DATABASE RESOURCES PRICING ABOUT US

{"id": "THN:FA6A50184463DFCD20073D5EDD0F36F2", "vendorId": null, "type": "thn", "bulletinFamily": "info", "title": "NK Hackers Deploy Browser Exploits on South Korean Sites to Spread Malware", "description": "[](<https://thehackernews.com/images/-QrNW2pGZsXM/YRzFeUzLNRI/AAAAAAAADkA/5jruQy-AgDkRdhW-7PzZoHP3-W90X5EowCLcBGAsYHQ/s0/north-korea.jpg>)\n\nA North Korean threat actor has been discovered taking advantage of two exploits in Internet Explorer to infect victims with a custom implant as part of a strategic web compromise (SWC) targeting a South Korean online newspaper.\n\nCybersecurity firm Volexity [attributed](<https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/>) the watering hole attacks to a threat actor it tracks as InkySquid, and more widely known by the monikers ScarCruft and APT37. Daily NK, the publication in question, is said to have hosted the malicious code from at least late March 2021 until early June 2021.\n\nThe \"clever disguise of exploit code amongst legitimate code\" and the use of custom malware enables the attackers to avoid detection, Volexity researchers said.\n\nThe attacks involved tampering with the jQuery JavaScript libraries hosted on the website to serve additional obfuscated JavaScript code from a remote URL, using it to leverage exploits for two Internet Explorer flaws that were patched by Microsoft in [August 2020](<https://thehackernews.com/2020/08/microsoft-software-patches.html>) and [March 2021](<https://thehackernews.com/2021/03/microsoft-issues-security-patches-for.html>). Successful exploitation resulted in the deployment of a Cobalt Strike stager and novel backdoor called BLUELIGHT. \n\n * [CVE-2020-1380](<https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2020-1380>) (CVSS score: 7.5) - Scripting Engine Memory Corruption Vulnerability\n * [CVE-2021-26411](<https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2021-26411>) (CVSS score: 8.8) - Internet Explorer Memory Corruption Vulnerability\n\nIt's worth noting that both the flaws have been actively exploited in the wild, with the latter put to use by North Korean hackers to compromise security researchers working on vulnerability research and development in a campaign that came to light earlier this January.\n\n[](<https://thehackernews.com/images/-E1lELfCsvpg/YRzEM-DMMLI/AAAAAAAADj4/gtN3LyfaO0MLnrYMwpl1LkoMvGFkm1TXACLcBGAsYHQ/s0/exploit.jpg>)\n\nIn a [separate set of attacks](<https://thehackernews.com/2021/07/hackers-exploit-microsoft-browser-bug.html>) disclosed last month, an unidentified threat actor was found exploiting the same flaw to deliver a fully-featured VBA-based remote access trojan (RAT) on compromised Windows systems.\n\nBLUELIGHT is used as a secondary payload following the successful delivery of Cobalt Strike, functioning as a full-featured remote access tool that provides complete access to a compromised system.\n\nIn addition to gathering system metadata and information about installed antivirus products, the malware is capable of executing shellcode, harvesting cookies and passwords from Internet Explorer, Microsoft Edge, and Google Chrome browsers, collecting files and downloading arbitrary executables, the results of which are exfiltrated to a remote server.\n\n\"While SWCs are not as popular as they once were, they continue to be a weapon in the arsenal of many attackers,\" the researchers noted. \"The use of recently patched exploits for Internet Explorer and Microsoft Edge will only work against a limited audience.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "published": "2021-08-18T08:33:00", "modified": "2021-08-18T14:51:37", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "HIGH", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 7.6}, "severity": "HIGH", "exploitabilityScore": 4.9, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.6, "impactScore": 5.9}, "href": "https://thehackernews.com/2021/08/nk-hackers-deploy-browser-exploit-on.html", "reporter": "The Hacker News", "references": [], "cvelist": ["CVE-2020-1380", "CVE-2021-26411"], "immutableFields": [], "lastseen": "2022-05-09T12:39:13", "viewCount": 91, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:2F48FB8A-EF4C-468F-9F4F-8BB9BB5FEC97", "AKB:925F84D3-4FE0-4A18-BAA9-170C701E718D", "AKB:F65CF017-1855-42E3-9922-BF6F9F078DD9"]}, {"type": "avleonov", "idList": ["AVLEONOV:13BED8E5AD26449401A37E1273217B9A", "AVLEONOV:F17F36C3CC642EBDC27E43900FE3905E"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-0727", "CPAI-2021-0108"]}, {"type": "cisa", "idList": ["CISA:41E2EC8FEF1331C724A39C3DCCFB0834"]}, {"type": "cve", "idList": ["CVE-2020-1380", "CVE-2020-1555", "CVE-2020-1570", "CVE-2021-26411"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:CA925EE6A931620550EF819815B14156"]}, {"type": "kaspersky", "idList": ["KLA11935", "KLA12108", "KLA12112"]}, {"type": "krebs", "idList": ["KREBS:83CB7FE17AB0EB62BC1947A917C7546C", "KREBS:A8F0DD3F6E965A3A66B2CCBB003ACF62"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:232C556149FB9AC828C416ADCCF93766"]}, {"type": "mscve", "idList": ["MS:CVE-2020-1380", "MS:CVE-2021-26411"]}, {"type": "mskb", "idList": ["KB5000800", "KB5000803", "KB5000809", "KB5000822", "KB5000844", "KB5000848"]}, {"type": "nessus", "idList": ["SMB_NT_MS20_AUG_4565349.NASL", "SMB_NT_MS20_AUG_4565351.NASL", "SMB_NT_MS20_AUG_4566782.NASL", "SMB_NT_MS20_AUG_4571692.NASL", "SMB_NT_MS20_AUG_4571694.NASL", "SMB_NT_MS20_AUG_4571703.NASL", "SMB_NT_MS20_AUG_4571709.NASL", "SMB_NT_MS20_AUG_4571729.NASL", "SMB_NT_MS20_AUG_4571736.NASL", "SMB_NT_MS20_AUG_4571741.NASL", "SMB_NT_MS20_AUG_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_MAR_5000802.NASL", "SMB_NT_MS21_MAR_5000803.NASL", "SMB_NT_MS21_MAR_5000807.NASL", "SMB_NT_MS21_MAR_5000808.NASL", "SMB_NT_MS21_MAR_5000809.NASL", "SMB_NT_MS21_MAR_5000822.NASL", "SMB_NT_MS21_MAR_5000841.NASL", "SMB_NT_MS21_MAR_5000844.NASL", "SMB_NT_MS21_MAR_5000847.NASL", "SMB_NT_MS21_MAR_5000848.NASL", "SMB_NT_MS21_MAR_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_MAY_INTERNET_EXPLORER.NASL"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:22507355C87630C1D3B720E2ED98701A", "QUALYSBLOG:B847D61CCF30D86B3C35C9E4CA764114", "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}, {"type": "securelist", "idList": ["SECURELIST:03ACF8FB3AEA9D33D265642AD60AF9E9", "SECURELIST:20C7BC6E3C43CD3D939A2E3EAE01D4C1", "SECURELIST:322E7EEAE549CDB14513C2EDB141B8BA", "SECURELIST:5147443B0EBD7DFCCB942AD0E2F92CCF", "SECURELIST:6E5BCE8A736D28A7E168E1CD5131CE3D", "SECURELIST:73735B62C781261398E44FFF82262BCD", "SECURELIST:E2805DD2729049C4BBE6F641B5ADA21C"]}, {"type": "thn", "idList": ["THN:0A61A90DD0F88453854B73FE249BC379", "THN:4225CEE6D7775276254C20B6E19126AE", "THN:BC8A83422D35DB5610358702FCB4D154", "THN:BE0D8117CAD7D5DE97C405935DA09BC3", "THN:DE791A2DD37FD88B59147561CF1F7BBF"]}, {"type": "threatpost", "idList": ["THREATPOST:056C552B840B2C102A6A75A2087CA8A5", "THREATPOST:197A12EF32429D29CF6A84B11763834D", "THREATPOST:62A15BEBBD95FBF8704B78058BF030F1", "THREATPOST:EA23582BD77C428ACE9B9DB7D5741EB6", "THREATPOST:F9CF34A304B5CA2189D5CEDA09C8B0CB"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E0DBE764152C4FE9188A88545FADFB00"]}]}, "score": {"value": 1.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "attackerkb", "idList": ["AKB:925F84D3-4FE0-4A18-BAA9-170C701E718D", "AKB:F65CF017-1855-42E3-9922-BF6F9F078DD9"]}, {"type": "avleonov", "idList": ["AVLEONOV:F17F36C3CC642EBDC27E43900FE3905E"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-0727", "CPAI-2021-0108"]}, {"type": "cisa", "idList": ["CISA:41E2EC8FEF1331C724A39C3DCCFB0834"]}, {"type": "cve", "idList": ["CVE-2020-1380", "CVE-2021-26411"]}, {"type": "githubexploit", "idList": ["C52C407D-E664-5756-BF78-38973532667A"]}, {"type": "kaspersky", "idList": ["KLA11935"]}, {"type": "krebs", "idList": ["KREBS:83CB7FE17AB0EB62BC1947A917C7546C", "KREBS:A8F0DD3F6E965A3A66B2CCBB003ACF62"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:232C556149FB9AC828C416ADCCF93766"]}, {"type": "mscve", "idList": ["MS:CVE-2020-1380", "MS:CVE-2021-26411"]}, {"type": "mskb", "idList": ["KB5000800", "KB5000809"]}, {"type": "nessus", "idList": ["SMB_NT_MS20_AUG_4565349.NASL", "SMB_NT_MS20_AUG_4565351.NASL", "SMB_NT_MS20_AUG_4566782.NASL", "SMB_NT_MS20_AUG_4571692.NASL", "SMB_NT_MS20_AUG_4571694.NASL", "SMB_NT_MS20_AUG_4571703.NASL", "SMB_NT_MS20_AUG_4571709.NASL", "SMB_NT_MS20_AUG_4571729.NASL", "SMB_NT_MS20_AUG_4571736.NASL", "SMB_NT_MS20_AUG_4571741.NASL", "SMB_NT_MS20_AUG_INTERNET_EXPLORER.NASL"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:22507355C87630C1D3B720E2ED98701A", "QUALYSBLOG:B847D61CCF30D86B3C35C9E4CA764114"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}, {"type": "securelist", "idList": ["SECURELIST:5147443B0EBD7DFCCB942AD0E2F92CCF", "SECURELIST:6E5BCE8A736D28A7E168E1CD5131CE3D"]}, {"type": "thn", "idList": ["THN:0A61A90DD0F88453854B73FE249BC379", "THN:BC8A83422D35DB5610358702FCB4D154", "THN:BE0D8117CAD7D5DE97C405935DA09BC3"]}, {"type": "threatpost", "idList": ["THREATPOST:056C552B840B2C102A6A75A2087CA8A5", "THREATPOST:197A12EF32429D29CF6A84B11763834D", "THREATPOST:F9CF34A304B5CA2189D5CEDA09C8B0CB"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E0DBE764152C4FE9188A88545FADFB00"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2020-1380", "epss": "0.323640000", "percentile": "0.963140000", "modified": "2023-03-17"}, {"cve": "CVE-2021-26411", "epss": "0.964250000", "percentile": "0.992420000", "modified": "2023-03-17"}], "vulnersScore": 1.1}, "_state": {"dependencies": 1659988328, "score": 1659914121, "epss": 1679109163}, "_internal": {"score_hash": "25ae88ea2705f389410ef2bff48e6807"}}

{"threatpost": [{"lastseen": "2021-08-19T20:34:03", "description": "The InkySquid advanced persistent threat (APT) group, which researchers have linked to the North Korean government, was caught launching watering hole attacks against a South Korean newspaper using known Internet Explorer vulnerabilities.\n\nNew analysis from Volexity reported its team of researchers noticed [suspicious code being loaded](<https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/>) on the Daily NK site, a news outlet focused on North Korea, starting in April. And although the links led to real files, malicious code was being inserted for brief periods, making it difficult to detect. The researchers suspected the attack was ongoing between March and June.\n\n\u201cWhen requested, with the correct Internet Explorer user-agent, this host would serve additional obfuscated JavaScript code,\u201d Volexity\u2019s team reported. \u201cAs with the initial redirect, the attacker chose to bury their malicious code amongst legitimate code. In this case, the attacker used the \u2018bPopUp\u2019 JavaScript library alongside their own code.\u201d\n\n[](<https://threatpost.com/infosec-insider-subscription-page/?utm_source=ART&utm_medium=ART&utm_campaign=InfosecInsiders_Newsletter_Promo/>)\n\nThe researchers added that since the code is largely legitimate, it would likely evade both manual and [automated detection](<https://threatpost.com/security-risks-cloud/168754/>). The code, which the attackers camouflage around real content, is consistent with Internet Explorer bug CVE-2020-1380, the report said.\n\nAnother similar attack from the InkySquid group (aka APT37, Reaper or ScarCruft) leveraged CVE-2021-26411 to [attack Internet Explorer](<https://threatpost.com/exploited-windows-zero-day-patch/168539/>) as well as legacy versions of Microsoft Edge, according to Volexity.\n\n\u201cAs with the CVE-2020-1380 example, the attacker made use of encoded content stored in SVG tags to store both key strings and their initial payload,\u201d the researchers explained. \u201cThe initial command-and-control (C2) URLs were the same as those observed in the CVE-2020-1380 case.\u201d\n\n## **InkySquid\u2019s Bluelight Malware **\n\nThe group has also developed a new [malware family](<https://threatpost.com/malware-makers-using-exotic-programming-languages/168117/>) that the report calls \u201cBluelight\u201d \u2014 a name that was chosen because the word \u201cbluelight\u201d was used in the malware\u2019s program database (PDB) code.\n\nCobalt Strike was used to initiate all three of these attacks, the report said. Bluelight appears to be delivered as a secondary payload.\n\n\u201cThe Bluelight malware family uses different cloud providers to facilitate C2,\u201d the report said. \u201cThis specific sample leveraged the Microsoft Graph API for its C2 operations. Upon start-up, Bluelight performs an OAuth2 token authentication using hard-coded parameters.\u201d\n\nAfter authentication, the malware creates a folder in the OneDrive subdirectory, which is controlled by a C2 server, Volexity observed, with innocuous-sounding names like \u201clogo,\u201d \u201cnormal,\u201d background,\u201d \u201ctheme\u201d and \u201cround.\u201d\n\nThen it sets about exfiltrating data, including username, IP addresses, running VM tools on the machine, OS version and more, formatted as a JSON (JavaScript Object Notation), the team explained.\n\n\u201cThe main C2 loop starts after the initial upload of the reconnaissance data, iterating once every approximately 30 seconds,\u201d the report said. \u201cFor the first five minutes, each iteration will capture a screenshot of the display and upload it to the \u2018normal\u2019 subdirectory with an encoded timestamp as the filename. After the first five minutes, the screenshot uploads once every five minutes.\u201d\n\nWhile leveraging known IE bugs won\u2019t work on a wide swath of targets, once a system is infected detection is difficult thanks to the use of legit code as cover.\n\n\u201cWhile strategic web compromises (SWCs) are not as popular as they once were, they continue to be a weapon in the arsenal of many attackers,\u201d the report said.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-19T20:19:04", "type": "threatpost", "title": "InkySquid State Actor Exploiting Known IE Bugs", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1380", "CVE-2021-26411"], "modified": "2021-08-19T20:19:04", "id": "THREATPOST:62A15BEBBD95FBF8704B78058BF030F1", "href": "https://threatpost.com/inkysquid-exploiting-ie-bugs/168833/", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-15T11:25:30", "description": "Threat actors used a Safari zero-day flaw to send malicious links to government officials in Western Europe via LinkedIn before researchers from Google discovered and reported the vulnerability.\n\nThat\u2019s the word from researchers from Google Threat Analysis Group (TAG) and Google Project Zero, who Wednesday [posted a blog](<https://blog.google/threat-analysis-group/how-we-protect-users-0-day-attacks/>) shedding more light on several zero-day flaws that they discovered so far this year. Researchers in particular detailed how attackers exploited the vulnerabilities\u2014the prevalence of which are on the rise\u2013before they were addressed by their respective vendors.\n\nTAG researchers discovered the Safari WebKit flaw, tracked as [CVE-\u200b2021-1879](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1879>), on March 19. The vulnerability allowed for the processing of maliciously crafted web content for universal cross site scripting and was addressed by Apple in [an update](<https://support.apple.com/en-us/HT212256>) later that month.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nBefore the fix, researchers assert Russian-language threat actors were exploiting the vulnerability in the wild by using LinkedIn Messaging to send government officials from Western European countries malicious links that could collect website-authentication cookies, according to the post by Maddie Stone and Clement Lecigne from Google TAG.\n\n\u201cIf the target visited the link from an iOS device, they would be redirected to an attacker-controlled domain that served the next-stage payloads,\u201d they wrote.\n\nThe exploit, which targeted iOS versions 12.4 through 13.7, would turn off [Same-Origin-Policy](<https://en.wikipedia.org/wiki/Same-origin_policy>) protections on an infected device to collect authentication cookies from several popular websites\u2013including Google, Microsoft, LinkedIn, Facebook and Yahoo\u2013and then send them via WebSocket to an attacker-controlled IP, researchers wrote. The victim would need to have a session open on these websites from Safari for cookies to be successfully exfiltrated.\n\nMoreover, the campaign targeting iOS devices coincided with others from the same threat actor\u2014which Microsoft has identified as Nobelium\u2013targeting users on Windows devices to deliver Cobalt Strike, researchers wrote. Security firm Volexity described one of these attacks [in a report](<https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/>) posted online in May, the researchers added.\n\nNobellium is believed to be a Russia-based threat group responsible for the [expansive cyber-espionage SolarWinds](<https://threatpost.com/feds-russia-culprit-solarwinds/162785/>) campaign, which affected numerous U.S. government agencies and tech companies, including Microsoft.\n\n## **Other Zero-Day Attacks**\n\nGoogle researchers also linked three additional zero-day flaws they identified this year to a commercial surveillance vendor, according to [Google TAG\u2019s Shane Huntley](<https://twitter.com/ShaneHuntley/status/1415340345500463113>). Two of those vulnerabilities\u2013[CVE-2021-21166](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21166>) and [CVE-2021-30551](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30551>)\u2014were found in Chrome, and one, tracked as [CVE-2021-33742](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33742>), in Internet Explorer.\n\nCVE-2021-21166 and CVE-2021-30551, two Chrome rendered remote-code execution (RCE) flaws, were identified separately but later believed to be used by the same actor, researchers wrote in the blog. Google researchers discovered the former in February and the latter in June.\n\n\u201cBoth of these 0-days were delivered as one-time links sent by email to the targets, all of whom we believe were in Armenia,\u201d Stone and Lecigne wrote. \u201cThe links led to attacker-controlled domains that mimicked legitimate websites related to the targeted users.\u201d\n\nWhen prospective victims clicked the link, they were redirected to a webpage that would fingerprint their device, collect system information about the client, and generate ECDH keys to encrypt the exploits, researchers wrote. This info\u2014which included screen resolution, timezone, languages, browser plugins, and available MIME types\u2014would then be sent back to the exploit server and used by attackers to decide whether or not an exploit should be delivered to the target, they said.\n\nResearchers also identified a separate campaigned in April that also targeted Armenian users by leveraging CVE-2021-26411, an RCE bug found in Internet Explorer (IE). The campaign loaded web content within IE that contained malicious Office documents, researchers wrote.\n\n\u201cThis happened by either embedding a remote ActiveX object using a Shell.Explorer.1 OLE object or by spawning an Internet Explorer process via VBA macros to navigate to a web page,\u201d Stone and Lecigne explained.