Lucene search

HistoryJul 11, 2023 - 12:00 a.m.

KB5028182: Windows 11 version 21H2 Security Update (July 2023)

2023-07-1100:00:00

www.tenable.com

windows 11

security update

rras

remote code execution

netlogon

info disclosure

win32k

privilege elevation

cve-2023-35365

cve-2023-35366

cve-2023-35367

cve-2023-21526

cve-2023-21756

nessus

vulnerabilities

7.8 High

AI Score

Confidence

High

JSON

The remote Windows host is missing security update 5028182. It is, therefore, affected by multiple vulnerabilities

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability (CVE-2023-35365, CVE-2023-35366, CVE-2023-35367)
Windows Netlogon Information Disclosure Vulnerability (CVE-2023-21526)
Windows Win32k Elevation of Privilege Vulnerability (CVE-2023-21756)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.

#
# The descriptive text and package checks in this plugin were
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
##

include('compat.inc');

if (description)
{
  script_id(178166);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/01");

  script_cve_id(
    "CVE-2023-21526",
    "CVE-2023-21756",
    "CVE-2023-32034",
    "CVE-2023-32035",
    "CVE-2023-32037",
    "CVE-2023-32038",
    "CVE-2023-32039",
    "CVE-2023-32040",
    "CVE-2023-32041",
    "CVE-2023-32042",
    "CVE-2023-32043",
    "CVE-2023-32044",
    "CVE-2023-32045",
    "CVE-2023-32046",
    "CVE-2023-32049",
    "CVE-2023-32053",
    "CVE-2023-32054",
    "CVE-2023-32055",
    "CVE-2023-32056",
    "CVE-2023-32057",
    "CVE-2023-32084",
    "CVE-2023-32085",
    "CVE-2023-33154",
    "CVE-2023-33155",
    "CVE-2023-33164",
    "CVE-2023-33166",
    "CVE-2023-33167",
    "CVE-2023-33168",
    "CVE-2023-33169",
    "CVE-2023-33172",
    "CVE-2023-33173",
    "CVE-2023-33174",
    "CVE-2023-35296",
    "CVE-2023-35297",
    "CVE-2023-35298",
    "CVE-2023-35299",
    "CVE-2023-35300",
    "CVE-2023-35302",
    "CVE-2023-35303",
    "CVE-2023-35304",
    "CVE-2023-35305",
    "CVE-2023-35306",
    "CVE-2023-35308",
    "CVE-2023-35309",
    "CVE-2023-35312",
    "CVE-2023-35313",
    "CVE-2023-35314",
    "CVE-2023-35315",
    "CVE-2023-35316",
    "CVE-2023-35318",
    "CVE-2023-35319",
    "CVE-2023-35320",
    "CVE-2023-35323",
    "CVE-2023-35324",
    "CVE-2023-35325",
    "CVE-2023-35326",
    "CVE-2023-35328",
    "CVE-2023-35329",
    "CVE-2023-35330",
    "CVE-2023-35332",
    "CVE-2023-35336",
    "CVE-2023-35337",
    "CVE-2023-35338",
    "CVE-2023-35339",
    "CVE-2023-35340",
    "CVE-2023-35341",
    "CVE-2023-35342",
    "CVE-2023-35343",
    "CVE-2023-35347",
    "CVE-2023-35353",
    "CVE-2023-35356",
    "CVE-2023-35357",
    "CVE-2023-35358",
    "CVE-2023-35360",
    "CVE-2023-35361",
    "CVE-2023-35362",
    "CVE-2023-35363",
    "CVE-2023-35364",
    "CVE-2023-35365",
    "CVE-2023-35366",
    "CVE-2023-35367",
    "CVE-2023-36871",
    "CVE-2023-36874"
  );
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2023/08/01");
  script_xref(name:"MSKB", value:"5028182");
  script_xref(name:"MSFT", value:"MS23-5028182");
  script_xref(name:"IAVA", value:"2023-A-0347-S");
  script_xref(name:"IAVA", value:"2023-A-0345-S");

  script_name(english:"KB5028182: Windows 11 version 21H2 Security Update (July 2023)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host is missing security update 5028182. It is, therefore, affected by multiple vulnerabilities

  - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability (CVE-2023-35365,
    CVE-2023-35366, CVE-2023-35367)

  - Windows Netlogon Information Disclosure Vulnerability (CVE-2023-21526)

  - Windows Win32k Elevation of Privilege Vulnerability (CVE-2023-21756)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/help/5028182");
  script_set_attribute(attribute:"solution", value:
"Apply Security Update 5028182");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-35367");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Microsoft Error Reporting Local Privilege Elevation Vulnerability');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/07/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/07/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include('smb_func.inc');
include('smb_hotfixes.inc');
include('smb_hotfixes_fcheck.inc');
include('smb_reg_query.inc');

get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');

bulletin = 'MS23-07';
kbs = make_list(
  '5028182'
);

if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  smb_check_rollup(os:'10',
                   os_build:22000,
                   rollup_date:'07_2023',
                   bulletin:bulletin,
                   rollup_kb_list:[5028182])
)
{
  replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}

VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows

Vendor	Product	Version	CPE
microsoft	windows		cpe:/o:microsoft:windows

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21526

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21756

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32034

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32035

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32037

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32038

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32039

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32040

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32041

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32042

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32043

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32044

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32045

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32046

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32049

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32053

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32054

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32055

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32056

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32057

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32084

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32085

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33154

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33155

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33164

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33166

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33167

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33168

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33169

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33172

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33173

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33174

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35296

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35297

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35298

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35299

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35300

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35302

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35303

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35304

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35305

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35306

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35308

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35309

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35312

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35313

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35314

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35315

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35316

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35318

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35319

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35320

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35323

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35324

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35325

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35326

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35328

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35329

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35330

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35332

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35336

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35337

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35338

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35339

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35340

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35341

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35342

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35343

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35347

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35353

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35356

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35357

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35358

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35360

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35361

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35362

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35363

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35364

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35365

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35366

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35367

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36871

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36874

support.microsoft.com/help/5028182

7.8 High

AI Score

Confidence

High

JSON

Related for SMB_NT_MS23_JUL_5028182.NASL