The remote Windows host is missing security update 5033118 or Azure HotPatch 5033464. It is, therefore, affected by multiple vulnerabilities
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36006)
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability (CVE-2023-36696)
Win32k Elevation of Privilege Vulnerability (CVE-2023-36011)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
##
include('compat.inc');
if (description)
{
script_id(186777);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/15");
script_cve_id(
"CVE-2023-20588",
"CVE-2023-21740",
"CVE-2023-35622",
"CVE-2023-35628",
"CVE-2023-35630",
"CVE-2023-35638",
"CVE-2023-35639",
"CVE-2023-35641",
"CVE-2023-35642",
"CVE-2023-35643",
"CVE-2023-35644",
"CVE-2023-36003",
"CVE-2023-36004",
"CVE-2023-36005",
"CVE-2023-36006",
"CVE-2023-36011",
"CVE-2023-36012",
"CVE-2023-36696"
);
script_xref(name:"MSKB", value:"5033118");
script_xref(name:"MSKB", value:"5033464");
script_xref(name:"MSFT", value:"MS23-5033118");
script_xref(name:"MSFT", value:"MS23-5033464");
script_xref(name:"IAVA", value:"2023-A-0689-S");
script_xref(name:"IAVA", value:"2023-A-0690-S");
script_name(english:"KB5033118: Windows 2022 / Azure Stack HCI 22H2 Security Update (December 2023)");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote Windows host is missing security update 5033118 or Azure HotPatch 5033464. It is, therefore, affected by multiple vulnerabilities
- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36006)
- Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability (CVE-2023-36696)
- Win32k Elevation of Privilege Vulnerability (CVE-2023-36011)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/help/5033118");
script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/help/5033464");
script_set_attribute(attribute:"solution", value:
"Apply Security Update 5033118 or Azure HotPatch 5033464");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-36006");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/08/08");
script_set_attribute(attribute:"patch_publication_date", value:"2023/12/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/12/12");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, "Host/patch_management_checks");
exit(0);
}
include('smb_func.inc');
include('smb_hotfixes.inc');
include('smb_hotfixes_fcheck.inc');
include('smb_reg_query.inc');
get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');
bulletin = 'MS23-12';
kbs = make_list(
'5033118',
'5033464'
);
if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);
if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
if (
smb_check_rollup(os:'10',
os_build:20348,
rollup_date:'12_2023',
bulletin:bulletin,
rollup_kb_list:[5033118,5033464])
)
{
replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
hotfix_security_hole();
hotfix_check_fversion_end();
exit(0);
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20588
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21740
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35622
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35628
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35630
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35638
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35639
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35641
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35642
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35643
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35644
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36003
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36004
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36005
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36006
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36011
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36012
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36696
support.microsoft.com/help/5033118
support.microsoft.com/help/5033464