Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS17_APR_4015221.NASL
HistoryApr 11, 2017 - 12:00 a.m.

KB4015221: Windows 10 Version 1507 April 2017 Cumulative Update

2017-04-1100:00:00
This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
286
JSON

The remote Windows 10 Version 1507 host is missing security update KB4015221. It is, therefore, affected by multiple vulnerabilities :

  • An information disclosure vulnerability exists in the open-source libjpeg image processing library due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this to disclose sensitive information that can be utilized to bypass ASLR security protections. (CVE-2013-6629)

  • An information disclosure vulnerability exists in the win32k component due to improper handling of kernel information. A local attacker can exploit these vulnerabilities, via a specially crafted application, to disclose sensitive information. (CVE-2017-0058)

  • A privilege escalation vulnerability exists in the Microsoft Graphics Component due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated privileges. (CVE-2017-0156)

  • A flaw exists in the VBScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a malicious website or open a specially crafted document file, to execute arbitrary code.
    (CVE-2017-0158)

  • A privilege escalation vulnerability exists in the Microsoft .NET framework due to improper validation of input when loading libraries. A local attacker can exploit this to gain elevated privileges.
    (CVE-2017-0160)

  • Multiple flaws exist in Windows Hyper-V Network Switch due to improper validation of input from the guest operating system. A local attacker can exploit these, via a specially crafted application on the guest, to execute arbitrary code on the host system.
    (CVE-2017-0162, CVE-2017-0163)

  • A privilege escalation vulnerability exists due to improper sanitization of handles stored in memory. A local attacker can exploit this to gain elevated privileges. (CVE-2017-0165)

  • A flaw exists in LDAP due to buffer request lengths not being properly calculated. An unauthenticated, remote attacker can exploit this, via specially crafted traffic sent to a Domain Controller, to run processes with elevated privileges. (CVE-2017-0166)

  • A flaw exists in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0167)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(99287);
  script_version("1.14");
  script_cvs_date("Date: 2019/11/13");

  script_cve_id(
    "CVE-2013-6629",
    "CVE-2017-0058",
    "CVE-2017-0156",
    "CVE-2017-0158",
    "CVE-2017-0160",
    "CVE-2017-0162",
    "CVE-2017-0163",
    "CVE-2017-0165",
    "CVE-2017-0166",
    "CVE-2017-0167"
  );
  script_bugtraq_id(
    63676,
    97446,
    97447,
    97455,
    97461,
    97462,
    97465,
    97467,
    97473,
    97507
  );
  script_xref(name:"MSKB", value:"4015221");
  script_xref(name:"MSFT", value:"MS17-4015221");

  script_name(english:"KB4015221: Windows 10 Version 1507 April 2017 Cumulative Update");
  script_summary(english:"Checks for rollup.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Windows 10 Version 1507 host is missing security update
KB4015221. It is, therefore, affected by multiple vulnerabilities :

  - An information disclosure vulnerability exists in the
    open-source libjpeg image processing library due to
    improper handling of objects in memory. An
    unauthenticated, remote attacker can exploit this to
    disclose sensitive information that can be utilized to
    bypass ASLR security protections. (CVE-2013-6629)

  - An information disclosure vulnerability exists in the
    win32k component due to improper handling of kernel
    information. A local attacker can exploit these
    vulnerabilities, via a specially crafted application, to
    disclose sensitive information. (CVE-2017-0058)

  - A privilege escalation vulnerability exists in the
    Microsoft Graphics Component due to improper handling of
    objects in memory. A local attacker can exploit this,
    via a specially crafted application, to execute
    arbitrary code with elevated privileges. (CVE-2017-0156)

  - A flaw exists in the VBScript engine due to improper
    handling of objects in memory. An unauthenticated,
    remote attacker can exploit this, by convincing a user
    to visit a malicious website or open a specially crafted
    document file, to execute arbitrary code.
    (CVE-2017-0158)

   - A privilege escalation vulnerability exists in the
    Microsoft .NET framework due to improper validation of
    input when loading libraries. A local attacker can
    exploit this to gain elevated privileges.
    (CVE-2017-0160)

  - Multiple flaws exist in Windows Hyper-V Network Switch
    due to improper validation of input from the guest
    operating system. A local attacker can exploit these,
    via a specially crafted application on the guest, to
    execute arbitrary code on the host system.
    (CVE-2017-0162, CVE-2017-0163)

  - A privilege escalation vulnerability exists due to
    improper sanitization of handles stored in memory. A
    local attacker can exploit this to gain elevated
    privileges. (CVE-2017-0165)

