Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.SMB_NT_MS17-004.NASL
HistoryJan 10, 2017 - 12:00 a.m.

MS17-004: Security Update for Local Security Authority Subsystem Service (3216771)

2017-01-1000:00:00
This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
www.tenable.com
160

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.955 High

EPSS

Percentile

99.4%

JSON

The remote Windows host is missing a security update. It is, therefore, affected by a denial of service vulnerability in the Local Security Authority Subsystem Service (LSASS) component due to improper handling of authentication requests. An unauthenticated, remote attacker can exploit this to trigger a reboot of the system.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(96393);
  script_version("1.9");
  script_cvs_date("Date: 2018/11/15 20:50:32");

  script_cve_id("CVE-2017-0004");
  script_bugtraq_id(95318);
  script_xref(name:"MSFT", value:"MS17-004");
  script_xref(name:"MSKB", value:"3216775");
  script_xref(name:"MSKB", value:"3212642");
  script_xref(name:"MSKB", value:"3212646");
  script_xref(name:"IAVB", value:"2017-B-0005");

  script_name(english:"MS17-004: Security Update for Local Security Authority Subsystem Service (3216771)");
  script_summary(english:"Checks the file versions.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host is missing a security update. It is,
therefore, affected by a denial of service vulnerability in the Local
Security Authority Subsystem Service (LSASS) component due to improper
handling of authentication requests. An unauthenticated, remote
attacker can exploit this to trigger a reboot of the system.");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2017/ms17-004");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows Vista, 2008, 7,
and 2008 R2.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");

  script_set_attribute(attribute:"vuln_publication_date",value:"2017/01/10");
  script_set_attribute(attribute:"patch_publication_date",value:"2017/01/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/10");

  script_set_attribute(attribute:"plugin_type",value:"local");
  script_set_attribute(attribute:"cpe",value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.");

  script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl", "smb_check_rollup.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS17-004';
kbs = make_list(
  '3216775',
  '3212642',
  '3212646'
);

if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(vista:'2', win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  # Vista / Windows Server 2008
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Schannel.dll", version:"6.0.6002.19678", min_version:"6.0.6002.18000", dir:"\system32", bulletin:bulletin, kb:"3216775") ||
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Schannel.dll", version:"6.0.6002.24048", min_version:"6.0.6002.20000", dir:"\system32", bulletin:bulletin, kb:"3216775") ||
  # Windows 7 / Server 2008 R2
  smb_check_rollup(os:"6.1", sp:1, rollup_date:"01_2017", bulletin:bulletin, rollup_kb_list:make_list(3212642, 3212646))
  )
{
  set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows

Related

cve 1
mscve 1
mskb 4
checkpoint_advisories 1
symantec 1
kaspersky 2
openvas 1
nvd 1
prion 1
cvelist 1
thn 1
cve
cve
CVE-2017-0004
2017-01-10 21:59:00
mscve
mscve
Local Security Authority Subsystem Service Denial of Service Vulnerability
2017-01-10 08:00:00
mskb
mskb
January 2017 Security Only Quality Update for Windows 7 SP1 and Windows Server 2008 R2 SP1
2017-01-10 08:00:00
January 2017 Security Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1
2017-01-10 08:00:00
MS17-004: Description of the security update for Local Security Authority Subsystem Service: January 10, 2017
2017-01-10 08:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft LSASS Denial of Service (MS17-004: CVE-2017-0004)
2017-01-10 00:00:00
symantec
symantec
Microsoft Windows LSASS CVE-2017-0004 Denial of Service Vulnerability
2017-01-10 00:00:00
kaspersky
kaspersky
KLA11903 DoS vulnerability in Microsoft Products (ESU)
2017-01-10 00:00:00
KLA10941 Denial of service vulnerability in Microsoft Windows
2017-01-10 00:00:00
openvas
openvas
Microsoft Windows LSASS Local Denial of Service Vulnerability (3216771)
2017-01-11 00:00:00
nvd
nvd
CVE-2017-0004
2017-01-10 21:59:00
prion
prion
Design/Logic Flaw
2017-01-10 21:59:00
cvelist
cvelist
CVE-2017-0004
2017-01-10 21:00:00
thn
thn
Microsoft Releases 4 Security Updates — Smallest Patch Tuesday Ever!
2017-01-10 22:26:00

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.955 High

EPSS

Percentile

99.4%

JSON
Related for SMB_NT_MS17-004.NASL
cve1mscve1mskb4checkpoint_advisories1symantec1kaspersky2openvas1nvd1prion1cvelist1thn1