Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2016 Greenbone AGOPENVAS:1361412562310809465
HistoryNov 09, 2016 - 12:00 a.m.

Microsoft Windows Multiple Vulnerabilities (3199172)

2016-11-0900:00:00
Copyright (C) 2016 Greenbone AG
plugins.openvas.org
11

7.7 High

AI Score

Confidence

High

0.922 High

EPSS

Percentile

98.9%

JSON

This host is missing a critical security
update according to Microsoft Bulletin MS16-130.

# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.809465");
  script_version("2023-11-03T05:05:46+0000");
  script_cve_id("CVE-2016-7221", "CVE-2016-7222", "CVE-2016-7212");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2023-11-03 05:05:46 +0000 (Fri, 03 Nov 2023)");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2018-10-12 22:14:00 +0000 (Fri, 12 Oct 2018)");
  script_tag(name:"creation_date", value:"2016-11-09 08:29:26 +0530 (Wed, 09 Nov 2016)");
  script_tag(name:"qod_type", value:"executable_version");
  script_name("Microsoft Windows Multiple Vulnerabilities (3199172)");

  script_tag(name:"summary", value:"This host is missing a critical security
  update according to Microsoft Bulletin MS16-130.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Multiple flaws exist due to

  - The Windows Input Method Editor (IME) improperly handles DLL loading.

  - The Windows Task Scheduler improperly schedule a new task.

  - The Windows image file loading functionality does not properly handle
    malformed image files.");

  script_tag(name:"impact", value:"Successful exploitation will allow an attacker
  to run arbitrary code with elevated system privileges or run a specially
  crafted application.");

  script_tag(name:"affected", value:"- Microsoft Windows Vista x32/x64 Service Pack 2

  - Microsoft Windows Server 2008 x32/x64 Service Pack 2

  - Microsoft Windows 7 x32/x64 Service Pack 1

  - Microsoft Windows Server 2008 R2 x64 Service Pack 1

  - Microsoft Windows 8.1 x32/x64

  - Microsoft Windows Server 2012/2012R2

  - Microsoft Windows 10 x32/x64");

  script_tag(name:"solution", value:"The vendor has released updates. Please see the references for more information.");

  script_tag(name:"solution_type", value:"VendorFix");

  script_xref(name:"URL", value:"https://support.microsoft.com/en-us/kb/3199172");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/94021");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/94023");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/94027");
  script_xref(name:"URL", value:"https://technet.microsoft.com/en-us/library/security/MS16-130");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2016 Greenbone AG");
  script_family("Windows : Microsoft Bulletins");
  script_dependencies("smb_reg_service_pack.nasl");
  script_require_ports(139, 445);
  script_mandatory_keys("SMB/WindowsVersion");
  script_xref(name:"URL", value:"https://technet.microsoft.com/library/security/MS16-130");

  exit(0);
}

include("smb_nt.inc");
include("secpod_reg.inc");
include("version_func.inc");
include("secpod_smb_func.inc");

if(hotfix_check_sp(winVista:3, winVistax64:3, win7:2, win7x64:2, win2008:3, win2008x64:3,
                   win2008r2:2, win2012:1, win2012R2:1, win8_1:1, win8_1x64:1, win10:1,
                   win10x64:1) <= 0){
  exit(0);
}

sysPath = smb_get_system32root();
if(!sysPath ){
  exit(0);
}

sysVer = fetch_file_version(sysPath:sysPath, file_name:"win32k.sys");
edgeVer = fetch_file_version(sysPath:sysPath, file_name:"edgehtml.dll");
asyVer = fetch_file_version(sysPath:sysPath, file_name:"asycfilt.dll");
ctfdll = fetch_file_version(sysPath:sysPath, file_name:"msctf.dll");
if(!sysVer && !edgeVer && !asyVer && !ctfdll){
  exit(0);
}

if(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) > 0 && sysVer)
{
  if(version_is_less(version:sysVer, test_version:"6.3.9600.18524"))
  {
    Vulnerable_range = "Less than 6.3.9600.18524";
    VULN = TRUE ;
  }
}

else if(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0 && sysVer)
{
  if(version_is_less(version:sysVer, test_version:"6.1.7601.23584"))
  {
    Vulnerable_range = "Less than 6.1.7601.23584";
    VULN = TRUE ;
  }
}

else if(hotfix_check_sp(win2012:1) > 0 )
{
  if(sysVer)
  {
    if(version_is_less(version:sysVer, test_version:"6.2.9200.22023"))
    {
      Vulnerable_range = "Less than 6.2.9200.22023";
      VULN = TRUE ;
    }
  }
  if(ctfdll)
  {
    if(version_is_less(version:ctfdll, test_version:"6.0.6002.19705"))
    {
      Vulnerable_range4 = "Less than 6.0.6002.19705";
      VULN4 = TRUE ;
    }

    else if(version_in_range(version:ctfdll, test_version:"6.0.6002.23000", test_version2:"6.0.6002.24027"))
    {
      Vulnerable_range4 = "6.0.6002.23000 - 6.0.6002.24027";
      VULN4 = TRUE ;
    }
  }
}

