Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2023 Greenbone AGOPENVAS:1361412562310832305
HistoryJul 12, 2023 - 12:00 a.m.

Microsoft Windows Multiple Vulnerabilities (KB5028186)

2023-07-1200:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
5

8.4 High

AI Score

Confidence

High

0.224 Low

EPSS

Percentile

96.5%

JSON

This host is missing a critical security
update according to Microsoft KB5028186

# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.832305");
  script_version("2023-10-13T05:06:10+0000");
  script_xref(name:"CISA", value:"Known Exploited Vulnerability (KEV) catalog");
  script_xref(name:"URL", value:"https://www.cisa.gov/known-exploited-vulnerabilities-catalog");
  script_cve_id("CVE-2023-35306", "CVE-2023-33154", "CVE-2023-21526", "CVE-2023-32054",
                "CVE-2023-35362", "CVE-2023-35361", "CVE-2023-35360", "CVE-2023-35296",
                "CVE-2023-32044", "CVE-2023-35308", "CVE-2023-32055", "CVE-2023-35365",
                "CVE-2023-35302", "CVE-2023-33169", "CVE-2023-35367", "CVE-2023-32053",
                "CVE-2023-33168", "CVE-2023-35366", "CVE-2023-35303", "CVE-2023-32085",
                "CVE-2023-35299", "CVE-2023-32057", "CVE-2023-36874", "CVE-2023-35309",
                "CVE-2023-32038", "CVE-2023-33174", "CVE-2023-36871", "CVE-2023-35342",
                "CVE-2023-35341", "CVE-2023-35340", "CVE-2023-35339", "CVE-2023-35338",
                "CVE-2023-35336", "CVE-2023-35332", "CVE-2023-35330", "CVE-2023-35329",
                "CVE-2023-35328", "CVE-2023-35325", "CVE-2023-35324", "CVE-2023-35319",
                "CVE-2023-35318", "CVE-2023-35316", "CVE-2023-35314", "CVE-2023-35313",
                "CVE-2023-35312", "CVE-2023-35300", "CVE-2023-35297", "CVE-2023-32046",
                "CVE-2023-32045", "CVE-2023-32043", "CVE-2023-32042", "CVE-2023-32040",
                "CVE-2023-32039", "CVE-2023-32035", "CVE-2023-32034", "CVE-2023-33173",
                "CVE-2023-33172", "CVE-2023-33167", "CVE-2023-33166", "CVE-2023-33164",
                "CVE-2023-21756");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2023-10-13 05:06:10 +0000 (Fri, 13 Oct 2023)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-07-11 18:15:00 +0000 (Tue, 11 Jul 2023)");
  script_tag(name:"creation_date", value:"2023-07-12 13:27:16 +0530 (Wed, 12 Jul 2023)");
  script_name("Microsoft Windows Multiple Vulnerabilities (KB5028186)");

  script_tag(name:"summary", value:"This host is missing a critical security
  update according to Microsoft KB5028186");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present
  on the target host.");

  script_tag(name:"insight", value:"Multiple flaws exist due to:

  - A Remote Code Execution vulnerability in Windows Routing and Remote Access Service (RRAS).

  - A Remote Code Execution vulnerability in Microsoft PostScript and PCL6 Class Printer Driver.

  - A Remote Code Execution vulnerability in Microsoft Message Queuing.

  For more information about the vulnerabilities refer to Reference links.");

  script_tag(name:"impact", value:"Successful exploitation will allow an
  attacker to elevate privileges, execute arbitrary commands, disclose
  information, bypass security restrictions, spoofing and conduct DoS
  attacks.");

  script_tag(name:"affected", value:"- Microsoft Windows 10 for 32-bit Systems

  - Microsoft Windows 10 for x64-based Systems");

  script_tag(name:"solution", value:"The vendor has released updates. Please see
  the references for more information.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"executable_version");
  script_xref(name:"URL", value:"https://support.microsoft.com/en-us/help/5028186");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Windows : Microsoft Bulletins");
  script_dependencies("smb_reg_service_pack.nasl");
  script_require_ports(139, 445);
  script_mandatory_keys("SMB/WindowsVersion");
  exit(0);
}

