Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS21_DEC_5008282.NASL
HistoryDec 14, 2021 - 12:00 a.m.

KB5008282: Windows 7 and Windows Server 2008 R2 Security Update (December 2021)

2021-12-1400:00:00
This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
43
JSON

The remote Windows host is missing security update 5008282 or cumulative update 5008244. It is, therefore, affected by multiple vulnerabilities:

  • An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
    (CVE-2021-40441, CVE-2021-41333, CVE-2021-43207, CVE-2021-43226, CVE-2021-43229, CVE-2021-43230, CVE-2021-43238, CVE-2021-43245, CVE-2021-43883, CVE-2021-43893)

  • A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-43215, CVE-2021-43217, CVE-2021-43233, CVE-2021-43234)

  • An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-43216, CVE-2021-43222, CVE-2021-43224, CVE-2021-43236)

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(156069);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/08/30");

  script_cve_id(
    "CVE-2021-40441",
    "CVE-2021-41333",
    "CVE-2021-43207",
    "CVE-2021-43215",
    "CVE-2021-43216",
    "CVE-2021-43217",
    "CVE-2021-43222",
    "CVE-2021-43223",
    "CVE-2021-43224",
    "CVE-2021-43226",
    "CVE-2021-43229",
    "CVE-2021-43230",
    "CVE-2021-43233",
    "CVE-2021-43234",
    "CVE-2021-43236",
    "CVE-2021-43238",
    "CVE-2021-43245",
    "CVE-2021-43883",
    "CVE-2021-43893"
  );
  script_xref(name:"MSFT", value:"MS21-5008244");
  script_xref(name:"MSFT", value:"MS21-5008282");
  script_xref(name:"IAVA", value:"2021-A-0586-S");
  script_xref(name:"IAVA", value:"2021-A-0582-S");

  script_name(english:"KB5008282: Windows 7 and Windows Server 2008 R2 Security Update (December 2021)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host is missing security update 5008282
or cumulative update 5008244. It is, therefore, affected by
multiple vulnerabilities:

  - An elevation of privilege vulnerability. An attacker can
    exploit this to gain elevated privileges.
    (CVE-2021-40441, CVE-2021-41333, CVE-2021-43207,
    CVE-2021-43226, CVE-2021-43229, CVE-2021-43230,
    CVE-2021-43238, CVE-2021-43245, CVE-2021-43883,
    CVE-2021-43893)

  - A remote code execution vulnerability. An attacker can
    exploit this to bypass authentication and execute
    unauthorized arbitrary commands. (CVE-2021-43215,
    CVE-2021-43217, CVE-2021-43233, CVE-2021-43234)

  - An information disclosure vulnerability. An attacker can
    exploit this to disclose potentially sensitive
    information. (CVE-2021-43216, CVE-2021-43222,
    CVE-2021-43224, CVE-2021-43236)");
  script_set_attribute(attribute:"solution", value:
"Apply Security Only update KB5008282 or Cumulative Update KB5008244.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-43217");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/12/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/12/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/12/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include('smb_func.inc');
include('smb_hotfixes.inc');
include('smb_hotfixes_fcheck.inc');
include('smb_reg_query.inc');

get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');

bulletin = 'MS21-12';
kbs = make_list(
  '5008282',
  '5008244'
);

if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

if (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  smb_check_rollup(os:'6.1',
                   sp:1,
                   rollup_date:'12_2021',
                   bulletin:bulletin,
                   rollup_kb_list:[5008282, 5008244])
)
{
  replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows

References

Related

mskb 21
nessus 10
kaspersky 2
qualysblog 1
avleonov 1
attackerkb 4
thn 1
malwarebytes 1
threatpost 1
rapid7blog 6
prion 19
cve 19
cnvd 3
mscve 19
githubexploit 3
checkpoint_advisories 5
zdi 2
krebs 1
mskb
mskb
December 14, 2021—KB5008282 (Security-only update)
2021-12-14 08:00:00
December 14, 2021—KB5008274 (Monthly Rollup)
2021-12-14 08:00:00
December 14, 2021—KB5008271 (Security-only update)
2021-12-14 08:00:00
nessus
nessus
KB5008271: Windows Server 2008 Security Update (December 2021)
2021-12-14 00:00:00
KB5008255: Windows Server 2012 Security Update (December 2021)
2021-12-14 00:00:00
KB5008285: Windows 8.1 and Windows Server 2012 R2 Security Update (December 2021)
2021-12-14 00:00:00
kaspersky
kaspersky
KLA12388 Multiple vulnerabilities in Microsoft Products (ESU)
2021-12-14 00:00:00
KLA12387 Multiple vulnerabilities in Microsoft Windows
2021-12-14 00:00:00
qualysblog
qualysblog
Microsoft & Adobe Patch Tuesday (December 2021) – Microsoft 83 Vulnerabilities with 7 Critical, 1 Actively Exploited. Adobe 60 Vulnerabilities, 28 critical.
2021-12-14 22:08:33
avleonov
avleonov
Microsoft Patch Tuesday December 2021
2021-12-16 20:53:37
attackerkb
attackerkb
CVE-2021-43207
2021-12-15 00:00:00
CVE-2021-43226
2021-12-15 00:00:00
CVE-2021-36942
2021-08-12 00:00:00
thn
thn
Microsoft Issues Windows Update to Patch 0-Day Used to Spread Emotet Malware
2021-12-15 07:14:00
malwarebytes
malwarebytes
After Log4j, December’s Patch Tuesday has snuck up on us
2021-12-16 10:47:28
threatpost
threatpost
Actively Exploited Microsoft Zero-Day Allows App Spoofing, Malware Delivery
2021-12-14 22:21:35
rapid7blog
rapid7blog
Dropping Files on a Domain Controller Using CVE-2021-43893
2022-02-14 15:30:52
Cloud Pentesting, Pt. 1: Breaking Down the Basics
2022-03-21 14:32:42
Patch Tuesday - December 2021
2021-12-14 22:12:53
prion
prion
Information disclosure
2021-12-15 15:15:00
Privilege escalation
2021-12-15 15:15:00
Information disclosure
2021-12-15 15:15:00
cve
cve
CVE-2021-43230
2021-12-15 15:15:00
CVE-2021-43217
2021-12-15 15:15:00
CVE-2021-43245
2021-12-15 15:15:00
cnvd
cnvd
Microsoft Windows Fax Service Remote Code Execution Vulnerability (CNVD-2021-101714)
2021-12-19 00:00:00
Microsoft Windows Media Center Elevation of Privilege Vulnerability
2021-12-19 00:00:00
Microsoft Message Queuing Information Disclosure Vulnerability
2021-12-19 00:00:00
mscve
mscve
Windows Media Center Elevation of Privilege Vulnerability
2021-12-14 08:00:00
Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
2021-12-14 08:00:00
Windows Common Log File System Driver Information Disclosure Vulnerability
2021-12-14 08:00:00
githubexploit
githubexploit
Exploit for Vulnerability in Microsoft
2022-06-07 13:32:17
Exploit for Vulnerability in Microsoft
2021-12-21 01:51:41
Exploit for Vulnerability in Microsoft
2023-10-30 06:47:50
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Installer Elevation of Privilege (CVE-2021-43883)
2021-12-14 00:00:00
Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2021-43226)
2021-12-14 00:00:00
Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2021-43207)
2021-12-14 00:00:00
zdi
zdi
Microsoft Windows Remote Access Connection Manager Service Link Following Denial-of-Service Vulnerability
2022-01-06 00:00:00
Microsoft Windows Print Spooler Link Following Privilege Escalation Vulnerability
2021-12-21 00:00:00
krebs
krebs
Microsoft Patch Tuesday, December 2021 Edition
2021-12-14 22:23:44
JSON
Related for SMB_NT_MS21_DEC_5008282.NASL
mskb21nessus10kaspersky2qualysblog1avleonov1attackerkb4thn1malwarebytes1threatpost1rapid7blog6prion19cve19cnvd3mscve19githubexploit3checkpoint_advisories5zdi2krebs1