Lucene search
This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS16-071.NASLHistoryJun 14, 2016 - 12:00 a.m.
MS16-071: Security Update for Microsoft Windows DNS Server (3164065)
2016-06-1400:00:00
This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
32
The remote Windows host is affected by a remote code execution vulnerability in the Windows Domain Name System (DNS) server due to improper handling of DNS requests. An unauthenticated, remote attacker can exploit this, via specially crafted DNS requests, to execute arbitrary code in the context of the Local System Account.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(91599);
script_version("1.9");
script_cvs_date("Date: 2019/11/19");
script_cve_id("CVE-2016-3227");
script_bugtraq_id(91117);
script_xref(name:"MSFT", value:"MS16-071");
script_xref(name:"MSKB", value:"3161951");
script_xref(name:"MSKB", value:"3164065");
script_xref(name:"IAVA", value:"2016-A-0153");
script_name(english:"MS16-071: Security Update for Microsoft Windows DNS Server (3164065)");
script_summary(english:"Checks the version of dns.exe.");
script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a remote code execution vulnerability.");
script_set_attribute(attribute:"description", value:
"The remote Windows host is affected by a remote code execution
vulnerability in the Windows Domain Name System (DNS) server due to
improper handling of DNS requests. An unauthenticated, remote attacker
can exploit this, via specially crafted DNS requests, to execute
arbitrary code in the context of the Local System Account.");
script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-071");
script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows 2012 and 2012 R2.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-3227");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/14");
script_set_attribute(attribute:"patch_publication_date", value:"2016/06/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, "Host/patch_management_checks");
exit(0);
}
include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
bulletin = 'MS16-071';
kb = '3161951';
kbs = make_list(kb, '3164065');
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
if (hotfix_check_sp_range(win8:'0', win81:'0') <= 0)
audit(AUDIT_OS_SP_NOT_VULN);
# Windows 8/8.1 is not affected
productname = get_kb_item_or_exit("SMB/ProductName", exit_code:1);
if ("Windows 8" >< productname)
exit(0, "The host is running "+productname+" and hence is not affected.");
share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
if (
# Windows Server 2012 R2
hotfix_is_vulnerable(os:"6.3", sp:0, file:"dns.exe", version:"6.3.9600.18340", min_version:"6.3.9600.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# Windows Server 2012
hotfix_is_vulnerable(os:"6.2", sp:0, file:"dns.exe", version:"6.2.9200.21872", min_version:"6.2.9200.16000", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
hotfix_security_hole();
hotfix_check_fversion_end();
exit(0);
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, 'affected');
}
Related
mskb
mskb
MS16-071: Security update for Microsoft Windows DNS Server: June 14, 2016
2016-06-14 00:00:00
MS16-071: Description of the security update for DNS Server: June 14, 2016
2016-06-14 07:00:00
symantec
symantec
openvas
openvas
Microsoft Windows DNS Server Remote Code Execution Vulnerability (3164065)
2016-06-15 00:00:00
cve
cve
CVE-2016-3227
2016-06-16 01:59:00
prion
prion
Double free
2016-06-16 01:59:00
mscve
mscve
Windows DNS Server Use After Free Vulnerability
2016-06-14 07:00:00
thn
thn
Microsoft releases tons of Security Updates to patch 44 vulnerabilities
2016-06-14 19:35:00
kaspersky
kaspersky
KLA10825 Multiple vulnerabilities in Microsoft Windows
2016-06-14 00:00:00
Related for SMB_NT_MS16-071.NASL