{"id": "SMB_NT_MS16-140.NASL", "bulletinFamily": "scanner", "title": "MS16-140: Security Update for Boot Manager (3193479)", "description": "The remote Windows host is missing a security update. It is, therefore, affected a security bypass vulnerability in Windows Secure Boot due to the use of an insecure boot policy in firmware. A local attacker can exploit this issue to disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device.", "published": "2016-11-08T00:00:00", "modified": "2018-11-15T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=94641", "reporter": "Tenable", "references": ["https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-140"], "cvelist": ["CVE-2016-7247"], "type": "nessus", "lastseen": "2019-02-21T01:28:22", "history": [{"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2016-7247"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "The remote Windows host is missing a security update. It is, therefore, affected a security bypass vulnerability in Windows Secure Boot due to the use of an insecure boot policy in firmware. A local attacker can exploit this issue to disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device.", "edition": 4, "hash": "9eb567ea1fb5a04296a5c45959f074dd77b8d43ec66905f58d84452015006b25", "hashmap": [{"hash": "87e6e6c3d2e85085f00787901efee4f2", "key": "published"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "e9ed7626997df514f9d497bbf799fce5", "key": "cvss"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d4f0ea82dab2b86570f1e5df011836d8", "key": "pluginID"}, {"hash": "70ecd680cfa696089e95cec0defc0112", "key": "title"}, {"hash": "c9898bc973bfffca5119f1a3bfa73a8d", "key": "naslFamily"}, {"hash": "157996cf66d75d99e463be07c6b7e5a8", "key": "description"}, {"hash": "d1479ed20b7ecdedbb303ec1d51c579a", "key": "sourceData"}, {"hash": "3044cdbad1ed41bd94a84f79f899b09e", "key": "modified"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "feab9226bc20cd5966b22d3643d98980", "key": "references"}, {"hash": "93739bc7258bdb005be0d4b3b4e7a165", "key": "href"}, {"hash": "99f3b4bbff8e972ef6b8737c70caf255", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=94641", "id": "SMB_NT_MS16-140.NASL", "lastseen": "2016-11-15T13:26:31", "modified": "2016-11-14T00:00:00", "naslFamily": "Windows : Microsoft Bulletins", "objectVersion": "1.2", "pluginID": "94641", "published": "2016-11-08T00:00:00", "references": ["https://technet.microsoft.com/en-us/library/security/MS16-140"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94641);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2016/11/14 14:40:46 $\");\n\n script_cve_id(\"CVE-2016-7247\");\n script_bugtraq_id(94058);\n script_osvdb_id(146919);\n script_xref(name:\"MSFT\", value:\"MS16-140\");\n script_xref(name:\"IAVB\", value:\"2016-B-0162\");\n\n script_name(english:\"MS16-140: Security Update for Boot Manager (3193479)\");\n script_summary(english:\"Checks for the November 2016 Rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by a security bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing a security update. It is,\ntherefore, affected a security bypass vulnerability in Windows Secure\nBoot due to the use of an insecure boot policy in firmware. A local\nattacker can exploit this issue to disable code integrity checks,\nallowing test-signed executables and drivers to be loaded onto a\ntarget device.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://technet.microsoft.com/en-us/library/security/MS16-140\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1,\n2012 R2, 10, and 2016.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS16-140';\nkbs = make_list(\n '3197873', # 8.1 / 2012 R2\n '3197874', # 8.1 / 2012 R2\n '3197876', # 2012\n '3197877', # 2012\n '3198585', # 10\n '3198586', # 10 Version 1511\n '3200970' # 10 Version 1607\n);\n\nif (get_kb_item(\"Host/patch_management_checks\"))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows Server 2012\n smb_check_rollup(os:\"6.2\", sp:0, rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3197876, 3197877)) ||\n # Windows 8.1 / Windows Server 2012 R2\n smb_check_rollup(os:\"6.3\", sp:0, rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3197873, 3197874)) ||\n # Windows 10\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10240\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3198585)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10586\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3198586)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"14393\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3200970))\n)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "title": "MS16-140: Security Update for Boot Manager (3193479)", "type": "nessus", "viewCount": 5}, "differentElements": ["modified", "sourceData"], "edition": 4, "lastseen": "2016-11-15T13:26:31"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2016-7247"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "The remote Windows host is missing a security update. It is, therefore, affected a security bypass vulnerability in Windows Secure Boot due to the use of an insecure boot policy in firmware. A local attacker can exploit this issue to disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device.", "edition": 6, "enchantments": {}, "hash": "0801061f8af51f5968eb2b2989552dab34a8a0a9b82be024bb236a38fe6ee1ed", "hashmap": [{"hash": "87e6e6c3d2e85085f00787901efee4f2", "key": "published"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d4f0ea82dab2b86570f1e5df011836d8", "key": "pluginID"}, {"hash": "70ecd680cfa696089e95cec0defc0112", "key": "title"}, {"hash": "26769fd423968d45be7383413e2552f1", "key": "cvss"}, {"hash": "c9898bc973bfffca5119f1a3bfa73a8d", "key": "naslFamily"}, {"hash": "818238f5a88c3278e462152e49f23dee", "key": "modified"}, {"hash": "33e2431ab68c60d471e617b2c660d0d2", "key": "sourceData"}, {"hash": "157996cf66d75d99e463be07c6b7e5a8", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "feab9226bc20cd5966b22d3643d98980", "key": "references"}, {"hash": "93739bc7258bdb005be0d4b3b4e7a165", "key": "href"}, {"hash": "99f3b4bbff8e972ef6b8737c70caf255", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=94641", "id": "SMB_NT_MS16-140.NASL", "lastseen": "2017-05-25T17:51:41", "modified": "2017-05-24T00:00:00", "naslFamily": "Windows : Microsoft Bulletins", "objectVersion": "1.2", "pluginID": "94641", "published": "2016-11-08T00:00:00", "references": ["https://technet.microsoft.com/en-us/library/security/MS16-140"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94641);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2017/05/24 14:05:10 $\");\n\n script_cve_id(\"CVE-2016-7247\");\n script_bugtraq_id(94058);\n script_osvdb_id(146919);\n script_xref(name:\"MSFT\", value:\"MS16-140\");\n script_xref(name:\"IAVB\", value:\"2016-B-0162\");\n\n script_name(english:\"MS16-140: Security Update for Boot Manager (3193479)\");\n script_summary(english:\"Checks for the November 2016 Rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by a security bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing a security update. It is,\ntherefore, affected a security bypass vulnerability in Windows Secure\nBoot due to the use of an insecure boot policy in firmware. A local\nattacker can exploit this issue to disable code integrity checks,\nallowing test-signed executables and drivers to be loaded onto a\ntarget device.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://technet.microsoft.com/en-us/library/security/MS16-140\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1,\n2012 R2, 10, and 2016.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS16-140';\nkbs = make_list(\n '3197873', # 8.1 / 2012 R2\n '3197874', # 8.1 / 2012 R2\n '3197876', # 2012\n '3197877', # 2012\n '3198585', # 10\n '3198586', # 10 Version 1511\n '3200970' # 10 Version 1607\n);\n\nif (get_kb_item(\"Host/patch_management_checks\"))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows Server 2012\n smb_check_rollup(os:\"6.2\", sp:0, rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3197876, 3197877)) ||\n # Windows 8.1 / Windows Server 2012 R2\n smb_check_rollup(os:\"6.3\", sp:0, rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3197873, 3197874)) ||\n # Windows 10\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10240\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3198585)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10586\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3198586)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"14393\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3200970))\n)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "title": "MS16-140: Security Update for Boot Manager (3193479)", "type": "nessus", "viewCount": 11}, "differentElements": ["sourceData"], "edition": 6, "lastseen": "2017-05-25T17:51:41"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2016-7247"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote Windows host is missing a security update. It is, therefore, affected a security bypass vulnerability in Windows Secure Boot due to the use of an insecure boot policy in firmware. A local attacker can exploit this issue to disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device.", "edition": 3, "hash": "e52bcfd224f50d2f527e05ad545da4aca4a097793694387678c86c55072d059b", "hashmap": [{"hash": "87e6e6c3d2e85085f00787901efee4f2", "key": "published"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d4f0ea82dab2b86570f1e5df011836d8", "key": "pluginID"}, {"hash": "70ecd680cfa696089e95cec0defc0112", "key": "title"}, {"hash": "c9898bc973bfffca5119f1a3bfa73a8d", "key": "naslFamily"}, {"hash": "157996cf66d75d99e463be07c6b7e5a8", "key": "description"}, {"hash": "d1479ed20b7ecdedbb303ec1d51c579a", "key": "sourceData"}, {"hash": "3044cdbad1ed41bd94a84f79f899b09e", "key": "modified"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "feab9226bc20cd5966b22d3643d98980", "key": "references"}, {"hash": "93739bc7258bdb005be0d4b3b4e7a165", "key": "href"}, {"hash": "d4be9c4fc84262b4f39f89565918568f", "key": "cvss"}, {"hash": "99f3b4bbff8e972ef6b8737c70caf255", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=94641", "id": "SMB_NT_MS16-140.NASL", "lastseen": "2016-11-14T21:26:11", "modified": "2016-11-14T00:00:00", "naslFamily": "Windows : Microsoft Bulletins", "objectVersion": "1.2", "pluginID": "94641", "published": "2016-11-08T00:00:00", "references": ["https://technet.microsoft.com/en-us/library/security/MS16-140"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94641);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2016/11/14 14:40:46 $\");\n\n script_cve_id(\"CVE-2016-7247\");\n script_bugtraq_id(94058);\n script_osvdb_id(146919);\n script_xref(name:\"MSFT\", value:\"MS16-140\");\n script_xref(name:\"IAVB\", value:\"2016-B-0162\");\n\n script_name(english:\"MS16-140: Security Update for Boot Manager (3193479)\");\n script_summary(english:\"Checks for the November 2016 Rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by a security bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing a security update. It is,\ntherefore, affected a security bypass vulnerability in Windows Secure\nBoot due to the use of an insecure boot policy in firmware. A local\nattacker can exploit this issue to disable code integrity checks,\nallowing test-signed executables and drivers to be loaded onto a\ntarget device.