Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS21_MAR_5000847.NASL
HistoryMar 09, 2021 - 12:00 a.m.

KB5000840: Windows Server 2012 March 2021 Security Update

2021-03-0900:00:00
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
69
JSON

The remote Windows host is missing security update 5000840 or cumulative update 5000847. It is, therefore, affected by multiple vulnerabilities :

  • A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26877, CVE-2021-26881, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895, CVE-2021-26897)

  • An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107, CVE-2021-26869, CVE-2021-26884)

  • A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26886, CVE-2021-26896, CVE-2021-27063)

  • An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.
    (CVE-2021-26411)

  • An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
    (CVE-2021-1640, CVE-2021-26862, CVE-2021-26868, CVE-2021-26872, CVE-2021-26873, CVE-2021-26875, CVE-2021-26878, CVE-2021-26882, CVE-2021-26898, CVE-2021-26899, CVE-2021-26901)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
#

include('compat.inc');

if (description)
{
  script_id(147221);
  script_version("1.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/02/03");

  script_cve_id(
    "CVE-2021-1640",
    "CVE-2021-24107",
    "CVE-2021-26411",
    "CVE-2021-26861",
    "CVE-2021-26862",
    "CVE-2021-26868",
    "CVE-2021-26869",
    "CVE-2021-26872",
    "CVE-2021-26873",
    "CVE-2021-26875",
    "CVE-2021-26877",
    "CVE-2021-26878",
    "CVE-2021-26881",
    "CVE-2021-26882",
    "CVE-2021-26884",
    "CVE-2021-26886",
    "CVE-2021-26893",
    "CVE-2021-26894",
    "CVE-2021-26895",
    "CVE-2021-26896",
    "CVE-2021-26897",
    "CVE-2021-26898",
    "CVE-2021-26899",
    "CVE-2021-26901",
    "CVE-2021-27063"
  );
  script_xref(name:"MSKB", value:"5000847");
  script_xref(name:"MSKB", value:"5000840");
  script_xref(name:"MSFT", value:"MS21-5000847");
  script_xref(name:"MSFT", value:"MS21-5000840");
  script_xref(name:"IAVA", value:"2021-A-0130-S");
  script_xref(name:"IAVA", value:"2021-A-0134-S");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2021/11/17");
  script_xref(name:"CEA-ID", value:"CEA-2021-0015");

  script_name(english:"KB5000840: Windows Server 2012 March 2021 Security Update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host is missing security update 5000840
or cumulative update 5000847. It is, therefore, affected by
multiple vulnerabilities :

  - A remote code execution vulnerability. An attacker can
    exploit this to bypass authentication and execute
    unauthorized arbitrary commands. (CVE-2021-26861,
    CVE-2021-26877, CVE-2021-26881, CVE-2021-26893,
    CVE-2021-26894, CVE-2021-26895, CVE-2021-26897)

  - An information disclosure vulnerability. An attacker can
    exploit this to disclose potentially sensitive
    information. (CVE-2021-24107, CVE-2021-26869,
    CVE-2021-26884)

  - A denial of service (DoS) vulnerability. An attacker can
    exploit this issue to cause the affected component to
    deny system or application services. (CVE-2021-26886,
    CVE-2021-26896, CVE-2021-27063)

  - An memory corruption vulnerability exists. An attacker
    can exploit this to corrupt the memory and cause
    unexpected behaviors within the system/application.
    (CVE-2021-26411)

  - An elevation of privilege vulnerability. An attacker can
    exploit this to gain elevated privileges.
    (CVE-2021-1640, CVE-2021-26862, CVE-2021-26868,
    CVE-2021-26872, CVE-2021-26873, CVE-2021-26875,
    CVE-2021-26878, CVE-2021-26882, CVE-2021-26898,
    CVE-2021-26899, CVE-2021-26901)");
  # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000847-monthly-rollup-8afa2933-e9da-4481-a0bc-18deb314974e
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?df958afd");
  # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000840-security-only-update-a5261347-8a42-4727-a544-bd66fb3d4d70
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2561ac2c");
  script_set_attribute(attribute:"solution", value:
"Apply Security Only update KB5000840 or Cumulative Update KB5000847.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-26897");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/03/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/03/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/03/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include('smb_func.inc');
include('smb_hotfixes.inc');
include('smb_hotfixes_fcheck.inc');
include('smb_reg_query.inc');

get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');

bulletin = 'MS21-03';
kbs = make_list(
  '5000847',
  '5000840'
);

if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

if (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

# Windows 8 EOL
productname = get_kb_item_or_exit("SMB/ProductName", exit_code:1);
if ("Windows 8" >< productname) audit(AUDIT_OS_SP_NOT_VULN);

share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  smb_check_rollup(os:'6.2', 
                   sp:0,
                   rollup_date:'03_2021',
                   bulletin:bulletin,
                   rollup_kb_list:[5000847, 5000840])
)
{
  replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows

References

Related

nessus 10
mskb 16
kaspersky 3
trellix 2
attackerkb 5
prion 25
cve 25
mscve 25
zdi 4
checkpoint_advisories 4
githubexploit 1
krebs 1
malwarebytes 1
thn 9
cisa_kev 1
rapid7blog 1
qualysblog 3
threatpost 3
securelist 3
avleonov 1
googleprojectzero 1
nessus
nessus
KB5000851: Windows 7 and Windows Server 2008 R2 March 2021 Security Update
2021-03-09 00:00:00
KB5000856: Windows Server 2008 March 2021 Security Update
2021-03-09 00:00:00
KB5000853: Windows 8.1 and Windows Server 2012 R2 March 2021 Security Update
2021-03-09 00:00:00
mskb
mskb
March 9, 2021โ€”KB5000856 (Security-only update)
2021-03-09 08:00:00
March 9, 2021โ€”KB5000847 (Monthly Rollup)
2021-03-09 08:00:00
March 9, 2021โ€”KB5000841 (Monthly Rollup)
2021-03-09 08:00:00
kaspersky
kaspersky
KLA12112 Multiple vulnerabilities in Microsoft Products (ESU)
2021-03-09 00:00:00
KLA12111 Multiple vulnerabilities in Microsoft Windows
2021-03-09 00:00:00
KLA12108 Multiple vulnerabilities in Microsoft Browser
2021-03-09 00:00:00
trellix
trellix
Seven Windows Wonders โ€“ Critical Vulnerabilities in DNS Dynamic Updates
2021-03-09 00:00:00
Seven Windows Wonders โ€“ Critical Vulnerabilities in DNS Dynamic Updates
2021-03-09 00:00:00
attackerkb
attackerkb
CVE-2021-26897
2021-03-11 00:00:00
CVE-2021-26899
2021-03-11 00:00:00
CVE-2021-26868
2021-03-11 00:00:00
prion
prion
Remote code execution
2021-03-11 16:15:00
Denial of service
2021-03-11 16:15:00
Remote code execution
2021-03-11 16:15:00
cve
cve
CVE-2021-26894
2021-03-11 16:15:00
CVE-2021-27063
2021-03-11 16:15:00
CVE-2021-26896
2021-03-11 16:15:00
mscve
mscve
Windows DNS Server Remote Code Execution Vulnerability
2021-03-09 08:00:00
Microsoft Windows Media Foundation Remote Code Execution Vulnerability
2021-03-09 08:00:00
Windows Graphics Component Elevation of Privilege Vulnerability
2021-03-09 08:00:00
zdi
zdi
Microsoft Windows Installer Service Directory Junction Privilege Escalation Vulnerability
2021-03-15 00:00:00
Microsoft Windows User Profile Service Directory Junction Privilege Escalation Vulnerability
2021-03-15 00:00:00
Microsoft Windows User Profile Service Directory Junction Denial-of-Service Vulnerability
2021-03-17 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows DNS Server Remote Code Execution (CVE-2021-26897)
2021-03-09 00:00:00
Microsoft Internet Explorer Memory Corruption (CVE-2021-26411)
2021-03-09 00:00:00
Microsoft Windows Graphics Component Elevation of Privilege (CVE-2021-26868)
2021-03-09 00:00:00
githubexploit
githubexploit
Exploit for Vulnerability in Microsoft
2021-03-11 21:13:51
krebs
krebs
Microsoft Patch Tuesday, March 2021 Edition
2021-03-10 01:42:39
malwarebytes
malwarebytes
Crimea โ€œmanifestoโ€ deploys VBA Rat using double attack vectors
2021-07-29 15:00:00
thn
thn
Sophisticated MATA Framework Strikes Eastern European Oil and Gas Companies
2023-10-19 13:47:00
New RIG Exploit Kit Campaign Infecting Victims' PCs with RedLine Stealer
2022-04-28 08:20:00
Hackers Exploit Microsoft Browser Bug to Deploy VBA Malware on Targeted PCs
2021-07-29 15:18:00
cisa_kev
cisa_kev
Microsoft Internet Explorer Memory Corruption Vulnerability
2021-11-03 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - March 2021
2021-03-09 22:13:03
qualysblog
qualysblog
March 2021 Patch Tuesday โ€“ 82 Vulnerabilities, 10 Critical, Adobe
2021-03-09 21:33:26
Qualys Response to CISA Alert: Binding Operational Directive 22-01
2021-11-09 06:15:01
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00
threatpost
threatpost
InkySquid State Actor Exploiting Known IE Bugs
2021-08-19 20:19:04
Microsoft Patch Tuesday Updates Fix 14 Critical Bugs
2021-03-09 22:12:56
Safari Zero-Day Used in Malicious LinkedIn Campaign
2021-07-15 11:04:49
securelist
securelist
Updated MATA attacks industrial companies in Eastern Europe
2023-10-18 10:00:51
IT threat evolution in Q3 2021. PC statistics
2021-11-26 12:00:36
IT threat evolution Q1 2021. Non-mobile statistics
2021-05-31 10:00:05
avleonov
avleonov
Vulristics: Microsoft Patch Tuesdays Q1 2021
2021-03-26 02:47:52
googleprojectzero
googleprojectzero
The More You Know, The More You Know You Donโ€™t Know
2022-04-19 00:00:00
JSON
Related for SMB_NT_MS21_MAR_5000847.NASL
nessus10mskb16kaspersky3trellix2attackerkb5prion25cve25mscve25zdi4checkpoint_advisories4githubexploit1krebs1malwarebytes1thn9cisa_kev1rapid7blog1qualysblog3threatpost3securelist3avleonov1googleprojectzero1