include("smb_nt.inc");
include("secpod_reg.inc");
include("version_func.inc");
include("secpod_smb_func.inc");

if(hotfix_check_sp(win10:1, win10x64:1) <= 0){
  exit(0);
}

dllPath = smb_get_system32root();
if(!dllPath ){
  exit(0);
}

fileVer = fetch_file_version(sysPath:dllPath, file_name:"ntoskrnl.exe");
if(!fileVer){
  exit(0);
}

if(version_in_range(version:fileVer, test_version:"10.0.10240.0", test_version2:"10.0.10240.20047")) {
  report = report_fixed_ver(file_checked:dllPath + "\Ntoskrnl.exe", file_version:fileVer, vulnerable_range:"10.0.10240.0 - 10.0.10240.20047");
  security_message(port:0, data:report);
  exit(0);
}

exit(99);

Related

nessus 11
mskb 16
openvas 7
kaspersky 2
rapid7blog 1
qualysblog 1
avleonov 1
talosblog 1
cve 36
mscve 41
cvelist 42
prion 40
nessus
nessus
KB5028186: Windows 10 LTS 1507 Security Update (July 2023)
2023-07-11 00:00:00
KB5028223: Windows Server 2012 R2 Security Update (July 2023)
2023-07-11 00:00:00
KB5028233: Windows Server 2012 Security Update (July 2023)
2023-07-11 00:00:00
mskb
mskb
July 11, 2023—KB5028186 (OS Build 10240.20048)
2023-07-11 07:00:00
July 11, 2023—KB5028228 (Monthly Rollup)
2023-07-11 07:00:00
July 11, 2023—KB5028223 (Security-only update)
2023-07-11 07:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5028240)
2023-07-12 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5028166)
2023-07-12 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5028169)
2023-07-12 00:00:00
kaspersky
kaspersky
KLA50775 Multiple vulnerabilities in Microsoft Products (ESU)
2023-07-11 00:00:00
KLA50774 Multiple vulnerabilities in Microsoft Windows
2023-07-11 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - July 2023
2023-07-11 21:50:34
qualysblog
qualysblog
Microsoft and Adobe Patch Tuesday, July 2023 Security Update Review
2023-07-11 20:30:33
avleonov
avleonov
Microsoft Patch Tuesday July 2023: Vulristics improvements, Office RCE, SFB SmartScreen and Outlook, EoP MSHTML and ERS, other RCEs
2023-07-28 09:37:41
talosblog
talosblog
Microsoft discloses more than 130 vulnerabilities as part of July’s Patch Tuesday, four exploited in the wild
2023-07-11 19:26:31
cve
cve
CVE-2023-35339
2023-07-11 18:15:18
CVE-2023-32043
2023-07-11 18:15:13
CVE-2023-32042
2023-07-11 18:15:13
mscve
mscve
Windows Kernel Elevation of Privilege Vulnerability
2023-07-11 07:00:00
Windows MSHTML Platform Security Feature Bypass Vulnerability
2023-07-11 07:00:00
Windows Print Spooler Information Disclosure Vulnerability
2023-07-11 07:00:00
cvelist
cvelist
CVE-2023-35306 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
2023-07-11 17:03:24
CVE-2023-35361 Windows Kernel Elevation of Privilege Vulnerability
2023-07-11 17:02:58
CVE-2023-35316 Remote Procedure Call Runtime Information Disclosure Vulnerability
2023-07-11 17:02:36
prion
prion
Security feature bypass
2023-07-11 18:15:00
Information disclosure
2023-07-11 18:15:00
Remote code execution
2023-07-11 18:15:00

8.4 High

AI Score

Confidence

High

0.224 Low

EPSS

Percentile

96.5%

JSON
Related for OPENVAS:1361412562310832305
nessus11mskb16openvas7kaspersky2rapid7blog1qualysblog1avleonov1talosblog1cve36mscve41cvelist42prion40