  - A flaw exists in LDAP due to buffer request lengths not
    being properly calculated. An unauthenticated, remote
    attacker can exploit this, via specially crafted traffic
    sent to a Domain Controller, to run processes with
    elevated privileges. (CVE-2017-0166)

  - A flaw exists in the Windows kernel due to improper
    handling of objects in memory. A local attacker can
    exploit this, via a specially crafted application, to
    disclose sensitive information. (CVE-2017-0167)");
  # https://support.microsoft.com/en-us/help/4015221/windows-10-update-kb4015221
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a9fef1d2");
  script_set_attribute(attribute:"solution", value:
"Apply security update KB4015221.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-0166");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/04/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("smb_reg_query.inc");
include("misc_func.inc");

get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');

bulletin = 'MS17-04';
kbs = make_list('4015221');

if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

productname = get_kb_item_or_exit("SMB/ProductName", exit_code:1);
if ("2016" >< productname) audit(AUDIT_OS_SP_NOT_VULN);

if (
  # 10 (1507)
  smb_check_rollup(os:"10",
                   sp:0,
                   os_build:"10240",
                   rollup_date: "04_2017",
                   bulletin:bulletin,
                   rollup_kb_list:kbs)
)
{
  replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows

Related

kaspersky 5
mskb 28
openvas 40
nessus 34
prion 12
cve 12
mscve 10
redhat 2
veracode 2
oraclelinux 2
ubuntucve 1
f5 2
symantec 10
debiancve 1
slackware 1
centos 2
zdt 5
seebug 3
checkpoint_advisories 5
zdi 1
fedora 6
securityvulns 3
gentoo 1
mageia 1
mozilla 1
amazon 1
ubuntu 1
qualysblog 1
threatpost 1
ibm 5
kaspersky
kaspersky
KLA11059 Multiple vulnerabilities in Microsoft Windows
2017-04-11 00:00:00
KLA11835 Multiple vulnerabilities in Microsoft Products (ESU)
2017-04-11 00:00:00
KLA11061 Information disclosure vulnerability in Microsoft Windows
2017-04-11 00:00:00
mskb
mskb
April 11, 2017—KB4015546 (Security-only update)
2017-04-11 07:00:00
April 11, 2017—KB4015547 (Security-only update)
2017-04-11 07:00:00
April 11, 2017—KB4015221 (OS Build 10240.17354)
2017-04-11 07:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4015221)
2017-04-13 00:00:00
Microsoft Windows Monthly Rollup (KB4015550)
2017-04-12 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4015219)
2017-04-12 00:00:00
nessus
nessus
Windows 8.1 and Windows Server 2012 R2 April 2017 Security Updates
2017-04-12 00:00:00
Windows 7 and Windows 2008 R2 April 2017 Security Updates (Petya)
2017-04-12 00:00:00
KB4015219: Windows 10 Version 1511 April 2017 Cumulative Update
2017-04-11 00:00:00
prion
prion
Remote code execution
2017-04-12 14:59:00
Remote code execution
2017-04-12 14:59:00
Remote code execution
2017-04-12 14:59:00
cve
cve
CVE-2017-0180
2017-04-12 14:59:00
CVE-2017-0181
2017-04-12 14:59:00
CVE-2017-0162
2017-04-12 14:59:00
mscve
mscve
libjpeg Information Disclosure Vulnerability
2017-04-11 07:00:00
Windows Kernel Information Disclosure Vulnerability
2017-04-11 07:00:00
Hyper-V Remote Code Execution Vulnerability
2017-04-11 07:00:00
redhat
redhat
(RHSA-2013:1804) Moderate: libjpeg security update
2013-12-09 00:00:00
(RHSA-2013:1803) Moderate: libjpeg-turbo security update
2013-12-09 00:00:00
veracode
veracode
Information Disclosure
2019-01-15 08:53:01
Sensitive Information Disclosure
2019-05-02 05:00:31
oraclelinux
oraclelinux
libjpeg security update
2013-12-09 00:00:00
libjpeg-turbo security update
2013-12-09 00:00:00
ubuntucve
ubuntucve
CVE-2013-6629
2013-11-18 00:00:00
f5
f5
K59503294 : libjpeg vulnerability CVE-2013-6629
2016-02-19 00:00:00
