Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS21_MAR_5000848.NASL
HistoryMar 09, 2021 - 12:00 a.m.

KB5000853: Windows 8.1 and Windows Server 2012 R2 March 2021 Security Update

2021-03-0900:00:00
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
JSON

The remote Windows host is missing security update 5000853 or cumulative update 5000848. It is, therefore, affected by multiple vulnerabilities :

  • A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26877, CVE-2021-26881, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895, CVE-2021-26897)

  • An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
    (CVE-2021-1640, CVE-2021-26862, CVE-2021-26868, CVE-2021-26872, CVE-2021-26873, CVE-2021-26875, CVE-2021-26878, CVE-2021-26882, CVE-2021-26898, CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)

  • A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26879, CVE-2021-26886, CVE-2021-26896, CVE-2021-27063)

  • An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107, CVE-2021-26869, CVE-2021-26884)

  • An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.
    (CVE-2021-26411)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
#

include('compat.inc');

if (description)
{
  script_id(147229);
  script_version("1.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/02/03");

  script_cve_id(
    "CVE-2021-1640",
    "CVE-2021-24107",
    "CVE-2021-26411",
    "CVE-2021-26861",
    "CVE-2021-26862",
    "CVE-2021-26868",
    "CVE-2021-26869",
    "CVE-2021-26872",
    "CVE-2021-26873",
    "CVE-2021-26875",
    "CVE-2021-26877",
    "CVE-2021-26878",
    "CVE-2021-26879",
    "CVE-2021-26881",
    "CVE-2021-26882",
    "CVE-2021-26884",
    "CVE-2021-26886",
    "CVE-2021-26893",
    "CVE-2021-26894",
    "CVE-2021-26895",
    "CVE-2021-26896",
    "CVE-2021-26897",
    "CVE-2021-26898",
    "CVE-2021-26899",
    "CVE-2021-26901",
    "CVE-2021-27063",
    "CVE-2021-27077"
  );
  script_xref(name:"MSKB", value:"5000848");
  script_xref(name:"MSKB", value:"5000853");
  script_xref(name:"MSFT", value:"MS21-5000848");
  script_xref(name:"MSFT", value:"MS21-5000853");
  script_xref(name:"IAVA", value:"2021-A-0130-S");
  script_xref(name:"IAVA", value:"2021-A-0134-S");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2021/11/17");
  script_xref(name:"CEA-ID", value:"CEA-2021-0015");

  script_name(english:"KB5000853: Windows 8.1 and Windows Server 2012 R2 March 2021 Security Update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host is missing security update 5000853
or cumulative update 5000848. It is, therefore, affected by
multiple vulnerabilities :

  - A remote code execution vulnerability. An attacker can
    exploit this to bypass authentication and execute
    unauthorized arbitrary commands. (CVE-2021-26861,
    CVE-2021-26877, CVE-2021-26881, CVE-2021-26893,
    CVE-2021-26894, CVE-2021-26895, CVE-2021-26897)

  - An elevation of privilege vulnerability. An attacker can
    exploit this to gain elevated privileges.
    (CVE-2021-1640, CVE-2021-26862, CVE-2021-26868,
    CVE-2021-26872, CVE-2021-26873, CVE-2021-26875,
    CVE-2021-26878, CVE-2021-26882, CVE-2021-26898,
    CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)

  - A denial of service (DoS) vulnerability. An attacker can
    exploit this issue to cause the affected component to
    deny system or application services. (CVE-2021-26879,
    CVE-2021-26886, CVE-2021-26896, CVE-2021-27063)

  - An information disclosure vulnerability. An attacker can
    exploit this to disclose potentially sensitive
    information. (CVE-2021-24107, CVE-2021-26869,
    CVE-2021-26884)

  - An memory corruption vulnerability exists. An attacker
    can exploit this to corrupt the memory and cause
    unexpected behaviors within the system/application.
    (CVE-2021-26411)");
  # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000853-security-only-update-8dac9fb9-dbc9-4484-8e56-df5492d20808
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?be16b68e");
  # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000848-monthly-rollup-52f23db9-e1b0-4829-81b9-198fc82891a3
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5ff1e9b3");
  script_set_attribute(attribute:"solution", value:
"Apply Security Only update KB5000853 or Cumulative Update KB5000848.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-26897");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/03/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/03/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/03/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include('smb_func.inc');
include('smb_hotfixes.inc');
include('smb_hotfixes_fcheck.inc');
include('smb_reg_query.inc');

get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');

bulletin = 'MS21-03';
kbs = make_list(
  '5000848',
  '5000853'
);

if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

if (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

# Windows 8 EOL
productname = get_kb_item_or_exit("SMB/ProductName", exit_code:1);
if ("Windows 8" >< productname && "8.1" >!< productname)
  audit(AUDIT_OS_SP_NOT_VULN);

share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  smb_check_rollup(os:'6.3', 
                   sp:0,
                   rollup_date:'03_2021',
                   bulletin:bulletin,
                   rollup_kb_list:[5000848, 5000853])
)
{
  replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows

References

Related

nessus 10
openvas 3
mskb 16
kaspersky 3
trellix 2
attackerkb 5
prion 27
cve 27
mscve 27
threatpost 3
checkpoint_advisories 4
zdi 15
rapid7blog 1
krebs 1
githubexploit 1
thn 9
malwarebytes 1
cisa_kev 1
qualysblog 3
securelist 3
avleonov 1
googleprojectzero 1
nessus
nessus
KB5000840: Windows Server 2012 March 2021 Security Update
2021-03-09 00:00:00
KB5000851: Windows 7 and Windows Server 2008 R2 March 2021 Security Update
2021-03-09 00:00:00
KB5000856: Windows Server 2008 March 2021 Security Update
2021-03-09 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5000847)
2021-03-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5000807)
2021-03-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5000802)
2021-03-10 00:00:00
mskb
mskb
March 9, 2021—KB5000848 (Monthly Rollup)
2021-03-09 08:00:00
March 9, 2021—KB5000844 (Monthly Rollup)
2021-03-09 08:00:00
March 9, 2021—KB5000851 (Security-only update)
2021-03-09 08:00:00
kaspersky
kaspersky
KLA12112 Multiple vulnerabilities in Microsoft Products (ESU)
2021-03-09 00:00:00
KLA12111 Multiple vulnerabilities in Microsoft Windows
2021-03-09 00:00:00
KLA12108 Multiple vulnerabilities in Microsoft Browser
2021-03-09 00:00:00
trellix
trellix
Seven Windows Wonders – Critical Vulnerabilities in DNS Dynamic Updates
2021-03-09 00:00:00
Seven Windows Wonders – Critical Vulnerabilities in DNS Dynamic Updates
2021-03-09 00:00:00
attackerkb
attackerkb
CVE-2021-26897
2021-03-11 00:00:00
CVE-2021-27077
2021-03-11 00:00:00
CVE-2021-26868
2021-03-11 00:00:00
prion
prion
Remote code execution
2021-03-11 16:15:00
Denial of service
2021-03-11 16:15:00
Privilege escalation
2021-03-11 16:15:00
cve
cve
CVE-2021-26894
2021-03-11 16:15:00
CVE-2021-27063
2021-03-11 16:15:00
CVE-2021-26896
2021-03-11 16:15:00
mscve
mscve
Windows DNS Server Denial of Service Vulnerability
2021-03-09 08:00:00
Windows User Profile Service Elevation of Privilege Vulnerability
2021-03-09 08:00:00
Remote Access API Elevation of Privilege Vulnerability
2021-03-09 08:00:00
threatpost
threatpost
Microsoft Patch Tuesday Updates Fix 14 Critical Bugs
2021-03-09 22:12:56
InkySquid State Actor Exploiting Known IE Bugs
2021-08-19 20:19:04
Safari Zero-Day Used in Malicious LinkedIn Campaign
2021-07-15 11:04:49
checkpoint_advisories
checkpoint_advisories
Microsoft Windows DNS Server Remote Code Execution (CVE-2021-26897)
2021-03-09 00:00:00
Microsoft Windows DNS Server Remote Code Execution (CVE-2021-26877)
2021-03-09 00:00:00
Microsoft Windows Graphics Component Elevation of Privilege (CVE-2021-26868)
2021-03-09 00:00:00
zdi
zdi
Microsoft Windows Installer Service Directory Junction Privilege Escalation Vulnerability
2021-03-15 00:00:00
Microsoft Windows win32kfull MulTransparentBlt Untrusted Pointer Dereference Privilege Escalation Vulnerability
2021-04-29 00:00:00
Microsoft Windows win32kfull MulAlphaBlend Untrusted Pointer Dereference Privilege Escalation Vulnerability
2021-04-29 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - March 2021
2021-03-09 22:13:03
krebs
krebs
Microsoft Patch Tuesday, March 2021 Edition
2021-03-10 01:42:39
githubexploit
githubexploit
Exploit for Vulnerability in Microsoft
2021-03-11 21:13:51
thn
thn
New RIG Exploit Kit Campaign Infecting Victims' PCs with RedLine Stealer
2022-04-28 08:20:00
Sophisticated MATA Framework Strikes Eastern European Oil and Gas Companies
2023-10-19 13:47:00
Hackers Exploit Microsoft Browser Bug to Deploy VBA Malware on Targeted PCs
2021-07-29 15:18:00
malwarebytes
malwarebytes
Crimea “manifesto” deploys VBA Rat using double attack vectors
2021-07-29 15:00:00
cisa_kev
cisa_kev
Microsoft Internet Explorer Memory Corruption Vulnerability
2021-11-03 00:00:00
qualysblog
qualysblog
March 2021 Patch Tuesday – 82 Vulnerabilities, 10 Critical, Adobe
2021-03-09 21:33:26
Qualys Response to CISA Alert: Binding Operational Directive 22-01
2021-11-09 06:15:01
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00
securelist
securelist
Updated MATA attacks industrial companies in Eastern Europe
2023-10-18 10:00:51
IT threat evolution in Q3 2021. PC statistics
2021-11-26 12:00:36
IT threat evolution Q1 2021. Non-mobile statistics
2021-05-31 10:00:05
avleonov
avleonov
Vulristics: Microsoft Patch Tuesdays Q1 2021
2021-03-26 02:47:52
googleprojectzero
googleprojectzero
The More You Know, The More You Know You Don’t Know
2022-04-19 00:00:00
JSON
Related for SMB_NT_MS21_MAR_5000848.NASL
nessus10openvas3mskb16kaspersky3trellix2attackerkb5prion27cve27mscve27threatpost3checkpoint_advisories4zdi15rapid7blog1krebs1githubexploit1thn9malwarebytes1cisa_kev1qualysblog3securelist3avleonov1googleprojectzero1