Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS22_FEB_5010351.NASL
HistoryFeb 08, 2022 - 12:00 a.m.

KB5010351: Windows 10 version 1809 / Windows Server 2019 Security Update (February 2022)

2022-02-0800:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
219
JSON

The remote Windows host is missing security update 5010351. It is, therefore, affected by multiple vulnerabilities

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(157432);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/02/13");

  script_cve_id(
    "CVE-2022-21971",
    "CVE-2022-21974",
    "CVE-2022-21981",
    "CVE-2022-21985",
    "CVE-2022-21989",
    "CVE-2022-21992",
    "CVE-2022-21993",
    "CVE-2022-21994",
    "CVE-2022-21995",
    "CVE-2022-21997",
    "CVE-2022-21998",
    "CVE-2022-21999",
    "CVE-2022-22000",
    "CVE-2022-22001",
    "CVE-2022-22002",
    "CVE-2022-22710",
    "CVE-2022-22712",
    "CVE-2022-22715",
    "CVE-2022-22717",
    "CVE-2022-22718"
  );
  script_xref(name:"MSFT", value:"MS22-5010351");
  script_xref(name:"IAVA", value:"2022-A-0074-S");
  script_xref(name:"IAVA", value:"2022-A-0068-S");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/04/15");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/10");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/09/08");

  script_name(english:"KB5010351: Windows 10 version 1809 / Windows Server 2019 Security Update (February 2022)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host is missing security update 5010351. It is, therefore, affected by multiple vulnerabilities");
  script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/5010351");
  script_set_attribute(attribute:"solution", value:
"Apply Security Update 5010351");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-21992");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-21995");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'CVE-2022-21999 SpoolFool Privesc');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/02/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/02/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/08");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include('smb_func.inc');
include('smb_hotfixes.inc');
include('smb_hotfixes_fcheck.inc');
include('smb_reg_query.inc');

get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');

bulletin = 'MS22-02';
kbs = make_list(
  '5010351'
);

if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  smb_check_rollup(os:'10',
                   os_build:17763,
                   rollup_date:'02_2022',
                   bulletin:bulletin,
                   rollup_kb_list:[5010351])
)
{
  replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows

References

Related

nessus 10
mskb 16
openvas 7
kaspersky 2
metasploit 1
zdt 1
packetstorm 1
avleonov 1
rapid7blog 3
checkpoint_advisories 6
prion 20
cve 20
mscve 20
zdi 1
githubexploit 5
attackerkb 3
cisa_kev 3
veracode 1
threatpost 1
hivepro 1
alpinelinux 1
thn 3
qualysblog 1
krebs 1
malwarebytes 3
nessus
nessus
KB5010354: Windows Server 2022 Security Update (February 2022)
2022-02-08 00:00:00
KB5010345: Windows 10 version 1909 Security Update (February 2022)
2022-02-08 00:00:00
KB5010342: Windows 10 Version 20H2 / 21H1 / 21H2 Security Update (February 2022)
2022-02-08 00:00:00
mskb
mskb
February 8, 2022—KB5010354 (OS Build 20348.524)
2022-02-08 08:00:00
February 8, 2022— KB5010456 (OS Build 20348.525)
2022-02-08 08:00:00
February 8, 2022—KB5010351 (OS Build 17763.2565)
2022-02-08 08:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5010351)
2022-02-09 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5010345)
2022-02-09 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5010386)
2023-08-07 00:00:00
kaspersky
kaspersky
KLA12458 Multiple vulnerabilities in Microsoft Products (ESU)
2022-02-08 00:00:00
KLA12457 Multiple vulnerabilities in Microsoft Windows
2022-02-08 00:00:00
metasploit
metasploit
CVE-2022-21999 SpoolFool Privesc
2022-03-10 23:02:58
zdt
zdt
Windows SpoolFool Privilege Escalation Exploit
2022-03-17 00:00:00
packetstorm
packetstorm
Windows SpoolFool Privilege Escalation
2022-03-16 00:00:00
avleonov
avleonov
Microsoft Patch Tuesday February 2022
2022-02-28 20:52:10
rapid7blog
rapid7blog
Patch Tuesday - February 2022
2022-02-08 20:43:40
Metasploit Weekly Wrap-Up
2022-03-18 17:38:38
Announcing Metasploit 6.2
2022-06-09 16:39:00
checkpoint_advisories
checkpoint_advisories
Microsoft Named Pipe File System Elevation of Privilege (CVE-2022-22715)
2022-02-08 00:00:00
Microsoft Windows DWM Core Library Elevation of Privilege (CVE-2022-21994)
2022-02-08 00:00:00
Microsoft Windows Print Spooler Elevation of Privilege (CVE-2022-22718)
2022-02-08 00:00:00
prion
prion
Denial of service
2022-02-09 17:15:00
Remote code execution
2022-02-09 17:15:00
Remote code execution
2022-02-09 17:15:00
cve
cve
CVE-2022-21994
2022-02-09 17:15:00
CVE-2022-21995
2022-02-09 17:15:00
CVE-2022-22715
2022-02-09 17:15:00
mscve
mscve
Windows Mobile Device Management Remote Code Execution Vulnerability
2022-02-08 08:00:00
Windows User Account Profile Picture Denial of Service Vulnerability
2022-02-08 08:00:00
Windows Hyper-V Remote Code Execution Vulnerability
2022-02-08 08:00:00
zdi
zdi
Microsoft Windows User Profile Picture Link Following Denial-of-Service Vulnerability
2022-02-11 00:00:00
githubexploit
githubexploit
Exploit for Vulnerability in Microsoft
2022-05-22 13:20:39
Exploit for Access of Uninitialized Pointer in Microsoft
2022-04-15 09:14:22
Exploit for Access of Uninitialized Pointer in Microsoft
2022-10-07 17:25:03
attackerkb
attackerkb
CVE-2022-21971
2022-02-09 00:00:00
CVE-2022-22718
2022-02-09 00:00:00
CVE-2022-21999
2022-02-09 00:00:00
cisa_kev
cisa_kev
Microsoft Windows Runtime Remote Code Execution Vulnerability
2022-08-18 00:00:00
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
2022-04-19 00:00:00
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
2022-03-25 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-07-06 17:44:09
threatpost
threatpost
No Critical Bugs for Microsoft February 2022 Patch Tuesday, 1 Zero-Day
2022-02-08 20:24:17
hivepro
hivepro
Microsoft Patch Tuesday addresses a zero-day vulnerability in Windows Kernel
2022-02-09 13:44:33
alpinelinux
alpinelinux
CVE-2022-22710
2022-02-09 17:15:00
thn
thn
Hackers Exploiting Recently Reported Windows Print Spooler Vulnerability in the Wild
2022-04-20 02:54:00
Microsoft and Other Major Software Firms Release February 2022 Patch Updates
2022-02-09 06:40:00
CISA Adds 7 New Actively Exploited Vulnerabilities to Catalog
2022-08-20 14:19:00
qualysblog
qualysblog
Microsoft & Adobe Patch Tuesday (February 2022) – Microsoft 70 Vulnerabilities with 0 Critical; Adobe 17 Vulnerabilities with 5 Critical
2022-02-08 22:35:12
krebs
krebs
Microsoft Patch Tuesday, February 2022 Edition
2022-02-08 22:38:16
malwarebytes
malwarebytes
Vulnerabilities in GPS tracker could have “life-threatening” implications
2022-07-21 09:57:08
CISA wants you to patch these actively exploited vulnerabilities before September 8
2022-08-22 15:00:00
Update now! Firefox and Adobe updates are more critical than Microsoft’s
2022-02-09 12:10:20
JSON
Related for SMB_NT_MS22_FEB_5010351.NASL
nessus10mskb16openvas7kaspersky2metasploit1zdt1packetstorm1avleonov1rapid7blog3checkpoint_advisories6prion20cve20mscve20zdi1githubexploit5attackerkb3cisa_kev3veracode1threatpost1hivepro1alpinelinux1thn3qualysblog1krebs1malwarebytes3