else if(hotfix_check_sp(winVista:3, winVistax64:3, win2008:3, win2008x64:3) > 0 && asyVer)
{
  if(version_is_less(version:asyVer, test_version:"6.0.6002.19700"))
  {
    Vulnerable_range3 = "Less than 6.0.6002.19700";
    VULN3 = TRUE ;
  }
  else if(version_in_range(version:asyVer, test_version:"6.0.6002.23000", test_version2:"6.0.6002.24023"))
  {
    Vulnerable_range3 = "6.0.6002.23000 - 6.0.6002.24023";
    VULN3 = TRUE ;
  }
}

else if(hotfix_check_sp(win10:1, win10x64:1) > 0 && edgeVer)
{
  if(version_is_less(version:edgeVer, test_version:"11.0.10240.17184"))
  {
    Vulnerable_range2 = "Less than 11.0.10240.17184";
    VULN2 = TRUE ;
  }
  else if(version_in_range(version:edgeVer, test_version:"11.0.10586.0", test_version2:"11.0.10586.671"))
  {
    Vulnerable_range2 = "11.0.10586.0 - 11.0.10586.671";
    VULN2 = TRUE ;
  }

  else if(version_in_range(version:edgeVer, test_version:"11.0.14393.0", test_version2:"11.0.14393.446"))
  {
    Vulnerable_range2 = "11.0.14393.0 - 11.0.14393.446";
    VULN2 = TRUE ;
  }
}

if(VULN)
{
  report = 'File checked:     ' + sysPath + "\win32k.sys" + '\n' +
           'File version:     ' + sysVer  + '\n' +
           'Vulnerable range: ' + Vulnerable_range + '\n' ;
  security_message(data:report);
  exit(0);
}

else if(VULN2)
{
  report = 'File checked:     ' + sysPath + "\edgehtml.dll" + '\n' +
           'File version:     ' + edgeVer  + '\n' +
           'Vulnerable range: ' + Vulnerable_range2 + '\n' ;
  security_message(data:report);
  exit(0);
}

else if(VULN3)
{
  report = 'File checked:     ' + sysPath + "\asycfilt.dll" + '\n' +
           'File version:     ' + asyVer  + '\n' +
           'Vulnerable range: ' + Vulnerable_range3 + '\n' ;
  security_message(data:report);
  exit(0);
}

else if(VULN4)
{
  report = 'File checked:     ' + sysPath + "\msctf.dll" + '\n' +
           'File version:     ' + ctfdll  + '\n' +
           'Vulnerable range: ' + Vulnerable_range4 + '\n' ;
  security_message(data:report);
  exit(0);
}

exit(0);

Related

nessus 1
mskb 12
prion 3
cve 3
cvelist 3
symantec 3
mscve 3
checkpoint_advisories 3
jvn 1
kaspersky 2
nessus
nessus
MS16-130: Security Update for Microsoft Windows (3199172)
2016-11-08 00:00:00
mskb
mskb
MS16-130: Security update for Microsoft Windows: November 8, 2016
2016-11-08 00:00:00
MS16-130: Description of the security update for Windows: November 8, 2016
2016-11-08 08:00:00
MS16-130 and MS16-135: Description of the security update for Windows: November 8, 2016
2016-11-08 08:00:00
prion
prion
Remote code execution
2016-11-10 06:59:00
Privilege escalation
2016-11-10 06:59:00
Privilege escalation
2016-11-10 06:59:00
cve
cve
CVE-2016-7212
2016-11-10 06:59:00
CVE-2016-7221
2016-11-10 06:59:00
CVE-2016-7222
2016-11-10 06:59:00
cvelist
cvelist
CVE-2016-7212
2016-11-10 06:16:00
CVE-2016-7222
2016-11-10 06:16:00
CVE-2016-7221
2016-11-10 06:16:00
symantec
symantec
Microsoft Windows File Manager CVE-2016-7212 Remote Code Execution Vulnerability
2016-11-08 00:00:00
Microsoft Windows Input Method Editor CVE-2016-7221 Local Privilege Escalation Vulnerability
2016-11-08 00:00:00
Microsoft Windows Task Scheduler CVE-2016-7222 Local Privilege Escalation Vulnerability
2016-11-08 00:00:00
mscve
mscve
Windows Remote Code Execution Vulnerability
2016-11-08 08:00:00
Windows IME Elevation of Privilege Vulnerability
2016-11-08 08:00:00
Task Scheduler Elevation of Privilege Vulnerability
2016-11-08 08:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows File Manager Remote Code Execution (MS16-130: CVE-2016-7212)
2016-11-08 00:00:00
Microsoft Windows IME Elevation of Privilege (MS16-130: CVE-2016-7221)
2016-12-27 00:00:00
Microsoft Task Scheduler Elevation of Privilege (MS16-130: CVE-2016-7222)
2016-12-27 00:00:00
jvn
jvn
JVN#21627267: Microsoft IME may insecurely load Dynamic Link Libraries
2017-07-07 00:00:00
kaspersky
kaspersky
KLA10897 Multiple vulnerabilities in Microsoft Windows
2016-11-08 00:00:00
KLA11832 Multiple vulnerabilities in Microsoft Products (ESU)
2016-11-08 00:00:00

7.7 High

AI Score

Confidence

High

0.922 High

EPSS

Percentile

98.9%

JSON
Related for OPENVAS:1361412562310809465
nessus1mskb12prion3cve3cvelist3symantec3mscve3checkpoint_advisories3jvn1kaspersky2