Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS21_DEC_5008271.NASL
HistoryDec 14, 2021 - 12:00 a.m.

KB5008271: Windows Server 2008 Security Update (December 2021)

2021-12-1400:00:00
This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
29
JSON

The remote Windows host is missing security update 5008271 or cumulative update 5008274. It is, therefore, affected by multiple vulnerabilities:

  • An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
    (CVE-2021-41333, CVE-2021-43207, CVE-2021-43226, CVE-2021-43229, CVE-2021-43230, CVE-2021-43238, CVE-2021-43883, CVE-2021-43893)

  • An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-43216, CVE-2021-43222, CVE-2021-43224, CVE-2021-43236)

  • A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-43215, CVE-2021-43217, CVE-2021-43234)

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(156067);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/01/14");

  script_cve_id(
    "CVE-2021-41333",
    "CVE-2021-43207",
    "CVE-2021-43215",
    "CVE-2021-43216",
    "CVE-2021-43217",
    "CVE-2021-43222",
    "CVE-2021-43224",
    "CVE-2021-43226",
    "CVE-2021-43229",
    "CVE-2021-43230",
    "CVE-2021-43234",
    "CVE-2021-43236",
    "CVE-2021-43238",
    "CVE-2021-43883",
    "CVE-2021-43893"
  );
  script_xref(name:"MSKB", value:"5008271");
  script_xref(name:"MSKB", value:"5008274");
  script_xref(name:"MSFT", value:"MS21-5008271");
  script_xref(name:"MSFT", value:"MS21-5008274");
  script_xref(name:"IAVA", value:"2021-A-0586-S");
  script_xref(name:"IAVA", value:"2021-A-0582-S");

  script_name(english:"KB5008271: Windows Server 2008 Security Update (December 2021)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host is missing security update 5008271
or cumulative update 5008274. It is, therefore, affected by
multiple vulnerabilities:

  - An elevation of privilege vulnerability. An attacker can
    exploit this to gain elevated privileges.
    (CVE-2021-41333, CVE-2021-43207, CVE-2021-43226,
    CVE-2021-43229, CVE-2021-43230, CVE-2021-43238,
    CVE-2021-43883, CVE-2021-43893)

  - An information disclosure vulnerability. An attacker can
    exploit this to disclose potentially sensitive
    information. (CVE-2021-43216, CVE-2021-43222,
    CVE-2021-43224, CVE-2021-43236)

  - A remote code execution vulnerability. An attacker can
    exploit this to bypass authentication and execute
    unauthorized arbitrary commands. (CVE-2021-43215,
    CVE-2021-43217, CVE-2021-43234)");
  script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/5008271");
  script_set_attribute(attribute:"solution", value:
"Apply Security Only update KB5008271 or Cumulative Update KB5008274.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-43217");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/12/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/12/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/12/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include('smb_hotfixes_fcheck.inc');
include('smb_hotfixes.inc');
include('smb_func.inc');

get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');

bulletin = "MS21-12";
kbs = make_list('5008271', '5008274');

if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

if (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  smb_check_rollup(os:"6.0",
                   sp:2,
                   rollup_date:'12_2021',
                   bulletin:bulletin,
                   rollup_kb_list:[5008271,5008274])
                   