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://technet.microsoft.com/en-us/library/security/MS16-140\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1,\n2012 R2, 10, and 2016.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS16-140';\nkbs = make_list(\n '3197873', # 8.1 / 2012 R2\n '3197874', # 8.1 / 2012 R2\n '3197876', # 2012\n '3197877', # 2012\n '3198585', # 10\n '3198586', # 10 Version 1511\n '3200970' # 10 Version 1607\n);\n\nif (get_kb_item(\"Host/patch_management_checks\"))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows Server 2012\n smb_check_rollup(os:\"6.2\", sp:0, rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3197876, 3197877)) ||\n # Windows 8.1 / Windows Server 2012 R2\n smb_check_rollup(os:\"6.3\", sp:0, rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3197873, 3197874)) ||\n # Windows 10\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10240\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3198585)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10586\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3198586)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"14393\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3200970))\n)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "title": "MS16-140: Security Update for Boot Manager (3193479)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2016-11-14T21:26:11"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:microsoft:windows"], "cvelist": ["CVE-2016-7247"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "The remote Windows host is missing a security update. It is,\ntherefore, affected a security bypass vulnerability in Windows Secure\nBoot due to the use of an insecure boot policy in firmware. A local\nattacker can exploit this issue to disable code integrity checks,\nallowing test-signed executables and drivers to be loaded onto a\ntarget device.", "edition": 15, "enchantments": {"dependencies": {"modified": "2019-01-16T20:25:20", "references": [{"idList": ["KLA10897"], "type": "kaspersky"}, {"idList": ["CVE-2016-7247"], "type": "cve"}, {"idList": ["OPENVAS:1361412562310809802"], "type": "openvas"}, {"idList": ["SMNTC-94058"], "type": "symantec"}]}, "score": {"value": 2.1, "vector": "NONE"}}, "hash": "9107060745a6d89f76c8fbdfa3d46010a0365a4e78fe10a5120bcfc650969969", "hashmap": [{"hash": "74afcdafa6f20100ead119e1c145541b", "key": "description"}, {"hash": "87e6e6c3d2e85085f00787901efee4f2", "key": "published"}, {"hash": "c07471a0a75d43237ebc7f7b38d9dc72", "key": "sourceData"}, {"hash": "a2ca3dc3f34cad25fbf32715dadfdc6b", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d4f0ea82dab2b86570f1e5df011836d8", "key": "pluginID"}, {"hash": "70ecd680cfa696089e95cec0defc0112", "key": "title"}, {"hash": "015cb78ce50d3bd4e2fbe18f25603329", "key": "modified"}, {"hash": "26769fd423968d45be7383413e2552f1", "key": "cvss"}, {"hash": "c9898bc973bfffca5119f1a3bfa73a8d", "key": "naslFamily"}, {"hash": "f119fcbd597f778cfd79bca12af8db90", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "93739bc7258bdb005be0d4b3b4e7a165", "key": "href"}, {"hash": "99f3b4bbff8e972ef6b8737c70caf255", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=94641", "id": "SMB_NT_MS16-140.NASL", "lastseen": "2019-01-16T20:25:20", "modified": "2018-11-15T00:00:00", "naslFamily": "Windows : Microsoft Bulletins", "objectVersion": "1.3", "pluginID": "94641", "published": "2016-11-08T00:00:00", "references": ["https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-140"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94641);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/15 20:50:32\");\n\n script_cve_id(\"CVE-2016-7247\");\n script_bugtraq_id(94058);\n script_xref(name:\"MSFT\", value:\"MS16-140\");\n script_xref(name:\"MSKB\", value:\"3197873\");\n script_xref(name:\"MSKB\", value:\"3197874\");\n script_xref(name:\"MSKB\", value:\"3197876\");\n script_xref(name:\"MSKB\", value:\"3197877\");\n script_xref(name:\"MSKB\", value:\"3198585\");\n script_xref(name:\"MSKB\", value:\"3198586\");\n script_xref(name:\"MSKB\", value:\"3200970\");\n script_xref(name:\"IAVB\", value:\"2016-B-0162\");\n\n script_name(english:\"MS16-140: Security Update for Boot Manager (3193479)\");\n script_summary(english:\"Checks for the November 2016 Rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by a security bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing a security update. It is,\ntherefore, affected a security bypass vulnerability in Windows Secure\nBoot due to the use of an insecure boot policy in firmware. A local\nattacker can exploit this issue to disable code integrity checks,\nallowing test-signed executables and drivers to be loaded onto a\ntarget device.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-140\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1,\n2012 R2, 10, and 2016.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS16-140';\nkbs = make_list(\n '3197873', # 8.1 / 2012 R2\n '3197874', # 8.1 / 2012 R2\n '3197876', # 2012\n '3197877', # 2012\n '3198585', # 10\n '3198586', # 10 Version 1511\n '3200970' # 10 Version 1607\n);\n\nif (get_kb_item(\"Host/patch_management_checks\"))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows Server 2012\n smb_check_rollup(os:\"6.2\", sp:0, rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3197876, 3197877)) ||\n # Windows 8.1 / Windows Server 2012 R2\n smb_check_rollup(os:\"6.3\", sp:0, rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3197873, 3197874)) ||\n # Windows 10\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10240\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3198585)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10586\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3198586)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"14393\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3200970))\n)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "title": "MS16-140: Security Update for Boot Manager (3193479)", "type": "nessus", "viewCount": 17}, "differentElements": ["description"], "edition": 15, "lastseen": "2019-01-16T20:25:20"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:microsoft:windows"], "cvelist": ["CVE-2016-7247"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "The remote Windows host is missing a security update. It is, therefore, affected a security bypass vulnerability in Windows Secure Boot due to the use of an insecure boot policy in firmware. A local attacker can exploit this issue to disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device.", "edition": 14, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "ca1d55031ed0dcb0b6826d0b136f7a320e934e0b892648ead04b716b3510efc2", "hashmap": [{"hash": "87e6e6c3d2e85085f00787901efee4f2", "key": "published"}, {"hash": "c07471a0a75d43237ebc7f7b38d9dc72", "key": "sourceData"}, {"hash": "a2ca3dc3f34cad25fbf32715dadfdc6b", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d4f0ea82dab2b86570f1e5df011836d8", "key": "pluginID"}, {"hash": "70ecd680cfa696089e95cec0defc0112", "key": "title"}, {"hash": "015cb78ce50d3bd4e2fbe18f25603329", "key": "modified"}, {"hash": "26769fd423968d45be7383413e2552f1", "key": "cvss"}, {"hash": "c9898bc973bfffca5119f1a3bfa73a8d", "key": "naslFamily"}, {"hash": "f119fcbd597f778cfd79bca12af8db90", "key": "cpe"}, {"hash": "157996cf66d75d99e463be07c6b7e5a8", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "93739bc7258bdb005be0d4b3b4e7a165", "key": "href"}, {"hash": "99f3b4bbff8e972ef6b8737c70caf255", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=94641", "id": "SMB_NT_MS16-140.NASL", "lastseen": "2018-11-17T03:04:32", "modified": "2018-11-15T00:00:00", "naslFamily": "Windows : Microsoft Bulletins", "objectVersion": "1.3", "pluginID": "94641", "published": "2016-11-08T00:00:00", "references": ["https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-140"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94641);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/15 20:50:32\");\n\n script_cve_id(\"CVE-2016-7247\");\n script_bugtraq_id(94058);\n script_xref(name:\"MSFT\", value:\"MS16-140\");\n script_xref(name:\"MSKB\", value:\"3197873\");\n script_xref(name:\"MSKB\", value:\"3197874\");\n script_xref(name:\"MSKB\", value:\"3197876\");\n script_xref(name:\"MSKB\", value:\"3197877\");\n script_xref(name:\"MSKB\", value:\"3198585\");\n script_xref(name:\"MSKB\", value:\"3198586\");\n script_xref(name:\"MSKB\", value:\"3200970\");\n script_xref(name:\"IAVB\", value:\"2016-B-0162\");\n\n script_name(english:\"MS16-140: Security Update for Boot Manager (3193479)\");\n script_summary(english:\"Checks for the November 2016 Rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by a security bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing a security update. It is,\ntherefore, affected a security bypass vulnerability in Windows Secure\nBoot due to the use of an insecure boot policy in firmware. A local\nattacker can exploit this issue to disable code integrity checks,\nallowing test-signed executables and drivers to be loaded onto a\ntarget device.