\n\nAt the time, researchers said they were unable to recover the next-stage payload, but successfully recovered the exploit after discovering an early June campaign from the same actors. Microsoft patched the flaw later that month, they said.\n\n\n\nClick to Zoom CREDIT: TAG\n\n## **Why There is an Increase in Zero-Days?**\n\nAll in all, security researchers have identified 33 [zero-day flaws](<https://threatpost.com/kaseya-patches-zero-days-revil-attacks/167670/>) so far in 2021, which is 11 more than the total number from 2020, according to the post.\n\nWhile that trend reflects an increase in the number of these types of vulnerabilities that exist, Google researchers \u201cbelieve greater detection and disclosure efforts are also contributing to the upward trend,\u201d they wrote.\n\nStill, it\u2019s highly possible that attackers are indeed using more [zero-day exploits](<https://threatpost.com/zero-day-wipe-my-book-live/167422/>) for a few reasons, researchers noted. One is that the increase and maturation of security technologies and features means attackers also have to level up, which in turn requires more [zero-day vulnerabilities](<https://threatpost.com/solarwinds-hotfix-zero-day-active-attack/167704/>) for functional attack chains, they said.\n\nThe growth of mobile platforms also has resulted in an increase in the number of products that threat actors want to target\u2014hence more reason to use zero-day exploits, researchers observed. Perhaps inspired by this increase in demand, commercial vendors also are selling more access to zero-days than in the early 2010s, they said.\n\nFinally, the maturation of security protections and strategies also inspires sophistication on the part of attackers as well, boosting the need for them to use zero-day flaws to convince victims to install malware, researchers noted.\n\n\u201cDue to advancements in security, these actors now more often have to use 0-day exploits to accomplish their goals,\u201d Stone and Lecigne wrote.\n\n_**Check out our free **_[_**upcoming live and on-demand webinar events**_](<https://threatpost.com/category/webinars/>)_** \u2013 unique, dynamic discussions with cybersecurity experts and the Threatpost community.**_\n", "cvss3": {}, "published": "2021-07-15T11:04:49", "type": "threatpost", "title": "Safari Zero-Day Used in Malicious LinkedIn Campaign", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-1879", "CVE-2021-21166", "CVE-2021-26411", "CVE-2021-30551", "CVE-2021-33742"], "modified": "2021-07-15T11:04:49", "id": "THREATPOST:EA23582BD77C428ACE9B9DB7D5741EB6", "href": "https://threatpost.com/safari-zero-day-linkedin/167814/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-15T22:15:01", "description": "Microsoft has released an out-of-band security update addressing two high-severity elevation-of-privilege (EoP) bugs. Both flaws exist in a service called Windows Remote Access, which provides remote-access capabilities to client applications on computers running Windows.\n\nOf note, both flaws were originally disclosed Aug. 11, during Microsoft\u2019s regularly scheduled Patch Tuesday updates, where the tech giant [patched 120 vulnerabilities overall.](<https://threatpost.com/0-days-active-attack-bugs-patched-microsoft/158280/>) During those updates, fixes for the two flaws were issued for Windows 10, Windows 7, Windows Server 2008, 2012, 2016, and 2019; as well as Windows Server (versions 1903, 1909 and 2004). Wednesday\u2019s unscheduled updates fix the vulnerabilities in Windows 8.1 and Windows Server 2012.\n\n\u201cMicrosoft is announcing the availability of security update 4578013 for all supported versions of Microsoft 8.1 and Windows Server 2012 R2,\u201d according to [Microsoft\u2019s Wednesday advisory.](<https://docs.microsoft.com/en-us/windows/release-information/windows-message-center#461>) \u201cCustomers running Windows 8.1 or Server 2012 R2 should install the update for their product to be protected from this vulnerability. Customers running other versions of Microsoft Windows or Windows Server do not need to take any action.\u201d\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nThe first vulnerability ([CVE-2020-1530](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1530>)) stems from Windows Remote Access improperly handling memory. To exploit this vulnerability, an attacker would first need the ability to execute code on a target\u2019s system. An attacker could then run a specially crafted application to elevate privileges.\n\nThe flaw has a CVSS score of 7.8 out of 10, making it \u201cimportant\u201d in severity. However, it has not been observed in the wild being exploited, and Microsoft said that exploitation of the bug is \u201cless likely\u201d due to attackers needing to first be able to execute code to launch the attack. Symeon Paraschoudis of Pen Test Partners was credited with discovering the flaw.\n\n\u201cThe security update addresses the vulnerability by correcting how Windows Remote Access handles memory,\u201d according to Microsoft.\n\nThe second EoP flaw ([CVE-2020-1537](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1537>)), reported anonymously, stems from the Windows Remote Access service improperly handling file operations.\n\n\u201cTo exploit the vulnerability, an attacker would first need code execution on a victim system,\u201d according to Microsoft. \u201cAn attacker could then run a specially crafted application.\u201d\n\nAn attacker who successfully exploited this flaw could gain elevated privileges.The security update addresses the vulnerability by ensuring the Windows Remote Access properly handles file operations. This flaw also had a CVSS score of 7.8 out of 10 making it \u201cimportant\u201d severity, but has not been exploited.\n\nThe fixes come a week after Microsoft issued patches for two flaws under active attack as part of [its Patch Tuesday updates](<https://threatpost.com/0-days-active-attack-bugs-patched-microsoft/158280/>): One of the flaws ([CVE-2020-1464](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464>)), a Windows-spoofing bug tied to the validation of file signatures, allows an adversary to \u201cbypass security features intended to prevent improperly signed files from being loaded.\u201d The second ([CVE-2020-1380)](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1380>), a remote code-execution bug, is tied to the Internet Explorer web browser. A successful hack gives the attacker same user rights as the current user, the company wrote.\n\n_It\u2019s the age of remote working, and businesses are facing new and bigger cyber-risks \u2013 whether it\u2019s collaboration platforms in the crosshairs, evolving insider threats or issues with locking down a much broader footprint. Find out how to address these new cybersecurity realities with our complimentary _[_Threatpost eBook_](<https://threatpost.com/ebooks/2020-in-security-four-stories-from-the-new-threat-landscape/?utm_source=ART&utm_medium=articles&utm_campaign=fp_ebook>)**_, 2020 in Security: Four Stories from the New Threat Landscape_**_, presented in conjunction with Forcepoint. We redefine \u201csecure\u201d in a work-from-home world and offer compelling real-world best practices. _[_Click here to download our eBook now_](<https://threatpost.com/ebooks/2020-in-security-four-stories-from-the-new-threat-landscape/?utm_source=ART&utm_medium=articles&utm_campaign=fp_ebook>)_._\n", "cvss3": {}, "published": "2020-08-20T15:39:38", "type": "threatpost", "title": "Microsoft Out-of-Band Security Update Fixes Windows Remote Access Flaws", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-1380", "CVE-2020-1464", "CVE-2020-1530", "CVE-2020-1537", "CVE-2020-24400", "CVE-2020-24407"], "modified": "2020-08-20T15:39:38", "id": "THREATPOST:197A12EF32429D29CF6A84B11763834D", "href": "https://threatpost.com/microsoft-out-of-band-security-update-windows-remote-access-flaws/158511/", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-10T13:10:52", "description": "Microsoft has released its regularly scheduled March Patch Tuesday updates, which address 89 security vulnerabilities overall.\n\nIncluded in the slew are 14 critical flaws and 75 important-severity flaws. Microsoft also included five previously disclosed vulnerabilities, which are being actively exploited in the wild.\n\nFour of the actively exploited flaws (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065), found [in Microsoft Exchange](<https://threatpost.com/microsoft-exchange-zero-day-attackers-spy/164438/>), were disclosed as part of an emergency patch earlier this month by Microsoft; [businesses have been scrambling to patch their systems](<https://threatpost.com/cisa-federal-agencies-patch-exchange-servers/164499/>) as the bugs continue to be exploited in targeted attacks. The fifth actively-exploited flaw exists in the Internet Explorer and Microsoft Edge browsers ([CVE-2021-26411](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26411>)). Proof-of-concept (PoC) exploit code also exists for this flaw, according to Microsoft.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\n\u201cFor all of March, Microsoft released patches for 89 unique CVEs covering Microsoft Windows components, Azure and Azure DevOps, Azure Sphere, Internet Explorer and Edge (EdgeHTML), Exchange Server, Office and Office Services and Web Apps, SharePoint Server, Visual Studio, and Windows Hyper-V,\u201d said Dustin Childs with Trend Micro\u2019s Zero Day Initiative, [on Tuesday](<https://www.zerodayinitiative.com/blog/2021/3/9/the-march-2021-security-update-review>).\n\n## **Internet Explorer\u2019s Actively Exploited Flaw**\n\nThe memory-corruption flaw ([CVE-2021-26411](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26411>)) in Internet Explorer and Microsoft Edge could enable remote code execution. Researchers said the flaw could allow an attacker to run code on affected systems, if victims view a specially crafted HTML file.\n\n\u201cWhile not as impactful as the Exchange bugs, enterprises that rely on Microsoft browsers should definitely roll this out quickly,\u201d said Childs. \u201cSuccessful exploitation would yield code execution at the level of the logged-on user, which is another reminder not to browse web pages using an account with administrative privileges.\u201d\n\nPoC exploit code is also publicly available for the issue. The bug is \u201ctied to a vulnerability\u201d that was [publicly disclosed in early February](<https://enki.co.kr/blog/2021/02/04/ie_0day.html>) by ENKI researchers. The researchers claimed it was one of the vulnerabilities used in a [concerted campaign by nation-state actors to target security researchers](<https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/>), and they said they would publish PoC exploit code for the flaw after the bug has been patched.\n\n\u201cAs we\u2019ve seen in the past, once PoC details become publicly available, attackers quickly incorporate those PoCs into their attack toolkits,\u201d according to Satnam Narang, staff research engineer at Tenable. \u201cWe strongly encourage all organizations that rely on Internet Explorer and Microsoft Edge (EdgeHTML-Based) to apply these patches as soon as possible.\u201d\n\n## **PoC Exploit Code Available For Windows Privilege Elevation Flaw**\n\nIn addition to the five actively exploited vulnerabilities, Microsoft issued a patch for a vulnerability in Win32K for which public PoC exploit code is also available. This flaw [ranks important in severity](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27077>), and exists in Windows Win32K ([CVE-2021-27077](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27077>)). A local attacker can exploit the flaw to gain elevated privileges, according to Microsoft. While PoC exploit code is available for the flaw, the tech giant said it has not been exploited in the wild, and that exploitation is \u201cless likely.\u201d\n\n## **Other Microsoft Critical Flaws**\n\n** **Microsoft patched 14 critical vulnerabilities overall in this month\u2019s Patch Tuesday updates, including ([CVE-2021-26897](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26897>)), which exists in Windows DNS server and can enable remote code execution. The flaw is one out of seven vulnerabilities in Windows DNS server; the other six are rated important severity. The critical-severity flaw can be exploited by an attacker with an existing foothold on the same network as the vulnerable device; the attack complexity for such an attack is \u201clow.\u201d\n\nA critical remote code-execution flaw also exists in Microsoft\u2019s Windows Hyper-V hardware virtualization product ([CVE-2021-26867](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26867>)), which could allow an authenticated attacker to execute code on the underlying Hyper-V server.\n\n\u201cWhile listed as a CVSS of 9.9, the vulnerability is really only relevant to those using the Plan-9 file system,\u201d said Childs. \u201cMicrosoft does not list other Hyper-V clients as impacted by this bug, but if you are using Plan-9, definitely roll this patch out as soon as possible.\u201d\n\nAnother bug of note is a remote code-execution flaw existing on Microsoft\u2019s SharePoint Server ([CVE-2021-27076](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27076>)). The flaw can be exploited by a remote attacker on the same network as the victim, and has a low attack complexity that makes exploitation more likely, according to Microsoft.\n\n\u201cFor an attack to succeed, the attacker must be able to create or modify sites with the SharePoint server,\u201d according to Childs. \u201cHowever, the default configuration of SharePoint allows authenticated users to create sites. When they do, the user will be the owner of this site and will have all the necessary permissions.\u201d\n\n## **Microsoft Exchange Updates: Patch Now**\n\nThe Microsoft Patch Tuesday updates come as businesses grapple with existing Microsoft Exchange zero-day vulnerabilities that were previously disclosed and continue to be used in active exploits. Overall, Microsoft had released out-of-band fixes for seven vulnerabilities \u2013 four of which were the actively-exploited flaws.\n\nOn Monday, the [European Banking Authority disclosed a cyberattack](<https://www.eba.europa.eu/cyber-attack-european-banking-authority-update-2>) that it said stemmed from an exploit of the Microsoft Exchange flaw. Beyond the European Banking Authority, one recent report said [that at least 30,000 organizations](<https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/>) across the U.S. have been hacked by attackers exploiting the vulnerability.\n\n\u201cIf you run Exchange on-premise, you need to follow the published guidance and apply the patches as soon as possible,\u201d said Childs. \u201cMicrosoft has even taken the extraordinary step of creating patches for out-of-support versions of Exchange. Ignore these updates at your own peril.\u201d\n\nAlso released on Tuesday were Adobe\u2019s security updates, [addressing a cache of critical flaws](<https://threatpost.com/adobe-critical-flaws-windows/164611/>), which, if exploited, could allow for arbitrary code execution on vulnerable Windows systems.\n\n**_Check out our free _****_[upcoming live webinar events](<https://threatpost.com/category/webinars/>)_****_ \u2013 unique, dynamic discussions with cybersecurity experts and the Threatpost community:_** \n\u00b7 March 24: **Economics of 0-Day Disclosures: The Good, Bad and Ugly **([Learn more and register!](<https://threatpost.com/webinars/economics-of-0-day-disclosures-the-good-bad-and-ugly/>)) \n\u00b7 April 21: **Underground Markets: A Tour of the Dark Economy** ([Learn more and register!](<https://threatpost.com/webinars/underground-markets-a-tour-of-the-dark-economy/>))\n", "cvss3": {}, "published": "2021-03-09T22:12:56", "type": "threatpost", "title": "Microsoft Patch Tuesday Updates Fix 14 Critical Bugs", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-26411", "CVE-2021-26855", "CVE-2021-26857", "CVE-2021-26858", "CVE-2021-26867", "CVE-2021-26897", "CVE-2021-27065", "CVE-2021-27076", "CVE-2021-27077"], "modified": "2021-03-09T22:12:56", "id": "THREATPOST:056C552B840B2C102A6A75A2087CA8A5", "href": "https://threatpost.com/microsoft-patch-tuesday-updates-critical-bugs/164621/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-23T21:42:20", "description": "Two Microsoft vulnerabilities are under active attack, according the software giant\u2019s August Patch Tuesday Security Updates. Patches for the flaws are available for the bugs, bringing this month\u2019s total number of vulnerabilities to 120.\n\nOne of the flaws being exploited in the wild is ([CVE-2020-1464](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464>)), a Windows-spoofing bug tied to the validation of file signatures on Windows 10, 7 8.1 and versions of Windows Server. Rated \u201cimportant,\u201d the flaw allows an adversary to \u201cbypass security features intended to prevent improperly signed files from being loaded,\u201d Microsoft said.\n\nA second zero-day is a remote code-execution (RCE) bug rated \u201ccritical,\u201d which is tied to the Internet Explorer web browser. Tracked as [CVE-2020-1380](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1380>), this is a scripting engine memory-corruption problem. A successful hack gives the attacker same user rights as the current user, the company wrote.\n\n\u201c[The] vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer,\u201d wrote Microsoft. \u201cThe vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.\u201d\n\nTodd Schell, senior product manager, security, Ivanti, said a typical attack vector for [CVE-2020-1380](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1380>) is plant malware on a specially crafted website, compromised websites where user-provided content or advertisements are allowed, and through applications or Microsoft Office documents that host the IE rendering engine.\n\n\u201cLimiting the privileges of a user would mitigate what access an attacker would gain by exploiting this vulnerability,\u201d Schell said. He added, the exploit appears to be affecting newer versions of the Windows operating systems.\n\n## **Over One Dozen Critical Bugs **\n\nOf the 120 bugs, Microsoft ranked 17 as \u201ccritical\u201d and 103 as \u201cimportant\u201d vulnerabilities.\n\nFive of the critical bugs ([CVE-2020-1554](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1554>), [CVE-2020-1492](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1492>), [CVE-2020-1379](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1379>), [CVE-2020-1477](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1477>) and [CVE-2020-1525](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1525>)) are tied to Microsoft\u2019s Windows Media Foundation (WMF), a multimedia framework and infrastructure platform for handling digital media in Windows 7 through Windows 10 and Windows Server 2008 through 2019. August\u2019s bugs bring the number of critical bugs to ten, points out Allan Liska, senior security architect at Recorded Future.\n\n\u201cThese vulnerabilities exist in the way WMF handles objects in memory. Successful exploitation would allow an attacker to install malicious software, manipulate data or create new accounts,\u201d Liska said.