Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS22_APR_5012632.NASL
HistoryApr 12, 2022 - 12:00 a.m.

KB5012632: Windows Server 2008 Security Update (April 2022)

2022-04-1200:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
42
JSON

The remote Windows host is missing security update 5012632 or cumulative update 5012658. It is, therefore, affected by multiple vulnerabilities:

  • A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-26916, CVE-2022-26812,CVE-2022-26919,CVE-2022-26918,CVE-2022-26813, CVE-2022-26821,CVE-2022-26815,CVE-2022-26822,CVE-2022-26917, CVE-2022-26829,CVE-2022-26820,CVE-2022-26809,CVE-2022-26819, CVE-2022-24541,CVE-2022-24492,CVE-2022-24536,CVE-2022-24534, CVE-2022-24485,CVE-2022-26903,CVE-2022-24528,CVE-2022-21983, CVE-2022-24500)

  • An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. (CVE-2022-26797, CVE-2022-26796,CVE-2022-26904,CVE-2022-26798,CVE-2022-26801, CVE-2022-26802,CVE-2022-26810,CVE-2022-26792,CVE-2022-26794, CVE-2022-26790,CVE-2022-24544,CVE-2022-24540,CVE-2022-24481, CVE-2022-24527,CVE-2022-24474,CVE-2022-24521,CVE-2022-24499, CVE-2022-24494,CVE-2022-24542,CVE-2022-24530)

  • A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2022-26915, CVE-2022-26831)

  • An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2022-24498)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(159684);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/02/03");

  script_cve_id(
    "CVE-2022-21983",
    "CVE-2022-24474",
    "CVE-2022-24481",
    "CVE-2022-24485",
    "CVE-2022-24492",
    "CVE-2022-24494",
    "CVE-2022-24498",
    "CVE-2022-24499",
    "CVE-2022-24500",
    "CVE-2022-24521",
    "CVE-2022-24527",
    "CVE-2022-24528",
    "CVE-2022-24530",
    "CVE-2022-24534",
    "CVE-2022-24536",
    "CVE-2022-24540",
    "CVE-2022-24541",
    "CVE-2022-24542",
    "CVE-2022-24544",
    "CVE-2022-26790",
    "CVE-2022-26792",
    "CVE-2022-26794",
    "CVE-2022-26796",
    "CVE-2022-26797",
    "CVE-2022-26798",
    "CVE-2022-26801",
    "CVE-2022-26802",
    "CVE-2022-26809",
    "CVE-2022-26810",
    "CVE-2022-26812",
    "CVE-2022-26813",
    "CVE-2022-26815",
    "CVE-2022-26819",
    "CVE-2022-26820",
    "CVE-2022-26821",
    "CVE-2022-26822",
    "CVE-2022-26829",
    "CVE-2022-26831",
    "CVE-2022-26903",
    "CVE-2022-26904",
    "CVE-2022-26915",
    "CVE-2022-26916",
    "CVE-2022-26917",
    "CVE-2022-26918",
    "CVE-2022-26919"
  );
  script_xref(name:"MSKB", value:"5012632");
  script_xref(name:"MSKB", value:"5012658");
  script_xref(name:"MSFT", value:"MS22-5012632");
  script_xref(name:"MSFT", value:"MS22-5012658");
  script_xref(name:"IAVA", value:"2022-A-0147-S");
  script_xref(name:"IAVA", value:"2022-A-0145-S");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/04");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/16");

  script_name(english:"KB5012632: Windows Server 2008 Security Update (April 2022)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host is missing security update 5012632
or cumulative update 5012658. It is, therefore, affected by
multiple vulnerabilities:

  - A remote code execution vulnerability. An attacker can
    exploit this to bypass authentication and execute
    unauthorized arbitrary commands. (CVE-2022-26916,
    CVE-2022-26812,CVE-2022-26919,CVE-2022-26918,CVE-2022-26813,
    CVE-2022-26821,CVE-2022-26815,CVE-2022-26822,CVE-2022-26917,
    CVE-2022-26829,CVE-2022-26820,CVE-2022-26809,CVE-2022-26819,
    CVE-2022-24541,CVE-2022-24492,CVE-2022-24536,CVE-2022-24534,
    CVE-2022-24485,CVE-2022-26903,CVE-2022-24528,CVE-2022-21983,
	CVE-2022-24500)