SOL59503294 - libjpeg vulnerability CVE-2013-6629
2016-02-19 00:00:00
symantec
symantec
libjpeg/libjpeg-turbo Library CVE-2013-6629 Memory Corruption Vulnerability
2013-11-12 00:00:00
Microsoft Windows Hyper-V CVE-2017-0163 Remote Code Execution Vulnerability
2017-04-11 00:00:00
Microsoft Internet Explorer CVE-2017-0158 Scripting Engine Remote Memory Corruption Vulnerability
2017-04-11 00:00:00
debiancve
debiancve
CVE-2013-6629
2013-11-19 04:50:00
slackware
slackware
[slackware-security] libjpeg
2013-12-17 03:49:12
centos
centos
libjpeg security update
2013-12-10 00:47:48
libjpeg security update
2013-12-10 01:01:49
zdt
zdt
Microsoft Windows Kernel - win32kfull!SfnINLPUAHDRAWMENUITEM Stack Memory Disclosure Exploit
2017-04-13 00:00:00
Microsoft Windows Kernel win32k.sys - Multiple Bugs in the NtGdiGetDIBitsInternal System Call Exploi
2017-04-13 00:00:00
Microsoft Windows 10 (Build 10586) - IEETWCollector Arbitrary Directory/File Deletion Privilege Esca
2017-04-21 00:00:00
seebug
seebug
Windows Kernel stack memory disclosure in win32kfull!SfnINLPUAHDRAWMENUITEM (CVE-2017-0167)
2017-04-14 00:00:00
Windows Kernel win32k.sys multiple bugs in the NtGdiGetDIBitsInternal system call (CVE-2017-0058)
2017-04-14 00:00:00
Windows: ManagementObject Arbitrary .NET Serialization RCE(CVE-2017-0160)
2017-04-19 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Kernel Information Disclosure (CVE-2017-0167)
2017-04-11 00:00:00
Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2017-0158)
2017-04-11 00:00:00
Microsoft Windows Graphics Component Elevation of Privilege (CVE-2017-0156)
2017-04-11 00:00:00
zdi
zdi
Microsoft Windows ADO Array-Type Parameter Use-After-Free Information Disclosure Vulnerability
2017-04-11 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: mingw-libjpeg-turbo-1.3.1-1.fc20
2014-06-10 03:09:55
[SECURITY] Fedora 19 Update: libjpeg-turbo-1.2.90-3.fc19
2014-01-10 07:56:56
[SECURITY] Fedora 19 Update: mingw-libjpeg-turbo-1.3.1-1.fc19
2014-06-10 03:13:25
securityvulns
securityvulns
bugs in IJG jpeg6b &amp; libjpeg-turbo
2013-12-09 00:00:00
libjpeg multiple security vulnerabilities
2013-12-09 00:00:00
[ MDVSA-2013:274 ] libjpeg
2013-11-26 00:00:00
gentoo
gentoo
libjpeg-turbo: Multiple vulnerabilities
2016-06-05 00:00:00
mageia
mageia
Updated libjpeg packages fix vulnerabilities in libjpeg-turbo
2013-11-21 00:31:46
mozilla
mozilla
JPEG information leak — Mozilla
2013-12-10 00:00:00
amazon
amazon
Medium: libjpeg-turbo
2013-12-17 21:32:00
ubuntu
ubuntu
libjpeg, libjpeg-turbo vulnerabilities
2013-12-19 00:00:00
qualysblog
qualysblog
Microsoft Fixes 45 Vulnerabilities with new Security Update Guide – says goodbye to Security Bulletins
2017-04-11 18:24:03
threatpost
threatpost
Microsoft Patches Three Vulnerabilities Under Attack
2017-04-11 18:19:52
ibm
ibm
Security Bulletin: Security vulnerability in IBM Jazz Team Server affects multiple IBM Rational products based on IBM Jazz technology (CVE-2014-2421, CVE-2013-6954, CVE-2013-6629, CVE-2014-0411, CVE-2014-0416)
2021-04-28 18:35:50
Security Bulletin: Vulnerabilities in Rational Functional Tester due to IBM SDK, Java Technology Edition Version 1.6 and IBM SDK, Java Technology Edition Version 1.7
2018-09-29 20:06:32
Security Bulletin: SiteProtector System can be affected by several vulnerabilities in the IBM Java Runtime Environment (CVE-2013-6954, CVE-2013-6629, CVE-2014-2421, CVE-2014-0453, CVE-2014-1876, CVE-2014-4244, CVE-2014-4263) and in Tomcat (CVE-2014-0075)
2018-06-16 21:19:16
JSON
Related for SMB_NT_MS17_APR_4015221.NASL
kaspersky5mskb28openvas40nessus34prion12cve12mscve10redhat2veracode2oraclelinux2ubuntucve1f52symantec10debiancve1slackware1centos2zdt5seebug3checkpoint_advisories5zdi1fedora6securityvulns3gentoo1mageia1mozilla1amazon1ubuntu1qualysblog1threatpost1ibm5