Microsoft security alert.

Advisory overview

Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 30 vulnerabilities that were fixed in 7 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.

Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.

Vulnerability details

Microsoft has released 7 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:

• Microsoft Office Security Update for December 2023

  Severity

  Serious 3

  Qualys ID

  110453

  Vendor Reference

  KB5002520

  CVE Reference

  CVE-2023-36009

  CVSS Scores

  Base 4.9 / Temporal 3.6

  Description

  Microsoft has released December 2023 security updates to fix multiple security vulnerabilities.

  This security update contains the following:
  Office Click-2-Run and Office 365 Release Notes
  KB5002520

  QID Detection Logic (Authenticated):
  Operating System: Windows
  The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office.
  Patched Versions for Microsoft 365 (C2R) are:
  TBD Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.

  Consequence

  Vulnerable products may be prone to Information Disclosure Vulnerability.

  Solution

  Customers are advised to refer to these KB Article(s):
  KB5002520 for more information regarding this vulnerability.

  Patches:
  The following are links for downloading patches to fix these vulnerabilities:
  Microsoft office December 2023

• Microsoft Outlook Information Disclosure and Mac Spoofing Vulnerability for December 2023

  Severity

  Serious 3

  Qualys ID

  110454

  Vendor Reference

  KB5002529, Release notes for Office for Mac

  CVE Reference

  CVE-2023-35619, CVE-2023-35636

  CVSS Scores

  Base 7.8 / Temporal 6.1

  Description

  Microsoft has released December 2023 security updates for outlook to fix an Information Disclosure Vulnerability.

  This security update contains the following:

  CVE-2023-35636: Information Disclosure Vulnerability
  KB5002520
  Office Click-2-Run and Office 365 Release Notes

  CVE-2023-35619: Mac Spoofing Vulnerability
  Microsoft Office LTSC for Mac 2021

  QID Detection Logic (Authenticated):
  Operating System: Windows
  The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office.
  Patched Versions for Microsoft 365 (C2R) are:
  TBD Operating System: MacOS
  This authenticated QID checks the file versions from the Microsoft advisory with the versions on affected outlook applications.

  Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.

  Consequence

  Successful exploitation will lead to Mac Spoofing and/or Information Disclosure Vulnerability.

  Solution

  Refer to Microsoft Security Guide, and KB5002520
  for more details pertaining to this vulnerability.

  Patches:
  The following are links for downloading patches to fix these vulnerabilities:
  Microsoft Outlook December 2023

• Microsoft Defender Denial of Service (DoS) Vulnerability For December 2023

  Severity

  Critical 4

  Qualys ID

  92084

  Vendor Reference

  CVE-2023-36010

  CVE Reference

  CVE-2023-36010

  CVSS Scores

  Base 7.8 / Temporal 5.8

  Description

  Microsoft Malware Protection Platform is affected by a denial of service vulnerability CVE-2023-36010.

  Affected Versions / Software:
  Microsoft Malware Protection Platform prior to Version 4.18.23110.3

  QID Detection Logic (Authenticated):
  The authenticated check looks for the version of "ProtectionManagement.dll" file and if the Windows Defender service is in running state.

  Consequence

  Successful exploitation of this vulnerability could lead to Denial of Service Vulnerability

  Solution

  Users are advised to check CVE-2023-36010 for more information.

  Patches:
  The following are links for downloading patches to fix these vulnerabilities:
  CVE-2023-36010

• Microsoft Windows Security Update for December 2023

  Severity

  Urgent 5

  Qualys ID

  92085

  Vendor Reference

  KB5033118, KB5033369, KB5033371, KB5033372, KB5033373, KB5033375, KB5033379, KB5033383, KB5033422, KB5033424, KB5033427, KB5033429, KB5033433

  CVE Reference

  CVE-2023-20588, CVE-2023-21740, CVE-2023-35628, CVE-2023-35629, CVE-2023-35630, CVE-2023-35631, CVE-2023-35632, CVE-2023-35633, CVE-2023-35634, CVE-2023-35635, CVE-2023-35639, CVE-2023-35641, CVE-2023-35642, CVE-2023-35644, CVE-2023-36003, CVE-2023-36004, CVE-2023-36005, CVE-2023-36006, CVE-2023-36011, CVE-2023-36391, CVE-2023-36696

  CVSS Scores

  Base 7.5 / Temporal 5.9

  Description

  Microsoft Windows Security Update - December 2023

  Patch version is 10.0.22621.2861 for KB5033375
  Patch version is 10.0.25398.584 for KB5033383
  Patch version is 10.0.19041.3803 for KB5033372
  Patch version is 10.0.22000.2652 for KB5033369
  Patch version is 10.0.20348.2141 for KB5033118
  Patch version is 10.0.17763.5202 for KB5033371
  Patch version is 6.2.9200.24612 for KB5033429
  Patch version is 6.1.7601.26863 for KB5033433
  Patch version is 6.1.7601.26863 for KB5033424
  Patch version is 6.0.6003.22412 for KB5033422
  Patch version is 6.0.6003.22412 for KB5033427
  Patch version is 10.0.14393.6522 for KB5033373
  Patch version is 10.0.10240.20345 for KB5033379
  Patch version is 6.3.9600.21712 for KB5033420

  QID Detection Logic (Authenticated):
  

  This QID checks for the file version of 'ntoskrnl.exe'. Note: This QID checks for windows Server 2022 Azuro Hotpatch through below registry key
  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Update\TargetingInfo\DynamicInstalled\Hotpatch.amd64