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-140\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1,\n2012 R2, 10, and 2016.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS16-140';\nkbs = make_list(\n '3197873', # 8.1 / 2012 R2\n '3197874', # 8.1 / 2012 R2\n '3197876', # 2012\n '3197877', # 2012\n '3198585', # 10\n '3198586', # 10 Version 1511\n '3200970' # 10 Version 1607\n);\n\nif (get_kb_item(\"Host/patch_management_checks\"))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows Server 2012\n smb_check_rollup(os:\"6.2\", sp:0, rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3197876, 3197877)) ||\n # Windows 8.1 / Windows Server 2012 R2\n smb_check_rollup(os:\"6.3\", sp:0, rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3197873, 3197874)) ||\n # Windows 10\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10240\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3198585)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10586\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3198586)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"14393\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3200970))\n)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "title": "MS16-140: Security Update for Boot Manager (3193479)", "type": "nessus", "viewCount": 17}, "differentElements": ["description"], "edition": 14, "lastseen": "2018-11-17T03:04:32"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2016-7247"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "The remote Windows host is missing a security update. It is, therefore, affected a security bypass vulnerability in Windows Secure Boot due to the use of an insecure boot policy in firmware. A local attacker can exploit this issue to disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device.", "edition": 7, "enchantments": {}, "hash": "48733702d253817ba46d2b9034193c2b85c9cbe3e02ce3bee7126c43fda48aec", "hashmap": [{"hash": "87e6e6c3d2e85085f00787901efee4f2", "key": "published"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d4f0ea82dab2b86570f1e5df011836d8", "key": "pluginID"}, {"hash": "70ecd680cfa696089e95cec0defc0112", "key": "title"}, {"hash": "26769fd423968d45be7383413e2552f1", "key": "cvss"}, {"hash": "c9898bc973bfffca5119f1a3bfa73a8d", "key": "naslFamily"}, {"hash": "818238f5a88c3278e462152e49f23dee", "key": "modified"}, {"hash": "157996cf66d75d99e463be07c6b7e5a8", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "feab9226bc20cd5966b22d3643d98980", "key": "references"}, {"hash": "24e7b35032eba3823402f430ab03ffa5", "key": "sourceData"}, {"hash": "93739bc7258bdb005be0d4b3b4e7a165", "key": "href"}, {"hash": "99f3b4bbff8e972ef6b8737c70caf255", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=94641", "id": "SMB_NT_MS16-140.NASL", "lastseen": "2017-07-13T03:47:36", "modified": "2017-05-24T00:00:00", "naslFamily": "Windows : Microsoft Bulletins", "objectVersion": "1.3", "pluginID": "94641", "published": "2016-11-08T00:00:00", "references": ["https://technet.microsoft.com/en-us/library/security/MS16-140"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94641);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2017/07/12 20:40:24 $\");\n\n script_cve_id(\"CVE-2016-7247\");\n script_bugtraq_id(94058);\n script_osvdb_id(146919);\n script_xref(name:\"MSFT\", value:\"MS16-140\");\n script_xref(name:\"MSKB\", value:\"3197873\");\n script_xref(name:\"MSKB\", value:\"3197874\");\n script_xref(name:\"MSKB\", value:\"3197876\");\n script_xref(name:\"MSKB\", value:\"3197877\");\n script_xref(name:\"MSKB\", value:\"3198585\");\n script_xref(name:\"MSKB\", value:\"3198586\");\n script_xref(name:\"MSKB\", value:\"3200970\");\n script_xref(name:\"IAVB\", value:\"2016-B-0162\");\n\n script_name(english:\"MS16-140: Security Update for Boot Manager (3193479)\");\n script_summary(english:\"Checks for the November 2016 Rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by a security bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing a security update. It is,\ntherefore, affected a security bypass vulnerability in Windows Secure\nBoot due to the use of an insecure boot policy in firmware. A local\nattacker can exploit this issue to disable code integrity checks,\nallowing test-signed executables and drivers to be loaded onto a\ntarget device.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://technet.microsoft.com/en-us/library/security/MS16-140\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1,\n2012 R2, 10, and 2016.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS16-140';\nkbs = make_list(\n '3197873', # 8.1 / 2012 R2\n '3197874', # 8.1 / 2012 R2\n '3197876', # 2012\n '3197877', # 2012\n '3198585', # 10\n '3198586', # 10 Version 1511\n '3200970' # 10 Version 1607\n);\n\nif (get_kb_item(\"Host/patch_management_checks\"))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows Server 2012\n smb_check_rollup(os:\"6.2\", sp:0, rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3197876, 3197877)) ||\n # Windows 8.1 / Windows Server 2012 R2\n smb_check_rollup(os:\"6.3\", sp:0, rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3197873, 3197874)) ||\n # Windows 10\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10240\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3198585)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10586\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3198586)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"14393\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3200970))\n)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "title": "MS16-140: Security Update for Boot Manager (3193479)", "type": "nessus", "viewCount": 11}, "differentElements": ["modified"], "edition": 7, "lastseen": "2017-07-13T03:47:36"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:microsoft:windows"], "cvelist": ["CVE-2016-7247"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote Windows host is missing a security update. It is, therefore, affected a security bypass vulnerability in Windows Secure Boot due to the use of an insecure boot policy in firmware. A local attacker can exploit this issue to disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device.", "edition": 12, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "cd085f25cd21d72b881b0c8d01358a529e8374fc5fea5bc4eaf34c8b71254b02", "hashmap": [{"hash": "87e6e6c3d2e85085f00787901efee4f2", "key": "published"}, {"hash": "7be9ff1046110869419ab5080a73c9f4", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d4f0ea82dab2b86570f1e5df011836d8", "key": "pluginID"}, {"hash": "70ecd680cfa696089e95cec0defc0112", "key": "title"}, {"hash": "c9898bc973bfffca5119f1a3bfa73a8d", "key": "naslFamily"}, {"hash": "f119fcbd597f778cfd79bca12af8db90", "key": "cpe"}, {"hash": "157996cf66d75d99e463be07c6b7e5a8", "key": "description"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "feab9226bc20cd5966b22d3643d98980", "key": "references"}, {"hash": "93739bc7258bdb005be0d4b3b4e7a165", "key": "href"}, {"hash": "21fc9686c146fcf6b16f09134dff3269", "key": "modified"}, {"hash": "99f3b4bbff8e972ef6b8737c70caf255", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=94641", "id": "SMB_NT_MS16-140.NASL", "lastseen": "2018-08-30T19:46:13", "modified": "2018-08-03T00:00:00", "naslFamily": "Windows : Microsoft Bulletins", "objectVersion": "1.3", "pluginID": "94641", "published": "2016-11-08T00:00:00", "references": ["https://technet.microsoft.com/en-us/library/security/MS16-140"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94641);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/08/03 11:35:09\");\n\n script_cve_id(\"CVE-2016-7247\");\n script_bugtraq_id(94058);\n script_xref(name:\"MSFT\", value:\"MS16-140\");\n script_xref(name:\"MSKB\", value:\"3197873\");\n script_xref(name:\"MSKB\", value:\"3197874\");\n script_xref(name:\"MSKB\", value:\"3197876\");\n script_xref(name:\"MSKB\", value:\"3197877\");\n script_xref(name:\"MSKB\", value:\"3198585\");\n script_xref(name:\"MSKB\", value:\"3198586\");\n script_xref(name:\"MSKB\", value:\"3200970\");\n script_xref(name:\"IAVB\", value:\"2016-B-0162\");\n\n script_name(english:\"MS16-140: Security Update for Boot Manager (3193479)\");\n script_summary(english:\"Checks for the November 2016 Rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by a security bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing a security update. It is,\ntherefore, affected a security bypass vulnerability in Windows Secure\nBoot due to the use of an insecure boot policy in firmware. A local\nattacker can exploit this issue to disable code integrity checks,\nallowing test-signed executables and drivers to be loaded onto a\ntarget device.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://technet.microsoft.com/en-us/library/security/MS16-140\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1,\n2012 R2, 10, and 2016.