Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS22_JAN_5009585.NASL
HistoryJan 11, 2022 - 12:00 a.m.

KB5009585: Windows 10 LTS 1507 Security Updates (January 2022)

2022-01-1100:00:00
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
JSON

The remote Windows host is missing security update 5009585. It is, therefore, affected by multiple vulnerabilities:

  • A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-21962, CVE-2022-21959, CVE-2022-21963, CVE-2022-21960, CVE-2022-21928, CVE-2022-21874, CVE-2022-21961, CVE-2022-21958, CVE-2022-21893, CVE-2022-21892, CVE-2022-21878, CVE-2022-21851, CVE-2022-21850, CVE-2022-21849, CVE-2022-21922)

  • An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
    (CVE-2022-21908, CVE-2022-21903, CVE-2022-21901, CVE-2022-21897, CVE-2022-21885, CVE-2022-21881, CVE-2022-21875, CVE-2022-21873, CVE-2022-21870, CVE-2022-21868, CVE-2022-21867, CVE-2022-21866, CVE-2022-21864, CVE-2022-21862, CVE-2022-21860, CVE-2022-21859, CVE-2022-21857, CVE-2022-21838, CVE-2022-21835, CVE-2022-21834, CVE-2022-21833, CVE-2022-21914, CVE-2022-21895, CVE-2022-21916, CVE-2022-21919, CVE-2022-21871, CVE-2022-21920)

  • A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services.
    (CVE-2022-21911, CVE-2022-21889, CVE-2022-21890, CVE-2022-21883, CVE-2022-21843, CVE-2022-21848)

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(156623);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/26");

  script_cve_id(
    "CVE-2022-21833",
    "CVE-2022-21834",
    "CVE-2022-21835",
    "CVE-2022-21836",
    "CVE-2022-21838",
    "CVE-2022-21843",
    "CVE-2022-21848",
    "CVE-2022-21849",
    "CVE-2022-21850",
    "CVE-2022-21851",
    "CVE-2022-21857",
    "CVE-2022-21859",
    "CVE-2022-21860",
    "CVE-2022-21862",
    "CVE-2022-21864",
    "CVE-2022-21866",
    "CVE-2022-21867",
    "CVE-2022-21868",
    "CVE-2022-21870",
    "CVE-2022-21871",
    "CVE-2022-21873",
    "CVE-2022-21874",
    "CVE-2022-21875",
    "CVE-2022-21876",
    "CVE-2022-21878",
    "CVE-2022-21880",
    "CVE-2022-21881",
    "CVE-2022-21883",
    "CVE-2022-21885",
    "CVE-2022-21889",
    "CVE-2022-21890",
    "CVE-2022-21892",
    "CVE-2022-21893",
    "CVE-2022-21894",
    "CVE-2022-21895",
    "CVE-2022-21897",
    "CVE-2022-21899",
    "CVE-2022-21900",
    "CVE-2022-21901",
    "CVE-2022-21903",
    "CVE-2022-21904",
    "CVE-2022-21905",
    "CVE-2022-21908",
    "CVE-2022-21911",
    "CVE-2022-21913",
    "CVE-2022-21914",
    "CVE-2022-21915",
    "CVE-2022-21916",
    "CVE-2022-21919",
    "CVE-2022-21920",
    "CVE-2022-21922",
    "CVE-2022-21924",
    "CVE-2022-21925",
    "CVE-2022-21928",
    "CVE-2022-21958",
    "CVE-2022-21959",
    "CVE-2022-21960",
    "CVE-2022-21961",
    "CVE-2022-21962",
    "CVE-2022-21963"
  );
  script_xref(name:"MSKB", value:"5009585");
  script_xref(name:"MSFT", value:"MS22-5009585");
  script_xref(name:"IAVA", value:"2022-A-0012-S");
  script_xref(name:"IAVA", value:"2022-A-0016-S");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/16");

  script_name(english:"KB5009585:  Windows 10 LTS 1507 Security Updates (January 2022)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host is missing security update 5009585. It is, therefore, affected by multiple vulnerabilities:

  - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute 
    unauthorized arbitrary commands. 
    (CVE-2022-21962, CVE-2022-21959, CVE-2022-21963,
    CVE-2022-21960, CVE-2022-21928, CVE-2022-21874,
    CVE-2022-21961, CVE-2022-21958, CVE-2022-21893,
    CVE-2022-21892, CVE-2022-21878, CVE-2022-21851,
    CVE-2022-21850, CVE-2022-21849, CVE-2022-21922)
    
  - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
    (CVE-2022-21908, CVE-2022-21903, CVE-2022-21901,
     CVE-2022-21897, CVE-2022-21885, CVE-2022-21881,
     CVE-2022-21875, CVE-2022-21873, CVE-2022-21870,
     CVE-2022-21868, CVE-2022-21867, CVE-2022-21866,
     CVE-2022-21864, CVE-2022-21862, CVE-2022-21860,
     CVE-2022-21859, CVE-2022-21857, CVE-2022-21838,
     CVE-2022-21835, CVE-2022-21834, CVE-2022-21833,
     CVE-2022-21914, CVE-2022-21895, CVE-2022-21916,
     CVE-2022-21919, CVE-2022-21871, CVE-2022-21920)

  - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services.
    (CVE-2022-21911, CVE-2022-21889, CVE-2022-21890, 
      CVE-2022-21883, CVE-2022-21843, CVE-2022-21848)");
  script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/5009585");
  script_set_attribute(attribute:"solution", value:
"Apply Security Update 5009585");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-21874");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/01/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/01/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/01/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include('smb_func.inc');
include('smb_hotfixes.inc');
include('smb_hotfixes_fcheck.inc');
include('smb_reg_query.inc');

get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');

bulletin = 'MS22-01';
kbs = make_list(
  '5009585'
);

if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  smb_check_rollup(os:'10',
                   os_build:'10240',
                   rollup_date:'01_2022',
                   bulletin:bulletin,
                   rollup_kb_list:[5009585])
)
{
  replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows

References

Related

mskb 19
nessus 11
kaspersky 3
rapid7blog 2
thn 2
avleonov 1
attackerkb 2
malwarebytes 1
prion 48
cve 48
mscve 45
zdi 3
schneier 1
checkpoint_advisories 4
threatpost 1
cnvd 2
githubexploit 3
mssecure 1
mmpc 1
hivepro 1
mskb
mskb
January 11, 2022—KB5009585 (OS Build 10240.19177) - EXPIRED
2022-01-11 08:00:00
January 11, 2022—KB5009619 (Security-only update)
2022-01-11 08:00:00
January 11, 2022—KB5009595 (Security-only update)
2022-01-11 08:00:00
nessus
nessus
KB5009595: Windows 8.1 and Windows Server 2012 R2 Security Updates (January 2022)
2022-01-11 00:00:00
KB5009619: Windows Server 2012 Security Update (January 2022)
2022-01-11 00:00:00
KB5009546: Windows 10 Version 1607 and Windows Server 2016 Security Update (January 2022)
2022-01-11 00:00:00
kaspersky
kaspersky
KLA12423 Multiple vulnerabilities in Microsoft Products (ESU)
2022-01-11 00:00:00
KLA12422 Multiple vulnerabilities in Microsoft Windows
2022-01-11 00:00:00
KLA12421 Multiple vulnerabilities in Microsoft Developer Tools
2022-01-11 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - January 2022
2022-01-11 21:41:56
How To Hunt For UEFI Malware Using Velociraptor
2024-02-29 17:32:12
thn
thn
First Patch Tuesday of 2022 Brings Fix for a Critical 'Wormable' Windows Vulnerability
2022-01-12 06:42:00
BlackLotus Becomes First UEFI Bootkit Malware to Bypass Secure Boot on Windows 11
2023-03-01 11:32:00
avleonov
avleonov
Microsoft Patch Tuesday January 2022
2022-01-16 20:17:20
attackerkb
attackerkb
CVE-2022-21919
2022-01-11 00:00:00
CVE-2022-21894
2022-01-11 00:00:00
malwarebytes
malwarebytes
[updated] You can update now: Microsoft patches 97 bugs including 6 zero-days and a wormable one
2022-01-12 17:02:25
prion
prion
Remote code execution
2022-01-11 21:15:00
Remote code execution
2022-01-11 21:15:00
Privilege escalation
2022-01-11 21:15:00
cve
cve
CVE-2022-21925
2022-01-11 21:15:00
CVE-2022-21959
2022-01-11 21:15:00
CVE-2022-21928
2022-01-11 21:15:00
mscve
mscve
Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability
2022-01-11 08:00:00
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
2022-01-11 08:00:00
Windows AppContracts API Server Elevation of Privilege Vulnerability
2022-01-11 08:00:00
zdi
zdi
Microsoft Windows User Profile Service Directory Junction Privilege Escalation Vulnerability
2022-01-13 00:00:00
Microsoft Windows SilentCleanup Link Following Local Privilege Escalation Vulnerability
2022-01-13 00:00:00
Microsoft Windows EFI Partition Incorrect Authorization Denial-of-Service Vulnerability
2022-01-13 00:00:00
schneier
schneier
BlackLotus Malware Hijacks Windows Secure Boot Process
2023-03-08 11:11:14
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Kernel Elevation of Privilege (CVE-2022-21881)
2022-01-11 00:00:00
Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2022-21916)
2022-01-11 00:00:00
Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2022-21897)
2022-01-11 00:00:00
threatpost
threatpost
Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days
2022-01-11 21:54:57
cnvd
cnvd
Microsoft Windows IKE Extension Remote Code Execution Vulnerability
2022-01-13 00:00:00
Microsoft Windows IKE Extension Denial of Service Vulnerability
2022-01-13 00:00:00
githubexploit
githubexploit
Exploit for Vulnerability in Microsoft
2023-09-26 05:52:36
Exploit for Vulnerability in Microsoft
2022-08-09 15:53:48
Exploit for Vulnerability in Microsoft
2022-08-18 23:45:47
mssecure
mssecure
Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign
2023-04-11 17:00:00
mmpc
mmpc
Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign
2023-04-11 17:00:00
hivepro
hivepro
Microsoft Patch Tuesday fixes critical zero-days along with 97 other flaws
2022-01-12 07:30:07
JSON
Related for SMB_NT_MS22_JAN_5009585.NASL
mskb19nessus11kaspersky3rapid7blog2thn2avleonov1attackerkb2malwarebytes1prion48cve48mscve45zdi3schneier1checkpoint_advisories4threatpost1cnvd2githubexploit3mssecure1mmpc1hivepro1