Lucene search
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS18_OCT_OUTLOOK_C2R.NASLHistoryJun 10, 2022 - 12:00 a.m.
Security Updates for Outlook C2R (October 2018)
2022-06-1000:00:00
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
28
microsoft
outlook
security updates
The Microsoft Outlook application installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities including a remote code execution vulnerability requiring user interaction. See Microsoft Security Advisory ADV180026 for more information.
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
##
include("compat.inc");
if (description)
{
script_id(162081);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/06/10");
script_name(english:"Security Updates for Outlook C2R (October 2018)");
script_set_attribute(attribute:"synopsis", value:
"The Microsoft Outlook application installed on the remote host is
affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The Microsoft Outlook application installed on the remote
host is missing security updates. It is, therefore, affected
by multiple vulnerabilities including a remote code execution
vulnerability requiring user interaction. See Microsoft Security
Advisory ADV180026 for more information.");
# https://docs.microsoft.com/en-us/officeupdates/update-history-microsoft365-apps-by-date
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fd4508ff");
script_set_attribute(attribute:"solution", value:
"For Office 365, Office 2016 C2R, or Office 2019, ensure automatic
updates are enabled or open any office app and manually perform an
update.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"cvss_score_source", value:"manual");
script_set_attribute(attribute:"cvss_score_rationale", value:"Score based on analysis of the vendor advisory.");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/09");
script_set_attribute(attribute:"patch_publication_date", value:"2018/10/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/06/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:outlook");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("office_installed.nasl", "smb_hotfixes.nasl","ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, "Host/patch_management_checks");
exit(0);
}
include('vcf_extras_office.inc');
var bulletin = 'MS18-10';
var constraints = [
{ 'channel':'Deferred', 'channel_version':'1803', 'fixed_version': '16.0.9126.2295'},
{ 'channel':'Deferred', 'fixed_version': '16.0.8431.2316'},
{ 'channel':'First Release for Deferred', 'fixed_version': '16.0.10730.20155'},
{ 'channel':'Current', 'fixed_version': '16.0.10827.20150'}
];
vcf::microsoft::office_product::check_version_and_report(
constraints:constraints,
severity:SECURITY_HOLE,
bulletin:bulletin,
subproduct:'Outlook'
);