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS16-140';\nkbs = make_list(\n '3197873', # 8.1 / 2012 R2\n '3197874', # 8.1 / 2012 R2\n '3197876', # 2012\n '3197877', # 2012\n '3198585', # 10\n '3198586', # 10 Version 1511\n '3200970' # 10 Version 1607\n);\n\nif (get_kb_item(\"Host/patch_management_checks\"))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows Server 2012\n smb_check_rollup(os:\"6.2\", sp:0, rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3197876, 3197877)) ||\n # Windows 8.1 / Windows Server 2012 R2\n smb_check_rollup(os:\"6.3\", sp:0, rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3197873, 3197874)) ||\n # Windows 10\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10240\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3198585)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10586\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3198586)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"14393\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3200970))\n)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "title": "MS16-140: Security Update for Boot Manager (3193479)", "type": "nessus", "viewCount": 15}, "differentElements": ["cvss"], "edition": 12, "lastseen": "2018-08-30T19:46:13"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:microsoft:windows"], "cvelist": ["CVE-2016-7247"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "The remote Windows host is missing a security update. It is, therefore, affected a security bypass vulnerability in Windows Secure Boot due to the use of an insecure boot policy in firmware. A local attacker can exploit this issue to disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device.", "edition": 10, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "b03b7c8792362339060850055181b8d5aa26571c231934ed95245925ee57589a", "hashmap": [{"hash": "87e6e6c3d2e85085f00787901efee4f2", "key": "published"}, {"hash": "3b33040e1ee70c0673ab567f99a67d3f", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d4f0ea82dab2b86570f1e5df011836d8", "key": "pluginID"}, {"hash": "70ecd680cfa696089e95cec0defc0112", "key": "title"}, {"hash": "26769fd423968d45be7383413e2552f1", "key": "cvss"}, {"hash": "c9898bc973bfffca5119f1a3bfa73a8d", "key": "naslFamily"}, {"hash": "f119fcbd597f778cfd79bca12af8db90", "key": "cpe"}, {"hash": "157996cf66d75d99e463be07c6b7e5a8", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "feab9226bc20cd5966b22d3643d98980", "key": "references"}, {"hash": "2ba8c5dd300ac446949790b841c65209", "key": "sourceData"}, {"hash": "93739bc7258bdb005be0d4b3b4e7a165", "key": "href"}, {"hash": "99f3b4bbff8e972ef6b8737c70caf255", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=94641", "id": "SMB_NT_MS16-140.NASL", "lastseen": "2018-07-31T10:03:39", "modified": "2018-07-30T00:00:00", "naslFamily": "Windows : Microsoft Bulletins", "objectVersion": "1.3", "pluginID": "94641", "published": "2016-11-08T00:00:00", "references": ["https://technet.microsoft.com/en-us/library/security/MS16-140"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94641);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/30 15:31:34\");\n\n script_cve_id(\"CVE-2016-7247\");\n script_bugtraq_id(94058);\n script_xref(name:\"MSFT\", value:\"MS16-140\");\n script_xref(name:\"MSKB\", value:\"3197873\");\n script_xref(name:\"MSKB\", value:\"3197874\");\n script_xref(name:\"MSKB\", value:\"3197876\");\n script_xref(name:\"MSKB\", value:\"3197877\");\n script_xref(name:\"MSKB\", value:\"3198585\");\n script_xref(name:\"MSKB\", value:\"3198586\");\n script_xref(name:\"MSKB\", value:\"3200970\");\n script_xref(name:\"IAVB\", value:\"2016-B-0162\");\n\n script_name(english:\"MS16-140: Security Update for Boot Manager (3193479)\");\n script_summary(english:\"Checks for the November 2016 Rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by a security bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing a security update. It is,\ntherefore, affected a security bypass vulnerability in Windows Secure\nBoot due to the use of an insecure boot policy in firmware. A local\nattacker can exploit this issue to disable code integrity checks,\nallowing test-signed executables and drivers to be loaded onto a\ntarget device.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://technet.microsoft.com/en-us/library/security/MS16-140\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1,\n2012 R2, 10, and 2016.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS16-140';\nkbs = make_list(\n '3197873', # 8.1 / 2012 R2\n '3197874', # 8.1 / 2012 R2\n '3197876', # 2012\n '3197877', # 2012\n '3198585', # 10\n '3198586', # 10 Version 1511\n '3200970' # 10 Version 1607\n);\n\nif (get_kb_item(\"Host/patch_management_checks\"))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows Server 2012\n smb_check_rollup(os:\"6.2\", sp:0, rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3197876, 3197877)) ||\n # Windows 8.1 / Windows Server 2012 R2\n smb_check_rollup(os:\"6.3\", sp:0, rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3197873, 3197874)) ||\n # Windows 10\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10240\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3198585)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10586\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3198586)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"14393\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3200970))\n)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "title": "MS16-140: Security Update for Boot Manager (3193479)", "type": "nessus", "viewCount": 15}, "differentElements": ["modified", "sourceData"], "edition": 10, "lastseen": "2018-07-31T10:03:39"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2016-7247"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "The remote Windows host is missing a security update. It is, therefore, affected a security bypass vulnerability in Windows Secure Boot due to the use of an insecure boot policy in firmware. A local attacker can exploit this issue to disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device.", "edition": 5, "hash": "abe01a7f94e26e9838eddc76707a6e53c1dc744a694270179d5dfe789d6648cf", "hashmap": [{"hash": "87e6e6c3d2e85085f00787901efee4f2", "key": "published"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d4f0ea82dab2b86570f1e5df011836d8", "key": "pluginID"}, {"hash": "70ecd680cfa696089e95cec0defc0112", "key": "title"}, {"hash": "26769fd423968d45be7383413e2552f1", "key": "cvss"}, {"hash": "3f29908c6bb6f5efaf3e67cda47b94f7", "key": "modified"}, {"hash": "c9898bc973bfffca5119f1a3bfa73a8d", "key": "naslFamily"}, {"hash": "157996cf66d75d99e463be07c6b7e5a8", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "feab9226bc20cd5966b22d3643d98980", "key": "references"}, {"hash": "f2bb0656a5ca8aac3e7cda04c2ee7c89", "key": "sourceData"}, {"hash": "93739bc7258bdb005be0d4b3b4e7a165", "key": "href"}, {"hash": "99f3b4bbff8e972ef6b8737c70caf255", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=94641", "id": "SMB_NT_MS16-140.NASL", "lastseen": "2016-12-10T05:36:28", "modified": "2016-12-09T00:00:00", "naslFamily": "Windows : Microsoft Bulletins", "objectVersion": "1.2", "pluginID": "94641", "published": "2016-11-08T00:00:00", "references": ["https://technet.microsoft.com/en-us/library/security/MS16-140"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94641);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2016/12/09 21:04:55 $\");\n\n script_cve_id(\"CVE-2016-7247\");\n script_bugtraq_id(94058);\n script_osvdb_id(146919);\n script_xref(name:\"MSFT\", value:\"MS16-140\");\n script_xref(name:\"IAVB\", value:\"2016-B-0162\");\n\n script_name(english:\"MS16-140: Security Update for Boot Manager (3193479)\");\n script_summary(english:\"Checks for the November 2016 Rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by a security bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing a security update. It is,\ntherefore, affected a security bypass vulnerability in Windows Secure\nBoot due to the use of an insecure boot policy in firmware. A local\nattacker can exploit this issue to disable code integrity checks,\nallowing test-signed executables and drivers to be loaded onto a\ntarget device.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://technet.microsoft.com/en-us/library/security/MS16-140\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1,\n2012 R2, 10, and 2016.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS16-140';\nkbs = make_list(\n '3197873', # 8.1 / 2012 R2\n '3197874', # 8.1 / 2012 R2\n '3197876', # 2012\n '3197877', # 2012\n '3198585', # 10\n '3198586', # 10 Version 1511\n '3200970' # 10 Version 1607\n);\n\nif (get_kb_item(\"Host/patch_management_checks\"))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows Server 2012\n smb_check_rollup(os:\"6.2\", sp:0, rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3197876, 3197877)) ||\n # Windows 8.1 / Windows Server 2012 R2\n smb_check_rollup(os:\"6.3\", sp:0, rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3197873, 3197874)) ||\n # Windows 10\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10240\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3198585)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10586\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3198586)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"14393\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3200970))\n)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "title": "MS16-140: Security Update for Boot Manager (3193479)", "type": "nessus", "viewCount": 11}, "differentElements": ["modified", "sourceData"], "edition": 5, "lastseen": "2016-12-10T05:36:28"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:microsoft:windows"], "cvelist": ["CVE-2016-7247"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "The remote Windows host is missing a security update. It is, therefore, affected a security bypass vulnerability in Windows Secure Boot due to the use of an insecure boot policy in firmware. A local attacker can exploit this issue to disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device.", "edition": 13, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "52cb92710df00e03b60815e190ce9e22969880020dfa60269f6eba0ec50a0baa", "hashmap": [{"hash": "87e6e6c3d2e85085f00787901efee4f2", "key": "published"}, {"hash": "7be9ff1046110869419ab5080a73c9f4", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d4f0ea82dab2b86570f1e5df011836d8", "key": "pluginID"}, {"hash": "70ecd680cfa696089e95cec0defc0112", "key": "title"}, {"hash": "26769fd423968d45be7383413e2552f1", "key": "cvss"}, {"hash": "c9898bc973bfffca5119f1a3bfa73a8d", "key": "naslFamily"}, {"hash": "f119fcbd597f778cfd79bca12af8db90", "key": "cpe"}, {"hash": "157996cf66d75d99e463be07c6b7e5a8", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "feab9226bc20cd5966b22d3643d98980", "key": "references"}, {"hash": "93739bc7258bdb005be0d4b3b4e7a165", "key": "href"}, {"hash": "21fc9686c146fcf6b16f09134dff3269", "key": "modified"}, {"hash": "99f3b4bbff8e972ef6b8737c70caf255", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=94641", "id": "SMB_NT_MS16-140.NASL", "lastseen": "2018-09-01T23:51:41", "modified": "2018-08-03T00:00:00", "naslFamily": "Windows : Microsoft Bulletins", "objectVersion": "1.3", "pluginID": "94641", "published": "2016-11-08T00:00:00", "references": ["https://technet.microsoft.com/en-us/library/security/MS16-140"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94641);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/08/03 11:35:09\");\n\n script_cve_id(\"CVE-2016-7247\");\n script_bugtraq_id(94058);\n script_xref(name:\"MSFT\", value:\"MS16-140\");\n script_xref(name:\"MSKB\", value:\"3197873\");\n script_xref(name:\"MSKB\", value:\"3197874\");\n script_xref(name:\"MSKB\", value:\"3197876\");\n script_xref(name:\"MSKB\", value:\"3197877\");\n script_xref(name:\"MSKB\", value:\"3198585\");\n script_xref(name:\"MSKB\", value:\"3198586\");\n script_xref(name:\"MSKB\", value:\"3200970\");\n script_xref(name:\"IAVB\", value:\"2016-B-0162\");\n\n script_name(english:\"MS16-140: Security Update for Boot Manager (3193479)\");\n script_summary(english:\"Checks for the November 2016 Rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by a security bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing a security update. It is,\ntherefore, affected a security bypass vulnerability in Windows Secure\nBoot due to the use of an insecure boot policy in firmware. A local\nattacker can exploit this issue to disable code integrity checks,\nallowing test-signed executables and drivers to be loaded onto a\ntarget device.