\n\nThe researcher also urged security teams to patch [CVE-2020-1046](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1046>), a .NET framework RCE bug that affects versions 2.0 through 4.8. \u201cThe vulnerability exists in the way .NET handles imports. An attacker could exploit this vulnerability and gain admin-level control of the vulnerable system. To exploit this vulnerability, an attacker needs to upload a specially crafted file to a web application,\u201d wrote Liska in a Patch Tuesday research note.\n\nRichard Tsang, senior software engineer at Rapid7, commented in his Patch Tuesday note that the most interesting bug patched this month is a Netlogon elevation of privilege bug ([CVE-2020-1472](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472>)), present in several versions of Windows Server. The patch is a multi-step affair.\n\nTsang wrote, \u201cCVE-2020-1472 is an elevation-of-privilege vulnerability where a connection to a vulnerable domain controller using the Netlogon Remote Protocol (NRP) could obtain domain administrator access.\u201d\n\nThe NRP is used for user and machine authentication on domain-based networks, and performs a wide range of functions tied to user-account database replication, backing up domain controllers and managing domain relationships, [according to Microsoft](<https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/ff8f970f-3e37-40f7-bd4b-af7336e4792f#:~:text=Specifies%20the%20Netlogon%20Remote%20Protocol,of%20a%20domain%20to%20the>).\n\n\u201cThe uniqueness behind the patch of this vulnerability is that it gets completed in two phases, and forces the answer of, \u2018am I remediated from CVE-2020-1472\u2019 from a binary \u2018yes/no,\u2019 to an \u2018it depends,'\u201d Tsang wrote.\n\nHe added, \u201cBy default, applying the applicable Windows Server patch will resolve the vulnerability for Windows devices without further action, but this implies that non-Windows devices could potentially trigger an exploit. It is by enforcing (something that will be done automatically sometime in Q1 2021 according to Microsoft) the use of the secure Remote Procedure Call (RPC) with Netlogon secure channel via the DC enforcement mode, would remediation actually be complete,\u201d he said.\n\nMicrosoft acknowledges the potential organizational impact of this and has provided additional [guidance on this front](<https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc>).\n\n_**Complimentary Threatpost Webinar**__: Want to learn more about Confidential Computing and how it can supercharge your cloud security? This webinar \u201c**[Cloud Security Audit: A Confidential Computing Roundtable](<https://attendee.gotowebinar.com/register/3844090971254297614?source=art>)**\u201d brings top cloud-security experts from Microsoft and __Fortanix together to explore how **Confidential Computing** is a game changer for securing dynamic cloud data and preventing IP exposure. Join us **[Wednesday Aug. 12 at 2pm ET](<https://attendee.gotowebinar.com/register/3844090971254297614?source=art>) **for this** FREE **live webinar with Dr. David Thaler, software architect, Microsoft and Dr Richard Searle, security architect, Fortanix \u2013 both with the Confidential Computing Consortium. **[Register Now](<https://attendee.gotowebinar.com/register/3844090971254297614?source=art>)**._\n", "cvss3": {}, "published": "2020-08-11T21:12:29", "type": "threatpost", "title": "Two 0-Days Under Active Attack, Among 120 Bugs Patched by Microsoft", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-1046", "CVE-2020-1379", "CVE-2020-1380", "CVE-2020-1464", "CVE-2020-1472", "CVE-2020-1477", "CVE-2020-1492", "CVE-2020-1525", "CVE-2020-1554"], "modified": "2020-08-11T21:12:29", "id": "THREATPOST:F9CF34A304B5CA2189D5CEDA09C8B0CB", "href": "https://threatpost.com/0-days-active-attack-bugs-patched-microsoft/158280/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "attackerkb": [{"lastseen": "2022-09-21T18:19:16", "description": "Internet Explorer Memory Corruption Vulnerability\n\n \n**Recent assessments:** \n \n**ccondon-r7** at April 05, 2021 1:20pm UTC reported:\n\nThere is now [public threat intelligence](<https://twitter.com/jeromesegura/status/1378584985792180227>) that the Purple Fox exploit kit has incorporated this vulnerability and is [exploiting it](<https://twitter.com/nao_sec/status/1378546891349106692>).\n\n**gwillcox-r7** at March 11, 2021 5:57pm UTC reported:\n\nThere is now [public threat intelligence](<https://twitter.com/jeromesegura/status/1378584985792180227>) that the Purple Fox exploit kit has incorporated this vulnerability and is [exploiting it](<https://twitter.com/nao_sec/status/1378546891349106692>).\n\nAssessed Attacker Value: 4 \nAssessed Attacker Value: 4Assessed Attacker Value: 4\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-11T00:00:00", "type": "attackerkb", "title": "CVE-2021-26411", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1380", "CVE-2021-26411"], "modified": "2021-03-18T00:00:00", "id": "AKB:925F84D3-4FE0-4A18-BAA9-170C701E718D", "href": "https://attackerkb.com/topics/WZgkdqe2vN/cve-2021-26411", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-26T23:01:58", "description": "Scripting Engine Memory Corruption Vulnerability\n\n \n**Recent assessments:** \n \n**architect00** at May 14, 2021 10:33am UTC reported:\n\n## Details\n\nThe vulnerability affects Internet Explorer 11 on all Windows Versions. It is located in the `jscript9.dll` library, which is used to execute javascript.\n\nPossible attack vectors:\n\n * website content \n\n * activeX components in office documents \n\n\nGoogle Project Zero released a PoC on 13.05.2021, which triggers the vulnerability and causes a crash. At the time of writing I could not find any weaponized exploit.\n\nThe CVSS rating of the vulnerability differs between Windows desktop versions and server versions. In server versions the CVSS _Privileges Required_ is set to _High_. Desktop versions are rated with CVSS _None_. The reason could be, that IE _enhanced protection mode_ is disabled on Windows desktop versions and enabled on server versions by default.\n\n## Rating explanation\n\nMy rating of the exploitability score was affected by the availability of the PoC and the Microsoft exploitability rating. In year 2020, Operation PowerFall was using a similar vulnerability (CVE-2020-1380) in IE. I expect to see exploits for CVE-2021-26419 in a similar context.\n\nAttackers might gain direct control over the host after exploitation without a sandbox escape. IE 11 does have a _enhanced protected mode (EPM)_, which runs IE in an AppContainer and acts as a sandbox. EPM was introduced with Windows 8 and is disabled by default on Windows desktop versions.\n\n## Sources\n\n * <https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26419> \n\n * <https://threatpost.com/wormable-windows-bug-dos-rce/166057/> \n\n * <https://bugs.chromium.org/p/project-zero/issues/detail?id=2157> \n\n * <https://securelist.com/ie-and-windows-zero-day-operation-powerfall/97976/> \n\n * <https://securityintelligence.com/internet-explorer-ie-10-enhanced-protected-mode-epm-sandbox-research/> \n\n * <https://docs.microsoft.com/en-us/troubleshoot/browsers/enhanced-protected-mode-add-on-compatibility>\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 3\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-11T00:00:00", "type": "attackerkb", "title": "CVE-2021-26419", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1380", "CVE-2021-26419"], "modified": "2021-05-18T00:00:00", "id": "AKB:2F48FB8A-EF4C-468F-9F4F-8BB9BB5FEC97", "href": "https://attackerkb.com/topics/3ko2JYsW6g/cve-2021-26419", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-18T01:49:17", "description": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka \u2018Scripting Engine Memory Corruption Vulnerability\u2019. This CVE ID is unique from CVE-2020-1555, CVE-2020-1570.\n\n \n**Recent assessments:** \n \n**gwillcox-r7** at August 11, 2020 10:53pm UTC reported:\n\nUpdate: Reported as exploited in the wild as part of Google\u2019s 2020 0day vulnerability spreadsheet they made available at <https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1869060786>. Original tweet announcing this spreadsheet with the 2020 findings can be found at <https://twitter.com/maddiestone/status/1329837665378725888>\n\nTLDR: Originally this was written as a low priority issue, however after further discussions internally we are upping the risk due to the fact that IE 11 is installed on every Windows computer and cannot be removed (as it is an OS component), and the fact that there still remains the risk of attack via social engineering, which could get around many of the originally proposed mitigations.\n\nOriginally I wrote this as a low priority issue, however after looking into it more I\u2019m upping the risk on this as IE 11 is installed by default on every Windows system and it cannot be removed, which means that with some social engineering, its possible to compromise any Windows user\u2019s computer. Above all else this factor should be kept in mind as it means that even if an organization doesn\u2019t have IE set as its default, all it takes is a user who is convinced that to download some info they require they need to use IE instead of Firefox, and a malicious website, and attackers will start to have a foothold within the network.\n\nNow what are some of the limiting factors here? Well you can\u2019t uninstall IE, as it is integrated into every Windows operating system and is considered an OS component. This explains the point above as to why this vulnerability really does affect pretty much every single Windows user. However if organizations implement policies or protections that block IE from being run, then users will not be able to open IE and therefore trigger the vulnerability.\n\nThe other point to note is that according to <https://gs.statcounter.com/browser-market-share>, only 1.28% of people use IE these days, compared to 65.89% of people that use Chrome. The closest competitor there is Safari at a little over 16%. This means that this vulnerability is likely to be more of a risk to enterprises where IE use is more likely due to the prevalence of legacy systems and software, and is unlikely to affect the average home user.\n\nHowever, keep in mind that particularly in the government space, there are many organizations that still use IE by default or which require users to interact with their legacy applications using IE (due to compatibility issues or similar). These organizations need to patch this issue as soon as possible as all it takes to exploit this issue is one user browsing to a site with a malicious advertisement or one user clicking a link in a malicious email for that user to be compromised.\n\nFor those that are not using IE by default this issue will be slightly less of a risk due to the need for attackers to conduct social engineering attacks against end users to convince them to load a malicious site in IE, however remember that all it takes is one user clicking on a link for attackers to start gaining a deeper foothold into your network. Even if the social engineering attack only nets a 10% success rate, if your targeting an organization of 1000 users, that\u2019s 100 users that are now compromised, all of which could provide an attacker with unique possibilities to escalate their privileges within your network.\n\nAssessed Attacker Value: 4 \nAssessed Attacker Value: 4Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-08-17T00:00:00", "type": "attackerkb", "title": "CVE-2020-1380", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1380", "CVE-2020-1555", "CVE-2020-1570"], "modified": "2020-08-28T00:00:00", "id": "AKB:F65CF017-1855-42E3-9922-BF6F9F078DD9", "href": "https://attackerkb.com/topics/RZT1LsdXnm/cve-2020-1380", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2022-12-01T10:08:46", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEguuDZ3qs5lgaYGEPnkSvUwvjWoNLjrTPyh6zE6rNWPcfcoi3sbiwfWOE2OLG0ZgwzBaMEgd3nhemOfZBAjXWZrvTA_2pQuFLY_ZXqKZSxQPLxDkah_q7LPIPUgatzeBpkofWujSyJFMviobYflgfFhDwuA5mkETfxo_1c2RwXl7Xqhm__-JyX2Qv5f/s728-e100/north-korean-hackers.png>)\n\nThe North Korea-linked **ScarCruft** group has been attributed to a previously undocumented backdoor called **Dolphin** that the threat actor has used against targets located in its southern counterpart.\n\n\"The backdoor [...] has a wide range of spying capabilities, including monitoring drives and portable devices and exfiltrating files of interest, keylogging and taking screenshots, and stealing credentials from browsers,\" ESET researcher Filip Jur\u010dacko [said](<https://www.welivesecurity.com/2022/11/30/whos-swimming-south-korean-waters-meet-scarcrufts-dolphin/>) in a new report published today.\n\nDolphin is said to be selectively deployed, with the malware using cloud services like Google Drive for data exfiltration as well as command-and-control.\n\nThe Slovak cybersecurity company said it found the implant deployed as a final-stage payload as part of a watering hole attack in early 2021 directed against a South Korean digital newspaper.\n\nThe campaign, first uncovered by [Kaspersky](<https://securelist.com/apt-trends-report-q2-2021/103517/>) and [Volexity](<https://thehackernews.com/2021/08/nk-hackers-deploy-browser-exploit-on.html>) last year, [entailed](<https://thehackernews.com/2021/11/new-chinotto-spyware-targets-north.html>) the weaponization of two Internet Explorer flaws ([CVE-2020-1380](<https://nvd.nist.gov/vuln/detail/CVE-2020-1380>) and [CVE-2021-26411](<https://nvd.nist.gov/vuln/detail/CVE-2021-26411>)) to drop a backdoor named BLUELIGHT.\n\nScarCruft, also called APT37, InkySquid, Reaper, and Ricochet Chollima, is a geo-political motivated APT group that has a track record of attacking government entities, diplomats, and news organizations associated with North Korean affairs. It's been known to be active since at least 2012.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhItcVkM0m5zhqX10j4Fv2rPPP2We8o6mht_lw30dkUTqLNwYuZHBoHN0gjkkpvBqmX1HKaPOPG66yONSngGcbyPcS1fuUejlqggkNCggwrwmUu5IqQAAmE-8oXLWjigA1mb6AZoRm0XvLdfO8e24VTID9ZToUk_vqWUAesZVlXaXLpGkMKksGL2xEJ/s728-e100/hacker.png>)\n\nEarlier this April, cybersecurity firm Stairwell [disclosed](<https://thehackernews.com/2022/04/north-korean-hackers-target-journalists.html>) details of a spear-phishing attack targeting journalists covering the country with the ultimate goal of deploying a malware dubbed GOLDBACKDOOR that shares tactical overlaps with BLUELIGHT.\n\nThe latest findings from ESET shed light on a second, more sophisticated backdoor delivered to a small pool of victims via BLUELIGHT, indicative of a highly-targeted espionage operation.\n\nThis, in turn, is achieved by executing an installer shellcode that activates a loader comprising a Python and shellcode component, the latter of which runs another shellcode loader to drop the backdoor.\n\n\"While the BLUELIGHT backdoor performs basic reconnaissance and evaluation of the compromised machine after exploitation, Dolphin is more sophisticated and manually deployed only against selected victims,\" Jur\u010dacko explained.\n\nWhat makes Dolphin a lot more potent than BLUELIGHT is its ability to search removable devices and connected smartphones, and exfiltrate files of interest, such as media, documents, emails, and certificates.\n\nThe backdoor, since its original discovery in April 2021, is said to have undergone three successive iterations that come with its own set of feature improvements and grant it more detection evasion capabilities.\n\n\"Dolphin is another addition to ScarCruft's extensive arsenal of backdoors abusing cloud storage services,\" Jur\u010dacko said. \"One unusual capability found in prior versions of the backdoor is the ability to modify the settings of victims' Google and Gmail accounts to lower their security, presumably in order to maintain account access for the threat actors.\"\n\n \n\n\nFound this article interesting? Follow us on [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-30T18:30:00", "type": "thn", "title": "North Korea Hackers Using New \"Dolphin\" Backdoor to Spy on South Korean Targets", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1380", "CVE-2021-26411"], "modified": "2022-12-01T09:22:08", "id": "THN:27562A9FDA5CEBF33FAC792C73F4B06E", "href": "https://thehackernews.com/2022/12/north-korea-hackers-using-new-dolphin.html", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-12-09T18:09:08", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEh1nnpR24kvDx1aH-Icv1qXYk0M_wdTpu6nkdmt5aMTJe9wpMg0vvVnEw9FPAw78W2GY8s_fuJQeqv3q66nVGwOSRDPftYMKrIzIA6f1ikGEJWGGh4qlk401veeU8p9pCyp1aXhC1kpwnOj-QKJAYODctXmQw6L7FhaMTEpTXHCvgNqJrFAH-emvNhK/s728-e100/IE.png>)\n\nAn Internet Explorer zero-day vulnerability was actively exploited by a North Korean threat actor to target South Korean users by capitalizing on the recent [Itaewon Halloween crowd crush](<https://en.wikipedia.org/wiki/Seoul_Halloween_crowd_crush>) to trick users into downloading malware.\n\nThe discovery, reported by Google Threat Analysis Group researchers Beno\u00eet Sevens and Cl\u00e9ment Lecigne, is the latest set of attacks perpetrated by **ScarCruft**, which is also called APT37, InkySquid, Reaper, and Ricochet Chollima.\n\n\"The group has historically focused their targeting on South Korean users, North Korean defectors, policy makers, journalists, and human rights activists,\" TAG [said](<https://blog.google/threat-analysis-group/internet-explorer-0-day-exploited-by-north-korean-actor-apt37/>) in a Thursday analysis.\n\nThe new findings illustrate the threat actor's continued abuse of Internet Explorer flaws such as CVE-2020-1380 and CVE-2021-26411 to drop backdoors like [BLUELIGHT and Dolphin](<https://thehackernews.com/2022/12/north-korea-hackers-using-new-dolphin.html>), the latter of which was disclosed by Slovak cybersecurity firm ESET late last month.\n\nAnother key tool in its arsenal is [RokRat](<https://thehackernews.com/2021/01/alert-north-korean-hackers-targeting.html>), a Windows-based remote access trojan that comes with a wide range of functions that allow it to capture screenshots, log keystrokes, and even harvest Bluetooth device information.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgEUE0iMMY7AkFgxLDL3f3WZY8lHS8vjMnIdXxVIKgFOvtuxq6gT2AkGbu49pEcdsV9-fNSjd4Hdji-98P8QRijj0QV2EJOjYOCG5qF4OUPl6UqFblFLZix3h_kvynUedhPBbjT_JX1UCAwdNeHr0SCvaG7roz2PzN-annb8Y2_VV0y7reuoQtmel06/s728-e100/IE.png>)\n\nThe attack chain observed by Google TAG entails the use of a malicious Microsoft Word document that was [uploaded to VirusTotal](<https://www.virustotal.com/gui/file/926a947ea2b59d3e9a5a6875b4de2bd071b15260370f4da5e2a60ece3517a32f/>) on October 31, 2022. It abuses yet another Internet Explorer zero-day flaw in the JScript9 JavaScript engine, CVE-2022-41128, that was [patched by Microsoft](<https://thehackernews.com/2022/11/install-latest-windows-update-asap.html>) last month.\n\nThe file references the October 29 incident that took place in the Itaewon neighborhood of Seoul and exploits public interest in the tragedy to retrieve an exploit for the vulnerability upon opening it. The attack is enabled by the fact that Office renders HTML content using Internet Explorer.