Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS21_NOV_5007186.NASL
HistoryNov 09, 2021 - 12:00 a.m.

KB5007186: Windows 10 Version 2004 / Windows 10 Version 20H2 / Windows 10 Version 21H1 (November 2021)

2021-11-0900:00:00
This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
47
JSON

The remote Windows host is missing security update 5007186.
It is, therefore, affected by multiple vulnerabilities:

  • An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
    (CVE-2021-36957, CVE-2021-41366, CVE-2021-41367, CVE-2021-41370, CVE-2021-41377, CVE-2021-41379, CVE-2021-42277, CVE-2021-42280, CVE-2021-42283, CVE-2021-42285, CVE-2021-42286)

  • A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26443, CVE-2021-38666, CVE-2021-41378, CVE-2021-42275, CVE-2021-42276, CVE-2021-42279)

  • An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-38631, CVE-2021-38665, CVE-2021-41371)

  • A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.
    (CVE-2021-42288)

  • A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-41356, CVE-2021-42274, CVE-2021-42284)

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(154986);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");

  script_cve_id(
    "CVE-2021-26443",
    "CVE-2021-36957",
    "CVE-2021-38631",
    "CVE-2021-38665",
    "CVE-2021-38666",
    "CVE-2021-41351",
    "CVE-2021-41356",
    "CVE-2021-41366",
    "CVE-2021-41367",
    "CVE-2021-41370",
    "CVE-2021-41371",
    "CVE-2021-41377",
    "CVE-2021-41378",
    "CVE-2021-41379",
    "CVE-2021-42274",
    "CVE-2021-42275",
    "CVE-2021-42276",
    "CVE-2021-42277",
    "CVE-2021-42278",
    "CVE-2021-42279",
    "CVE-2021-42280",
    "CVE-2021-42282",
    "CVE-2021-42283",
    "CVE-2021-42284",
    "CVE-2021-42285",
    "CVE-2021-42286",
    "CVE-2021-42287",
    "CVE-2021-42288",
    "CVE-2021-42291"
  );
  script_xref(name:"MSKB", value:"5007186");
  script_xref(name:"MSFT", value:"MS21-5007186");
  script_xref(name:"IAVA", value:"2021-A-0539-S");
  script_xref(name:"IAVA", value:"2021-A-0545-S");
  script_xref(name:"IAVA", value:"2021-A-0544-S");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/03/17");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/02");
  script_xref(name:"CEA-ID", value:"CEA-2021-0053");

  script_name(english:"KB5007186:  Windows 10 Version 2004 / Windows 10 Version 20H2 / Windows 10 Version 21H1 (November 2021) ");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host is missing security update 5007186.
It is, therefore, affected by multiple vulnerabilities:

  - An elevation of privilege vulnerability. An attacker can
    exploit this to gain elevated privileges.
    (CVE-2021-36957, CVE-2021-41366, CVE-2021-41367,
    CVE-2021-41370, CVE-2021-41377, CVE-2021-41379,
    CVE-2021-42277, CVE-2021-42280, CVE-2021-42283,
    CVE-2021-42285, CVE-2021-42286)

  - A remote code execution vulnerability. An attacker can
    exploit this to bypass authentication and execute
    unauthorized arbitrary commands. (CVE-2021-26443,
    CVE-2021-38666, CVE-2021-41378, CVE-2021-42275,
    CVE-2021-42276, CVE-2021-42279)

  - An information disclosure vulnerability. An attacker can
    exploit this to disclose potentially sensitive
    information. (CVE-2021-38631, CVE-2021-38665,
    CVE-2021-41371)

  - A security feature bypass vulnerability exists. An
    attacker can exploit this and bypass the security
    feature and perform unauthorized actions compromising
    the integrity of the system/application.
    (CVE-2021-42288)