  - An elevation of privilege vulnerability. An attacker can
    exploit this to gain elevated privileges. (CVE-2022-26797,
    CVE-2022-26796,CVE-2022-26904,CVE-2022-26798,CVE-2022-26801,
    CVE-2022-26802,CVE-2022-26810,CVE-2022-26792,CVE-2022-26794,
    CVE-2022-26790,CVE-2022-24544,CVE-2022-24540,CVE-2022-24481,
    CVE-2022-24527,CVE-2022-24474,CVE-2022-24521,CVE-2022-24499,
    CVE-2022-24494,CVE-2022-24542,CVE-2022-24530)

  - A denial of service (DoS) vulnerability. An attacker can
    exploit this issue to cause the affected component to
    deny system or application services. (CVE-2022-26915,
    CVE-2022-26831)

  - An information disclosure vulnerability. An attacker can
    exploit this to disclose potentially sensitive
    information. (CVE-2022-24498)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/5012632");
  script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/5012658");
  script_set_attribute(attribute:"solution", value:
"Apply Security Update 5012632 or Cumulative Update 5012658");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-26809");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'User Profile Arbitrary Junction Creation Local Privilege Elevation');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/04/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/04/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/04/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include('smb_func.inc');
include('smb_hotfixes.inc');
include('smb_hotfixes_fcheck.inc');
include('smb_reg_query.inc');

get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');

bulletin = 'MS22-04';
kbs = make_list(
  '5012658',
  '5012632'
);

if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

if (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  smb_check_rollup(os:'6.0',
                   sp:2,
                   rollup_date:'04_2022',
                   bulletin:bulletin,
                   rollup_kb_list:[5012658, 5012632])
)
{
  replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows

References

Related

mskb 16
openvas 7
kaspersky 3
nessus 10
avleonov 1
malwarebytes 1
akamaiblog 1
thn 2
qualysblog 1
threatpost 1
hivepro 2
krebs 1
rapid7blog 1
cnvd 19
mscve 36
prion 33
cve 35
checkpoint_advisories 4
zdi 6
cisa_kev 2
attackerkb 2
mssecure 1
githubexploit 13
cisa 1
mskb
mskb
April 12, 2022—KB5012658 (Monthly Rollup)
2022-04-12 08:00:00
April 12, 2022—KB5012632 (Security-only update)
2022-04-12 08:00:00
April 12, 2022—KB5012649 (Security-only update)
2022-04-12 08:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5012626)
2022-04-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5012653)
2022-04-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5012596)
2022-04-13 00:00:00
kaspersky
kaspersky
KLA12509 Multiple vulnerabilities in Microsoft Products (ESU)
2022-04-12 00:00:00
KLA12502 Multiple vulnerabilities in Microsoft Windows
2022-04-12 00:00:00
KLA12511 Remote code execution vulnerability in Windows Apps
2022-04-12 00:00:00
nessus
nessus
KB5012666: Windows Server 2012 Security Update (April 2022)
2022-04-12 00:00:00
KB5012649: Windows 7 and Windows Server 2008 R2 Security Update (April 2022)
2022-04-12 00:00:00
KB5012670: Windows 8.1 and Windows Server 2012 R2 Security Update (April 2022)
2022-04-12 00:00:00
avleonov
avleonov
Microsoft Patch Tuesday April 2022 and custom CVE comments sources in Vulristics
2022-04-23 09:22:32
malwarebytes
malwarebytes
April’s Patch Tuesday update includes fixes for two zero-day vulnerabilities
2022-04-13 13:57:39
akamaiblog
akamaiblog
Critical Remote Code Execution Vulnerabilities in Windows RPC Runtime
2022-04-13 09:15:00
thn
thn
Microsoft Issues Patches for 2 Windows Zero-Days and 126 Other Vulnerabilities
2022-04-13 03:22:00
Vice Society Hackers Are Behind Several Ransomware Attacks Against Education Sector
2022-10-26 08:13:00
qualysblog
qualysblog
April 2022 Patch Tuesday: Microsoft Releases 145 Vulnerabilities with 10 Critical; Adobe Releases 4 Advisories, 78 Vulnerabilities with 51 Critical.
2022-04-12 20:07:30
threatpost
threatpost
Microsoft Zero-Days, Wormable Bugs Spark Concern
2022-04-12 20:00:54
hivepro
hivepro
Microsoft Patch Tuesday April 2022 addressed two zero-day vulnerabilities
2022-04-14 05:08:02
Zero-day vulnerability leveraged to deploy Cuba Ransomware
2022-08-11 12:34:37
krebs
krebs
Microsoft Patch Tuesday, April 2022 Edition
2022-04-13 15:01:24
rapid7blog
rapid7blog
Patch Tuesday - April 2022
2022-04-12 18:48:11
cnvd
cnvd
Microsoft Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability
2022-04-15 00:00:00
Microsoft Windows Kerberos Elevation of Privilege Vulnerability
2022-04-15 00:00:00
Microsoft Windows Print Spooler Elevation of Privilege Vulnerability (CNVD-2022-84605)
2022-04-15 00:00:00
mscve
mscve
Windows DNS Server Remote Code Execution Vulnerability
2022-04-12 08:00:00
Windows DNS Server Remote Code Execution Vulnerability
2022-04-12 08:00:00
Microsoft Endpoint Configuration Manager Elevation of Privilege Vulnerability
2022-04-12 08:00:00
prion
prion
Privilege escalation
2022-04-15 19:15:00
Remote code execution
2022-04-15 19:15:00
Remote code execution
2022-04-15 19:15:00
cve
cve
CVE-2022-26821
2022-04-15 19:15:00
CVE-2022-24500
2022-04-15 19:15:00
CVE-2022-26801
2022-04-15 19:15:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2022-24481)
2022-04-12 00:00:00
Microsoft Windows Win32k Elevation of Privilege (CVE-2022-24542)
2022-04-12 00:00:00
Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2022-24521)
2022-04-12 00:00:00
zdi
zdi
Microsoft Windows win32kfull UMPDDrvNextBand Use-After-Free Local Privilege Escalation Vulnerability
2023-04-24 00:00:00
Microsoft Windows win32kfull UMPDDrvFontManagement Use-After-Free Local Privilege Escalation Vulnerability
2022-07-15 00:00:00
Microsoft Windows win32kfull UMPDDrvStrokeAndFillPath Use-After-Free Local Privilege Escalation Vulnerability
2022-08-04 00:00:00
cisa_kev
cisa_kev
Microsoft Windows User Profile Service Privilege Escalation Vulnerability
2022-04-25 00:00:00
Microsoft Windows CLFS Driver Privilege Escalation Vulnerability
2022-04-13 00:00:00
attackerkb
attackerkb
CVE-2022-24521
2022-04-15 00:00:00
CVE-2022-24481
2022-04-15 00:00:00
mssecure
mssecure
DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector
2022-10-25 16:00:00
githubexploit
githubexploit
Exploit for Vulnerability in Microsoft
2022-05-09 16:48:30
Exploit for Vulnerability in Microsoft
2022-05-20 14:26:38
Exploit for Vulnerability in Microsoft
2022-12-26 10:36:29
cisa
cisa
Microsoft Releases Advisory to Address Critical Remote Code Execution Vulnerability (CVE-2022-26809)
2022-04-13 00:00:00
JSON
Related for SMB_NT_MS22_APR_5012632.NASL
mskb16openvas7kaspersky3nessus10avleonov1malwarebytes1akamaiblog1thn2qualysblog1threatpost1hivepro2krebs1rapid7blog1cnvd19mscve36prion33cve35checkpoint_advisories4zdi6cisa_kev2attackerkb2mssecure1githubexploit13cisa1