\n\nAs the [MalwareHunterTeam](<https://twitter.com/malwrhunterteam/status/1600759995020124160>) points out, the same Word file was previously shared by the Shadow Chaser Group on October 31, 2022, [describing](<https://twitter.com/ShadowChasing1/status/1587035660992454656>) it as an \"interesting DOCX injection template sample\" that originated from Korea.\n\nSuccessful exploitation is followed by the delivery of a shellcode that wipes all traces by clearing the Internet Explorer cache and history as well as downloading the next stage payload.\n\nGoogle TAG said it could not recover the follow-on malware used in the campaign, although it's suspected to have involved the deployment of RokRat, BLUELIGHT, or Dolphin.\n\n\"It is not surprising that they continue to target South Korean users,\" ESET malware analyst Filip Jur\u010dacko told The Hacker News. \"We haven't seen ScarCruft use zero-day exploits for some time. Previously, they were repurposing public PoCs of n-day exploits.\"\n\n\"Given the rarity/scarcity of zero-day exploits, we expect ScarCruft would use it in combination with some of their more sophisticated backdoors such as Dolphin. Moreover, the office theme of [command-and-control] domains matches previous campaigns.\"\n\n \n\n\nFound this article interesting? Follow us on [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-12-08T07:59:00", "type": "thn", "title": "Google Warns of Internet Explorer Zero-Day Vulnerability Exploited by ScarCruft Hackers", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1380", "CVE-2021-26411", "CVE-2022-41128"], "modified": "2022-12-09T17:03:29", "id": "THN:0EBBF876A406C3077C85D0DC9EF01199", "href": "https://thehackernews.com/2022/12/google-warns-of-internet-explorer-zero.html", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:39:17", "description": "[](<https://thehackernews.com/images/-I2pNCdG5Z4Q/YQLGX235y6I/AAAAAAAADYo/5ghaW_-O9UcVkr2h1ElM9OK55A4BtxsUwCLcBGAsYHQ/s0/malware-attack.jpg>)\n\nAn unidentified threat actor has been exploiting a now-patched zero-day flaw in Internet Explorer browser to deliver a fully-featured VBA-based remote access trojan (RAT) capable of accessing files stored in compromised Windows systems, and downloading and executing malicious payloads as part of an \"unusual\" campaign.\n\nThe backdoor is distributed via a decoy document named \"Manifest.docx\" that loads the exploit code for the vulnerability from an embedded template, which, in turn, executes shellcode to deploy the RAT, according to cybersecurity firm Malwarebytes, which spotted the suspicious Word file on July 21, 2021. \n\nThe malware-laced document claims to be a \"Manifesto of the inhabitants of Crimea\" calling on the citizens to oppose Russian President Vladimir Putin and \"create a unified platform called 'People's Resistance.'\"\n\nThe Internet Explorer flaw, tracked as **CVE-2021-26411**, is notable for the fact that it was abused by the North Korea-backed Lazarus Group to [target security researchers](<https://thehackernews.com/2021/01/n-korean-hackers-targeting-security.html>) working on vulnerability research and development.\n\nEarlier this February, South Korean cybersecurity firm ENKI [revealed](<https://enki.co.kr/blog/2021/02/04/ie_0day.html>) the state-aligned hacking collective had made an unsuccessful attempt at targeting its security researchers with malicious MHTML files that, when opened, downloaded two payloads from a remote server, one of which contained a zero-day against Internet Explorer. Microsoft [addressed the issue](<https://thehackernews.com/2021/03/microsoft-issues-security-patches-for.html>) as part of its Patch Tuesday updates for March.\n\n[](<https://thehackernews.com/images/-lZ4BcbcuZ5w/YQLCARxT1bI/AAAAAAAADYg/ng5r_-f-4f0B0RS2Mf-rIkCbF0u_7vKTQCLcBGAsYHQ/s0/malware.jpg>)\n\nThe Internet Explorer exploit is one of the two ways that's used to deploy the RAT, with the other method relying on a social engineering component that involves downloading and executing a remote macro-weaponized template containing the implant. Regardless of the infection chain, the use of double attack vectors is likely an attempt to increase the likelihood of finding a path into the targeted machines.\n\n\"While both techniques rely on template injection to drop a full-featured remote access trojan, the IE exploit (CVE-2021-26411) previously used by the Lazarus APT is an unusual discovery,\" Malwarebytes researcher Hossein Jazi said in a [report](<https://blog.malwarebytes.com/threat-intelligence/2021/07/crimea-manifesto-deploys-vba-rat-using-double-attack-vectors/>) shared with The Hacker News. \"The attackers may have wanted to combine social engineering and exploit to maximize their chances of infecting targets.\"\n\nBesides collecting system metadata, the VBA RAT is orchestrated to identify antivirus products running on the infected host and execute commands it receives from an attacker-controlled server, including reading, deleting, and downloading arbitrary files, and exfiltrate the results of those commands back to the server.\n\nAlso discovered by Malwarebytes is a PHP-based panel nicknamed \"Ekipa\" that's used by the adversary to track victims and view information about the modus operandi that led to the successful breach, highlighting successful exploitation using the IE zero-day and the execution of the RAT.\n\n\"As the [conflict between Russia and Ukraine](<https://en.wikipedia.org/wiki/Russo-Ukrainian_War>) over Crimea continues, cyber attacks have been increasing as well,\" Jazi said. \"The decoy document contains a manifesto that shows a possible motive (Crimea) and target (Russian and pro-Russian individuals) behind this attack. However, it could also have been used as a false flag.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-29T15:18:00", "type": "thn", "title": "Hackers Exploit Microsoft Browser Bug to Deploy VBA Malware on Targeted PCs", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26411"], "modified": "2021-07-29T15:18:26", "id": "THN:BE0D8117CAD7D5DE97C405935DA09BC3", "href": "https://thehackernews.com/2021/07/hackers-exploit-microsoft-browser-bug.html", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:39:25", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjoNnACNL4tRXhmeRID1KNB0_0j084PU17zaVDx1SxcV1CFt2BlV43KNXnZkDDAR985mEgiQcsym3EvrPBUSnvxY2MeEYVkQM4xXlSNUzbLB98CzlGZ4a9VsE0crb-4OSGd6167GXHRqsv_Q1nVk-reN0Jwy6FUir34MAXaXtejrxv4Fdin_zG4w0Hy/s728-e100/Malware-botnet.jpg>)\n\nA new campaign leveraging an exploit kit has been observed abusing an Internet Explorer flaw patched by Microsoft last year to deliver the RedLine Stealer trojan.\n\n\"When executed, RedLine Stealer performs recon against the target system (including username, hardware, browsers installed, anti-virus software) and then exfiltrates data (including passwords, saved credit cards, crypto wallets, VPN logins) to a remote command and control server,\" Bitdefender [said](<https://www.bitdefender.com/blog/labs/redline-stealer-resurfaces-in-fresh-rig-exploit-kit-campaign/>) in a new report shared with The Hacker News.\n\nMost of the infections are located in Brazil and Germany, followed by the U.S., Egypt, Canada, China, and Poland, among others.\n\nExploit kits or exploit packs are comprehensive tools that contain a collection of exploits designed to take advantage of vulnerabilities in commonly-used software by scanning infected systems for different kinds of flaws and deploying additional malware.\n\nThe primary infection method used by attackers to distribute exploit kits, in this case the [Rig Exploit Kit](<https://blog.talosintelligence.com/2016/11/rig-exploit-kit-campaign-happy-puzzling.html>), is through compromised websites that, when visited, drops the exploit code to ultimately send the RedLine Stealer payload to carry out follow-on attacks.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiTiqBiBM_tUQDifo7wSzoSmySElE7plr5n8i313DuMqdGIvgxgtI8BwkXKvGn9BhTFJbL5wO3nEo5epjh_wK6NXHiY5HX4H-zBXR1biJrlrDoHMp0kOD9TpOFTAquH1yuDwBTqaA8sHb5ykwjftMSl6orvCwshZvLvvUeR9n89rn2ExztZfMlrZ9Zz/s728-e100/malware-redline.jpg>)\n\nThe flaw in question is [CVE-2021-26411](<https://thehackernews.com/2021/03/microsoft-issues-security-patches-for.html>) (CVSS score: 8.8), a memory corruption vulnerability impacting Internet Explorer that has been [previously](<https://thehackernews.com/2021/07/hackers-exploit-microsoft-browser-bug.html>) [weaponized](<https://thehackernews.com/2021/08/nk-hackers-deploy-browser-exploit-on.html>) by North Korea-linked threat actors. It was addressed by Microsoft as part of its Patch Tuesday updates for March 2021.\n\n\"The RedLine Stealer sample delivered by RIG EK comes packed in multiple encryption layers [...] to avoid detection,\" the Romanian cybersecurity firm noted, with the unpacking of the malware progressing through as many as six stages.\n\nRedLine Stealer, an information-stealing malware sold on underground forums, comes with features to exfiltrate passwords, cookies and credit card data saved in browsers, as well as crypto wallets, chat logs, VPN login credentials and text from files as per commands received from a remote server.\n\nThis is far from the only campaign that involves the distribution of RedLine Stealer. In February 2022, HP [detailed](<https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade/>) a social engineering attack using fake Windows 11 upgrade installers to trick Windows 10 users into downloading and executing the malware.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-28T08:20:00", "type": "thn", "title": "New RIG Exploit Kit Campaign Infecting Victims' PCs with RedLine Stealer", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26411"], "modified": "2022-04-28T08:20:39", "id": "THN:4225CEE6D7775276254C20B6E19126AE", "href": "https://thehackernews.com/2022/04/new-rig-exploit-kit-campaign-infecting.html", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-22T05:57:19", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEj2wZ2WigbmeeiVSmTQ4-67rEYUW7v2I3ZX859kqxEIsqx_2RJvNHrPTNneci3kd3F74Xm1l3X8wl9ksep25v3sDCVMUE1-yMNEWMgUJEqIox4oxaikOSq0B0VsoRBGOKG5ulhQWnk5i6xfltyN5mGJdW3t0z1vXjd6kaxCI5E6GFZ4ZU4L5YI1QY6S/s728-e100/malware.jpg>)\n\nThe operators behind the Rig Exploit Kit have swapped the Raccoon Stealer malware for the Dridex financial trojan as part of an ongoing campaign that commenced in January 2022.\n\nThe switch in modus operandi, [spotted](<https://www.bitdefender.com/blog/labs/rig-exploit-kit-swaps-dead-raccoon-with-dridex/>) by Romanian company Bitdefender, comes in the wake of Raccoon Stealer [temporarily closing the project](<https://thehackernews.com/2022/04/researchers-warn-of-ffdroider-and.html>) after one of its team members responsible for critical operations passed away in the Russo-Ukrainian war in March 2022.\n\nThe Rig Exploit Kit is notable for its abuse of browser exploits to distribute an array of malware. First spotted in 2019, Raccoon Stealer is a credential-stealing trojan that's advertised and sold on underground forums as a malware-as-a-service (MaaS) for $200 a month.\n\nThat said, the Raccoon Stealer actors are already working on a second version that's expected to be \"rewritten from scratch and optimized.\" But the void left by the malware's exit is being filled by other information stealers such as RedLine Stealer and Vidar.\n\n[Dridex](<https://www.cisa.gov/uscert/ncas/alerts/aa19-339a>) (aka Bugat and Cridex), for its part, has the capability to download additional payloads, infiltrate browsers to steal customer login information entered on banking websites, capture screenshots, and log keystrokes, among others, through different modules that allow its functionality to be extended at will.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgBpTikSneV7T3pFFHkZC1iuLdpeuTlKFreYCRkDWPEJCcFNrVu_Aggg1pmArUunZao5RrT-2KwOLvxqcLBsymx3usE7pg7w7r3-aMy8PMbHKVLzrIsvKtKxSBr-L7BqKKlHxkCNn5_uTy5U6_dQHHR62Yoltgm_TiuZc8f7rkgEDfDB3-tzcmG-onm/s728-e100/map.jpg>)\n\nIn April 2022, Bitdefender [discovered](<https://thehackernews.com/2022/04/new-rig-exploit-kit-campaign-infecting.html>) another Rig Exploit Kit campaign distributing the RedLine Stealer trojan by exploiting an Internet Explorer flaw patched by Microsoft last year ([CVE-2021-26411](<https://thehackernews.com/2021/03/microsoft-issues-security-patches-for.html>)).\n\nThat's not all. Last May, a separate campaign [exploited](<https://www.bitdefender.com/blog/labs/new-wastedloader-campaign-delivered-through-rig-exploit-kit/>) two scripting engine vulnerabilities in unpatched Internet Explorer browsers ([CVE-2019-0752](<https://nvd.nist.gov/vuln/detail/CVE-2019-0752>) and [CVE-2018-8174](<https://nvd.nist.gov/vuln/detail/CVE-2018-8174>)) to deliver a malware called WastedLoader, so named for its similarities to WasterLocker but lacking the ransomware component.\n\n\"This once again demonstrates that threat actors are agile and quick to adapt to change,\" the cybersecurity firm said. \"By design, Rig Exploit Kit allows for rapid substitution of payloads in case of detection or compromise, which helps cyber criminal groups recover from disruption or environmental changes.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-22T05:41:00", "type": "thn", "title": "RIG Exploit Kit Now Infects Victims' PCs With Dridex Instead of Raccoon Stealer", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8174", "CVE-2019-0752", "CVE-2021-26411"], "modified": "2022-06-22T05:41:58", "id": "THN:DE791A2DD37FD88B59147561CF1F7BBF", "href": "https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:40:11", "description": "[](<https://thehackernews.com/images/-otB8fG2s_m4/XzPfTi8GjVI/AAAAAAAA3L0/OOJmkOvjqX46cHdcMhCRa1f-z0U2Gu2dwCLcBGAsYHQ/s728-e100/windows-hacking.png>)\n\nMicrosoft earlier today released its August 2020 batch of software security updates for all supported versions of its Windows operating systems and other products. \n \nThis month's Patch Tuesday updates address a total of 120 newly discovered software vulnerabilities, of which 17 are critical, and the rest are important in severity. \n \nIn a nutshell, your Windows computer can be hacked if you: \n \n\n\n * Play a video file \u2014 thanks to flaws in [Microsoft Media Foundation](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1525>) and [Windows Codecs](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1585>)\n * Listen to audio \u2014 thanks to bugs affecting Windows Media Audio Codec\n * Browser a website \u2014 thanks to 'all time buggy' Internet Explorer\n * Edit an HTML page \u2014 thanks to an [MSHTML Engine](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1567>) flaw\n * Read a PDF \u2014 thanks to a loophole in Microsoft Edge PDF Reader\n * Receive an email message \u2014 thanks to yet another bug in [Microsoft Outlook](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1483>)\n \nBut don't worry, you don't need to stop using your computer or without Windows OS on it. All you need to do is click on the Start Menu \u2192 open Settings \u2192 click Security and Update, and install if any new update is available. \n \n\n\n## Install Updates! Two Zero-Days Under Active Attacks\n\n \nAnother reason why you should not ignore this advice is that two of the security flaws have reportedly been exploited by hackers in the wild and one publicly known at the time of release. \n \nAccording to Microsoft, one of the zero-day vulnerabilities under active attack is a remote code execution bug that resides in the scripting engine's library jscript9.dll, which is used by default by all versions of Internet Explorer since IE9. \n \nThe vulnerability, tracked as [CVE-2020-1380](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1380>), was spotted by Kaspersky Labs and has been rated critical because Internet Explorer remains an important component of Windows as it still comes installed by default in the latest Windows. \n \nKaspersky researchers explain that the flaw is a use-after-free vulnerability in JScript that corrupts the dynamic memory in Internet Explorer in such a way that an attacker could execute arbitrary code in the context of the current user. So, if the current user is logged in with administrative privileges, the attacker could control the affected system. \n \n\"An attacker could also embed an ActiveX control marked \"safe for initialization\" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements,\" Microsoft says in its advisory. \n \nExploited by unknown threat actors as part of '**Operation PowerFall**' attacks, a [proof-of-concept exploit](<https://securelist.com/ie-and-windows-zero-day-operation-powerfall/97976/>) code, and technical details for the zero-day vulnerability have been published by Kaspersky. \n \nThe second zero-day vulnerability\u2014tracked as [CVE-2020-1464](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464>) and under active exploitation\u2014is a Windows spoofing bug that exists when Windows incorrectly validates file signatures. \n \nThis zero-day bug affects all supported versions of Windows and allows attackers to load improperly signed files by bypassing security features intended to prevent incorrectly signed files from being loaded. \n \nBesides these, notably, the batch also includes a critical patch for an elevation of privilege [flaw affecting NetLogon](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472>) for Windows Server editions, where this RPC service serves as a domain controller. \n \nTracked as 'CVE-2020-1472,' the vulnerability can be exploited by unauthenticated attackers to use Netlogon Remote Protocol (MS-NRPC) to connect to a Domain Controller (DC) and obtain administrative access to run malicious applications on a device on the network. \n \nHome users and server administrators are strongly recommended to apply the latest security patches as soon as possible to prevent malware or miscreants from exploiting and gain complete remote control over their vulnerable computers. \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-08-12T12:25:00", "type": "thn", "title": "Microsoft Reveals New Innocent Ways Windows Users Can Get Hacked", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1380", "CVE-2020-1464", "CVE-2020-1472", "CVE-2020-1483", "CVE-2020-1525", "CVE-2020-1567", "CVE-2020-1585"], "modified": "2020-08-12T12:35:52", "id": "THN:0A61A90DD0F88453854B73FE249BC379", "href": "https://thehackernews.com/2020/08/microsoft-software-patches.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-28T20:14:08", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjBhp7MpDIp8BmnU_nBxIn0U5U7pYNA-9qzA3L0FNRPsDg-6r06WOCSuLJy9epJJ4wYNSpY7wz5tkcJ3GizgssrVQXdIAJ9eivo-BW16UV6nKFkQNF4uu4dS7PdotWruSGmcROR5ST_-z32it8WA1T2D0RtDBCYfO-HYsb9p2ZLmk8LOUPzik5XEeiW/s728-e365/exploits.png>)\n\nThe RIG exploit kit (EK) touched an all-time high successful exploitation rate of nearly 30% in 2022, new findings reveal.\n\n\"RIG EK is a financially-motivated program that has been active since 2014,\" Swiss cybersecurity company PRODAFT [said](<https://www.prodaft.com/resource/detail/rig-rig-exploit-kit-depth-analysis>) in an exhaustive report shared with The Hacker News.