  - A denial of service (DoS) vulnerability. An attacker can
    exploit this issue to cause the affected component to
    deny system or application services. (CVE-2021-41356,
    CVE-2021-42274, CVE-2021-42284)");
  script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/5007186");
  script_set_attribute(attribute:"solution", value:
"Apply Cumulative Update KB5007186.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-26443");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/11/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/11/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/11/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include('smb_hotfixes_fcheck.inc');
include('smb_hotfixes.inc');
include('smb_func.inc');

get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');

bulletin = "MS21-11";
kbs = make_list('5007186');

if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  smb_check_rollup(os:"10",
                   sp:0,
                   os_build:'19041',
                   rollup_date:'11_2021',
                   bulletin:bulletin,
                   rollup_kb_list:[5007186])
||                   
  smb_check_rollup(os:"10",
                   sp:0,
                   os_build:'19042',
                   rollup_date:'11_2021',
                   bulletin:bulletin,
                   rollup_kb_list:[5007186])                   
||                   
  smb_check_rollup(os:"10",
                   sp:0,
                   os_build:'19043',
                   rollup_date:'11_2021',
                   bulletin:bulletin,
                   rollup_kb_list:[5007186])                   
)
{
  replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows

References

Related

nessus 11
mskb 16
kaspersky 4
attackerkb 4
thn 4
threatpost 4
kitploit 1
pentestpartners 1
checkpoint_advisories 2
krebs 2
hivepro 2
qualysblog 1
prion 29
githubexploit 2
mscve 29
cve 29
cisa_kev 3
zdi 3
cnvd 5
github 1
osv 1
altlinux 2
malwarebytes 3
rapid7blog 3
avleonov 1
nessus
nessus
KB5007206: Windows 10 Version 1809 and Windows Server 2019 Security Update (November 2021)
2021-11-09 00:00:00
KB5007205: Windows 2022 Security Update (November 2021)
2021-11-09 00:00:00
KB5007189: Windows 10 Version 1909 Security Update (November 2021)
2021-11-09 00:00:00
mskb
mskb
November 9, 2021—KB5007186 (OS Builds 19041.1348, 19042.1348, and 19043.1348)
2021-11-09 08:00:00
November 9, 2021—KB5007205 (OS Build 20348.350)
2021-11-09 08:00:00
November 9, 2021—KB5007247 (Monthly Rollup)
2021-11-09 08:00:00
kaspersky
kaspersky
KLA12345 Multiple vulnerabilities in Microsoft Windows
2021-11-09 00:00:00
KLA12341 Multiple vulnerabilities in Microsoft Products (ESU)
2021-11-09 00:00:00
KLA12349 Multiple vulnerabilities in Microsoft Browser
2021-11-09 00:00:00
attackerkb
attackerkb
CVE-2021-42278
2021-11-10 00:00:00
CVE-2021-42291
2021-11-10 00:00:00
CVE-2021-42287
2021-11-10 00:00:00
thn
thn
Microsoft Issues Patches for Actively Exploited Excel, Exchange Server 0-Day Bugs
2021-11-10 06:24:00
Active Directory Bugs Could Let hackers Take Over Windows Domain Controllers
2021-12-22 07:01:00
Warning — Hackers Exploiting New Windows Installer Zero-Day Exploit in the Wild
2021-11-25 08:10:00
threatpost
threatpost
Two Active Directory Bugs Lead to Easy Windows Domain Takeover
2021-12-21 16:46:02
Microsoft Nov. Patch Tuesday Fixes Six Zero-Days, 55 Bugs
2021-11-09 21:41:49
Attackers Actively Target Windows Installer Zero-Day
2021-11-24 14:09:18
kitploit
kitploit
noPac - Exploiting CVE-2021-42278 And CVE-2021-42287 To Impersonate DA From Standard Domain User
2022-09-06 12:30:00
pentestpartners
pentestpartners
