2020-17078,
CVE-2020-17079,
CVE-2020-17081,
CVE-2020-17082,
CVE-2020-17086,
CVE-2020-17101,
CVE-2020-17102,
CVE-2020-17105,
CVE-2020-17106,
CVE-2020-17107,
CVE-2020-17108,
CVE-2020-17109,
CVE-2020-17110
-
CVSS Scores
-
Base 10 /
Temporal 7.8
-
Description
-
Multiple security vulnerabilities exist in Microsoft Windows Codecs Library.
Affected Product:
WebpImageExtension prior to 1.0.32731.0
HEIFImageExtension prior to 1.0.32532.0
AV1VideoExtension prior to1.1.32442.0
RawImageExtension prior to1.0.32861.0
HEVCVideoExtension prior to 1.0.32762.0
QID detection Logic:
Detection gets the version of Microsoft.WebpImageExtension, Microsoft.HEIFImageExtension, Microsoft.AV1VideoExtension, Microsoft.RawImageExtension, HEVCVideoExtension by querying wmi class Win32_InstalledStoreProgram.
-
Consequence
-
An attacker who successfully exploited the vulnerability could execute arbitrary code.
-
Solution
-
Users are advised to check CVE-2020-17101,CVE-2020-17105,CVE-2020-17102,CVE-2020-17079,CVE-2020-17081,CVE-2020-17082,CVE-2020-17086,CVE-2020-17078,CVE-2020-17106,CVE-2020-17109,CVE-2020-17108,CVE-2020-17110,CVE-2020-17107 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Security Update Guide
Microsoft Security Update Guide
-
Microsoft Windows Kernel Privilege Escalation Vulnerability
-
Severity
-
Critical
4
-
Qualys ID
-
91690
-
Vendor Reference
-
KB4586781,
KB4586785,
KB4586786,
KB4586787,
KB4586793,
KB4586805,
KB4586807,
KB4586808,
KB4586817,
KB4586823,
KB4586827,
KB4586830,
KB4586834,
KB4586845
-
CVE Reference
-
CVE-2020-17087
-
CVSS Scores
-
Base 7.2 /
Temporal 6
-
Description
-
Microsoft windows is prone to privilege escalation vulnerability. (CVE-2020-17087)
Windows driver bug is being exploited in the wild as a zero-day. It allows local privilege escalation and sandbox escape.
This vulnerability will not be patched until the next Patch Tuesday on 10-Nov-2020
Affected Products:
Windows 7 to all Windows 10 latest release.
Update 11/10/2020:
Microsoft releases the security updates for Windows November 2020 to address the above CVE.
The KB Articles associated with the update:
KB4586793
KB4586845
KB4586817
KB4586827
KB4586834
KB4586785
KB4586830
KB4586787
KB4586781
KB4586807
KB4586786
KB4586823
KB4586805
KB4586808
QID detection Logic:
This QID checks for the file version of "ntoskrnl.exe" and "cng.sys"
The following versions of "ntoskrnl.exe" with their corresponding KBs are verified:
KB4586793 - 10.0.17763.1577
KB4586817 - 6.0.6003.20981
KB4586827 - 6.1.7601.24562
KB4586785 - 10.0.17134.1845
KB4586830 - 10.0.14393.4046
KB4586787 - 10.0.10240.18756
KB4586781 - 10.0.19041.630
KB4586807 - 6.0.6003.20981
KB4586786 - 10.0.18362.1198
KB4586805 - 6.1.7601.24562
The following versions of "cng.sys" with their corresponding KBs are verified:
KB4586845 - 6.3.9600.19871
KB4586823 - 6.3.9600.19871
KB4586834 - 6.2.9200.23199
KB4586808 - 6.2.9200.23199
Note:Qualys found a regression issue in Microsoft December 2020 updates. This makes the Windows 2012 hosts who have December 2020 patch installed are still vulnerable to CVE-2020-17087. We have co-ordinated with Microsoft and Microsoft released an update on January 2021.Please refer to the Qualys Blog January 2021 Patch Tuesday for more information.
-
Consequence
-
Successful exploitation of this vulnerability allows attacker to elevate privileges.
-
Solution
-
Please refer to the CVE-2020-17087 for more information pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Security Update Guide WIndows
These new vulnerability checks are included in Qualys
vulnerability signature
2.5.29-3.
Each Qualys account is automatically updated with the latest
vulnerability signatures as they become available. To view the
vulnerability signature version in your account, from the
Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
-
Ensure access to TCP ports 135 and 139 are available.
-
Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
-
100412
-
110365
-
110366
-
50103
-
91691
-
91693
-
91694
-
91695
-
91697
-
91698
-
91690
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.
OVERVIEW
CAPABILITIES
PLATFORM APPS
Use Cases
Segments
Resources
Research
Enterprise TruRisk Platform
Free Services