\n\n\"Although it has yet to substantially change its exploits in its more recent activity, the type and version of the malware they distribute constantly change. The frequency of updating samples ranges from weekly to daily updates.\"\n\nExploit kits are programs used to distribute malware to large numbers of victims by taking advantage of known security flaws in commonly-used software such as web browsers.\n\nThe fact that [RIG EK](<https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/rig-exploit-kit-diving-deeper-into-the-infrastructure/>) runs as a service model means threat actors can financially compensate the RIG EK administrator for installing malware of their choice on victim machines. The RIG EK operators primarily employ malvertising to ensure a high infection rate and large-scale coverage.\n\nAs a result, visitors using a vulnerable version of a browser to access an actor-controlled web page or a compromised-but-legitimate website are redirected using malicious JavaScript code to a proxy server, which, in turn, communicates with an exploit server to deliver the appropriate browser exploit.\n\nThe exploit server, for its part, detects the user's browser by parsing the User-Agent string and returns the exploit that \"matches the pre-defined vulnerable browser versions.\"\n\n\"The artful design of the Exploit Kit allows it to infect devices with little to no interaction from the end user,\" the researchers said. \"Meanwhile, its use of proxy servers makes infections harder to detect.\"\n\nSince arriving on the scene in 2014, RIG EK has been observed delivering a wide range of financial trojans, stealers, and ransomware such as [AZORult](<https://www.malware-traffic-analysis.net/2018/01/30/index.html>), [CryptoBit](<https://unit42.paloaltonetworks.com/unit42-cryptobit-another-ransomware-family-gets-an-update/>), [Dridex](<https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html>), Raccoon Stealer, and WastedLoader. The operation was [dealt a huge blow](<https://www.bleepingcomputer.com/news/security/rig-exploit-kit-suffers-major-blow-following-coordinated-takedown-action/>) in 2017 following a coordinated action that dismantled its infrastructure.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhc-W77ksCVeOKxAHCwlWIPxzC9l7i48HMztDVefT_GTQN6XaD5H-mb8C5D7AiFGke7UyJ5rHfJOhQXKt9x-EyfGBIBCDjKneq6GUScJISxkgozl2YDnqMb57C6zKFVUmzRreQf_EkbmVnevMv6XZmYkkGXuKpQsb6L0VcfniBtPTvtvHytsjEfg53v/s728-e365/exploit-kit.png>)\n\nRecent RIG EK campaigns have [targeted](<https://thehackernews.com/2022/04/new-rig-exploit-kit-campaign-infecting.html>) a memory corruption vulnerability impacting Internet Explorer ([CVE-2021-26411](<https://nvd.nist.gov/vuln/detail/CVE-2021-26411>), CVSS score: 8.8) to deploy RedLine Stealer.\n\nOther browser flaws weaponized by the malware include [CVE-2013-2551](<https://nvd.nist.gov/vuln/detail/CVE-2013-2551>), [CVE-2014-6332](<https://nvd.nist.gov/vuln/detail/cve-2014-6332>), [CVE-2015-0313](<https://nvd.nist.gov/vuln/detail/CVE-2015-0313>), [CVE-2015-2419](<https://nvd.nist.gov/vuln/detail/CVE-2015-2419>), [CVE-2016-0189](<https://nvd.nist.gov/vuln/detail/CVE-2016-0189>), [CVE-2018-8174](<https://nvd.nist.gov/vuln/detail/CVE-2018-8174>), [CVE-2019-0752](<https://nvd.nist.gov/vuln/detail/CVE-2019-0752>), and [CVE-2020-0674](<https://nvd.nist.gov/vuln/detail/cve-2020-0674>).\n\nAccording to data collected by PRODAFT, 45% of the successful infections in 2022 leveraged CVE-2021-26411, followed by CVE-2016-0189 (29%), CVE-2019-0752 (10%), CVE-2018-8174 (9%), and CVE-2020-0674 (6%).\n\nBesides Dridex, Raccoon, and RedLine Stealer, some of the notable malware families distributed using RIG EK are [SmokeLoader](<https://thehackernews.com/2022/07/smokeloader-infecting-targeted-systems.html>), [PureCrypter](<https://thehackernews.com/2023/02/purecrypter-malware-targets-government.html>), [IcedID](<https://thehackernews.com/2023/01/icedid-malware-strikes-again-active.html>), [ZLoader](<https://thehackernews.com/2022/04/microsoft-disrupts-zloader-cybercrime.html>), [TrueBot](<https://thehackernews.com/2022/12/new-truebot-malware-variant-leveraging.html>), [Ursnif](<https://thehackernews.com/2022/10/latest-ursnif-variant-shifts-focus-from.html>), and [Royal ransomware](<https://thehackernews.com/2022/12/royal-ransomware-threat-takes-aim-at-us.html>).\n\nFurthermore, the exploit kit is said to have attracted traffic from 207 countries, reporting a 22% success rate over the past two months alone. The most number of compromises are located in Russia, Egypt, Mexico, Brazil, Saudi Arabia, Turkey, and several countries across Europe.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgHW2d3XvxN49JeSd1f1I2t_7jqwMXvWZbzufRHyKvB-lvloj3RLIU8xMMcAN9RImXCK1EPUEWhHZlJ1ofvfKXka6slISXtxBLv56tj9ldKN_j78xm_MDVC0DHWXESA4_ixJ-UbK1tEwyLlUb6srh7Wu6eeIowhT5K7S4TtZqS3yGIMcXdF56qeWpvC/s728-e365/chart.png>)\n\n\"Interestingly enough, the exploit try rates were the highest on Tuesday, Wednesday and Thursday - with successful infections taking place on the same days of the week,\" the researchers explained.\n\nPRODAFT, which also managed to gain visibility into the kit's control panel, said there are about six different users, two of whom (admin and vipr) have admin privileges. A user profile with the alias \"pit\" or \"pitty\" has subadmin permissions, and three others (lyr, ump, and test1) have user privileges.\n\n\"admin\" is also a dummy user mainly reserved for creating other users. The management panel, which works with a subscription, is controlled using the \"pitty\" user.\n\nHowever, an operational security blunder that exposed the git server led PRODAFT to de-anonymize two of the threat actors. It also assessed with high confidence that the developer of the Dridex malware has a \"close relationship\" with the RIG EK's administrators, owing to the additional manual configuration steps taken to \"ensure that the malware was distributed smoothly.\"\n\n\"Overall, RIG EK runs a very fruitful business of exploit-as-a-service, with victims across the globe, a highly effective exploit arsenal and numerous customers with constantly updating malware,\" the researchers said.\n\n \n\n\nFound this article interesting? Follow us on [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-02-27T15:33:00", "type": "thn", "title": "Researchers Share New Insights Into RIG Exploit Kit Malware's Operations", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2551", "CVE-2014-6332", "CVE-2015-0313", "CVE-2015-2419", "CVE-2016-0189", "CVE-2018-8174", "CVE-2019-0752", "CVE-2020-0674", "CVE-2021-26411"], "modified": "2023-02-28T18:45:18", "id": "THN:35964D30086BA86E15030F5A7D404BE6", "href": "https://thehackernews.com/2023/02/researchers-share-new-insights-into-rig.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:39:02", "description": "[](<https://thehackernews.com/images/-B1GIJUi-Xfc/YEhXRdorEMI/AAAAAAAAB_o/0vVWsLXOqu0OjfRxUmUTUUvsoLhkTBy6QCLcBGAsYHQ/s0/windows-update-download.jpg>)\n\nMicrosoft plugged as many as [89 security flaws](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Mar>) as part of its monthly Patch Tuesday updates released today, including fixes for an actively exploited zero-day in Internet Explorer that could permit an attacker to run arbitrary code on target machines.\n\nOf these flaws, 14 are listed as Critical, and 75 are listed as Important in severity, out of which two of the bugs are described as publicly known, while five others have been reported as under active attack at the time of release.\n\nAmong those five security issues are a clutch of vulnerabilities known as [ProxyLogon](<https://thehackernews.com/2021/03/urgent-4-actively-exploited-0-day-flaws.html>) (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) that allows adversaries to break into Microsoft Exchange Servers in target environments and subsequently allow the installation of unauthorized web-based backdoors to facilitate long-term access.\n\nBut in the wake of Exchange servers coming under [indiscriminate assault](<https://thehackernews.com/2021/03/microsoft-exchange-cyber-attack-what-do.html>) toward the end of February by multiple threat groups looking to exploit the vulnerabilities and plant backdoors on corporate networks, Microsoft took the unusual step of releasing out-of-band fixes a week earlier than planned.\n\nThe ramping up of [mass exploitation](<https://krebsonsecurity.com/2021/03/warning-the-world-of-a-ticking-time-bomb/>) after Microsoft released its updates on March 2 has led the company to deploy [another series of security updates](<https://techcommunity.microsoft.com/t5/exchange-team-blog/march-2021-exchange-server-security-updates-for-older-cumulative/ba-p/2192020>) targeting [older and unsupported](<https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/>) cumulative updates that are vulnerable to ProxyLogon attacks.\n\nAlso included in the mix is a patch for zero-day in Internet Explorer (CVE-2021-26411) that was discovered as exploited by North Korean hackers to [compromise security researchers](<https://thehackernews.com/2021/01/n-korean-hackers-targeting-security.html>) working on vulnerability research and development earlier this year.\n\nSouth Korean cybersecurity firm ENKI, which publicly [disclosed](<https://thehackernews.com/2021/02/new-chrome-browser-0-day-under-active.html>) the flaw early last month, claimed that North Korean nation-state hackers made an unsuccessful attempt at targeting its security researchers with malicious MHTML files that, when opened, downloaded two payloads from a remote server, one of which contained a zero-day against Internet Explorer.\n\nAside from these actively exploited vulnerabilities, the update also corrects a number of remote code execution (RCE) flaws in Windows DNS Server (CVE-2021-26877 and CVE-2021-26897, CVSS scores 9.8), Hyper-V server (CVE-2021-26867, CVSS score 9.9), SharePoint Server (CVE-2021-27076, CVSS score 8.8), and Azure Sphere (CVE-2021-27080, CVSS score 9.3).\n\nCVE-2021-26877 and CVE-2021-26897 are notable for a couple of reasons. First off, the flaws are rated as \"exploitation more likely\" by Microsoft, and are categorized as zero-click vulnerabilities of low attack complexity that require no user interaction.\n\nAccording to [McAfee](<https://www.mcafee.com/blogs/other-blogs/mcafee-labs/seven-windows-wonders-critical-vulnerabilities-in-dns-dynamic-updates/>), the vulnerabilities stem from an out of bounds read (CVE-2021-26877) and out of bounds write (CVE-2021-26897) on the heap, respectively, during the processing of [Dynamic Update](<https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-dns-dynamic-updates-windows-server-2003>) packets, resulting in potential arbitrary reads and RCE.\n\nFurthermore, this is also the second time in a row that Microsoft has addressed a critical RCE flaw in Windows DNS Server. Last month, the company rolled out a fix for [CVE-2021-24078](<https://thehackernews.com/2021/02/microsoft-issues-patches-for-in-wild-0.html>) in the same component which, if unpatched, could permit an unauthorized party to execute arbitrary code and potentially redirect legitimate traffic to malicious servers.\n\nTo install the latest security updates, Windows users can head to Start &gt; Settings &gt; Update &amp; Security &gt; Windows Update, or by selecting Check for Windows updates.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-10T05:37:00", "type": "thn", "title": "Microsoft Issues Security Patches for 89 Flaws \u2014 IE 0-Day Under Active Attacks", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24078", "CVE-2021-26411", "CVE-2021-26855", "CVE-2021-26857", "CVE-2021-26858", "CVE-2021-26867", "CVE-2021-26877", "CVE-2021-26897", "CVE-2021-27065", "CVE-2021-27076", "CVE-2021-27080"], "modified": "2021-08-13T09:07:37", "id": "THN:BC8A83422D35DB5610358702FCB4D154", "href": "https://thehackernews.com/2021/03/microsoft-issues-security-patches-for.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "mskb": [{"lastseen": "2023-02-16T11:06:53", "description": "None\nThis article applies to the following:\n\n * Internet Explorer 11 on Windows Server 2012 R2\n * Internet Explorer 11 on Windows 8.1\n * Internet Explorer 11 on Windows Server 2012\n * Internet Explorer 11 on Windows Server 2008 R2 SP1\n * Internet Explorer 11 on Windows 7 SP1\n * Internet Explorer 9 on Windows Server 2008 SP2\n**Important**\n\n * As of February 11, 2020, Internet Explorer 10 is no longer in support. To get Internet Explorer 11 for Windows Server 2012 or Windows 8 Embedded Standard, see [KB4492872](<https://support.microsoft.com/help/4492872>). Install one of the following applicable updates to stay updated with the latest security fixes:\n * Cumulative Update for Internet Explorer 11 for Windows Server 2012.\n * Cumulative Update for Internet Explorer 11 for Windows 8 Embedded Standard.\n * The March 2021 Monthly Rollup.\n * Some customers using Windows Server 2008 R2 SP1 who activated their ESU multiple activation key (MAK) add-on before installing the January 14, 2020 updates might need to re-activate their key. Re-activation on affected devices should only be required once. For information on activation, see this [blog](<https://aka.ms/Windows7ESU>) post.\n * WSUS scan cab files will continue to be available for Windows 7 SP1 and Windows Server 2008 R2 SP1. If you have a subset of devices running these operating systems without ESU, they might show as non-compliant in your patch management and compliance toolsets. \n--- \n \n## Summary\n\nThis security update resolves vulnerabilities in Internet Explorer. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures](<https://portal.msrc.microsoft.com/en-us/security-guidance>).Additionally, see the following articles for more information about cumulative updates:\n\n * [Windows Server 2008 SP2 update history](<https://support.microsoft.com/help/4343218>)\n * [Windows 7 SP1 and Windows Server 2008 R2 SP1 update history](<https://support.microsoft.com/help/4009469>)\n * [Windows Server 2012 update history](<https://support.microsoft.com/help/4009471>)\n * [Windows 8.1 and Windows Server 2012 R2 update history](<https://support.microsoft.com/help/4009470>)\n**Important**\n\n * The fixes that are included in this update are also included in the March 2021 Security Monthly Quality Rollup. Installing either this update or the Security Monthly Quality Rollup installs the same fixes.\n * This update is not applicable for installation on a device on which the Security Monthly Quality Rollup or the Preview of Monthly Quality Rollup from March 2021 (or a later month) is already installed. This is because those updates contain all the same fixes that are included in this update.\n * If you use update management processes other than Windows Update and you automatically approve all security update classifications for deployment, this update, the March 2021 Security Only Quality Update, and the March 2021 Security Monthly Quality Rollup are deployed. We recommend that you review your update deployment rules to make sure that the desired updates are deployed.\n * If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/library/hh825699>). \n--- \n \n## Known issues in this security update\n\nWe are currently not aware of any issues in this update.\n\n## How to get and install this update\n\n### Before installing this update\n\nTo install Windows 7 SP1, Windows Server 2008 R2 SP1, or Windows Server 2008 SP2 updates released on or after July 2019, you must have the following required updates installed. If you use Windows Update, these required updates will be offered automatically as needed.\n\n * Install the SHA-2 code signing support updates: \n \nFor Windows 7 SP1, Windows Server 2008 R2, and Windows Server 2008 SP2, you must have the SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) that is dated September 23, 2019 or a later SHA-2 update installed and then restart your device before you apply this update. For more information about SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>). \n \nFor Windows 7 SP1 and Windows Server 2008 R2 SP1, you must have installed the servicing stack update (SSU) ([KB4490628](<https://support.microsoft.com/help/4490628>)) that is dated March 12, 2019. After update [KB4490628](<https://support.microsoft.com/help/4490628>) is installed, we recommend that you install the December 8, 2020 SSU ([KB4592510](<https://support.microsoft.com/help/4592510>)) or a later SSU update. For more information about the latest SSU updates, see [ADV990001 | Latest Servicing Stack Updates](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001>). \n \nFor Windows Server 2008 SP2, you must have installed the servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)) that is dated April 9, 2019. After update [KB4493730](<https://support.microsoft.com/help/4493730>) is installed, we recommend that you install the October 13, 2020 SSU ([KB4580971](<https://support.microsoft.com/help/4580971>)) or a later SSU update. For more information about the latest SSU updates, see [ADV990001 | Latest Servicing Stack Updates](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001>).\n * Install the Extended Security Update (ESU): \n \nFor Windows 7 SP1 and Windows Server 2008 R2 SP1, you must have installed the \"Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4538483](<https://support.microsoft.com/en/help/4538483>)) or the \"Update for the Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4575903](<https://support.microsoft.com/help/4575903>)). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). \n \nFor Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2, you must have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems and follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends. Extended support ends as follows:\n * For Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2, extended support ends on January 14, 2020.\n * For Windows Embedded Standard 7, extended support ends on October 13, 2020.\nFor more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>). \n \nFor Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services. \n \nFor Windows Thin PC, you must have the August 11, 2020 SSU ([KB4570673](<https://support.microsoft.com/help/4570673>)) or a later SSU installed to make sure you continue to get the extended security updates starting with the October 13, 2020 updates.**Important **You must restart your device after you install these required updates.\n\n### Install this update\n\nTo install this update, use one of the following release channels.**Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update for the following versions:\n\n * Internet Explorer 11 for Windows Server 2012 and Windows Embedded 8 Standard\nFor all other versions, see the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=5000800>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically synchronize with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2, Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Server 2012, Windows Embedded 8 Standard, Windows 8.1, Windows Server 2012 R2**Classification**: Security Update \n \n## File information\n\nThe English (United States) version of this software update installs files that have the attributes that are listed in the following tables.