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://technet.microsoft.com/en-us/library/security/MS16-140\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1,\n2012 R2, 10, and 2016.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS16-140';\nkbs = make_list(\n '3197873', # 8.1 / 2012 R2\n '3197874', # 8.1 / 2012 R2\n '3197876', # 2012\n '3197877', # 2012\n '3198585', # 10\n '3198586', # 10 Version 1511\n '3200970' # 10 Version 1607\n);\n\nif (get_kb_item(\"Host/patch_management_checks\"))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows Server 2012\n smb_check_rollup(os:\"6.2\", sp:0, rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3197876, 3197877)) ||\n # Windows 8.1 / Windows Server 2012 R2\n smb_check_rollup(os:\"6.3\", sp:0, rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3197873, 3197874)) ||\n # Windows 10\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10240\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3198585)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10586\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3198586)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"14393\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3200970))\n)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "title": "MS16-140: Security Update for Boot Manager (3193479)", "type": "nessus", "viewCount": 17}, "differentElements": ["references", "modified", "sourceData"], "edition": 13, "lastseen": "2018-09-01T23:51:41"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:microsoft:windows"], "cvelist": ["CVE-2016-7247"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "The remote Windows host is missing a security update. It is, therefore, affected a security bypass vulnerability in Windows Secure Boot due to the use of an insecure boot policy in firmware. A local attacker can exploit this issue to disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device.", "edition": 9, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "d230823b80c32c46c0a98675a48534042ccd1f415dfff42846ad1cf41de2803a", "hashmap": [{"hash": "87e6e6c3d2e85085f00787901efee4f2", "key": "published"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d4f0ea82dab2b86570f1e5df011836d8", "key": "pluginID"}, {"hash": "70ecd680cfa696089e95cec0defc0112", "key": "title"}, {"hash": "26769fd423968d45be7383413e2552f1", "key": "cvss"}, {"hash": "602bced6320cec4ab33d131e0b746b65", "key": "modified"}, {"hash": "c9898bc973bfffca5119f1a3bfa73a8d", "key": "naslFamily"}, {"hash": "f119fcbd597f778cfd79bca12af8db90", "key": "cpe"}, {"hash": "157996cf66d75d99e463be07c6b7e5a8", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "feab9226bc20cd5966b22d3643d98980", "key": "references"}, {"hash": "24e7b35032eba3823402f430ab03ffa5", "key": "sourceData"}, {"hash": "93739bc7258bdb005be0d4b3b4e7a165", "key": "href"}, {"hash": "99f3b4bbff8e972ef6b8737c70caf255", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=94641", "id": "SMB_NT_MS16-140.NASL", "lastseen": "2017-10-29T13:39:54", "modified": "2017-07-12T00:00:00", "naslFamily": "Windows : Microsoft Bulletins", "objectVersion": "1.3", "pluginID": "94641", "published": "2016-11-08T00:00:00", "references": ["https://technet.microsoft.com/en-us/library/security/MS16-140"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94641);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2017/07/12 20:40:24 $\");\n\n script_cve_id(\"CVE-2016-7247\");\n script_bugtraq_id(94058);\n script_osvdb_id(146919);\n script_xref(name:\"MSFT\", value:\"MS16-140\");\n script_xref(name:\"MSKB\", value:\"3197873\");\n script_xref(name:\"MSKB\", value:\"3197874\");\n script_xref(name:\"MSKB\", value:\"3197876\");\n script_xref(name:\"MSKB\", value:\"3197877\");\n script_xref(name:\"MSKB\", value:\"3198585\");\n script_xref(name:\"MSKB\", value:\"3198586\");\n script_xref(name:\"MSKB\", value:\"3200970\");\n script_xref(name:\"IAVB\", value:\"2016-B-0162\");\n\n script_name(english:\"MS16-140: Security Update for Boot Manager (3193479)\");\n script_summary(english:\"Checks for the November 2016 Rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by a security bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing a security update. It is,\ntherefore, affected a security bypass vulnerability in Windows Secure\nBoot due to the use of an insecure boot policy in firmware. A local\nattacker can exploit this issue to disable code integrity checks,\nallowing test-signed executables and drivers to be loaded onto a\ntarget device.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://technet.microsoft.com/en-us/library/security/MS16-140\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1,\n2012 R2, 10, and 2016.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS16-140';\nkbs = make_list(\n '3197873', # 8.1 / 2012 R2\n '3197874', # 8.1 / 2012 R2\n '3197876', # 2012\n '3197877', # 2012\n '3198585', # 10\n '3198586', # 10 Version 1511\n '3200970' # 10 Version 1607\n);\n\nif (get_kb_item(\"Host/patch_management_checks\"))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows Server 2012\n smb_check_rollup(os:\"6.2\", sp:0, rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3197876, 3197877)) ||\n # Windows 8.1 / Windows Server 2012 R2\n smb_check_rollup(os:\"6.3\", sp:0, rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3197873, 3197874)) ||\n # Windows 10\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10240\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3198585)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10586\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3198586)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"14393\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3200970))\n)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "title": "MS16-140: Security Update for Boot Manager (3193479)", "type": "nessus", "viewCount": 15}, "differentElements": ["modified", "sourceData"], "edition": 9, "lastseen": "2017-10-29T13:39:54"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2016-7247"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote Windows host is missing a security update. It is, therefore, affected a security bypass vulnerability in Windows Secure Boot due to the use of an insecure boot policy in firmware. A local attacker can exploit this issue to disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device.", "edition": 2, "hash": "d61820f84662fbdba1ace5e9bf0c9309d9053156a89d2dd9268e3219cf38e43f", "hashmap": [{"hash": "87e6e6c3d2e85085f00787901efee4f2", "key": "published"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d4f0ea82dab2b86570f1e5df011836d8", "key": "pluginID"}, {"hash": "70ecd680cfa696089e95cec0defc0112", "key": "title"}, {"hash": "c9898bc973bfffca5119f1a3bfa73a8d", "key": "naslFamily"}, {"hash": "157996cf66d75d99e463be07c6b7e5a8", "key": "description"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "9100763bd463aab1e492ce4afb00e2cb", "key": "modified"}, {"hash": "feab9226bc20cd5966b22d3643d98980", "key": "references"}, {"hash": "93739bc7258bdb005be0d4b3b4e7a165", "key": "href"}, {"hash": "d95eb16589828a3a65676c7686422876", "key": "sourceData"}, {"hash": "99f3b4bbff8e972ef6b8737c70caf255", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=94641", "id": "SMB_NT_MS16-140.NASL", "lastseen": "2016-11-10T21:25:47", "modified": "2016-11-10T00:00:00", "naslFamily": "Windows : Microsoft Bulletins", "objectVersion": "1.2", "pluginID": "94641", "published": "2016-11-08T00:00:00", "references": ["https://technet.microsoft.com/en-us/library/security/MS16-140"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94641);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2016/11/10 14:37:36 $\");\n\n script_cve_id(\"CVE-2016-7247\");\n script_bugtraq_id(94058);\n script_osvdb_id(146919);\n script_xref(name:\"MSFT\", value:\"MS16-140\");\n\n script_name(english:\"MS16-140: Security Update for Boot Manager (3193479)\");\n script_summary(english:\"Checks for the November 2016 Rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by a security bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing a security update. It is,\ntherefore, affected a security bypass vulnerability in Windows Secure\nBoot due to the use of an insecure boot policy in firmware. A local\nattacker can exploit this issue to disable code integrity checks,\nallowing test-signed executables and drivers to be loaded onto a\ntarget device.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://technet.microsoft.com/en-us/library/security/MS16-140\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1,\n2012 R2, 10, and 2016.