Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS23_APR_5025221.NASL
HistoryApr 11, 2023 - 12:00 a.m.

KB5025221: Windows 10 Version 20H2 / Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (April 2023)

2023-04-1100:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
321
JSON

The remote Windows host is missing security update 5025221. It is, therefore, affected by multiple vulnerabilities

  • Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-28275)

  • Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-28250)

  • Microsoft Message Queuing Remote Code Execution Vulnerability (CVE-2023-21554)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.

#
# The descriptive text and package checks in this plugin were
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
##

include('compat.inc');

if (description)
{
  script_id(174107);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/04");

  script_cve_id(
    "CVE-2023-21554",
    "CVE-2023-21727",
    "CVE-2023-21729",
    "CVE-2023-21769",
    "CVE-2023-24883",
    "CVE-2023-24884",
    "CVE-2023-24885",
    "CVE-2023-24886",
    "CVE-2023-24887",
    "CVE-2023-24912",
    "CVE-2023-24924",
    "CVE-2023-24925",
    "CVE-2023-24926",
    "CVE-2023-24927",
    "CVE-2023-24928",
    "CVE-2023-24929",
    "CVE-2023-24931",
    "CVE-2023-28216",
    "CVE-2023-28217",
    "CVE-2023-28218",
    "CVE-2023-28219",
    "CVE-2023-28220",
    "CVE-2023-28221",
    "CVE-2023-28222",
    "CVE-2023-28224",
    "CVE-2023-28225",
    "CVE-2023-28226",
    "CVE-2023-28227",
    "CVE-2023-28228",
    "CVE-2023-28229",
    "CVE-2023-28232",
    "CVE-2023-28235",
    "CVE-2023-28236",
    "CVE-2023-28237",
    "CVE-2023-28238",
    "CVE-2023-28241",
    "CVE-2023-28243",
    "CVE-2023-28248",
    "CVE-2023-28249",
    "CVE-2023-28250",
    "CVE-2023-28252",
    "CVE-2023-28253",
    "CVE-2023-28266",
    "CVE-2023-28267",
    "CVE-2023-28269",
    "CVE-2023-28270",
    "CVE-2023-28271",
    "CVE-2023-28272",
    "CVE-2023-28273",
    "CVE-2023-28274",
    "CVE-2023-28275",
    "CVE-2023-28276",
    "CVE-2023-28293",
    "CVE-2023-28298",
    "CVE-2023-28302"
  );
  script_xref(name:"MSKB", value:"5025221");
  script_xref(name:"MSFT", value:"MS23-5025221");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2023/05/02");
  script_xref(name:"IAVA", value:"2023-A-0188-S");
  script_xref(name:"IAVA", value:"2023-A-0190-S");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2023/10/25");

  script_name(english:"KB5025221: Windows 10 Version 20H2 / Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (April 2023)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host is missing security update 5025221. It is, therefore, affected by multiple vulnerabilities

  - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-28275)

  - Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-28250)

  - Microsoft Message Queuing Remote Code Execution Vulnerability (CVE-2023-21554)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/help/5025221");
  script_set_attribute(attribute:"solution", value:
"Apply Security Update 5025221");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-28275");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2023-28250");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Windows Common Log File System Driver (clfs.sys) Elevation of Privilege Vulnerability');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/04/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/04/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/04/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include('smb_func.inc');
include('smb_hotfixes.inc');
include('smb_hotfixes_fcheck.inc');
include('smb_reg_query.inc');

get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');

bulletin = 'MS23-04';
kbs = make_list(
  '5025221'
);

if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

var os_name = get_kb_item("SMB/ProductName");

if (  ( ("enterprise" >< tolower(os_name) || "education" >< tolower(os_name))
      &&
      smb_check_rollup(os:'10',
                    os_build:19042,
                    rollup_date:'04_2023',
                    bulletin:bulletin,
                    rollup_kb_list:[5025221])
    )
  ||
    smb_check_rollup(os:'10',
                    os_build:19044,
                    rollup_date:'04_2023',
                    bulletin:bulletin,
                    rollup_kb_list:[5025221])
  ||
    smb_check_rollup(os:'10',
                    os_build:19045,
                    rollup_date:'04_2023',
                    bulletin:bulletin,
                    rollup_kb_list:[5025221])
)
{
  replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows

References

Related

openvas 9
mskb 15
nessus 11
kaspersky 2
qualysblog 1
avleonov 1
rapid7blog 1
talosblog 1
wizblog 1
thn 1
krebs 1
cve 48
mscve 46
prion 49
zdt 1
zdi 1
attackerkb 2
cisa_kev 1
githubexploit 4
hivepro 1
packetstorm 1
ics 1
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5025221)
2023-04-12 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5025239)
2023-07-21 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5025234)
2023-04-12 00:00:00
mskb
mskb
April 11, 2023—KB5025234 (OS Build 10240.19869)
2023-04-11 07:00:00
April 11, 2023—KB5025224 (OS Build 22000.1817)
2023-04-11 07:00:00
April 11, 2023—KB5025221 (OS Builds 19042.2846, 19044.2846, and 19045.2846)
2023-04-11 07:00:00
nessus
nessus
KB5025239: Windows 11 version 22H2 Security Update (April 2023)
2023-04-11 00:00:00
KB5025234: Windows 10 LTS 1507 Security Update (April 2023)
2023-04-11 00:00:00
KB5025224: Windows 11 version 21H2 Security Update (April 2023)
2023-04-11 00:00:00
kaspersky
kaspersky
KLA48845 Multiple vulnerabilities in Microsoft Windows
2023-04-11 00:00:00
KLA48842 Multiple vulnerabilities in Microsoft Products (ESU)
2023-04-11 00:00:00
qualysblog
qualysblog
Microsoft and Adobe Patch Tuesday April 2023 Security Update Review
2023-04-12 00:16:25
avleonov
avleonov
Microsoft Patch Tuesday April 2023: CLFS EoP, Word RCE, MSMQ QueueJumper RCE, PCL6, DNS, DHCP
2023-04-27 22:03:04
rapid7blog
rapid7blog
Patch Tuesday - April 2023
2023-04-11 22:49:56
talosblog
talosblog
Microsoft Patch Tuesday for April 2023 — Snort rules and prominent vulnerabilities
2023-04-11 19:28:27
wizblog
wizblog
Microsoft April 2023 Patch Tuesday Highlights: everything you need to know
2023-04-13 19:20:20
thn
thn
Urgent: Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit
2023-04-12 06:38:00
krebs
krebs
Microsoft (& Apple) Patch Tuesday, April 2023 Edition
2023-04-12 00:06:51
cve
cve
CVE-2023-28270
2023-04-11 21:15:26
CVE-2023-28227
2023-04-11 21:15:23
CVE-2023-28226
2023-04-11 21:15:23
mscve
mscve
Windows NTLM Elevation of Privilege Vulnerability
2023-04-11 07:00:00
Windows Enroll Engine Security Feature Bypass Vulnerability
2023-04-11 07:00:00
Windows Kernel Denial of Service Vulnerability
2023-04-11 07:00:00
prion
prion
Remote code execution
2023-04-11 21:15:00
Privilege escalation
2023-04-11 21:15:00
Remote code execution
2023-04-11 21:15:00
zdt
zdt
Windows 11 22h2 - Kernel Privilege Elevation Exploit
2023-06-26 00:00:00
zdi
zdi
Microsoft Windows Bluetooth BNEP Protocol Out-Of-Bounds Write Remote Code Execution Vulnerability
2023-04-11 00:00:00
attackerkb
attackerkb
CVE-2023-28229
2023-04-11 00:00:00
CVE-2023-28252
2023-04-11 00:00:00
cisa_kev
cisa_kev
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
2023-10-04 00:00:00
githubexploit
githubexploit
Exploit for Vulnerability in Microsoft
2023-09-04 07:48:13
Exploit for Vulnerability in Microsoft
2023-05-18 10:30:49
Exploit for Vulnerability in Microsoft
2024-01-22 10:38:02
hivepro
hivepro
Cybercrime group exploits zero-day on Windows servers to deploy Nokoyawa ransomware
2023-04-12 11:17:33
packetstorm
packetstorm
Microsoft Windows 11 22h2 Kernel Privilege Escalation
2023-06-27 00:00:00
ics
ics
Mitsubishi Electric Electrical Discharge Machines (Update A)
2024-04-23 12:00:00
JSON
Related for SMB_NT_MS23_APR_5025221.NASL
openvas9mskb15nessus11kaspersky2qualysblog1avleonov1rapid7blog1talosblog1wizblog1thn1krebs1cve48mscve46prion49zdt1zdi1attackerkb2cisa_kev1githubexploit4hivepro1packetstorm1ics1