Lucene search
This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS15-028.NASLHistoryMar 10, 2015 - 12:00 a.m.
MS15-028: Vulnerability in Windows Task Scheduler Could Allow Security Feature Bypass (3030377)
2015-03-1000:00:00
This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
43
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
0.0004 Low
EPSS
Percentile
10.1%
The remote Windows host is affected by a security bypass vulnerability due to Windows Task Scheduler not properly validating and enforcing impersonation levels. Attackers can exploit this flaw to elevate privileges in order to execute files they have no permission to run.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(81742);
script_version("1.9");
script_cvs_date("Date: 2019/11/22");
script_cve_id("CVE-2015-0084");
script_bugtraq_id(72913);
script_xref(name:"MSFT", value:"MS15-028");
script_xref(name:"MSKB", value:"3030377");
script_xref(name:"IAVB", value:"2015-B-0037");
script_name(english:"MS15-028: Vulnerability in Windows Task Scheduler Could Allow Security Feature Bypass (3030377)");
script_summary(english:"Checks the version of ubpm.dll.");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by a security bypass
vulnerability.");
script_set_attribute(attribute:"description", value:
"The remote Windows host is affected by a security bypass vulnerability
due to Windows Task Scheduler not properly validating and enforcing
impersonation levels. Attackers can exploit this flaw to elevate
privileges in order to execute files they have no permission to run.");
script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-028");
script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows 7, 2008 R2, 8,
2012, 8.1, and 2012 R2.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-0084");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/03/10");
script_set_attribute(attribute:"patch_publication_date", value:"2015/03/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, "Host/patch_management_checks");
exit(0);
}
include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
bulletin = 'MS15-028';
kb = '3030377';
kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_NOTE);
get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
if (hotfix_check_sp_range(win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
systemroot = hotfix_get_systemroot();
if (!systemroot) audit(AUDIT_PATH_NOT_DETERMINED, 'system root');
if (
# Windows 8.1 / Windows Server 2012 R2
hotfix_is_vulnerable(os:"6.3", sp:0, file:"ubpm.dll", version:"6.3.9600.17671", min_version:"6.3.9600.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# Windows 8 / Windows Server 2012
hotfix_is_vulnerable(os:"6.2", sp:0, file:"ubpm.dll", version:"6.2.9200.21364", min_version:"6.2.9200.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.2", sp:0, file:"ubpm.dll", version:"6.2.9200.17247", min_version:"6.2.9200.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# Windows 7 SP1 / Server 2008 R2
hotfix_is_vulnerable(os:"6.1", sp:1, file:"ubpm.dll", version:"6.1.7601.22948", min_version:"6.1.7601.21000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.1", sp:1, file:"ubpm.dll", version:"6.1.7601.18741", min_version:"6.1.7600.16000", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
hotfix_security_note();
hotfix_check_fversion_end();
exit(0);
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, 'affected');
}
Related
openvas
openvas
cvelist
cvelist
CVE-2015-0084
2015-03-11 10:00:00
cve
cve
CVE-2015-0084
2015-03-11 10:59:11
nvd
nvd
CVE-2015-0084
2015-03-11 10:59:11
prion
prion
Security feature bypass
2015-03-11 10:59:00
symantec
symantec
Microsoft Windows Task Scheduler CVE-2015-0084 Security Bypass Vulnerability
2015-03-10 00:00:00
kaspersky
kaspersky
KLA10589 Multiple vulnerabilities in Microsoft products
2015-03-04 00:00:00
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2015-04-16 00:00:00
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
0.0004 Low
EPSS
Percentile
10.1%
Related for SMB_NT_MS15-028.NASL