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS16-140';\nkbs = make_list(\n '3197873', # 8.1 / 2012 R2\n '3197874', # 8.1 / 2012 R2\n '3197876', # 2012\n '3197877', # 2012\n '3198585', # 10\n '3198586', # 10 Version 1511\n '3200970' # 10 Version 1607\n);\n\nif (get_kb_item(\"Host/patch_management_checks\"))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows Server 2012\n smb_check_rollup(os:\"6.2\", sp:0, rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3197876, 3197877)) ||\n # Windows 8.1 / Windows Server 2012 R2\n smb_check_rollup(os:\"6.3\", sp:0, rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3197873, 3197874)) ||\n # Windows 10\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10240\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3198585)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10586\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3198586)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"14393\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3200970))\n)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "title": "MS16-140: Security Update for Boot Manager (3193479)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2016-11-10T21:25:47"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:microsoft:windows"], "cvelist": ["CVE-2016-7247"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "The remote Windows host is missing a security update. It is, therefore, affected a security bypass vulnerability in Windows Secure Boot due to the use of an insecure boot policy in firmware. A local attacker can exploit this issue to disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device.", "edition": 11, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "52cb92710df00e03b60815e190ce9e22969880020dfa60269f6eba0ec50a0baa", "hashmap": [{"hash": "87e6e6c3d2e85085f00787901efee4f2", "key": "published"}, {"hash": "7be9ff1046110869419ab5080a73c9f4", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d4f0ea82dab2b86570f1e5df011836d8", "key": "pluginID"}, {"hash": "70ecd680cfa696089e95cec0defc0112", "key": "title"}, {"hash": "26769fd423968d45be7383413e2552f1", "key": "cvss"}, {"hash": "c9898bc973bfffca5119f1a3bfa73a8d", "key": "naslFamily"}, {"hash": "f119fcbd597f778cfd79bca12af8db90", "key": "cpe"}, {"hash": "157996cf66d75d99e463be07c6b7e5a8", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "feab9226bc20cd5966b22d3643d98980", "key": "references"}, {"hash": "93739bc7258bdb005be0d4b3b4e7a165", "key": "href"}, {"hash": "21fc9686c146fcf6b16f09134dff3269", "key": "modified"}, {"hash": "99f3b4bbff8e972ef6b8737c70caf255", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=94641", "id": "SMB_NT_MS16-140.NASL", "lastseen": "2018-08-05T11:58:37", "modified": "2018-08-03T00:00:00", "naslFamily": "Windows : Microsoft Bulletins", "objectVersion": "1.3", "pluginID": "94641", "published": "2016-11-08T00:00:00", "references": ["https://technet.microsoft.com/en-us/library/security/MS16-140"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94641);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/08/03 11:35:09\");\n\n script_cve_id(\"CVE-2016-7247\");\n script_bugtraq_id(94058);\n script_xref(name:\"MSFT\", value:\"MS16-140\");\n script_xref(name:\"MSKB\", value:\"3197873\");\n script_xref(name:\"MSKB\", value:\"3197874\");\n script_xref(name:\"MSKB\", value:\"3197876\");\n script_xref(name:\"MSKB\", value:\"3197877\");\n script_xref(name:\"MSKB\", value:\"3198585\");\n script_xref(name:\"MSKB\", value:\"3198586\");\n script_xref(name:\"MSKB\", value:\"3200970\");\n script_xref(name:\"IAVB\", value:\"2016-B-0162\");\n\n script_name(english:\"MS16-140: Security Update for Boot Manager (3193479)\");\n script_summary(english:\"Checks for the November 2016 Rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by a security bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing a security update. It is,\ntherefore, affected a security bypass vulnerability in Windows Secure\nBoot due to the use of an insecure boot policy in firmware. A local\nattacker can exploit this issue to disable code integrity checks,\nallowing test-signed executables and drivers to be loaded onto a\ntarget device.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://technet.microsoft.com/en-us/library/security/MS16-140\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1,\n2012 R2, 10, and 2016.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS16-140';\nkbs = make_list(\n '3197873', # 8.1 / 2012 R2\n '3197874', # 8.1 / 2012 R2\n '3197876', # 2012\n '3197877', # 2012\n '3198585', # 10\n '3198586', # 10 Version 1511\n '3200970' # 10 Version 1607\n);\n\nif (get_kb_item(\"Host/patch_management_checks\"))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows Server 2012\n smb_check_rollup(os:\"6.2\", sp:0, rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3197876, 3197877)) ||\n # Windows 8.1 / Windows Server 2012 R2\n smb_check_rollup(os:\"6.3\", sp:0, rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3197873, 3197874)) ||\n # Windows 10\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10240\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3198585)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10586\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3198586)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"14393\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3200970))\n)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "title": "MS16-140: Security Update for Boot Manager (3193479)", "type": "nessus", "viewCount": 15}, "differentElements": ["cvss"], "edition": 11, "lastseen": "2018-08-05T11:58:37"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2016-7247"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote Windows host is missing a security update. It is, therefore, affected a security bypass vulnerability in Windows Secure Boot due to the use of an insecure boot policy in firmware. A local attacker can exploit this issue to disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device.", "edition": 1, "hash": "3d7252c92e1c91d8257b4ee9999b4f3f62d372a2fbb42c0f942554a8b9c686da", "hashmap": [{"hash": "f2249e2ed581e22fd91c3d42b700b581", "key": "modified"}, {"hash": "87e6e6c3d2e85085f00787901efee4f2", "key": "published"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d4f0ea82dab2b86570f1e5df011836d8", "key": "pluginID"}, {"hash": "70ecd680cfa696089e95cec0defc0112", "key": "title"}, {"hash": "c9898bc973bfffca5119f1a3bfa73a8d", "key": "naslFamily"}, {"hash": "157996cf66d75d99e463be07c6b7e5a8", "key": "description"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "feab9226bc20cd5966b22d3643d98980", "key": "references"}, {"hash": "93739bc7258bdb005be0d4b3b4e7a165", "key": "href"}, {"hash": "e1a8ad5386248edfbcc2b87762d5d3b2", "key": "sourceData"}, {"hash": "99f3b4bbff8e972ef6b8737c70caf255", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=94641", "id": "SMB_NT_MS16-140.NASL", "lastseen": "2016-11-09T09:26:00", "modified": "2016-11-09T00:00:00", "naslFamily": "Windows : Microsoft Bulletins", "objectVersion": "1.2", "pluginID": "94641", "published": "2016-11-08T00:00:00", "references": ["https://technet.microsoft.com/en-us/library/security/MS16-140"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94641);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2016/11/09 02:59:56 $\");\n\n script_cve_id(\"CVE-2016-7247\");\n script_bugtraq_id(94058);\n script_osvdb_id(146919);\n script_xref(name:\"MSFT\", value:\"MS16-140\");\n\n script_name(english:\"MS16-140: Security Update for Boot Manager (3193479)\");\n script_summary(english:\"Checks for the November 2016 Rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by a security bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing a security update. It is,\ntherefore, affected a security bypass vulnerability in Windows Secure\nBoot due to the use of an insecure boot policy in firmware. A local\nattacker can exploit this issue to disable code integrity checks,\nallowing test-signed executables and drivers to be loaded onto a\ntarget device.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://technet.microsoft.com/en-us/library/security/MS16-140\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1,\n2012 R2, 10, and 2016.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS16-140';\nkbs = make_list(\n '3197873', # 8.1 / 2012 R2\n '3197874', # 8.1 / 2012 R2\n '3197876', # 2012\n '3197877', # 2012\n '3198585', # 10\n '3198586', # 10 Version 1511\n '3200970' # 10 Version 1607\n);\n\nif (get_kb_item(\"Host/patch_management_checks\"))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows Server 2012\n smb_check_rollup(os:\"6.2\", sp:0, rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3197876, 3197877)) ||\n # Windows 8.1 / Windows Server 2012 R2\n smb_check_rollup(os:\"6.3\", sp:0, rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3197873, 3197874)) ||\n # Windows 10\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10240\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3198585)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10586\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3198586)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"14393\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3200970))\n)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "title": "MS16-140: Security Update for Boot Manager (3193479)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2016-11-09T09:26:00"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2016-7247"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "The remote Windows host is missing a security update. It is, therefore, affected a security bypass vulnerability in Windows Secure Boot due to the use of an insecure boot policy in firmware. A local attacker can exploit this issue to disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device.", "edition": 