**Note** The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.\n\n### **Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2**\n\n### \n\n__\n\nInternet Explorer 11 on all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nactxprxy.dll| 6.3.9600.19301| 25-Feb-2019| 22:20| 1,049,600 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 20:55| 99,328 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 18:49| 58,368 \nurlmon.dll| 11.0.9600.19963| 12-Feb-2021| 17:50| 1,343,488 \niexplore.exe| 11.0.9600.19036| 24-May-2018| 22:24| 817,296 \nWininetPlugin.dll| 6.3.9600.17416| 30-Oct-2014| 20:12| 35,328 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 11:17| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.19963| 12-Feb-2021| 20:30| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:27| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \nhtml.iec| 2019.0.0.18895| 1-Jan-2018| 20:51| 341,504 \ninetcpl.cpl| 11.0.9600.19963| 12-Feb-2021| 18:12| 2,058,752 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 307,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 293,888 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 290,304 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,008 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 303,104 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 20:58| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 283,648 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 291,840 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,520 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 275,968 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 293,376 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 258,048 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 256,512 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 288,256 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 285,184 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 297,472 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 290,816 \nmshtml.dll.mui| 11.0.9600.19963| 12-Feb-2021| 20:31| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 286,208 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 281,600 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 286,720 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:42| 292,352 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 242,176 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 243,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 243,200 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 73,728 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:35| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 78,848 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 15-Aug-2014| 19:47| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 74,752 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 62,464 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 75,264 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:29| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 73,216 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 41,472 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 37,888 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 70,656 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 69,632 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:39| 68,608 \nF12Resources.dll.mui| 11.0.9600.19963| 12-Feb-2021| 20:30| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 59,904 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 69,120 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:39| 29,696 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 30,720 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:25| 60,416 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 18:26| 230,912 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:26| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 11:10| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:13| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:02| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 12-Feb-2021| 20:31| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:05| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nwininet.dll| 11.0.9600.19963| 12-Feb-2021| 17:53| 4,388,352 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 20:16| 47,104 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18666| 16-Apr-2017| 1:51| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:13| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:46| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:47| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 123,904 \ninetcpl.cpl.mui| 11.0.9600.19963| 12-Feb-2021| 20:31| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 13:56| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:03| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 75,776 \nieui.dll| 11.0.9600.18895| 1-Jan-2018| 20:44| 476,160 \niedkcs32.dll| 18.0.9600.19963| 12-Feb-2021| 18:11| 333,312 \ninstall.ins| Not versioned| 12-Feb-2021| 16:25| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:20| 616,104 \nieapfltr.dll| 11.0.9600.19963| 12-Feb-2021| 17:48| 710,656 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 128,512 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 20:03| 27,136 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:24| 73,728 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.18895| 1-Jan-2018| 20:55| 489,472 \niedvtool.dll| 11.0.9600.19963| 12-Feb-2021| 18:59| 772,608 \nDiagnosticsHub_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:52| 38,912 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:29| 415,744 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 280,064 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 15-Aug-2014| 15:51| 11,892 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:35| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:36| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 4,096 \nF12.dll.mui| 11.0.9600.17278| 15-Aug-2014| 19:47| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:29| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:29| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:31| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 4,096 \nF12.dll.mui| 11.0.9600.19963| 12-Feb-2021| 20:31| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:39| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 3,584 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:28| 175,104 \nF12Resources.dll| 11.0.9600.18939| 10-Feb-2018| 9:17| 10,948,096 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:27| 256,000 \nF12.dll| 11.0.9600.19963| 12-Feb-2021| 18:17| 1,207,808 \nmsfeeds.dll| 11.0.9600.19963| 12-Feb-2021| 18:12| 696,320 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:53| 1,518 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 16:49| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 4:57| 52,736 \nmsfeedssync.exe| 11.0.9600.17416| 30-Oct-2014| 20:25| 11,264 \nmshta.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 12,800 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 76,800 \nmshtml.dll| 11.0.9600.19963| 12-Feb-2021| 18:58| 20,296,192 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 2:20| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:40| 3,228 \nIEAdvpack.dll| 11.0.9600.17416| 30-Oct-2014| 20:14| 112,128 \nieetwcollector.exe| 11.0.9600.18666| 16-Apr-2017| 0:47| 104,960 \nieetwproxystub.dll| 11.0.9600.17416| 30-Oct-2014| 20:23| 47,616 \nieetwcollectorres.dll| 11.0.9600.16518| 6-Feb-2014| 2:19| 4,096 \nielowutil.exe| 11.0.9600.19404| 9-Jul-2019| 20:06| 221,184 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:45| 310,784 \nIEShims.dll| 11.0.9600.19846| 23-Sep-2020| 20:01| 290,304 \niexpress.exe| 11.0.9600.17416| 30-Oct-2014| 20:27| 152,064 \nwextract.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 137,728 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 17:59| 40,448 \nExtExport.exe| 11.0.9600.17416| 30-Oct-2014| 20:20| 25,600 \nWindows Pop-up Blocked.wav| Not versioned| 23-Sep-2013| 19:58| 85,548 \nWindows Information Bar.wav| Not versioned| 23-Sep-2013| 19:58| 23,308 \nWindows Feed Discovered.wav| Not versioned| 23-Sep-2013| 19:58| 19,884 \nWindows Navigation Start.wav| Not versioned| 23-Sep-2013| 19:58| 11,340 \nbing.ico| Not versioned| 23-Sep-2013| 19:36| 5,430 \nieUnatt.exe| 11.0.9600.17416| 30-Oct-2014| 20:12| 115,712 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 12-Feb-2021| 19:49| 2,956 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 459,776 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 579,584 \nMemoryAnalyzer.dll| 11.0.9600.19963| 12-Feb-2021| 18:35| 1,399,296 \nMshtmlDac.dll| 11.0.9600.19867| 12-Oct-2020| 21:43| 64,000 \nnetworkinspection.dll| 11.0.9600.19846| 23-Sep-2020| 20:28| 1,075,200 \noccache.dll| 11.0.9600.17416| 30-Oct-2014| 19:48| 130,048 \ndesktop.ini| Not versioned| 18-Jun-2013| 5:18| 65 \nwebcheck.dll| 11.0.9600.19963| 12-Feb-2021| 18:13| 230,400 \ndesktop.ini| Not versioned| 18-Jun-2013| 5:19| 65 \npdm.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 442,992 \nmsdbg2.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 315,008 \npdmproxy100.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 99,984 \nmsrating.dll| 11.0.9600.19507| 5-Oct-2019| 19:57| 168,960 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:25| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:26| 1,988 \niertutil.dll| 11.0.9600.19963| 12-Feb-2021| 18:44| 2,308,096 \nie4uinit.exe| 11.0.9600.19963| 12-Feb-2021| 18:11| 692,224 \niernonce.dll| 11.0.9600.17416| 30-Oct-2014| 20:15| 30,720 \niesetup.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 62,464 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:55| 16,303 \ninseng.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 91,136 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 90,624 \nTimeline.dll| 11.0.9600.19963| 12-Feb-2021| 18:23| 154,112 \nTimeline_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:40| 124,928 \nTimeline.cpu.xml| Not versioned| 24-Jul-2014| 12:11| 3,197 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 818,176 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 235,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:39| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.19963| 12-Feb-2021| 20:32| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieframe.dll| 11.0.9600.19963| 12-Feb-2021| 18:09| 13,881,856 \nieframe.ptxml| Not versioned| 5-Feb-2014| 21:40| 24,486 \nieinstal.exe| 11.0.9600.18921| 9-Feb-2018| 21:35| 475,648 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:30| 526,294 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 499,654 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 552,337 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 944,559 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:38| 457,561 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 543,946 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 526,557 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 575,838 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:30| 570,737 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 548,119 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 639,271 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 525,504 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 488,488 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 548,494 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 559,343 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 535,067 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 541,455 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 804,470 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 503,909 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 521,583 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 420,082 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:28| 436,651 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:28| 436,651 \ninetres.admx| Not versioned| 11-Jan-2021| 19:25| 1,678,023 \ninetcomm.dll| 6.3.9600.19963| 12-Feb-2021| 18:17| 880,640 \nINETRES.dll| 6.3.9600.16384| 21-Aug-2013| 21:14| 84,480 \njscript9.dll| 11.0.9600.19963| 12-Feb-2021| 18:14| 4,112,384 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 18:37| 620,032 \njscript.dll| 5.8.9600.19963| 12-Feb-2021| 18:37| 653,824 \nvbscript.dll| 5.8.9600.19963| 12-Feb-2021| 18:47| 498,176 \n \n### \n\n__\n\nInternet Explorer 11 on all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nactxprxy.dll| 6.3.9600.19301| 25-Feb-2019| 22:25| 2,882,048 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 21:22| 108,544 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 19:18| 65,024 \nurlmon.dll| 11.0.9600.19963| 12-Feb-2021| 18:04| 1,569,280 \niexplore.exe| 11.0.9600.19036| 24-May-2018| 23:30| 817,296 \nWininetPlugin.dll| 6.3.9600.17416| 30-Oct-2014| 21:51| 43,008 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:35| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 16:01| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:59| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:20| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 16:00| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:59| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:58| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 16:02| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:57| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:57| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:37| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:37| 52,736 \nwininet.dll.mui| 11.0.9600.19963| 12-Feb-2021| 22:00| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:37| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 31,232 \nhtml.iec| 2019.0.0.19301| 25-Feb-2019| 23:31| 417,280 \ninetcpl.cpl| 11.0.9600.19963| 12-Feb-2021| 18:26| 2,132,992 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 307,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 293,888 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 290,304 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:17| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:18| 299,008 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 303,104 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:33| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 283,648 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 291,840 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:18| 299,520 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 275,968 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 293,376 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:26| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:26| 258,048 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 256,512 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 288,256 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 285,184 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:26| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 297,472 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:13| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 290,816 \nmshtml.dll.mui| 11.0.9600.19963| 12-Feb-2021| 22:00| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:13| 286,208 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:06| 281,600 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:04| 286,720 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:04| 292,352 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:04| 242,176 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 243,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:17| 243,200 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 73,728 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:00| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 78,848 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 15-Aug-2014| 20:19| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:00| 74,752 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 62,464 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 75,264 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 73,216 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 41,472 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 37,888 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 70,656 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 69,632 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 68,608 \nF12Resources.dll.mui| 11.0.9600.19963| 12-Feb-2021| 22:01| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 59,904 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 69,120 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 29,696 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 30,720 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:47| 77,824 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 18:49| 276,480 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:08| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 12-Feb-2021| 22:00| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:14| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:15| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:15| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:15| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 35,328 \nwininet.dll| 11.0.9600.19963| 12-Feb-2021| 18:15| 4,859,904 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 21:57| 54,784 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:16| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:39| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:38| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18666| 16-Apr-2017| 2:49| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:38| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:39| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:40| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:40| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 2:53| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:36| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:21| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:19| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 2:53| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:21| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:19| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:17| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:17| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:16| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:17| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:18| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:16| 123,904 \ninetcpl.cpl.mui| 11.0.9600.19963| 12-Feb-2021| 21:59| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:18| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:13| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:14| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:13| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:13| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:16| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 75,776 \nieui.dll| 11.0.9600.19650| 11-Feb-2020| 5:38| 615,936 \niedkcs32.dll| 18.0.9600.19963| 12-Feb-2021| 18:28| 381,952 \ninstall.ins| Not versioned| 12-Feb-2021| 