Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS23_NOV_5032247.NASL
HistoryNov 14, 2023 - 12:00 a.m.

KB5032247: Windows Server 2012 Security Update (November 2023)

2023-11-1400:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
55
windows server 2012
security update
vulnerabilities
remote code execution
smartscreen
nessus
scanner
cve-2023-36402
cve-2023-36397
cve-2023-36025

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.05 Low

EPSS

Percentile

92.9%

JSON

The remote Windows host is missing security update 5032247. It is, therefore, affected by multiple vulnerabilities

  • Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36402)

  • Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-36397)

  • Windows SmartScreen Security Feature Bypass Vulnerability (CVE-2023-36025)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.

#
# The descriptive text and package checks in this plugin were
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
##

include('compat.inc');

if (description)
{
  script_id(185589);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/17");

  script_cve_id(
    "CVE-2023-36017",
    "CVE-2023-36025",
    "CVE-2023-36036",
    "CVE-2023-36392",
    "CVE-2023-36393",
    "CVE-2023-36395",
    "CVE-2023-36397",
    "CVE-2023-36398",
    "CVE-2023-36401",
    "CVE-2023-36402",
    "CVE-2023-36403",
    "CVE-2023-36423",
    "CVE-2023-36424",
    "CVE-2023-36425",
    "CVE-2023-36428",
    "CVE-2023-36705",
    "CVE-2023-36719",
    "CVE-2024-21315"
  );
  script_xref(name:"MSKB", value:"5032247");
  script_xref(name:"MSFT", value:"MS23-5032247");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2023/12/05");
  script_xref(name:"IAVA", value:"2023-A-0638-S");
  script_xref(name:"IAVA", value:"2023-A-0636-S");
  script_xref(name:"IAVA", value:"2024-A-0105");

  script_name(english:"KB5032247: Windows Server 2012 Security Update (November 2023)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host is missing security update 5032247. It is, therefore, affected by multiple vulnerabilities

  - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36402)

  - Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-36397)

  - Windows SmartScreen Security Feature Bypass Vulnerability (CVE-2023-36025)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/help/5032247");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21315");
  script_set_attribute(attribute:"solution", value:
"Apply Security Update 5032247");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-36402");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2023-36397");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/11/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/11/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows_server_2012");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include('smb_func.inc');
include('smb_hotfixes.inc');
include('smb_hotfixes_fcheck.inc');
include('smb_reg_query.inc');

get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');

bulletin = 'MS23-11';
kbs = make_list(
  '5032247'
);

if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

if (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  smb_check_rollup(os:'6.2',
                   sp:0,
                   rollup_date:'11_2023',
                   bulletin:bulletin,
                   rollup_kb_list:[5032247])
)
{
  replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}
VendorProductVersionCPE
microsoftwindows_server_2012cpe:/o:microsoft:windows_server_2012