A broken marriage. Abusing mixed vendor Kerberos stacks
2023-08-25 05:35:47
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Active Directory Privilege Escalation Multiple Vulnerabilities (CVE-2021-42278; CVE-2021-42287)
2022-04-27 00:00:00
Microsoft Remote Desktop Client Remote Code Execution (CVE-2021-38666)
2021-11-09 00:00:00
krebs
krebs
Microsoft Patch Tuesday, November 2021 Edition
2021-11-09 20:39:07
Microsoft Patch Tuesday, December 2021 Edition
2021-12-14 22:23:44
hivepro
hivepro
Microsoft’s Patch Tuesday Security Updates for November
2021-11-10 11:20:36
Microsoft could not patch this vulnerability
2021-11-23 10:56:28
qualysblog
qualysblog
Microsoft & Adobe Patch Tuesday (November 2021) – Microsoft 55 Vulnerabilities with 6 Critical, 6 Zero-Days. Adobe 4 Vulnerabilities
2021-11-11 01:07:53
prion
prion
Security feature bypass
2021-11-10 01:19:00
Privilege escalation
2021-11-10 01:19:00
Remote code execution
2021-11-10 01:16:00
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Apache Log4J
2022-01-13 21:16:26
Exploit for Improper Privilege Management in Microsoft
2021-11-05 06:36:12
mscve
mscve
Windows Hyper-V Denial of Service Vulnerability
2021-11-09 08:00:00
Microsoft Edge (Chrome based) Spoofing on IE Mode
2021-11-09 08:00:00
Windows Desktop Bridge Elevation of Privilege Vulnerability
2021-11-09 08:00:00
cve
cve
CVE-2021-42286
2021-11-10 01:19:00
CVE-2021-42280
2021-11-10 01:19:00
CVE-2021-42288
2021-11-10 01:19:00
cisa_kev
cisa_kev
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
2022-04-11 00:00:00
Microsoft Windows Installer Privilege Escalation Vulnerability
2022-03-03 00:00:00
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
2022-04-11 00:00:00
zdi
zdi
Microsoft Windows Installer Service Link Following Privilege Escalation Vulnerability
2021-11-11 00:00:00
Microsoft Windows Diagnostics Hub Link Following Privilege Escalation Vulnerability
2021-11-11 00:00:00
Microsoft Windows DiagTrack Service Link Following Privilege Escalation Vulnerability
2021-11-11 00:00:00
cnvd
cnvd
Microsoft Windows Diagnostic Hub Elevation of Privilege Vulnerability
2021-11-12 00:00:00
Microsoft Windows Media Foundation Remote Code Execution Vulnerability
2021-11-12 00:00:00
Microsoft Chakra Scripting Engine Memory Corruption Vulnerability
2021-11-12 00:00:00
github
github
Chakra Scripting Engine and ChakraCore Vulnerable to Memory Corruption
2022-05-24 19:20:22
osv
osv
Chakra Scripting Engine and ChakraCore Vulnerable to Memory Corruption
2022-05-24 19:20:22
altlinux
altlinux
Security fix for the ALT Linux 10 package samba version 4.16.4-alt2
2022-09-08 00:00:00
Security fix for the ALT Linux 9 package adcli version 0.9.2-alt1
2023-04-21 00:00:00
malwarebytes
malwarebytes
Windows Installer vulnerability becomes actively exploited zero-day
2021-11-24 14:21:50
CISA list of 95 new known exploited vulnerabilities raises questions
2022-03-14 11:18:33
[updated] Patch now! Microsoft plugs actively exploited zero-days and other updates
2021-11-10 14:30:23
rapid7blog
rapid7blog
Ongoing Exploitation of Windows Installer CVE-2021-41379
2021-11-30 19:03:28
Dropping Files on a Domain Controller Using CVE-2021-43893
2022-02-14 15:30:52
Patch Tuesday - December 2021
2021-12-14 22:12:53
avleonov
avleonov
Vulristics Command Line Interface, improved Product & Vuln. Type Detections and Microsoft Patch Tuesday November 2021
2021-11-30 20:30:48
JSON
Related for SMB_NT_MS21_NOV_5007186.NASL
nessus11mskb16kaspersky4attackerkb4thn4threatpost4kitploit1pentestpartners1checkpoint_advisories2krebs2hivepro2qualysblog1prion29githubexploit2mscve29cve29cisa_kev3zdi3cnvd5github1osv1altlinux2malwarebytes3rapid7blog3avleonov1