Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS21_FEB_4601345.NASL
HistoryFeb 09, 2021 - 12:00 a.m.

KB4601345: Windows 10 Version 1809 and Windows Server 2019 February 2021 Security Update

2021-02-0900:00:00
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
176
JSON

The remote Windows host is missing security update 4601345.
It is, therefore, affected by multiple vulnerabilities :

  • An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-1734, CVE-2021-24076, CVE-2021-24079, CVE-2021-24084, CVE-2021-24106)

  • A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-24080, CVE-2021-24086, CVE-2021-24098)

  • A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-1722, CVE-2021-24074, CVE-2021-24077, CVE-2021-24078, CVE-2021-24081, CVE-2021-24083, CVE-2021-24088, CVE-2021-24091, CVE-2021-24093, CVE-2021-24094)

  • An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
    (CVE-2021-1698, CVE-2021-1727, CVE-2021-1732, CVE-2021-24096, CVE-2021-24102, CVE-2021-24103, CVE-2021-25195)

  • A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application. (CVE-2021-1731, CVE-2021-24082)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
#

include('compat.inc');

if (description)
{
  script_id(146337);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/01/20");

  script_cve_id(
    "CVE-2021-1698",
    "CVE-2021-1722",
    "CVE-2021-1727",
    "CVE-2021-1731",
    "CVE-2021-1732",
    "CVE-2021-1734",
    "CVE-2021-24074",
    "CVE-2021-24076",
    "CVE-2021-24077",
    "CVE-2021-24078",
    "CVE-2021-24079",
    "CVE-2021-24080",
    "CVE-2021-24081",
    "CVE-2021-24082",
    "CVE-2021-24083",
    "CVE-2021-24084",
    "CVE-2021-24086",
    "CVE-2021-24088",
    "CVE-2021-24091",
    "CVE-2021-24093",
    "CVE-2021-24094",
    "CVE-2021-24096",
    "CVE-2021-24098",
    "CVE-2021-24102",
    "CVE-2021-24103",
    "CVE-2021-24106",
    "CVE-2021-25195"
  );
  script_xref(name:"MSKB", value:"4601345");
  script_xref(name:"MSFT", value:"MS21-4601345");
  script_xref(name:"IAVA", value:"2021-A-0072-S");
  script_xref(name:"IAVA", value:"2021-A-0093-S");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2021/11/17");

  script_name(english:"KB4601345: Windows 10 Version 1809 and Windows Server 2019 February 2021 Security Update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host is missing security update 4601345.
It is, therefore, affected by multiple vulnerabilities :

  - An information disclosure vulnerability. An attacker can
    exploit this to disclose potentially sensitive
    information. (CVE-2021-1734, CVE-2021-24076,
    CVE-2021-24079, CVE-2021-24084, CVE-2021-24106)

  - A denial of service (DoS) vulnerability. An attacker can
    exploit this issue to cause the affected component to
    deny system or application services. (CVE-2021-24080,
    CVE-2021-24086, CVE-2021-24098)

  - A remote code execution vulnerability. An attacker can
    exploit this to bypass authentication and execute
    unauthorized arbitrary commands. (CVE-2021-1722,
    CVE-2021-24074, CVE-2021-24077, CVE-2021-24078,
    CVE-2021-24081, CVE-2021-24083, CVE-2021-24088,
    CVE-2021-24091, CVE-2021-24093, CVE-2021-24094)

  - An elevation of privilege vulnerability. An attacker can
    exploit this to gain elevated privileges.
    (CVE-2021-1698, CVE-2021-1727, CVE-2021-1732,
    CVE-2021-24096, CVE-2021-24102, CVE-2021-24103,
    CVE-2021-25195)

  - A security feature bypass vulnerability exists. An
    attacker can exploit this and bypass the security
    feature and perform unauthorized actions compromising
    the integrity of the system/application. (CVE-2021-1731,
    CVE-2021-24082)");
  # https://support.microsoft.com/en-us/office/february-9-2021%e2%80%94kb4601345-os-build-17763-1757-c38b7b85-0d84-d979-1a29-e4ba97b82042?ui=en-US&rs=en-US&ad=US
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a0231130");
  script_set_attribute(attribute:"solution", value:
"Apply Cumulative Update KB4601345.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-24094");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Win32k ConsoleControl Offset Confusion');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/02/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/02/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/02/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include('audit.inc');
include('smb_hotfixes_fcheck.inc');
include('smb_hotfixes.inc');
include('smb_func.inc');
include('misc_func.inc');

get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');

bulletin = 'MS21-02';
kbs = make_list('4601345');

if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  smb_check_rollup(os:'10',
                   sp:0,
                   os_build:'17763',
                   rollup_date:'02_2021',
                   bulletin:bulletin,
                   rollup_kb_list:[4601345])
)
{
  replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows

References

Related

nessus 9
kaspersky 2
mskb 17
threatpost 6
qualysblog 3
msrc 4
trellix 2
attackerkb 8
mscve 27
thn 7
githubexploit 16
rapid7blog 4
malwarebytes 2
hivepro 2
cve 27
prion 27
zdi 4
cnvd 2
krebs 1
checkpoint_advisories 3
seebug 2
trendmicroblog 2
cisa 1
cisa_kev 1
securelist 7
avleonov 1
packetstorm 2
googleprojectzero 3
metasploit 1
zdt 1
wallarmlab 1
nessus
nessus
KB4601315: Windows 10 Version 1909 February 2021 Security Update
2021-02-09 00:00:00
KB4601319: Windows 10 version 2004 Feb 2021 Security Update
2021-02-09 00:00:00
KB4601331: Windows 10 February 2021 Security Update
2021-02-09 00:00:00
kaspersky
kaspersky
KLA12071 Multiple vulnerabilities in Microsoft Windows
2021-02-09 00:00:00
KLA12075 Multiple vulnerabilities in Microsoft Products (ESU)
2021-02-09 00:00:00
mskb
mskb
February 9, 2021—KB4601331 (OS Build 10240.18842) - EXPIRED
2021-02-09 08:00:00
February 9, 2021—KB4601319 (OS Builds 19041.804 and 19042.804)
2021-02-09 08:00:00
February 9, 2021—KB4601345 (OS Build 17763.1757) - EXPIRED
2021-02-09 08:00:00
threatpost
threatpost
Actively Exploited Windows Kernel Bug Allows Takeover
2021-02-09 22:33:08
Microsoft Pulls Bad Windows Update After Patch Issue
2021-02-16 16:47:36
Attackers Actively Target Windows Installer Zero-Day
2021-11-24 14:09:18
qualysblog
qualysblog
February 2021 Patch Tuesday – 56 Vulnerabilities, 11 Critical, Adobe
2021-02-09 20:22:38
Qualys Response to CISA Alert: Binding Operational Directive 22-01
2021-11-09 06:15:01
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00
msrc
msrc
TCP/IP に影響を与える脆弱性情報に関する注意喚起
2021-02-11 08:00:00
Multiple Security Updates Affecting TCP/IP:  CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086
2021-02-09 08:00:00
Multiple Security Updates Affecting TCP/IP:  CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086
2021-02-09 18:10:59
trellix
trellix
Researchers Follow the Breadcrumbs: The Latest Vulnerabilities in Windows' Network Stack | McAfee Blogs
2021-02-09 00:00:00
Researchers Follow the Breadcrumbs: The Latest Vulnerabilities in Windows' Network Stack | McAfee Blogs
2021-02-09 00:00:00
attackerkb
attackerkb
CVE-2021-24094
2021-02-25 00:00:00
CVE-2021-24074
2021-02-25 00:00:00
CVE-2021-1732
2021-02-25 00:00:00
mscve
mscve
Windows TCP/IP Remote Code Execution Vulnerability
2021-02-09 08:00:00
Windows TCP/IP Denial of Service Vulnerability
2021-02-09 08:00:00
Windows TCP/IP Remote Code Execution Vulnerability
2021-02-09 08:00:00
thn
thn
Microsoft Issues Patches for In-the-Wild 0-day and 55 Others Windows Bugs
2021-02-10 04:44:00
Unpatched Unauthorized File Read Vulnerability Affects Microsoft Windows OS
2021-11-30 09:11:00
CISA Orders Federal Agencies to Patch Actively Exploited Windows Vulnerability
2022-02-07 05:03:00
githubexploit
githubexploit
Exploit for Vulnerability in Microsoft
2021-04-07 11:10:40
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft
2021-11-27 00:37:07
Exploit for Vulnerability in Microsoft
2021-11-25 04:56:33
rapid7blog
rapid7blog
Patch Tuesday - February 2021
2021-02-09 23:51:27
Popular Attack Surfaces, August 2021: What You Need to Know
2021-08-12 17:13:25
Metasploit Wrap-Up
2021-03-26 17:36:13
malwarebytes
malwarebytes
Big Patch Tuesday: Microsoft and Adobe fix in-the-wild exploits
2021-02-10 17:26:33