8, "enchantments": {}, "hash": "9a0db18aa779e7a83caf0d874114321c968f2d762bbd608b07750f29b698268a", "hashmap": [{"hash": "87e6e6c3d2e85085f00787901efee4f2", "key": "published"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d4f0ea82dab2b86570f1e5df011836d8", "key": "pluginID"}, {"hash": "70ecd680cfa696089e95cec0defc0112", "key": "title"}, {"hash": "26769fd423968d45be7383413e2552f1", "key": "cvss"}, {"hash": "602bced6320cec4ab33d131e0b746b65", "key": "modified"}, {"hash": "c9898bc973bfffca5119f1a3bfa73a8d", "key": "naslFamily"}, {"hash": "157996cf66d75d99e463be07c6b7e5a8", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "feab9226bc20cd5966b22d3643d98980", "key": "references"}, {"hash": "24e7b35032eba3823402f430ab03ffa5", "key": "sourceData"}, {"hash": "93739bc7258bdb005be0d4b3b4e7a165", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "99f3b4bbff8e972ef6b8737c70caf255", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=94641", "id": "SMB_NT_MS16-140.NASL", "lastseen": "2017-07-13T05:47:36", "modified": "2017-07-12T00:00:00", "naslFamily": "Windows : Microsoft Bulletins", "objectVersion": "1.3", "pluginID": "94641", "published": "2016-11-08T00:00:00", "references": ["https://technet.microsoft.com/en-us/library/security/MS16-140"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94641);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2017/07/12 20:40:24 $\");\n\n script_cve_id(\"CVE-2016-7247\");\n script_bugtraq_id(94058);\n script_osvdb_id(146919);\n script_xref(name:\"MSFT\", value:\"MS16-140\");\n script_xref(name:\"MSKB\", value:\"3197873\");\n script_xref(name:\"MSKB\", value:\"3197874\");\n script_xref(name:\"MSKB\", value:\"3197876\");\n script_xref(name:\"MSKB\", value:\"3197877\");\n script_xref(name:\"MSKB\", value:\"3198585\");\n script_xref(name:\"MSKB\", value:\"3198586\");\n script_xref(name:\"MSKB\", value:\"3200970\");\n script_xref(name:\"IAVB\", value:\"2016-B-0162\");\n\n script_name(english:\"MS16-140: Security Update for Boot Manager (3193479)\");\n script_summary(english:\"Checks for the November 2016 Rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by a security bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing a security update. It is,\ntherefore, affected a security bypass vulnerability in Windows Secure\nBoot due to the use of an insecure boot policy in firmware. A local\nattacker can exploit this issue to disable code integrity checks,\nallowing test-signed executables and drivers to be loaded onto a\ntarget device.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://technet.microsoft.com/en-us/library/security/MS16-140\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1,\n2012 R2, 10, and 2016.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS16-140';\nkbs = make_list(\n '3197873', # 8.1 / 2012 R2\n '3197874', # 8.1 / 2012 R2\n '3197876', # 2012\n '3197877', # 2012\n '3198585', # 10\n '3198586', # 10 Version 1511\n '3200970' # 10 Version 1607\n);\n\nif (get_kb_item(\"Host/patch_management_checks\"))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows Server 2012\n smb_check_rollup(os:\"6.2\", sp:0, rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3197876, 3197877)) ||\n # Windows 8.1 / Windows Server 2012 R2\n smb_check_rollup(os:\"6.3\", sp:0, rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3197873, 3197874)) ||\n # Windows 10\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10240\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3198585)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10586\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3198586)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"14393\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3200970))\n)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "title": "MS16-140: Security Update for Boot Manager (3193479)", "type": "nessus", "viewCount": 15}, "differentElements": ["cpe"], "edition": 8, "lastseen": "2017-07-13T05:47:36"}], "edition": 16, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "f119fcbd597f778cfd79bca12af8db90"}, {"key": "cvelist", "hash": "99f3b4bbff8e972ef6b8737c70caf255"}, {"key": "cvss", "hash": "26769fd423968d45be7383413e2552f1"}, {"key": "description", "hash": "157996cf66d75d99e463be07c6b7e5a8"}, {"key": "href", "hash": "93739bc7258bdb005be0d4b3b4e7a165"}, {"key": "modified", "hash": "015cb78ce50d3bd4e2fbe18f25603329"}, {"key": "naslFamily", "hash": "c9898bc973bfffca5119f1a3bfa73a8d"}, {"key": "pluginID", "hash": "d4f0ea82dab2b86570f1e5df011836d8"}, {"key": "published", "hash": "87e6e6c3d2e85085f00787901efee4f2"}, {"key": "references", "hash": "a2ca3dc3f34cad25fbf32715dadfdc6b"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "c07471a0a75d43237ebc7f7b38d9dc72"}, {"key": "title", "hash": "70ecd680cfa696089e95cec0defc0112"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "ca1d55031ed0dcb0b6826d0b136f7a320e934e0b892648ead04b716b3510efc2", "viewCount": 17, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-7247"]}, {"type": "symantec", "idList": ["SMNTC-94058"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310809802"]}, {"type": "kaspersky", "idList": ["KLA10897"]}], "modified": "2019-02-21T01:28:22"}, "score": {"value": 5.8, "vector": "NONE", "modified": "2019-02-21T01:28:22"}, "vulnersScore": 5.8}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94641);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/15 20:50:32\");\n\n script_cve_id(\"CVE-2016-7247\");\n script_bugtraq_id(94058);\n script_xref(name:\"MSFT\", value:\"MS16-140\");\n script_xref(name:\"MSKB\", value:\"3197873\");\n script_xref(name:\"MSKB\", value:\"3197874\");\n script_xref(name:\"MSKB\", value:\"3197876\");\n script_xref(name:\"MSKB\", value:\"3197877\");\n script_xref(name:\"MSKB\", value:\"3198585\");\n script_xref(name:\"MSKB\", value:\"3198586\");\n script_xref(name:\"MSKB\", value:\"3200970\");\n script_xref(name:\"IAVB\", value:\"2016-B-0162\");\n\n script_name(english:\"MS16-140: Security Update for Boot Manager (3193479)\");\n script_summary(english:\"Checks for the November 2016 Rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by a security bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing a security update. It is,\ntherefore, affected a security bypass vulnerability in Windows Secure\nBoot due to the use of an insecure boot policy in firmware. A local\nattacker can exploit this issue to disable code integrity checks,\nallowing test-signed executables and drivers to be loaded onto a\ntarget device.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-140\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1,\n2012 R2, 10, and 2016.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS16-140';\nkbs = make_list(\n '3197873', # 8.1 / 2012 R2\n '3197874', # 8.1 / 2012 R2\n '3197876', # 2012\n '3197877', # 2012\n '3198585', # 10\n '3198586', # 10 Version 1511\n '3200970' # 10 Version 1607\n);\n\nif (get_kb_item(\"Host/patch_management_checks\"))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows Server 2012\n smb_check_rollup(os:\"6.2\", sp:0, rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3197876, 3197877)) ||\n # Windows 8.1 / Windows Server 2012 R2\n smb_check_rollup(os:\"6.3\", sp:0, rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3197873, 3197874)) ||\n # Windows 10\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10240\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3198585)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10586\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3198586)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"14393\", rollup_date:\"11_2016\", bulletin:bulletin, rollup_kb_list:make_list(3200970))\n)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "naslFamily": "Windows : Microsoft Bulletins", "pluginID": "94641", "cpe": ["cpe:/o:microsoft:windows"], "scheme": null}

{"cve": [{"lastseen": "2019-05-29T18:15:39", "bulletinFamily": "NVD", "description": "Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow physically proximate attackers to bypass the Secure Boot protection mechanism via a crafted boot policy, aka \"Secure Boot Component Vulnerability.\"", "modified": "2018-10-12T22:14:00", "id": "CVE-2016-7247", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7247", "published": "2016-11-10T07:00:00", "title": "CVE-2016-7247", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "symantec": [{"lastseen": "2018-03-13T22:14:29", "bulletinFamily": "software", "description": "### Description\n\nMicrosoft Windows is prone to a local security-bypass vulnerability. A local attacker can leverage this issue to bypass certain security restrictions and perform unauthorized actions.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1511 for 32-bit Systems \n * Microsoft Windows 10 version 1511 for x64-based Systems \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for 64-bit Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 for x64-based Systems \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nAllow only trusted individuals to have user accounts and local access to the resources.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2016-11-08T00:00:00", "published": "2016-11-08T00:00:00", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/94058", "id": "SMNTC-94058", "title": "Microsoft Windows Boot Manager CVE-2016-7247 Local Security Bypass Vulnerability", "type": "symantec", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2019-05-29T18:35:10", "bulletinFamily": "scanner", "description": "This host is missing an important security\n update according to Microsoft Bulletin MS16-140.", "modified": "2019-05-03T00:00:00", "published": "2016-11-09T00:00:00", "id": "OPENVAS:1361412562310809802", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809802", "title": "Microsoft Boot Manager Security Feature Bypass Vulnerability (3193479)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Boot Manager Security Feature Bypass Vulnerability (3193479)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809802\");\n script_version(\"2019-05-03T10:54:50+0000\");\n script_cve_id(\"CVE-2016-7247\");\n script_bugtraq_id(94058);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 10:54:50 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-11-09 08:16:52 +0530 (Wed, 09 Nov 2016)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft Boot Manager Security Feature Bypass Vulnerability (3193479)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft Bulletin MS16-140.