References

Related

nessus 12
kaspersky 3
mskb 18
openvas 6
talosblog 2
cve 18
prion 18
mscve 18
vulnrichment 8
cvelist 18
nvd 18
thn 11
githubexploit 3
cisa_kev 2
hivepro 2
attackerkb 2
trendmicroblog 1
rapid7blog 2
malwarebytes 1
qualysblog 1
krebs 2
avleonov 1
googleprojectzero 1
nessus
nessus
KB5032249: Windows Server 2012 R2 Security Update (November 2023)
2023-11-14 00:00:00
KB5032250: Windows Server 2008 R2 Security Update (November 2023)
2023-11-14 00:00:00
KB5032248: Windows Server 2008 Security Update (November 2023)
2023-11-14 00:00:00
kaspersky
kaspersky
KLA61980 Multiple vulnerabilities in Microsoft Products (ESU)
2023-11-14 00:00:00
KLA61975 Multiple vulnerabilities in Microsoft Windows
2023-11-14 00:00:00
KLA63962 PE vulnerability in Microsoft System Center
2024-02-20 00:00:00
mskb
mskb
November 14, 2023—KB5032249 (Monthly Rollup)
2023-11-14 08:00:00
November 14, 2023—KB5032248 (Security-only update)
2023-11-14 08:00:00
November 14, 2023—KB5032250 (Security-only update)
2023-11-14 08:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5032199)
2023-11-16 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5032197)
2023-11-16 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5032189)
2023-11-16 00:00:00
talosblog
talosblog
Microsoft discloses only three critical vulnerabilities in November’s Patch Tuesday update, three other zero-days
2023-11-14 19:46:02
We all just need to agree that ad blockers are good
2023-11-16 19:00:39
cve
cve
CVE-2023-36392
2023-11-14 18:15:37
CVE-2023-36395
2023-11-14 18:15:38
CVE-2023-36424
2023-11-14 18:15:45
prion
prion
Denial of service
2023-11-14 18:15:00
Privilege escalation
2024-02-13 18:15:00
Denial of service
2023-11-14 18:15:00
mscve
mscve
Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability
2024-02-20 08:00:00
Windows Installer Elevation of Privilege Vulnerability
2023-11-14 08:00:00
Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability
2023-11-14 08:00:00
vulnrichment
vulnrichment
CVE-2024-21315 Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability
2024-02-13 18:02:27
CVE-2023-36398 Windows NTFS Information Disclosure Vulnerability
2023-11-14 17:57:24
CVE-2023-36424 Windows Common Log File System Driver Elevation of Privilege Vulnerability
2023-11-14 17:57:08
cvelist
cvelist
CVE-2024-21315 Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability
2024-02-13 18:02:27
CVE-2023-36395 Windows Deployment Services Denial of Service Vulnerability
2023-11-14 17:57:25
CVE-2023-36398 Windows NTFS Information Disclosure Vulnerability
2023-11-14 17:57:24
nvd
nvd
CVE-2024-21315
2024-02-13 18:15:48
CVE-2023-36395
2023-11-14 18:15:38
CVE-2023-36017
2023-11-14 18:15:31
thn
thn
Hackers Weaponize Windows Flaw to Deploy Crypto-Siphoning Phemedrone Stealer
2024-01-16 07:13:00
New Mispadu Banking Trojan Exploiting Windows SmartScreen Flaw
2024-02-05 03:45:00
Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware
2023-12-22 12:46:00
githubexploit
githubexploit
Exploit for CVE-2023-36025
2023-12-28 23:29:04
Exploit for Out-of-bounds Read in Microsoft
2024-03-21 21:39:24
Exploit for CVE-2023-36025
2023-11-17 15:46:44
cisa_kev
cisa_kev
Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability
2023-11-14 00:00:00
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
2023-11-14 00:00:00
hivepro
hivepro
Attacks, Vulnerabilities and Actors 5 to 11 February 2024
2024-02-13 11:12:58
Mispadu Leverages CVE-2023-36025 Vulnerability in Latest Attack
2024-02-08 14:06:16
attackerkb
attackerkb
CVE-2023-36036
2023-11-14 00:00:00
CVE-2023-36025
2023-11-14 00:00:00
trendmicroblog
trendmicroblog
CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign
2024-01-12 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - November 2023
2023-11-14 21:27:09
Patch Tuesday - February 2024
2024-02-13 21:26:21
malwarebytes
malwarebytes
Update now! Microsoft patches 3 actively exploited zero-days
2023-11-15 22:04:31
qualysblog
qualysblog
Microsoft and Adobe Patch Tuesday, November 2023 Security Update Review
2023-11-14 20:29:03
krebs
krebs
Microsoft Patch Tuesday, November 2023 Edition
2023-11-14 23:00:59
Fat Patch Tuesday, February 2024 Edition
2024-02-13 22:28:48
avleonov
avleonov
November 2023 – January 2024: New Vulristics Features, 3 Months of Microsoft Patch Tuesdays and Linux Patch Wednesdays, Year 2023 in Review
2024-02-01 17:07:20
googleprojectzero
googleprojectzero
The Windows Registry Adventure #1: Introduction and research results
2024-04-18 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.05 Low

EPSS

Percentile

92.9%

JSON
Related for SMB_NT_MS23_NOV_5032247.NASL
nessus12kaspersky3mskb18openvas6talosblog2cve18prion18mscve18vulnrichment8cvelist18nvd18thn11githubexploit3cisa_kev2hivepro2attackerkb2trendmicroblog1rapid7blog2malwarebytes1qualysblog1krebs2avleonov1googleprojectzero1