Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

KB5044277: Windows 10 version 1809 / Windows Server 2019 Security Update (October 2024)

🗓️ 08 Oct 2024 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 59 Views

Windows 10/Server 2019 Security Update KB5044277 missing, multiple vulnerabilities including libcurl and Remote Desktop Client RC

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit		Exploit for Execution with Unnecessary Privileges in Microsoft
21 Feb 202519:37
githubexploit
GithubExploit		Exploit for Improper Authentication in Microsoft
25 Oct 202414:53
githubexploit
GithubExploit		Exploit for Use After Free in Microsoft
7 Jun 202509:13
githubexploit
IBM Security Bulletins		Security Bulletin: IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities
11 Sep 202408:43
ibm
IBM Security Bulletins		Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to stack overwrite due to the libcurl package (CVE-2024-6197)
2 Sep 202514:32
ibm
IBM Security Bulletins		Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for August 2024.
15 Apr 202502:56
ibm
IBM Security Bulletins		Security Bulletin: PowerSC is vulnerable to information disclosure, denial of service, and security restrictions bypass due to Curl
4 Dec 202422:17
ibm
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, IBM Java, and IBM Storage Protect Backup-Archive Client may affect IBM Storage Protect Backup-Archive Client
18 Oct 202412:50
ibm
ATTACKERKB		CVE-2024-43572
8 Oct 202400:00
attackerkb
ATTACKERKB		CVE-2024-43573
8 Oct 202400:00
attackerkb
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.

#
# The descriptive text and package checks in this plugin were
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
##

include('compat.inc');

if (description)
{
  script_id(208285);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/11/18");

  script_cve_id(
    "CVE-2024-6197",
    "CVE-2024-20659",
    "CVE-2024-30092",
    "CVE-2024-37976",
    "CVE-2024-37979",
    "CVE-2024-37982",
    "CVE-2024-37983",
    "CVE-2024-38124",
    "CVE-2024-38149",
    "CVE-2024-38202",
    "CVE-2024-38212",
    "CVE-2024-38261",
    "CVE-2024-38262",
    "CVE-2024-38265",
    "CVE-2024-43453",
    "CVE-2024-43456",
    "CVE-2024-43501",
    "CVE-2024-43502",
    "CVE-2024-43506",
    "CVE-2024-43509",
    "CVE-2024-43511",
    "CVE-2024-43512",
    "CVE-2024-43513",
    "CVE-2024-43514",
    "CVE-2024-43515",
    "CVE-2024-43516",
    "CVE-2024-43517",
    "CVE-2024-43518",
    "CVE-2024-43519",
    "CVE-2024-43520",
    "CVE-2024-43521",
    "CVE-2024-43523",
    "CVE-2024-43524",
    "CVE-2024-43525",
    "CVE-2024-43526",
    "CVE-2024-43528",
    "CVE-2024-43532",
    "CVE-2024-43534",
    "CVE-2024-43535",
    "CVE-2024-43536",
    "CVE-2024-43537",
    "CVE-2024-43538",
    "CVE-2024-43540",
    "CVE-2024-43541",
    "CVE-2024-43542",
    "CVE-2024-43543",
    "CVE-2024-43544",
    "CVE-2024-43545",
    "CVE-2024-43547",
    "CVE-2024-43549",
    "CVE-2024-43550",
    "CVE-2024-43551",
    "CVE-2024-43553",
    "CVE-2024-43554",
    "CVE-2024-43555",
    "CVE-2024-43556",
    "CVE-2024-43557",
    "CVE-2024-43558",
    "CVE-2024-43559",
    "CVE-2024-43560",
    "CVE-2024-43561",
    "CVE-2024-43562",
    "CVE-2024-43563",
    "CVE-2024-43564",
    "CVE-2024-43565",
    "CVE-2024-43567",
    "CVE-2024-43570",
    "CVE-2024-43572",
    "CVE-2024-43573",
    "CVE-2024-43575",
    "CVE-2024-43581",
    "CVE-2024-43582",
    "CVE-2024-43583",
    "CVE-2024-43585",
    "CVE-2024-43589",
    "CVE-2024-43592",
    "CVE-2024-43593",
    "CVE-2024-43599",
    "CVE-2024-43607",
    "CVE-2024-43608",
    "CVE-2024-43611",
    "CVE-2024-43615"
  );
  script_xref(name:"MSKB", value:"5044277");
  script_xref(name:"MSFT", value:"MS24-5044277");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2024/10/29");
  script_xref(name:"IAVA", value:"2024-A-0628");
  script_xref(name:"IAVA", value:"2024-A-0631-S");
  script_xref(name:"IAVA", value:"2024-A-0630-S");

  script_name(english:"KB5044277: Windows 10 version 1809 / Windows Server 2019 Security Update (October 2024)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host is missing security update 5044277. It is, therefore, affected by multiple vulnerabilities

  - libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect
    an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte
    localstack buffer. Most modern malloc implementations detect this error and immediately abort. Some
    however accept the input pointer and add that memory to its list of available chunks. This leads to the
    overwriting of nearby stack memory. The content of the overwrite is decided by the `free()`
    implementation; likely to be memory pointers and a set of flags. The most likely outcome of exploting this
    flaw is a crash, although it cannot be ruled out that more serious results can be had in special
    circumstances. (CVE-2024-6197)
  
  - Remote Desktop Client Remote Code Execution Vulnerability (CVE-2024-43599)

  - An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote 
    Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.
    (CVE-2024-43607)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/help/5044277");
  script_set_attribute(attribute:"solution", value:
"Apply Security Update 5044277");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-43608");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2024-38124");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/07/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/10/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/10/08");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows_10_1809");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows_server_2019");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include('smb_func.inc');
include('smb_hotfixes.inc');
include('smb_hotfixes_fcheck.inc');
include('smb_reg_query.inc');

get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');

var bulletin = 'MS24-10';
var kbs = make_list(
  '5044277'
);

if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

var share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  smb_check_rollup(os:'10',
                   os_build:17763,
                   rollup_date:'10_2024',
                   bulletin:bulletin,
                   rollup_kb_list:[5044277])
)
{
  replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
18 Nov 2024 00:00Current
8.4High risk
Vulners AI Score8.4
CVSS 3.18.1 - 9
EPSS0.60954
SSVC
windows securityupdatekb5044277libcurlremote desktopvulnerabilitiescve-2024-6197cve-2024-43599cve-2024-43607remote code executionnessus scanner
59