  Consequence

  Successful exploit could compromise Confidentiality, Integrity and Availability

  Solution

  Please refer to the following KB Articles associated with the update:
  KB5033375
  KB5033383
  KB5033372
  KB5033369
  KB5033118
  KB5033464
  KB5033371
  KB5033429
  KB5033433
  KB5033424
  KB5033422
  KB5033427
  KB5033373
  KB5033379
  

  Patches:
  The following are links for downloading patches to fix these vulnerabilities:
  KB5033118
  KB5033369
  KB5033371
  KB5033372
  KB5033373
  KB5033375
  KB5033379
  KB5033383
  KB5033420
  KB5033422
  KB5033424
  KB5033427
  KB5033429
  KB5033433

• Azure Connected Machine Agent Security Update for December 2023

  Severity

  Critical 4

  Qualys ID

  92087

  Vendor Reference

  CVE-2023-35624

  CVE Reference

  CVE-2023-35624

  CVSS Scores

  Base 4.3 / Temporal 3.2

  Description

  The Azure Connected Machine agent enables you to manage your Windows and Linux machines hosted outside of Azure on your corporate network or other cloud providers.

  Affected versions:
  All versions before version 1.37
  

  QID Detection Logic: Authenticated
  On Windows, this QID detects vulnerable versions by checking the file version.
  On Linux, this QID detects vulnerable versions by checking the Azure Arc-enabled version present in "/usr/share/dotnet/shared/Azure Arc-enabled/" and "/root/shared/Azure Arc-enabled" folders.
  

  Consequence

  An attacker who successfully exploited the vulnerability could add symlinks and cause an arbitrary file delete as SYSTEM.

  Solution

  Customers are advised to refer to CVE-2023-35624 for more information on these vulnerabilities and their patches.

  Patches:
  The following are links for downloading patches to fix these vulnerabilities:
  CVE 2023 35624

• Microsoft Azure Stack Hub Security Updates for December 2023

  Severity

  Serious 3

  Qualys ID

  92089

  Vendor Reference

  Azure Stack Hub

  CVE Reference

  CVE-2023-20588, CVE-2023-21740, CVE-2023-35622, CVE-2023-35628, CVE-2023-35630, CVE-2023-35632, CVE-2023-35636, CVE-2023-35638, CVE-2023-35639, CVE-2023-35641, CVE-2023-35642, CVE-2023-35643, CVE-2023-35644, CVE-2023-36003, CVE-2023-36004, CVE-2023-36005, CVE-2023-36006, CVE-2023-36009, CVE-2023-36011, CVE-2023-36012, CVE-2023-36696

  CVSS Scores

  Base 10 / Temporal 8.3

  Description

  Azure Stack Hub is an extension of Azure that provides a way to run apps in an on-premises environment and deliver Azure services in your datacenter.
  A complete Qualys vulnerability scan report for Microsoft Azure Stack Hub can be obtained at Azure Stack Vulnerability Scan Report.

  QID Detection Logic (Authenticated):
  This QID checks for the file version of ntoskrnl.exe, if this file version is less than 10.0.17763.11860, it is considered as vulnerable.

  Consequence

  Successful exploit could compromise Confidentiality, Integrity and Availability.

  Solution

  Customers are encouraged to connect with Microsoft for obtaining more information about patches and upcoming releases.

  Patches:
  The following are links for downloading patches to fix these vulnerabilities:
  Azure Stack Hub

• Microsoft Windows Server Multiple Security Vulnerabilities for December 2023

  Severity

  Critical 4

  Qualys ID

  92090

  Vendor Reference

  KB5033118, KB5033371, KB5033373, KB5033383, KB5033420, KB5033422, KB5033424, KB5033427, KB5033429, KB5033433

  CVE Reference

  CVE-2023-35622, CVE-2023-35638, CVE-2023-35643, CVE-2023-36012

  CVSS Scores

  Base 7.5 / Temporal 5.5

  Description

  Microsoft Windows Server Security Update - December 2023

  Patch version is 6.3.9600.21712 for KB5033420
  Patch version is 6.2.9200.24612 for KB5033429
  Patch version is 10.0.14393.6522 for KB5033373
  Patch version is 10.0.25398.584 for KB5033383
  Patch version is 10.0.20348.2141 for KB5033118
  Patch version is 6.1.7601.26863 for KB5033424
  Patch version is 10.0.17763.5202 for KB5033371
  Patch version is 6.1.7601.26863 for KB5033433
  Patch version is 6.0.6003.22412 for KB5033422
  Patch version is 6.0.6003.22412 for KB5033427

  QID Detection Logic (Authenticated):
  

  This QID checks for the file version of 'dns.exe'.

  Consequence

  Successful exploit could compromise Confidentiality, Integrity and Availability

  Solution

  Please refer to the following KB Articles associated with the update:
  KB5033420
  KB5033429
  KB5033373
  KB5033383
  KB5033118
  KB5033424
  KB5033371
  KB5033433
  KB5033422
  KB5033427
  

  Patches:
  The following are links for downloading patches to fix these vulnerabilities:
  KB5033118
  KB5033371
  KB5033373
  KB5033383
  KB5033420
  KB5033422
  KB5033424
  KB5033427
  KB5033429
  KB5033433

Access for Qualys Customers

Platforms and Platform Identification

Technical Support

For more information, customers may contact Qualys Technical Support.

About Qualys

The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.