This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS23_JUL_5028171.NASLKB5028171: Windows 2022 / Azure Stack HCI 22H2 Security Update (July 2023)
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8 High
AI Score
Confidence
High
0.147 Low
EPSS
Percentile
95.8%
The remote Windows host is missing security update 5028171. It is, therefore, affected by multiple vulnerabilities
-
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability (CVE-2023-35365, CVE-2023-35366, CVE-2023-35367)
-
Windows Netlogon Information Disclosure Vulnerability (CVE-2023-21526)
-
Windows Win32k Elevation of Privilege Vulnerability (CVE-2023-21756)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
##
include('compat.inc');
if (description)
{
script_id(178155);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/17");
script_cve_id(
"CVE-2023-21526",
"CVE-2023-21756",
"CVE-2023-32033",
"CVE-2023-32034",
"CVE-2023-32035",
"CVE-2023-32037",
"CVE-2023-32038",
"CVE-2023-32039",
"CVE-2023-32040",
"CVE-2023-32041",
"CVE-2023-32042",
"CVE-2023-32043",
"CVE-2023-32044",
"CVE-2023-32045",
"CVE-2023-32046",
"CVE-2023-32049",
"CVE-2023-32053",
"CVE-2023-32054",
"CVE-2023-32055",
"CVE-2023-32056",
"CVE-2023-32057",
"CVE-2023-32083",
"CVE-2023-32084",
"CVE-2023-32085",
"CVE-2023-33154",
"CVE-2023-33155",
"CVE-2023-33163",
"CVE-2023-33164",
"CVE-2023-33166",
"CVE-2023-33167",
"CVE-2023-33168",
"CVE-2023-33169",
"CVE-2023-33172",
"CVE-2023-33173",
"CVE-2023-33174",
"CVE-2023-35296",
"CVE-2023-35297",
"CVE-2023-35298",
"CVE-2023-35299",
"CVE-2023-35300",
"CVE-2023-35302",
"CVE-2023-35303",
"CVE-2023-35304",
"CVE-2023-35305",
"CVE-2023-35306",
"CVE-2023-35308",
"CVE-2023-35309",
"CVE-2023-35310",
"CVE-2023-35312",
"CVE-2023-35313",
"CVE-2023-35314",
"CVE-2023-35315",
"CVE-2023-35316",
"CVE-2023-35317",
"CVE-2023-35318",
"CVE-2023-35319",
"CVE-2023-35320",
"CVE-2023-35321",
"CVE-2023-35322",
"CVE-2023-35323",
"CVE-2023-35324",
"CVE-2023-35325",
"CVE-2023-35326",
"CVE-2023-35328",
"CVE-2023-35329",
"CVE-2023-35330",
"CVE-2023-35331",
"CVE-2023-35332",
"CVE-2023-35336",
"CVE-2023-35337",
"CVE-2023-35338",
"CVE-2023-35339",
"CVE-2023-35340",
"CVE-2023-35341",
"CVE-2023-35342",
"CVE-2023-35343",
"CVE-2023-35344",
"CVE-2023-35345",
"CVE-2023-35346",
"CVE-2023-35347",
"CVE-2023-35348",
"CVE-2023-35350",
"CVE-2023-35351",
"CVE-2023-35352",
"CVE-2023-35353",
"CVE-2023-35356",
"CVE-2023-35357",
"CVE-2023-35358",
"CVE-2023-35360",
"CVE-2023-35361",
"CVE-2023-35362",
"CVE-2023-35363",
"CVE-2023-35364",
"CVE-2023-35365",
"CVE-2023-35366",
"CVE-2023-35367",
"CVE-2023-36871",
"CVE-2023-36874"
);
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2023/08/01");
script_xref(name:"MSKB", value:"5028171");
script_xref(name:"MSFT", value:"MS23-5028171");
script_xref(name:"IAVA", value:"2023-A-0347-S");
script_xref(name:"IAVA", value:"2023-A-0345-S");
script_name(english:"KB5028171: Windows 2022 / Azure Stack HCI 22H2 Security Update (July 2023)");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote Windows host is missing security update 5028171. It is, therefore, affected by multiple vulnerabilities
- Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability (CVE-2023-35365,
CVE-2023-35366, CVE-2023-35367)
- Windows Netlogon Information Disclosure Vulnerability (CVE-2023-21526)
- Windows Win32k Elevation of Privilege Vulnerability (CVE-2023-21756)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/help/5028171");
script_set_attribute(attribute:"solution", value:
"Apply Security Update 5028171");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-35367");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Microsoft Error Reporting Local Privilege Elevation Vulnerability');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/07/11");
script_set_attribute(attribute:"patch_publication_date", value:"2023/07/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:azure_stack_hci_22h2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows_server_2022");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, "Host/patch_management_checks");
exit(0);
}
include('smb_func.inc');
include('smb_hotfixes.inc');
include('smb_hotfixes_fcheck.inc');
include('smb_reg_query.inc');
get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');
bulletin = 'MS23-07';
kbs = make_list(
'5028171'
);
if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);
if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
if (
smb_check_rollup(os:'10',
os_build:20348,
rollup_date:'07_2023',
bulletin:bulletin,
rollup_kb_list:[5028171])
)
{
replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
hotfix_security_hole();
hotfix_check_fversion_end();
exit(0);
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | azure_stack_hci_22h2 | cpe:/o:microsoft:azure_stack_hci_22h2 | |
| microsoft | windows_server_2022 | cpe:/o:microsoft:windows_server_2022 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21526
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21756
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32033
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32034
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32035
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32037
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32038
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32039
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32040
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32041
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32042
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32043
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32044
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32045
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32046
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32049
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32053
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32054
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32055
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32056
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32057
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32083
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32084
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32085
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33154
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33155
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33163
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33164
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33166
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33167
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33168
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33169
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33172
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33173
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33174
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35296
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35297
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35298
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35299
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35300
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35302
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35303
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35304
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35305
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35306
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35308
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35309
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35310
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35312
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35313
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35314
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35315
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35316
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35317
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35318
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35319
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35320
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35321
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35322
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35323
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35324
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35325
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35326
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35328
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35329
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35330
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35331
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35332
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35336
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35337
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35338
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35339
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35340
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35341
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35342
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35343
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35344
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35345
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35346
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35347
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35348
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35350
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35351
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35352
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35353
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35356
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35357
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35358
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35360
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35361
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35362
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35363
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35364
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35365
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35366
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35367
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36871
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36874
support.microsoft.com/help/5028171
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8 High
AI Score
Confidence
High
0.147 Low
EPSS
Percentile
95.8%