Lucene search

K
nessusThis script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS21_APR_OFFICE_SHAREPOINT_2016.NASL
HistoryApr 16, 2021 - 12:00 a.m.

Security Updates for Microsoft Sharepoint 2016 (April 2021)

2021-04-1600:00:00
This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
54

The Microsoft SharePoint Server 2016 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities:

  • Microsoft SharePoint Denial of Service Update (CVE-2021-28450)
  • Microsoft Word Remote Code Execution Vulnerability (CVE-2021-28453)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
#

include('compat.inc');

if (description)
{
  script_id(148740);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/06/03");

  script_cve_id("CVE-2021-28450", "CVE-2021-28453");
  script_xref(name:"IAVA", value:"2021-A-0172-S");
  script_xref(name:"MSKB", value:"4504719");
  script_xref(name:"MSKB", value:"4504723");
  script_xref(name:"MSFT", value:"MS21-4504719");
  script_xref(name:"MSFT", value:"MS21-4504723");

  script_name(english:"Security Updates for Microsoft Sharepoint 2016 (April 2021)");

  script_set_attribute(attribute:"synopsis", value:
"The Microsoft SharePoint Server 2016 installation on the remote host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The Microsoft SharePoint Server 2016 installation on the remote host is missing security updates. It is, therefore,
affected by multiple vulnerabilities:

  - Microsoft SharePoint Denial of Service Update (CVE-2021-28450)
  - Microsoft Word Remote Code Execution Vulnerability (CVE-2021-28453)");
  script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/4504719");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released the following security updates to address this issue:  
  -KB4504719
  -KB4504723");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-28453");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/04/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/04/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/04/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:sharepoint_server");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("microsoft_sharepoint_installed.nbin", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include('smb_func.inc');
include('smb_hotfixes.inc');
include('smb_hotfixes_fcheck.inc');
include('smb_reg_query.inc');
include('install_func.inc');

get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');

bulletin = 'MS21-04';
app_name = 'Microsoft SharePoint Server';
kbs = make_list(
  '4504719',
  '4504723'
);

if (get_kb_item('Host/patch_management_checks'))
  hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);

get_kb_item_or_exit('SMB/Registry/Enumerated', exit_code:1);

# Get path information for Windows.
windir = hotfix_get_systemroot();
if (isnull(windir)) exit(1, 'Failed to determine the location of %windir%.');

paranoid_audit = FALSE;
registry_init();
install = get_single_install(app_name:app_name);
kb_checks =
{
  '2016':
  { '0':
    {'Server':
      [
        {
         'kb'           : '4504719',
         'path'         : hotfix_get_commonfilesdir(),
         'append'       : 'microsoft shared\\web server extensions\\16\\bin',
         'file'         : 'onetutil.dll',
         'version'      : '16.0.5149.1000',
         'product_name' : 'Microsoft SharePoint Enterprise Server 2016'
        },
        { #Language File Temporary deployment of old Language detection, to be replaced ASAP by new detection.
         'kb'           : '4504723',
         'path'         : hotfix_get_commonfilesdir(),
         'append'       : 'microsoft shared\\server16\\server setup controller',
         'file'         : 'wsssetup.dll',
         'version'      : '16.0.5149.1000',
         'product_name' : 'Microsoft SharePoint Enterprise Server 2016'
        }
      ]
    }
  }
};

# Get the specific product / path
param_list = kb_checks[install['Product']][install['SP']][install['Edition']];
# audit if not affected
if(isnull(param_list)) audit(AUDIT_HOST_NOT, 'affected');
port = kb_smb_transport();
# grab the path otherwise
foreach check (param_list)
{
  if (!isnull(check['version']))
  {
    path = check['path'];
    if (!empty_or_null(check['append']))
      path = hotfix_append_path(path:check['path'], value:check['append']);
    are_we_vuln = hotfix_check_fversion(
      file:check['file'],
      version:check['version'],
      path:path,
      kb:check['kb'],
      product:check['product_name']
    );
  }
  else
  {
    report = '\n';
    if (check['product_name'])
      report += '  Product : ' + check['product_name'] + '\n';
    if (check['kb'])
      report += '  KB : ' + check['kb'] + '\n';
    hotfix_add_report(report, kb:check['kb']);
  }

  if(are_we_vuln == HCF_OLDER) vuln = TRUE;

}
if (vuln)
{
  port = kb_smb_transport();
  replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_warning();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_INST_VER_NOT_VULN, app_name);
}
VendorProductVersion
microsoftsharepoint_server
Related for SMB_NT_MS21_APR_OFFICE_SHAREPOINT_2016.NASL