)
{
  replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows

References

Related

mskb 15
nessus 10
kaspersky 2
attackerkb 4
malwarebytes 1
qualysblog 1
avleonov 1
thn 1
rapid7blog 6
prion 15
cve 15
cnvd 2
checkpoint_advisories 4
mscve 15
githubexploit 3
zdi 2
threatpost 1
krebs 1
mskb
mskb
December 14, 2021—KB5008271 (Security-only update)
2021-12-14 08:00:00
December 14, 2021—KB5008274 (Monthly Rollup)
2021-12-14 08:00:00
December 14, 2021—KB5008282 (Security-only update)
2021-12-14 08:00:00
nessus
nessus
KB5008282: Windows 7 and Windows Server 2008 R2 Security Update (December 2021)
2021-12-14 00:00:00
KB5008285: Windows 8.1 and Windows Server 2012 R2 Security Update (December 2021)
2021-12-14 00:00:00
KB5008230: Windows 10 version 1507 Security Update (December 2021)
2021-12-14 00:00:00
kaspersky
kaspersky
KLA12388 Multiple vulnerabilities in Microsoft Products (ESU)
2021-12-14 00:00:00
KLA12387 Multiple vulnerabilities in Microsoft Windows
2021-12-14 00:00:00
attackerkb
attackerkb
CVE-2021-43207
2021-12-15 00:00:00
CVE-2021-43226
2021-12-15 00:00:00
CVE-2021-36942
2021-08-12 00:00:00
malwarebytes
malwarebytes
After Log4j, December’s Patch Tuesday has snuck up on us
2021-12-16 10:47:28
qualysblog
qualysblog
Microsoft & Adobe Patch Tuesday (December 2021) – Microsoft 83 Vulnerabilities with 7 Critical, 1 Actively Exploited. Adobe 60 Vulnerabilities, 28 critical.
2021-12-14 22:08:33
avleonov
avleonov
Microsoft Patch Tuesday December 2021
2021-12-16 20:53:37
thn
thn
Microsoft Issues Windows Update to Patch 0-Day Used to Spread Emotet Malware
2021-12-15 07:14:00
rapid7blog
rapid7blog
Dropping Files on a Domain Controller Using CVE-2021-43893
2022-02-14 15:30:52
Cloud Pentesting, Pt. 1: Breaking Down the Basics
2022-03-21 14:32:42
InsightVM Scan Engine: Understanding MAC Address Discovery
2022-03-07 16:53:44
prion
prion
Information disclosure
2021-12-15 15:15:00
Information disclosure
2021-12-15 15:15:00
Privilege escalation
2021-12-15 15:15:00
cve
cve
CVE-2021-43230
2021-12-15 15:15:00
CVE-2021-43217
2021-12-15 15:15:00
CVE-2021-43216
2021-12-15 15:15:00
cnvd
cnvd
Microsoft Windows Fax Service Remote Code Execution Vulnerability (CNVD-2021-101714)
2021-12-19 00:00:00
Microsoft Message Queuing Information Disclosure Vulnerability
2021-12-19 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Installer Elevation of Privilege (CVE-2021-43883)
2021-12-14 00:00:00
Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2021-43226)
2021-12-14 00:00:00
Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2021-43207)
2021-12-14 00:00:00
mscve
mscve
Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
2021-12-14 08:00:00
Windows Encrypting File System (EFS) Remote Code Execution Vulnerability
2021-12-14 08:00:00
Microsoft Message Queuing Information Disclosure Vulnerability
2021-12-14 08:00:00
githubexploit
githubexploit
Exploit for Vulnerability in Microsoft
2022-06-07 13:32:17
Exploit for Vulnerability in Microsoft
2021-12-21 01:51:41
Exploit for Vulnerability in Microsoft
2023-10-30 06:47:50
zdi
zdi
Microsoft Windows Remote Access Connection Manager Service Link Following Denial-of-Service Vulnerability
2022-01-06 00:00:00
Microsoft Windows Print Spooler Link Following Privilege Escalation Vulnerability
2021-12-21 00:00:00
threatpost
threatpost
Actively Exploited Microsoft Zero-Day Allows App Spoofing, Malware Delivery
2021-12-14 22:21:35
krebs
krebs
Microsoft Patch Tuesday, December 2021 Edition
2021-12-14 22:23:44
JSON
Related for SMB_NT_MS21_DEC_5008271.NASL
mskb15nessus10kaspersky2attackerkb4malwarebytes1qualysblog1avleonov1thn1rapid7blog6prion15cve15cnvd2checkpoint_advisories4mscve15githubexploit3zdi2threatpost1krebs1