Apply those updates now: CVE bypass offers up admin privileges for Windows 10
2022-02-01 11:07:29
hivepro
hivepro
Microsoft could not patch this vulnerability yet again
2021-12-01 04:26:33
Vulnerabilities & Threats that Matter 08 – 14th Aug
2022-08-16 05:00:49
cve
cve
CVE-2021-24096
2021-02-25 23:15:00
CVE-2021-24084
2021-02-25 23:15:00
CVE-2021-24083
2021-02-25 23:15:00
prion
prion
Information disclosure
2021-02-25 23:15:00
Remote code execution
2021-02-25 23:15:00
Remote code execution
2021-02-25 23:15:00
zdi
zdi
Microsoft Windows Camera Codec Pack Image Processing Out-Of-Bounds Write Remote Code Execution Vulnerability
2021-02-10 00:00:00
Microsoft Windows Device Management Enrollment Service Directory Junction Information Disclosure Vulnerability
2021-02-10 00:00:00
Microsoft Windows wab32 WAB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
2021-02-10 00:00:00
cnvd
cnvd
Microsoft Windows/Windows Server Remote Code Execution Vulnerability (CNVD-2021-62486)
2021-02-26 00:00:00
Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66102)
2021-02-26 00:00:00
krebs
krebs
Microsoft Patch Tuesday, February 2021 Edition
2021-02-09 22:37:19
checkpoint_advisories
checkpoint_advisories
Microsoft Windows DNS Server Remote Code Execution (CVE-2021-24078)
2021-02-09 00:00:00
Microsoft Windows Win32k Elevation of Privilege (CVE-2021-1698)
2021-02-09 00:00:00
Microsoft Win32k Elevation of Privilege (CVE-2021-1732)
2021-02-09 00:00:00
seebug
seebug
Windows TCP/IP 拒绝服务漏洞(CVE-2021-24086)
2021-04-08 00:00:00
Microsoft Windows本地提权漏洞(CVE-2021-1732)
2021-03-26 00:00:00
trendmicroblog
trendmicroblog
PurpleFox Adds New Backdoor That Uses WebSockets
2021-10-19 00:00:00
PurpleFox Adds New Backdoor That Uses WebSockets
2021-10-19 00:00:00
cisa
cisa
Microsoft Warns of Windows Win32k Privilege Escalation
2021-02-09 00:00:00
cisa_kev
cisa_kev
Microsoft Win32k Privilege Escalation Vulnerability
2021-11-03 00:00:00
securelist
securelist
APT trends report Q1 2021
2021-04-27 10:00:26
Kaspersky Security Bulletin 2020-2021. EU statistics
2021-05-26 10:00:32
IT threat evolution Q1 2021. Non-mobile statistics
2021-05-31 10:00:05
avleonov
avleonov
Vulristics: Microsoft Patch Tuesdays Q1 2021
2021-03-26 02:47:52
packetstorm
packetstorm
Win32k ConsoleControl Offset Confusion
2021-03-19 00:00:00
Win32k ConsoleControl Offset Confusion / Privilege Escalation
2022-02-28 00:00:00
googleprojectzero
googleprojectzero
Who Contains the Containers?
2021-04-01 00:00:00
2022 0-day In-the-Wild Exploitation…so far
2022-06-30 00:00:00
The More You Know, The More You Know You Don’t Know
2022-04-19 00:00:00
metasploit
metasploit
Win32k ConsoleControl Offset Confusion
2022-02-18 20:23:38
zdt
zdt
Win32k ConsoleControl Offset Confusion / Privilege Escalation Exploit
2022-02-28 00:00:00
wallarmlab
wallarmlab
Weekly exploit digest – March, 15-21 – VMware View Planner, Win32k ConsoleControl, Microsoft Windows Containers DP API
2021-03-21 13:09:00
JSON
Related for SMB_NT_MS21_FEB_4601345.NASL
nessus9kaspersky2mskb17threatpost6qualysblog3msrc4trellix2attackerkb8mscve27thn7githubexploit16rapid7blog4malwarebytes2hivepro2cve27prion27zdi4cnvd2krebs1checkpoint_advisories3seebug2trendmicroblog2cisa1cisa_kev1securelist7avleonov1packetstorm2googleprojectzero3metasploit1zdt1wallarmlab1