16:26| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:22| 616,104 \nieapfltr.dll| 11.0.9600.19963| 12-Feb-2021| 17:53| 800,768 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 18:41| 145,920 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 21:40| 33,280 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:47| 88,064 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.18895| 1-Jan-2018| 21:32| 666,624 \niedvtool.dll| 11.0.9600.19963| 12-Feb-2021| 21:02| 950,784 \nDiagnosticsHub_is.dll| 11.0.9600.19963| 12-Feb-2021| 19:21| 50,176 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:53| 491,008 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 18:40| 316,416 \nEscMigPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 19:01| 124,416 \nescUnattend.exe| 11.0.9600.19326| 25-Mar-2019| 22:54| 87,040 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 15-Aug-2014| 15:51| 11,892 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:00| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 15-Aug-2014| 20:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.19963| 12-Feb-2021| 22:00| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 3,584 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:51| 245,248 \nF12Resources.dll| 11.0.9600.17496| 21-Nov-2014| 19:00| 10,949,120 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:50| 372,224 \nF12.dll| 11.0.9600.19963| 12-Feb-2021| 18:37| 1,422,848 \nmsfeeds.dll| 11.0.9600.19963| 12-Feb-2021| 18:28| 809,472 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:54| 1,518 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 23:54| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 5:16| 60,416 \nmsfeedssync.exe| 11.0.9600.17416| 30-Oct-2014| 22:08| 12,800 \nmshta.exe| 11.0.9600.17416| 30-Oct-2014| 22:12| 13,824 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:42| 92,672 \nmshtml.dll| 11.0.9600.19963| 12-Feb-2021| 21:02| 25,762,816 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 3:30| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:41| 3,228 \nIEAdvpack.dll| 11.0.9600.17416| 30-Oct-2014| 21:54| 132,096 \nieetwcollector.exe| 11.0.9600.18895| 1-Jan-2018| 21:17| 116,224 \nieetwproxystub.dll| 11.0.9600.18895| 1-Jan-2018| 21:28| 48,640 \nieetwcollectorres.dll| 11.0.9600.16518| 6-Feb-2014| 3:30| 4,096 \nielowutil.exe| 11.0.9600.17416| 30-Oct-2014| 21:55| 222,720 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:48| 870,400 \nIEShims.dll| 11.0.9600.19650| 11-Feb-2020| 4:29| 387,072 \niexpress.exe| 11.0.9600.17416| 30-Oct-2014| 22:10| 167,424 \nwextract.exe| 11.0.9600.17416| 30-Oct-2014| 22:12| 143,872 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 18:08| 51,712 \nWindows Pop-up Blocked.wav| Not versioned| 23-Sep-2013| 20:25| 85,548 \nWindows Information Bar.wav| Not versioned| 23-Sep-2013| 20:25| 23,308 \nWindows Feed Discovered.wav| Not versioned| 23-Sep-2013| 20:25| 19,884 \nWindows Navigation Start.wav| Not versioned| 23-Sep-2013| 20:25| 11,340 \nbing.ico| Not versioned| 23-Sep-2013| 19:51| 5,430 \nieUnatt.exe| 11.0.9600.17416| 30-Oct-2014| 21:51| 144,384 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 12-Feb-2021| 21:24| 2,956 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:43| 591,872 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:44| 628,736 \nMemoryAnalyzer.dll| 11.0.9600.19963| 12-Feb-2021| 19:01| 1,862,656 \nMshtmlDac.dll| 11.0.9600.19846| 23-Sep-2020| 21:25| 88,064 \nnetworkinspection.dll| 11.0.9600.19963| 12-Feb-2021| 18:38| 1,217,024 \noccache.dll| 11.0.9600.17416| 30-Oct-2014| 21:19| 152,064 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:43| 65 \nwebcheck.dll| 11.0.9600.19963| 12-Feb-2021| 18:30| 262,144 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:44| 65 \npdm.dll| 12.0.41202.0| 30-Sep-2014| 16:01| 579,192 \nmsdbg2.dll| 12.0.41202.0| 30-Sep-2014| 16:01| 403,592 \npdmproxy100.dll| 12.0.41202.0| 30-Sep-2014| 16:01| 107,152 \nmsrating.dll| 11.0.9600.18895| 1-Jan-2018| 20:56| 199,680 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:32| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:32| 1,988 \niertutil.dll| 11.0.9600.19963| 12-Feb-2021| 19:17| 2,915,840 \nie4uinit.exe| 11.0.9600.19963| 12-Feb-2021| 18:28| 728,064 \niernonce.dll| 11.0.9600.17416| 30-Oct-2014| 21:56| 34,304 \niesetup.dll| 11.0.9600.17416| 30-Oct-2014| 22:06| 66,560 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:58| 16,303 \ninseng.dll| 11.0.9600.19101| 18-Jul-2018| 21:03| 107,520 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 21:29| 111,616 \nTimeline.dll| 11.0.9600.19963| 12-Feb-2021| 18:45| 219,648 \nTimeline_is.dll| 11.0.9600.19963| 12-Feb-2021| 19:07| 172,032 \nTimeline.cpu.xml| Not versioned| 24-Jul-2014| 11:58| 3,197 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:43| 1,018,880 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 22:06| 237,568 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 23:22| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:18| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:15| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:16| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:18| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:11| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:10| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:10| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:12| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:10| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:11| 2,278,912 \nieframe.dll.mui| 11.0.9600.19963| 12-Feb-2021| 22:04| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:11| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 1,890,304 \nieframe.dll| 11.0.9600.19963| 12-Feb-2021| 18:26| 15,506,944 \nieframe.ptxml| Not versioned| 5-Feb-2014| 21:41| 24,486 \nieinstal.exe| 11.0.9600.18639| 25-Mar-2017| 10:20| 492,032 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 526,294 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 499,654 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 552,337 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:01| 944,559 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:14| 457,561 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 543,946 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:01| 526,557 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 575,838 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:01| 570,737 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 548,119 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 639,271 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:57| 525,504 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 488,488 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 548,494 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 559,343 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 535,067 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 541,455 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:03| 804,470 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 503,909 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 521,583 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 420,082 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 436,651 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 436,651 \ninetres.admx| Not versioned| 8-Feb-2021| 20:02| 1,678,023 \ninetcomm.dll| 6.3.9600.19963| 12-Feb-2021| 18:36| 1,033,216 \nINETRES.dll| 6.3.9600.16384| 22-Aug-2013| 4:43| 84,480 \njscript9.dll| 11.0.9600.19963| 12-Feb-2021| 19:04| 5,499,904 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 19:03| 814,592 \njscript.dll| 5.8.9600.19963| 12-Feb-2021| 19:04| 785,408 \nvbscript.dll| 5.8.9600.19963| 12-Feb-2021| 19:15| 581,120 \niexplore.exe| 11.0.9600.19036| 24-May-2018| 22:24| 817,296 \nhtml.iec| 2019.0.0.18895| 1-Jan-2018| 20:51| 341,504 \nieui.dll| 11.0.9600.18895| 1-Jan-2018| 20:44| 476,160 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 128,512 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:24| 73,728 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:29| 415,744 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 280,064 \nmsfeeds.dll| 11.0.9600.19963| 12-Feb-2021| 18:12| 696,320 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:53| 1,518 \nmshta.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 12,800 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 76,800 \nmshtml.dll| 11.0.9600.19963| 12-Feb-2021| 18:58| 20,296,192 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 2:20| 2,724,864 \nwow64_Microsoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:43| 3,228 \nieetwproxystub.dll| 11.0.9600.17416| 30-Oct-2014| 20:23| 47,616 \nieUnatt.exe| 11.0.9600.17416| 30-Oct-2014| 20:12| 115,712 \noccache.dll| 11.0.9600.17416| 30-Oct-2014| 19:48| 130,048 \nwebcheck.dll| 11.0.9600.19963| 12-Feb-2021| 18:13| 230,400 \niernonce.dll| 11.0.9600.17416| 30-Oct-2014| 20:15| 30,720 \niesetup.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 62,464 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:55| 16,303 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 90,624 \nieframe.dll| 11.0.9600.19963| 12-Feb-2021| 18:09| 13,881,856 \nie9props.propdesc| Not versioned| 23-Sep-2013| 19:34| 2,843 \nwow64_ieframe.ptxml| Not versioned| 5-Feb-2014| 21:43| 24,486 \njscript9.dll| 11.0.9600.19963| 12-Feb-2021| 18:14| 4,112,384 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 18:37| 620,032 \njscript.dll| 5.8.9600.19963| 12-Feb-2021| 18:37| 653,824 \nvbscript.dll| 5.8.9600.19963| 12-Feb-2021| 18:47| 498,176 \nactxprxy.dll| 6.3.9600.19301| 25-Feb-2019| 22:20| 1,049,600 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 20:55| 99,328 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 18:49| 58,368 \nurlmon.dll| 11.0.9600.19963| 12-Feb-2021| 17:50| 1,343,488 \nWininetPlugin.dll| 6.3.9600.17416| 30-Oct-2014| 20:12| 35,328 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 11:17| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.19963| 12-Feb-2021| 20:30| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:27| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \ninetcpl.cpl| 11.0.9600.19963| 12-Feb-2021| 18:12| 2,058,752 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 307,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 293,888 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 290,304 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,008 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 303,104 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 20:58| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 283,648 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 291,840 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,520 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 275,968 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 293,376 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 258,048 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 256,512 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 288,256 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 285,184 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 297,472 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 290,816 \nmshtml.dll.mui| 11.0.9600.19963| 12-Feb-2021| 20:31| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 286,208 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 281,600 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 286,720 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:42| 292,352 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 242,176 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 243,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 243,200 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:25| 60,416 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:26| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 11:10| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:13| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:02| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 12-Feb-2021| 20:31| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:05| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nwininet.dll| 11.0.9600.19963| 12-Feb-2021| 17:53| 4,388,352 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 20:16| 47,104 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18666| 16-Apr-2017| 1:51| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:13| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:46| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:47| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 123,904 \ninetcpl.cpl.mui| 11.0.9600.19963| 12-Feb-2021| 20:31| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 13:56| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:03| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 75,776 \niedkcs32.dll| 18.0.9600.19963| 12-Feb-2021| 18:11| 333,312 \ninstall.ins| Not versioned| 12-Feb-2021| 16:25| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:20| 616,104 \nieapfltr.dll| 11.0.9600.19963| 12-Feb-2021| 17:48| 710,656 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 20:03| 27,136 \niedvtool.dll| 11.0.9600.19963| 12-Feb-2021| 18:59| 772,608 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:28| 175,104 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:27| 256,000 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 16:49| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 4:57| 52,736 \nmsfeedssync.exe| 11.0.9600.17416| 30-Oct-2014| 20:25| 11,264 \nIEAdvpack.dll| 11.0.9600.17416| 30-Oct-2014| 20:14| 112,128 \nielowutil.exe| 11.0.9600.19404| 9-Jul-2019| 20:06| 221,184 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:45| 310,784 \nIEShims.dll| 11.0.9600.19846| 23-Sep-2020| 20:01| 290,304 \niexpress.exe| 11.0.9600.17416| 30-Oct-2014| 20:27| 152,064 \nwextract.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 137,728 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 17:59| 40,448 \nExtExport.exe| 11.0.9600.17416| 30-Oct-2014| 20:20| 25,600 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 459,776 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 579,584 \nMshtmlDac.dll| 11.0.9600.19867| 12-Oct-2020| 21:43| 64,000 \nnetworkinspection.dll| 11.0.9600.19846| 23-Sep-2020| 20:28| 1,075,200 \npdm.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 442,992 \nmsdbg2.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 315,008 \npdmproxy100.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 99,984 \nmsrating.dll| 11.0.9600.19507| 5-Oct-2019| 19:57| 168,960 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:25| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:26| 1,988 \niertutil.dll| 11.0.9600.19963| 12-Feb-2021| 18:44| 2,308,096 \ninseng.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 91,136 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 818,176 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 235,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:39| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.19963| 12-Feb-2021| 20:32| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieinstal.exe| 11.0.9600.18921| 9-Feb-2018| 21:35| 475,648 \ninetcomm.dll| 6.3.9600.19963| 12-Feb-2021| 18:17| 880,640 \nINETRES.dll| 6.3.9600.16384| 21-Aug-2013| 21:14| 84,480 \n \n### \n\n__\n\nInternet Explorer 11 on all supported ARM-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nactxprxy.dll| 6.3.9600.19301| 25-Feb-2019| 21:59| 1,064,960 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 20:30| 68,608 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 47,616 \nurlmon.dll| 11.0.9600.19963| 12-Feb-2021| 17:33| 1,039,360 \niexplore.exe| 11.0.9600.19867| 12-Oct-2020| 22:01| 807,816 \nWininetPlugin.dll| 6.3.9600.16384| 21-Aug-2013| 19:52| 33,792 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 10:19| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:10| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:07| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 52,736 \nwininet.dll.mui| 11.0.9600.19963| 12-Feb-2021| 19:30| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:07| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 31,232 \nhtml.iec| 2019.0.0.19301| 25-Feb-2019| 22:35| 320,000 \ninetcpl.cpl| 11.0.9600.19963| 12-Feb-2021| 17:51| 2,007,040 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 307,200 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 293,888 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 290,304 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 299,008 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 303,104 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 282,112 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:16| 282,112 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:52| 296,960 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 283,648 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 291,840 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 299,520 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 275,968 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:52| 290,816 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 293,376 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 296,960 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 258,048 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 256,512 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 288,256 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 285,184 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 295,424 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 297,472 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 295,424 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 294,400 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 294,400 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 290,816 \nmshtml.dll.mui| 11.0.9600.19963| 12-Feb-2021| 19:30| 290,816 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 286,208 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 281,600 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 286,720 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 292,352 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 242,176 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 243,200 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 243,200 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 73,728 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 78,848 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 15-Aug-2014| 18:39| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 74,752 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 62,464 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 75,264 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:28| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 73,216 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 41,472 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 37,888 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 70,656 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 69,632 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 68,608 \nF12Resources.dll.mui| 11.0.9600.19963| 12-Feb-2021| 19:30| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 59,904 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 