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to windows secure boot\n improperly loads a boot policy that is affected by the vulnerability.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to disable code integrity checks, allowing test-signed executables\n and drivers to be loaded onto a target device.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 8.1 x32/x64 Edition\n Microsoft Windows Server 2012/2012R2\n Microsoft Windows 10 x32/x64\n Microsoft Windows 10 Version 1511 x32/x64\n Microsoft Windows 10 Version 1607 x32/x64\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/kb/3193479\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/en-us/library/security/MS16-140\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/library/security/MS16-140\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2012:1, win2012R2:1, win8_1:1, win8_1x64:1, win10:1,\n win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_systemroot();\nif(!sysPath ){\n exit(0);\n}\n\noleVer = fetch_file_version(sysPath:sysPath, file_name:\"System32\\Ole32.dll\");\nif(!oleVer){\n exit(0);\n}\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) > 0)\n{\n if(version_is_less(version:oleVer, test_version:\"6.3.9600.18508\"))\n {\n Vulnerable_range = \"Less than 6.3.9600.18508\";\n VULN = TRUE ;\n }\n}\n\nelse if(hotfix_check_sp(win2012:1) > 0)\n{\n if(version_is_less(version:oleVer, test_version:\"6.2.9200.22005\"))\n {\n Vulnerable_range = \"Less than 6.2.9200.22005\";\n VULN = TRUE ;\n }\n}\n\nelse if(hotfix_check_sp(win10:1, win10x64:1) > 0)\n{\n if(version_is_less(version:oleVer, test_version:\"10.0.10240.17184\"))\n {\n Vulnerable_range = \"Less than 10.0.10240.17184\";\n VULN = TRUE ;\n }\n else if(version_in_range(version:oleVer, test_version:\"10.0.10586.0\", test_version2:\"10.0.10586.671\"))\n {\n Vulnerable_range = \"10.0.10586.0 - 10.0.10586.671\";\n VULN = TRUE ;\n }\n else if(version_in_range(version:oleVer, test_version:\"10.0.14393.0\", test_version2:\"10.0.14393.446\"))\n {\n Vulnerable_range = \"10.0.14393.0 - 10.0.14393.446\";\n VULN = TRUE ;\n }\n}\n\nif(VULN)\n{\n report = 'File checked: ' + sysPath + \"\\System32\\Ole32.dll\" + '\\n' +\n 'File version: ' + oleVer + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range + '\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "kaspersky": [{"lastseen": "2019-03-21T00:15:00", "bulletinFamily": "info", "description": "### *Detect date*:\n11/08/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code, obtain sensitive information or gain pribileges.\n\n### *Affected products*:\nMicrosoft Windows Vista Service Pack 2 \nMicrosoft Windows 7 Service Pack 1 \nMicrosoft Windows 8.1 \nMicrosoft Windows RT 8.1 \nMicrosoft Windows 10 \nMicrosoft Windows Server 2008 Service Pack 2 \nMicrosoft Windows Server 2008 R2 Service Pack 1 \nMicrosoft Windows Server 2012 \nMicrosoft Windows Server 2012 R2 \nMicrosoft Windows Server 2016\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[MS16-130](<https://technet.microsoft.com/en-us/library/security/ms16-130.aspx>) \n[CVE-2016-7202](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7202>) \n[CVE-2016-7256](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7256>) \n[CVE-2016-7255](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7255>) \n[CVE-2016-7248](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7248>) \n[CVE-2016-7247](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7247>) \n[CVE-2016-7246](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7246>) \n[CVE-2016-7238](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7238>) \n[CVE-2016-7237](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7237>) \n[CVE-2016-0026](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0026>) \n[CVE-2016-3332](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3332>) \n[CVE-2016-3333](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3333>) \n[CVE-2016-3334](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3334>) \n[CVE-2016-3335](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3335>) \n[CVE-2016-3338](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3338>) \n[CVE-2016-3340](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3340>) \n[CVE-2016-3342](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3342>) \n[CVE-2016-3343](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3343>) \n[CVE-2016-7184](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7184>) \n[CVE-2016-7205](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7205>) \n[CVE-2016-7210](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7210>) \n[CVE-2016-7212](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7212>) \n[CVE-2016-7214](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7214>) \n[CVE-2016-7215](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7215>) \n[CVE-2016-7216](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7216>) \n[CVE-2016-7217](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7217>) \n[CVE-2016-7218](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7218>) \n[CVE-2016-7220](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7220>) \n[CVE-2016-7221](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7221>) \n[CVE-2016-7222](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7222>) \n[CVE-2016-7223](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7223>) \n[CVE-2016-7224](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7224>) \n[CVE-2016-7225](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7225>) \n[CVE-2016-7226](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7226>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows Vista](<https://threats.kaspersky.com/en/product/Microsoft-Windows-Vista-4/>)\n\n### *CVE-IDS*:\n[CVE-2016-7202](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7202>)7.6Critical \n[CVE-2016-7256](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7256>)9.3Critical \n[CVE-2016-7255](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7255>)7.2Critical \n[CVE-2016-7248](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7248>)9.3Critical \n[CVE-2016-7247](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7247>)5.0Critical \n[CVE-2016-7246](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7246>)7.2Critical \n[CVE-2016-7238](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7238>)7.2Critical \n[CVE-2016-7237](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7237>)6.8Critical \n[CVE-2016-0026](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0026>)9.3Critical \n[CVE-2016-3332](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3332>)9.3Critical \n[CVE-2016-3333](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3333>)9.3Critical \n[CVE-2016-3334](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3334>)9.3Critical \n[CVE-2016-3335](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3335>)9.3Critical \n[CVE-2016-3338](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3338>)9.3Critical \n[CVE-2016-3340](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3340>)9.3Critical \n[CVE-2016-3342](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3342>)9.3Critical \n[CVE-2016-3343](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3343>)9.3Critical \n[CVE-2016-7184](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7184>)9.3Critical \n[CVE-2016-7205](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7205>)9.3Critical \n[CVE-2016-7210](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7210>)4.3Critical \n[CVE-2016-7212](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7212>)9.3Critical \n[CVE-2016-7214](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7214>)2.1Critical \n[CVE-2016-7215](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7215>)7.2Critical \n[CVE-2016-7216](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7216>)2.1Critical \n[CVE-2016-7217](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7217>)9.3Critical \n[CVE-2016-7218](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7218>)1.9Critical \n[CVE-2016-7220](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7220>)2.1Critical \n[CVE-2016-7221](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7221>)7.2Critical \n[CVE-2016-7222](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7222>)7.2Critical \n[CVE-2016-7223](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7223>)3.6Critical \n[CVE-2016-7224](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7224>)3.6Critical \n[CVE-2016-7225](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7225>)3.6Critical \n[CVE-2016-7226](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7226>)3.6Critical\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[3200970](<http://support.microsoft.com/kb/3200970>) \n[3181707](<http://support.microsoft.com/kb/3181707>) \n[3193418](<http://support.microsoft.com/kb/3193418>) \n[3194371](<http://support.microsoft.com/kb/3194371>) \n[3196718](<http://support.microsoft.com/kb/3196718>) \n[3197867](<http://support.microsoft.com/kb/3197867>) \n[3197868](<http://support.microsoft.com/kb/3197868>) \n[3197873](<http://support.microsoft.com/kb/3197873>) \n[3197874](<http://support.microsoft.com/kb/3197874>) \n[3197876](<http://support.microsoft.com/kb/3197876>) \n[3197877](<http://support.microsoft.com/kb/3197877>) \n[3198218](<http://support.microsoft.com/kb/3198218>) \n[3198234](<http://support.microsoft.com/kb/3198234>) \n[3198483](<http://support.microsoft.com/kb/3198483>) \n[3198510](<http://support.microsoft.com/kb/3198510>) \n[3198585](<http://support.microsoft.com/kb/3198585>) \n[3198586](<http://support.microsoft.com/kb/3198586>) \n[3203859](<http://support.microsoft.com/kb/3203859>) \n[3208481](<http://support.microsoft.com/kb/3208481>)", "modified": "2019-03-07T00:00:00", "published": "2016-11-08T00:00:00", "id": "KLA10897", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10897", "title": "\r KLA10897Multiple vulnerabilities in Microsoft Windows ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}