Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS24_APR_5036892.NASL
HistoryApr 09, 2024 - 12:00 a.m.

KB5036892: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (April 2024)

2024-04-0900:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
51
windows 10
security update
smartscreen prompt
secure boot
vulnerability
remote code execution
windows host
nessus scanner

7.5 High

AI Score

Confidence

Low

JSON

The remote Windows host is missing security update 5036892. It is, therefore, affected by multiple vulnerabilities

  • SmartScreen Prompt Security Feature Bypass Vulnerability (CVE-2024-29988)

  • Secure Boot Security Feature Bypass Vulnerability (CVE-2024-20669, CVE-2024-26168, CVE-2024-26171, CVE-2024-26175, CVE-2024-26180, CVE-2024-26189, CVE-2024-26194, CVE-2024-26240, CVE-2024-26250, CVE-2024-28896, CVE-2024-28897, CVE-2024-28898, CVE-2024-28903, CVE-2024-28919, CVE-2024-28920, CVE-2024-28921, CVE-2024-28922, CVE-2024-28923, CVE-2024-28924, CVE-2024-28925, CVE-2024-29061, CVE-2024-29062)

  • Windows rndismp6.sys Remote Code Execution Vulnerability (CVE-2024-26252, CVE-2024-26253)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.

#
# The descriptive text and package checks in this plugin were
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
##

include('compat.inc');

if (description)
{
  script_id(193090);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/06");

  script_cve_id(
    "CVE-2024-2201",
    "CVE-2024-20665",
    "CVE-2024-20669",
    "CVE-2024-20678",
    "CVE-2024-20693",
    "CVE-2024-21447",
    "CVE-2024-23593",
    "CVE-2024-23594",
    "CVE-2024-26158",
    "CVE-2024-26168",
    "CVE-2024-26171",
    "CVE-2024-26172",
    "CVE-2024-26175",
    "CVE-2024-26179",
    "CVE-2024-26180",
    "CVE-2024-26183",
    "CVE-2024-26189",
    "CVE-2024-26194",
    "CVE-2024-26200",
    "CVE-2024-26205",
    "CVE-2024-26207",
    "CVE-2024-26208",
    "CVE-2024-26209",
    "CVE-2024-26210",
    "CVE-2024-26211",
    "CVE-2024-26214",
    "CVE-2024-26217",
    "CVE-2024-26218",
    "CVE-2024-26219",
    "CVE-2024-26220",
    "CVE-2024-26228",
    "CVE-2024-26229",
    "CVE-2024-26230",
    "CVE-2024-26232",
    "CVE-2024-26234",
    "CVE-2024-26237",
    "CVE-2024-26239",
    "CVE-2024-26240",
    "CVE-2024-26241",
    "CVE-2024-26242",
    "CVE-2024-26243",
    "CVE-2024-26244",
    "CVE-2024-26248",
    "CVE-2024-26250",
    "CVE-2024-26252",
    "CVE-2024-26253",
    "CVE-2024-26254",
    "CVE-2024-26255",
    "CVE-2024-28896",
    "CVE-2024-28897",
    "CVE-2024-28898",
    "CVE-2024-28900",
    "CVE-2024-28901",
    "CVE-2024-28902",
    "CVE-2024-28903",
    "CVE-2024-28919",
    "CVE-2024-28920",
    "CVE-2024-28921",
    "CVE-2024-28922",
    "CVE-2024-28923",
    "CVE-2024-28924",
    "CVE-2024-28925",
    "CVE-2024-29050",
    "CVE-2024-29052",
    "CVE-2024-29061",
    "CVE-2024-29062",
    "CVE-2024-29064",
    "CVE-2024-29988"
  );
  script_xref(name:"MSKB", value:"5036892");
  script_xref(name:"MSFT", value:"MS24-5036892");
  script_xref(name:"IAVA", value:"2024-A-0227");
  script_xref(name:"IAVA", value:"2024-A-0228");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2024/05/21");

  script_name(english:"KB5036892: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (April 2024)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host is missing security update 5036892. It is, therefore, affected by multiple vulnerabilities

  - SmartScreen Prompt Security Feature Bypass Vulnerability (CVE-2024-29988)

  - Secure Boot Security Feature Bypass Vulnerability (CVE-2024-20669, CVE-2024-26168, CVE-2024-26171,
    CVE-2024-26175, CVE-2024-26180, CVE-2024-26189, CVE-2024-26194, CVE-2024-26240, CVE-2024-26250,
    CVE-2024-28896, CVE-2024-28897, CVE-2024-28898, CVE-2024-28903, CVE-2024-28919, CVE-2024-28920,
    CVE-2024-28921, CVE-2024-28922, CVE-2024-28923, CVE-2024-28924, CVE-2024-28925, CVE-2024-29061,
    CVE-2024-29062)

