Vulners
Lucene search
Microsoft Windows Update Reboot Required
| Source | Link |
|---|---|
| technet | www.technet.microsoft.com/en-us/library/cc960241.aspx |
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(35453);
script_version("1.15");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/05/18");
script_name(english:"Microsoft Windows Update Reboot Required");
script_summary(english:"Checks registry");
script_set_attribute(attribute:"synopsis", value:"The remote Windows host requires a reboot.");
script_set_attribute(attribute:"description", value:
"According to entries in its registry, a reboot is required by Windows
Update to complete installation of at least one update. If the pending
changes are security-related, the remote host could remain vulnerable
to attack until a reboot occurs.");
script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/library/cc960241.aspx");
script_set_attribute(attribute:"solution", value:"Reboot the remote system to put pending changes into effect.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"cvss_score_source", value:"manual");
script_set_attribute(attribute:"cvss_score_rationale", value:"The remote host may require a reboot to complete installation of security patches");
script_set_attribute(attribute:"plugin_publication_date", value:"2009/01/23");
script_set_attribute(attribute:"plugin_type", value:"local");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2009-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("smb_hotfixes.nasl");
script_require_keys("SMB/Registry/Enumerated");
script_require_ports(139, 445);
exit(0);
}
include('debug.inc');
include('smb_func.inc');
include("inventory_agent_windows_registry.inc");
if (!get_kb_item("SMB/Registry/Enumerated")) exit(1,"The 'SMB/Registry/Enumerated' KB item is missing.");
# Connect to the appropriate share.
var port = kb_smb_transport();
var login = kb_smb_login();
var pass = kb_smb_password();
var domain = kb_smb_domain();
if(! smb_session_init()) audit(AUDIT_FN_FAIL, "smb_session_init");
var rc = NetUseAdd(login:login, password:pass, domain:domain, share:"IPC$");
if (rc != 1)
{
NetUseDel();
audit(AUDIT_SHARE_FAIL, "IPC$");
}
# Connect to remote registry.
var hklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);
if (isnull(hklm))
{
NetUseDel();
audit(AUDIT_REG_FAIL);
}
# Check registry entries.
var reasons = [];
var au_key = "SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired";
var au_key_h = RegOpenKey(handle:hklm, key:au_key, mode:MAXIMUM_ALLOWED);
if (!isnull(au_key_h))
{
var info = RegQueryInfoKey(handle:au_key_h);
# Enumerate values under the RebootRequired key; each GUID-named value represents an applied update that may require a reboot.
for (var i=0; i<info[0]; ++i)
{
var item = RegEnumValue(handle:au_key_h, index:i);
if (!isnull(item) && item[1] =~ "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$")
{
var value = RegQueryValue(handle:au_key_h, item:item[1]);
var au_present = false;
# use an actual boolean, the conditional expression results in an int
if (!isnull(value) && value[1] == 1)
au_present = true;
# intentionally recording this in the KB regardless of au_present so that CA will monitor the regkey
inventory_agent::windows::registry::record_key_presence(hive: "HKEY_LOCAL_MACHINE", key: au_key, is_present: au_present);
if (au_present)
{
append_element(value: "One or more applications have 'RebootRequired' flag set.", var: reasons);
break;
}
}
}
RegCloseKey(handle:au_key_h);
}
var cbs_key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending";
var cbs_key_h = RegOpenKey(handle:hklm, key:cbs_key, mode:MAXIMUM_ALLOWED);
var cbs_exists = false;
# use an actual boolean, the conditional expression results in an int
if (!isnull(cbs_key_h))
cbs_exists = true;
dbg::detailed_log(
lvl:2,
msg: "Component Based Servicing registry key",
msg_details: {
key: { lvl: 2, value: cbs_key },
present: { lvl: 2, value: cbs_exists }
}
);
# intentionally recording this in the KB regardless of cbs_exists so that CA will monitor the regkey
inventory_agent::windows::registry::record_key_presence(hive: "HKEY_LOCAL_MACHINE", key: cbs_key, is_present: cbs_exists);
if (cbs_exists)
{
append_element(value: "Component Based Servicing indicates that a reboot is pending.", var: reasons);
RegCloseKey(handle: cbs_key_h);
}
var session_key = "SYSTEM\CurrentControlSet\Control\Session Manager";
var session_reboot_name = "SystemUpdateOnBoot";
var session_key_h = RegOpenKey(handle:hklm, key:session_key, mode:MAXIMUM_ALLOWED);
if (!isnull(session_key_h))
{
var session_result = RegQueryValue(handle:session_key_h, item:session_reboot_name);
if (!isnull(session_result))
{
var session_reboot_value = session_result[1];
dbg::detailed_log(
lvl:3,
msg: "got registry value",
msg_details: {
key: { lvl: 3, value: session_key },
name: { lvl: 3, value: session_reboot_name },
value_type: { lvl: 3, value: session_result[0] },
value: { lvl: 3, value: serialize(session_reboot_value) },
}
);
# intentionally recording this in the KB regardless of value so that CA will monitor the regkey
inventory_agent::windows::registry::record_value(
hive: "HKEY_LOCAL_MACHINE",
key: session_key,
name: session_reboot_name,
value: session_reboot_value
);
if (session_reboot_value)
append_element(value: "The Session Manager indicates that the system will update on the next boot.", var: reasons);
}
else
{
dbg::detailed_log(
lvl:1,
msg: "registry value is null",
msg_details: {
key: { lvl: 1, value: session_key },
name: { lvl: 1, value: session_reboot_name },
}
);
}
}
else
{
dbg::detailed_log(
lvl:1,
msg: "registry key not found",
msg_details: {
key: { lvl: 1, value: session_key }
}
);
}
if (session_key_h && report_paranoia > 1)
{
value = RegQueryValue(handle:session_key_h, item:'PendingFileRenameOperations');
if (!isnull(value))
{
var format_value_1 = value[1];
var format_value_2 = str_replace(string:format_value_1, find:'\0', replace:'\n');
append_element(
value: strcat(
"The Registry key 'HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations' is set, with the below value.",
'\n\n',
format_value_2
),
var: reasons
);
}
}
if (session_key_h) RegCloseKey(handle: session_key_h);
RegCloseKey(handle:hklm);
NetUseDel();
if (!empty(reasons))
{
var report = NULL;
if(report_verbosity > 0)
{
report = strcat(
'\nNessus determined a reboot is required based on the following info : \n\n',
strjoin(list: reasons, separator: '\n')
);
}
security_hole(port:445, extra:report);
}
else
exit(0, 'The remote host does not need to be rebooted.');
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
18 May 2026 00:00Current
5.8Medium risk
Vulners AI Score5.8