  - Windows rndismp6.sys Remote Code Execution Vulnerability (CVE-2024-26252, CVE-2024-26253)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/help/5036892");
  script_set_attribute(attribute:"solution", value:
"Apply Security Update 5036892");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-29988");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/04/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/04/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include('smb_func.inc');
include('smb_hotfixes.inc');
include('smb_hotfixes_fcheck.inc');
include('smb_reg_query.inc');

get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');

bulletin = 'MS24-04';
kbs = make_list(
  '5036892'
);

if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);


var os_name = get_kb_item("SMB/ProductName");

if ( (("enterprise" >< tolower(os_name) || "education" >< tolower(os_name))
  && 
 smb_check_rollup(os:'10',
                   os_build:19044,
                   rollup_date:'04_2024',
                   bulletin:bulletin,
                   rollup_kb_list:[5036892])
)
|| 
  smb_check_rollup(os:'10',
                   os_build:19045,
                   rollup_date:'04_2024',
                   bulletin:bulletin,
                   rollup_kb_list:[5036892])
)

{
  replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows

References

Related

openvas 8
mskb 14
nessus 17
kaspersky 2
qualysblog 1
rapid7blog 1
malwarebytes 1
talosblog 1
cve 67
mscve 68
zdi 2
cnvd 1
thn 2
krebs 1
githubexploit 1
xen 1
oraclelinux 4
attackerkb 1
debiancve 1
redhatcve 1
ubuntucve 1
cert 1
cisa_kev 1
citrix 1
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5036892)
2024-04-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5036894)
2024-04-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5036925)
2024-04-10 00:00:00
mskb
mskb
April 9, 2024—KB5036893 (OS Builds 22621.3447 and 22631.3447)
2024-04-09 07:00:00
April 9, 2024—KB5036894 (OS Build 22000.2899)
2024-04-09 07:00:00
April 9, 2024—KB5036892 (OS Builds 19044.4291 and 19045.4291)
2024-04-09 07:00:00
nessus
nessus
KB5036894: Windows 11 version 21H2 Security Update (April 2024)
2024-04-09 00:00:00
KB5036893: Windows 11 version 22H2 Security Update (April 2024)
2024-04-09 00:00:00
KB5036925: Windows 10 LTS 1507 Security Update (April 2024)
2024-04-09 00:00:00
kaspersky
kaspersky
KLA65512 Multiple vulnerabilities in Microsoft Products (ESU)
2024-04-09 00:00:00
KLA65511 Multiple vulnerabilities in Microsoft Windows
2024-04-09 00:00:00
qualysblog
qualysblog
Microsoft and Adobe Patch Tuesday, April 2024 Security Update Review
2024-04-09 19:23:40
rapid7blog
rapid7blog
Patch Tuesday - April 2024
2024-04-09 20:28:17
malwarebytes
malwarebytes
Microsoft’s April 2024 Patch Tuesday includes two actively exploited zero-day vulnerabilities
2024-04-11 08:23:55
talosblog
talosblog
April’s Patch Tuesday includes 150 vulnerabilities, 60 which could lead to remote code execution
2024-04-09 18:23:00
cve
cve
CVE-2024-23594
2024-04-15 18:15:10
CVE-2024-28901
2024-04-09 17:00:19
CVE-2024-29052
2024-04-09 17:01:21
mscve
mscve
Windows Authentication Elevation of Privilege Vulnerability
2024-04-09 07:00:00
Windows Remote Access Connection Manager Information Disclosure Vulnerability
2024-04-09 07:00:00
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
2024-04-09 07:00:00
zdi
zdi
Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability
2024-04-09 00:00:00
Microsoft Windows Internet Shortcut SmartScreen Bypass Vulnerability
2024-04-09 00:00:00
cnvd
cnvd
Microsoft Windows Hyper-V Denial of Service Vulnerability
2024-04-11 00:00:00
thn
thn
Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included
2024-04-10 04:57:00
Researchers Uncover First Native Spectre v2 Exploit Against Linux Kernel
2024-04-10 09:26:00
krebs
krebs
April’s Patch Tuesday Brings Record Number of Fixes
2024-04-09 20:28:17
githubexploit
githubexploit
Exploit for CVE-2024-29988
2024-05-03 12:17:25
xen
xen
x86: Native Branch History Injection
2024-04-09 17:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2024-05-13 00:00:00
Unbreakable Enterprise kernel-container security update
2024-05-13 00:00:00
Unbreakable Enterprise kernel security update
2024-04-08 00:00:00
attackerkb
attackerkb
CVE-2024-29988
2024-04-09 00:00:00
debiancve
debiancve
CVE-2024-2201
2024-04-10 15:17:48
redhatcve
redhatcve
CVE-2024-2201
2024-04-10 04:50:44
ubuntucve
ubuntucve
CVE-2024-2201
2024-04-09 00:00:00
cert
cert
Linux kernel on Intel systems is susceptible to Spectre v2 attacks
2024-04-09 00:00:00
cisa_kev
cisa_kev
Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability
2024-04-30 00:00:00
citrix
citrix
XenServer and Citrix Hypervisor Security Update for CVE-2023-46842, CVE-2024-2201 and CVE-2024-31142
2024-04-11 08:39:54

7.5 High

AI Score

Confidence

Low

JSON
Related for SMB_NT_MS24_APR_5036892.NASL
openvas8mskb14nessus17kaspersky2qualysblog1rapid7blog1malwarebytes1talosblog1cve67mscve68zdi2cnvd1thn2krebs1githubexploit1xen1oraclelinux4attackerkb1debiancve1redhatcve1ubuntucve1cert1cisa_kev1citrix1