69,120 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 29,696 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 30,720 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:03| 63,488 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 18:04| 215,552 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 10:09| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:04| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:54| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 12-Feb-2021| 19:30| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:59| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:58| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:58| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:58| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 35,328 \nwininet.dll| 11.0.9600.19963| 12-Feb-2021| 17:33| 4,147,712 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 19:43| 39,936 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18698| 14-May-2017| 12:41| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 0:14| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 0:14| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 123,904 \ninetcpl.cpl.mui| 11.0.9600.19963| 12-Feb-2021| 19:30| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:21| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:21| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:22| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:21| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 75,776 \nieui.dll| 11.0.9600.19650| 11-Feb-2020| 4:46| 427,520 \niedkcs32.dll| 18.0.9600.19963| 12-Feb-2021| 17:52| 292,864 \ninstall.ins| Not versioned| 12-Feb-2021| 16:24| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:22| 616,104 \nieapfltr.dll| 11.0.9600.19963| 12-Feb-2021| 17:35| 548,864 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 17:59| 107,008 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 19:34| 23,552 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:02| 62,464 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.17416| 30-Oct-2014| 19:52| 495,616 \niedvtool.dll| 11.0.9600.19963| 12-Feb-2021| 17:59| 726,016 \nDiagnosticsHub_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 39,936 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:06| 364,032 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 17:58| 221,696 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 15-Aug-2014| 15:50| 11,892 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:20| 4,096 \nF12.dll.mui| 11.0.9600.17278| 15-Aug-2014| 18:39| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:28| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:17| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.19963| 12-Feb-2021| 19:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 3,584 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:06| 175,616 \nF12Resources.dll| 11.0.9600.17496| 21-Nov-2014| 17:44| 10,948,608 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:05| 263,680 \nF12.dll| 11.0.9600.19963| 12-Feb-2021| 17:57| 1,186,304 \nmsfeeds.dll| 11.0.9600.19963| 12-Feb-2021| 17:51| 587,264 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:51| 1,518 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 16:43| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 4:34| 43,520 \nmsfeedssync.exe| 11.0.9600.16384| 21-Aug-2013| 20:05| 11,776 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:00| 73,216 \nmshtml.dll| 11.0.9600.19963| 12-Feb-2021| 17:44| 16,229,376 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 1:36| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:39| 3,228 \nIEAdvpack.dll| 11.0.9600.16384| 21-Aug-2013| 19:54| 98,816 \nieetwcollector.exe| 11.0.9600.18658| 5-Apr-2017| 10:29| 98,816 \nieetwproxystub.dll| 11.0.9600.16518| 6-Feb-2014| 1:23| 43,008 \nieetwcollectorres.dll| 11.0.9600.16518| 6-Feb-2014| 1:36| 4,096 \nielowutil.exe| 11.0.9600.17031| 22-Feb-2014| 1:32| 222,208 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:33| 308,224 \nIEShims.dll| 11.0.9600.19650| 11-Feb-2020| 4:11| 268,800 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 17:43| 34,816 \nWindows Pop-up Blocked.wav| Not versioned| 23-Sep-2013| 20:25| 85,548 \nWindows Information Bar.wav| Not versioned| 23-Sep-2013| 20:25| 23,308 \nWindows Feed Discovered.wav| Not versioned| 23-Sep-2013| 20:25| 19,884 \nWindows Navigation Start.wav| Not versioned| 23-Sep-2013| 20:25| 11,340 \nbing.ico| Not versioned| 23-Sep-2013| 19:51| 5,430 \nieUnatt.exe| 11.0.9600.16518| 6-Feb-2014| 1:12| 112,128 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 12-Feb-2021| 18:53| 2,956 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:01| 457,216 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:01| 574,976 \nMemoryAnalyzer.dll| 11.0.9600.19963| 12-Feb-2021| 18:12| 1,935,360 \nMshtmlDac.dll| 11.0.9600.19867| 12-Oct-2020| 21:22| 60,928 \nnetworkinspection.dll| 11.0.9600.19963| 12-Feb-2021| 17:57| 1,105,408 \noccache.dll| 11.0.9600.19867| 12-Oct-2020| 21:01| 121,856 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:46| 65 \nwebcheck.dll| 11.0.9600.19867| 12-Oct-2020| 20:57| 201,216 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:46| 65 \npdm.dll| 12.0.20712.1| 26-Jul-2013| 10:03| 420,752 \nmsdbg2.dll| 12.0.20712.1| 26-Jul-2013| 10:03| 295,320 \npdmproxy100.dll| 12.0.20712.1| 26-Jul-2013| 10:03| 76,712 \nmsrating.dll| 11.0.9600.17905| 15-Jun-2015| 12:46| 157,184 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:32| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:32| 1,988 \niertutil.dll| 11.0.9600.19963| 12-Feb-2021| 18:12| 2,186,240 \nie4uinit.exe| 11.0.9600.19963| 12-Feb-2021| 17:52| 678,400 \niernonce.dll| 11.0.9600.16518| 6-Feb-2014| 1:15| 28,160 \niesetup.dll| 11.0.9600.16518| 6-Feb-2014| 1:23| 59,904 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:46| 16,303 \ninseng.dll| 11.0.9600.16384| 21-Aug-2013| 19:35| 77,312 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 19:28| 87,552 \nTimeline.dll| 11.0.9600.19963| 12-Feb-2021| 18:02| 155,648 \nTimeline_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:14| 130,048 \nTimeline.cpu.xml| Not versioned| 24-Jul-2014| 12:09| 3,197 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:00| 734,720 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 19:49| 236,032 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:54| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:03| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:54| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:54| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,278,912 \nieframe.dll.mui| 11.0.9600.19963| 12-Feb-2021| 19:31| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:49| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:49| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:48| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:49| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:50| 1,890,304 \nieframe.dll| 11.0.9600.19963| 12-Feb-2021| 17:34| 12,315,648 \nieframe.ptxml| Not versioned| 5-Feb-2014| 21:38| 24,486 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:34| 526,294 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:34| 499,654 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:34| 552,337 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 944,559 \nInetRes.adml| Not versioned| 12-Feb-2021| 18:45| 457,561 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 543,946 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 526,557 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:33| 575,838 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 570,737 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 548,119 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 639,271 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 525,504 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 488,488 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 548,494 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 559,343 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 535,067 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 541,455 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 804,470 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 503,909 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 521,583 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 420,082 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:33| 436,651 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:33| 436,651 \ninetres.admx| Not versioned| 11-Jan-2021| 19:24| 1,678,023 \ninetcomm.dll| 6.3.9600.19963| 12-Feb-2021| 17:54| 675,328 \nINETRES.dll| 6.3.9600.16384| 21-Aug-2013| 20:15| 84,480 \njscript9.dll| 11.0.9600.19963| 12-Feb-2021| 17:43| 3,573,248 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 18:12| 557,568 \njscript.dll| 5.8.9600.19963| 12-Feb-2021| 18:12| 516,608 \nvbscript.dll| 5.8.9600.19963| 12-Feb-2021| 18:17| 403,968 \n \n### **Windows Server 2012**\n\n### \n\n__\n\nInternet Explorer 11 on all supported x86-based versions\n\n**File name**| **File version**| **File size**| **Date**| **Time** \n---|---|---|---|--- \nUrlmon.dll| 11.0.9600.19963| 1,343,488| 13-Feb-21| 1:50 \nIexplore.exe| 11.0.9600.19963| 810,400| 14-Feb-21| 0:24 \nWininet.dll.mui| 11.0.9600.19963| 46,592| 14-Feb-21| 0:26 \nWininet.dll.mui| 11.0.9600.19963| 52,736| 14-Feb-21| 0:27 \nWininet.dll.mui| 11.0.9600.19963| 51,200| 14-Feb-21| 0:27 \nWininet.dll.mui| 11.0.9600.19963| 51,200| 14-Feb-21| 0:28 \nWininet.dll.mui| 11.0.9600.19963| 56,320| 14-Feb-21| 0:29 \nWininet.dll.mui| 11.0.9600.19963| 57,856| 14-Feb-21| 0:30 \nWininet.dll.mui| 11.0.9600.19963| 54,272| 14-Feb-21| 0:31 \nWininet.dll.mui| 11.0.9600.19963| 47,616| 14-Feb-21| 0:32 \nWininet.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 0:32 \nWininet.dll.mui| 11.0.9600.19963| 55,296| 14-Feb-21| 0:33 \nWininet.dll.mui| 11.0.9600.19963| 45,056| 14-Feb-21| 0:34 \nWininet.dll.mui| 11.0.9600.19963| 51,712| 14-Feb-21| 0:35 \nWininet.dll.mui| 11.0.9600.19963| 51,712| 14-Feb-21| 0:36 \nWininet.dll.mui| 11.0.9600.19963| 53,248| 14-Feb-21| 0:36 \nWininet.dll.mui| 11.0.9600.19963| 39,424| 14-Feb-21| 0:38 \nWininet.dll.mui| 11.0.9600.19963| 35,840| 14-Feb-21| 0:38 \nWininet.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 0:39 \nWininet.dll.mui| 11.0.9600.19963| 51,200| 14-Feb-21| 0:40 \nWininet.dll.mui| 11.0.9600.19963| 50,688| 14-Feb-21| 0:41 \nWininet.dll.mui| 11.0.9600.19963| 52,736| 14-Feb-21| 0:42 \nWininet.dll.mui| 11.0.9600.19963| 53,760| 14-Feb-21| 0:42 \nWininet.dll.mui| 11.0.9600.19963| 54,272| 14-Feb-21| 0:44 \nWininet.dll.mui| 11.0.9600.19963| 54,272| 14-Feb-21| 0:44 \nWininet.dll.mui| 11.0.9600.19963| 52,736| 14-Feb-21| 0:45 \nWininet.dll.mui| 11.0.9600.19963| 51,200| 14-Feb-21| 0:46 \nWininet.dll.mui| 11.0.9600.19963| 53,248| 14-Feb-21| 0:47 \nWininet.dll.mui| 11.0.9600.19963| 52,736| 14-Feb-21| 0:47 \nWininet.dll.mui| 11.0.9600.19963| 51,712| 14-Feb-21| 0:48 \nWininet.dll.mui| 11.0.9600.19963| 50,688| 14-Feb-21| 0:49 \nWininet.dll.mui| 11.0.9600.19963| 50,688| 14-Feb-21| 0:50 \nWininet.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 0:51 \nWininet.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 0:51 \nWininet.dll.mui| 11.0.9600.19963| 30,720| 14-Feb-21| 0:52 \nWininet.dll.mui| 11.0.9600.19963| 30,720| 14-Feb-21| 0:53 \nWininet.dll.mui| 11.0.9600.19963| 30,720| 14-Feb-21| 0:54 \nInetcpl.cpl| 11.0.9600.19963| 2,058,752| 13-Feb-21| 2:12 \nMshtml.dll.mui| 11.0.9600.19963| 307,200| 14-Feb-21| 0:26 \nMshtml.dll.mui| 11.0.9600.19963| 293,888| 14-Feb-21| 0:26 \nMshtml.dll.mui| 11.0.9600.19963| 290,304| 14-Feb-21| 0:27 \nMshtml.dll.mui| 11.0.9600.19963| 289,280| 14-Feb-21| 0:28 \nMshtml.dll.mui| 11.0.9600.19963| 299,008| 14-Feb-21| 0:29 \nMshtml.dll.mui| 11.0.9600.19963| 303,104| 14-Feb-21| 0:30 \nMshtml.dll.mui| 11.0.9600.19963| 282,112| 14-Feb-21| 2:00 \nMshtml.dll.mui| 11.0.9600.19963| 296,960| 14-Feb-21| 0:31 \nMshtml.dll.mui| 11.0.9600.19963| 283,648| 14-Feb-21| 0:32 \nMshtml.dll.mui| 11.0.9600.19963| 291,840| 14-Feb-21| 0:32 \nMshtml.dll.mui| 11.0.9600.19963| 299,520| 14-Feb-21| 0:33 \nMshtml.dll.mui| 11.0.9600.19963| 275,968| 14-Feb-21| 0:34 \nMshtml.dll.mui| 11.0.9600.19963| 290,816| 14-Feb-21| 0:35 \nMshtml.dll.mui| 11.0.9600.19963| 293,376| 14-Feb-21| 0:36 \nMshtml.dll.mui| 11.0.9600.19963| 296,960| 14-Feb-21| 0:37 \nMshtml.dll.mui| 11.0.9600.19963| 258,048| 14-Feb-21| 0:38 \nMshtml.dll.mui| 11.0.9600.19963| 256,512| 14-Feb-21| 0:39 \nMshtml.dll.mui| 11.0.9600.19963| 289,280| 14-Feb-21| 0:39 \nMshtml.dll.mui| 11.0.9600.19963| 288,256| 14-Feb-21| 0:40 \nMshtml.dll.mui| 11.0.9600.19963| 285,184| 14-Feb-21| 0:41 \nMshtml.dll.mui| 11.0.9600.19963| 295,424| 14-Feb-21| 0:42 \nMshtml.dll.mui| 11.0.9600.19963| 297,472| 14-Feb-21| 0:43 \nMshtml.dll.mui| 11.0.9600.19963| 292,864| 14-Feb-21| 0:44 \nMshtml.dll.mui| 11.0.9600.19963| 295,424| 14-Feb-21| 0:44 \nMshtml.dll.mui| 11.0.9600.19963| 294,400| 14-Feb-21| 0:45 \nMshtml.dll.mui| 11.0.9600.19963| 294,400| 14-Feb-21| 0:46 \nMshtml.dll.mui| 11.0.9600.19963| 292,864| 14-Feb-21| 0:47 \nMshtml.dll.mui| 11.0.9600.19963| 290,816| 14-Feb-21| 0:47 \nMshtml.dll.mui| 11.0.9600.19963| 288,768| 14-Feb-21| 0:48 \nMshtml.dll.mui| 11.0.9600.19963| 286,208| 14-Feb-21| 0:49 \nMshtml.dll.mui| 11.0.9600.19963| 281,600| 14-Feb-21| 0:50 \nMshtml.dll.mui| 11.0.9600.19963| 286,720| 14-Feb-21| 0:51 \nMshtml.dll.mui| 11.0.9600.19963| 292,352| 14-Feb-21| 0:52 \nMshtml.dll.mui| 11.0.9600.19963| 242,176| 14-Feb-21| 0:52 \nMshtml.dll.mui| 11.0.9600.19963| 243,200| 14-Feb-21| 0:53 \nMshtml.dll.mui| 11.0.9600.19963| 243,200| 14-Feb-21| 0:54 \nUrlmon.dll.mui| 11.0.9600.19963| 46,080| 14-Feb-21| 0:26 \nUrlmon.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 0:26 \nUrlmon.dll.mui| 11.0.9600.19963| 48,640| 14-Feb-21| 0:27 \nUrlmon.dll.mui| 11.0.9600.19963| 49,664| 14-Feb-21| 0:28 \nUrlmon.dll.mui| 11.0.9600.19963| 51,712| 14-Feb-21| 0:29 \nUrlmon.dll.mui| 11.0.9600.19963| 54,272| 14-Feb-21| 0:30 \nUrlmon.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 0:31 \nUrlmon.dll.mui| 11.0.9600.19963| 47,616| 14-Feb-21| 0:32 \nUrlmon.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 0:32 \nUrlmon.dll.mui| 11.0.9600.19963| 50,688| 14-Feb-21| 0:33 \nUrlmon.dll.mui| 11.0.9600.19963| 45,056| 14-Feb-21| 0:34 \nUrlmon.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 0:36 \nUrlmon.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 0:36 \nUrlmon.dll.mui| 11.0.9600.19963| 49,664| 14-Feb-21| 0:36 \nUrlmon.dll.mui| 11.0.9600.19963| 39,936| 14-Feb-21| 0:37 \nUrlmon.dll.mui| 11.0.9600.19963| 39,424| 14-Feb-21| 0:38 \nUrlmon.dll.mui| 11.0.9600.19963| 47,616| 14-Feb-21| 0:39 \nUrlmon.dll.mui| 11.0.9600.19963| 47,616| 14-Feb-21| 0:40 \nUrlmon.dll.mui| 11.0.9600.19963| 48,640| 14-Feb-21| 0:41 \nUrlmon.dll.mui| 11.0.9600.19963| 51,200| 14-Feb-21| 0:42 \nUrlmon.dll.mui| 11.0.9600.19963| 50,688| 14-Feb-21| 0:43 \nUrlmon.dll.mui| 11.0.9600.19963| 49,664| 14-Feb-21| 0:43 \nUrlmon.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 0:44 \nUrlmon.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 0:45 \nUrlmon.dll.mui| 11.0.9600.19963| 48,640| 14-Feb-21| 0:46 \nUrlmon.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 0:47 \nUrlmon.dll.mui| 11.0.9600.19963| 48,640| 14-Feb-21| 0:47 \nUrlmon.dll.mui| 11.0.9600.19963| 49,664| 14-Feb-21| 0:48 \nUrlmon.dll.mui| 11.0.9600.19963| 48,640| 14-Feb-21| 0:49 \nUrlmon.dll.mui| 11.0.9600.19963| 48,128| 14-Feb-21| 0:50 \nUrlmon.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 0:51 \nUrlmon.dll.mui| 11.0.9600.19963| 48,128| 14-Feb-21| 0:51 \nUrlmon.dll.mui| 11.0.9600.19963| 35,328| 14-Feb-21| 0:52 \nUrlmon.dll.mui| 11.0.9600.19963| 35,328| 14-Feb-21| 0:53 \nUrlmon.dll.mui| 11.0.9600.19963| 35,328| 14-Feb-21| 0:54 \nJsproxy.dll| 11.0.9600.19963| 47,104| 13-Feb-21| 2:41 \nWininet.dll| 11.0.9600.19963| 4,388,352| 13-Feb-21| 1:53 \nInetcpl.cpl.mui| 11.0.9600.19963| 114,176| 14-Feb-21| 0:26 \nInetcpl.cpl.mui| 11.0.9600.19963| 130,560| 14-Feb-21| 0:26 \nInetcpl.cpl.mui| 11.0.9600.19963| 124,928| 14-Feb-21| 0:27 \nInetcpl.cpl.mui| 11.0.9600.19963| 122,880| 14-Feb-21| 0:28 \nInetcpl.cpl.mui| 11.0.9600.19963| 130,048| 14-Feb-21| 0:29 \nInetcpl.cpl.mui| 11.0.9600.19963| 138,240| 14-Feb-21| 0:30 \nInetcpl.cpl.mui| 11.0.9600.19963| 114,688| 14-Feb-21| 2:00 \nInetcpl.cpl.mui| 11.0.9600.19963| 131,584| 14-Feb-21| 0:31 \nInetcpl.cpl.mui| 11.0.9600.19963| 117,760| 14-Feb-21| 0:32 \nInetcpl.cpl.mui| 11.0.9600.19963| 122,368| 14-Feb-21| 0:33 \nInetcpl.cpl.mui| 11.0.9600.19963| 134,144| 14-Feb-21| 0:33 \nInetcpl.cpl.mui| 11.0.9600.19963| 107,008| 14-Feb-21| 0:34 \nInetcpl.cpl.mui| 11.0.9600.19963| 123,392| 14-Feb-21| 0:35 \nInetcpl.cpl.mui| 11.0.9600.19963| 127,488| 14-Feb-21| 0:36 \nInetcpl.cpl.mui| 11.0.9600.19963| 128,512| 14-Feb-21| 0:37 \nInetcpl.cpl.mui| 11.0.9600.19963| 88,576| 14-Feb-21| 0:38 \nInetcpl.cpl.mui| 11.0.9600.19963| 82,944| 14-Feb-21| 0:39 \nInetcpl.cpl.mui| 11.0.9600.19963| 125,440| 14-Feb-21| 0:39 \nInetcpl.cpl.mui| 11.0.9600.19963| 123,392| 14-Feb-21| 0:40 \nInetcpl.cpl.mui| 11.0.9600.19963| 120,320| 14-Feb-21| 0:41 \nInetcpl.cpl.mui| 11.0.9600.19963| 130,560| 14-Feb-21| 0:42 \nInetcpl.cpl.mui| 11.0.9600.19963| 129,024| 14-Feb-21| 0:43 \nInetcpl.cpl.mui| 11.0.9600.19963| 125,952| 14-Feb-21| 0:44 \nInetcpl.cpl.mui| 11.0.9600.19963| 129,024| 14-Feb-21| 0:44 \nInetcpl.cpl.mui| 11.0.9600.19963| 128,000| 14-Feb-21| 0:45 \nInetcpl.cpl.mui| 11.0.9600.19963| 123,904| 14-Feb-21| 0:46 \nInetcpl.cpl.mui| 11.0.9600.19963| 129,024| 14-Feb-21| 0:47 \nInetcpl.cpl.mui| 11.0.9600.19963| 123,904| 14-Feb-21| 0:47 \nInetcpl.cpl.mui| 11.0.9600.19963| 124,416| 14-Feb-21| 0:49 \nInetcpl.cpl.mui| 11.0.9600.19963| 121,856| 14-Feb-21| 0:49 \nInetcpl.cpl.mui| 11.0.9600.19963| 115,712| 14-Feb-21| 0:50 \nInetcpl.cpl.mui| 11.0.9600.19963| 123,904| 14-Feb-21| 0:51 \nInetcpl.cpl.mui| 11.0.9600.19963| 125,440| 14-Feb-21| 0:51 \nInetcpl.cpl.mui| 11.0.9600.19963| 72,704| 14-Feb-21| 0:52 \nInetcpl.cpl.mui| 11.0.9600.19963| 73,728| 14-Feb-21| 0:53 \nInetcpl.cpl.mui| 11.0.9600.19963| 73,728| 14-Feb-21| 0:54 \nMsfeedsbs.dll| 11.0.9600.19963| 52,736| 13-Feb-21| 2:21 \nMsfeedsbs.mof| Not versioned| 1,574| 13-Feb-21| 0:34 \nMsfeedssync.exe| 11.0.9600.19963| 11,776| 13-Feb-21| 2:48 \nMicrosoft-windows-ie-htmlrendering.ptxml| Not versioned| 3,228| 13-Feb-21| 0:23 \nMshtml.dll| 11.0.9600.19963| #########| 13-Feb-21| 2:58 \nMshtml.tlb| 11.0.9600.19963| 2,724,864| 13-Feb-21| 2:59 \nIeproxy.dll| 11.0.9600.19963| 310,784| 13-Feb-21| 1:45 \nIeshims.dll| 11.0.9600.19963| 290,304| 13-Feb-21| 1:51 \nIertutil.dll| 11.0.9600.19963| 2,308,096| 13-Feb-21| 2:44 \nSqmapi.dll| 6.2.9200.16384| 228,256| 14-Feb-21| 0:24 \nIeframe.dll.mui| 11.0.9600.19963| 2,066,432| 14-Feb-21| 0:26 \nIeframe.dll.mui| 11.0.9600.19963| 2,121,216| 14-Feb-21| 0:27 \nIeframe.dll.mui| 11.0.9600.19963| 2,075,136| 14-Feb-21| 0:28 \nIeframe.dll.mui| 11.0.9600.19963| 2,063,872| 14-Feb-21| 0:29 \nIeframe.dll.mui| 11.0.9600.19963| 2,314,240| 14-Feb-21| 0:29 \nIeframe.dll.mui| 11.0.9600.19963| 2,390,528| 14-Feb-21| 0:30 \nIeframe.dll.mui| 11.0.9600.19963| 2,033,152| 14-Feb-21| 2:00 \nIeframe.dll.mui| 11.0.9600.19963| 2,307,584| 14-Feb-21| 0:31 \nIeframe.dll.mui| 11.0.9600.19963| 2,255,872| 14-Feb-21| 0:32 \nIeframe.dll.mui| 11.0.9600.19963| 2,061,312| 14-Feb-21| 0:33 \nIeframe.dll.mui| 11.0.9600.19963| 2,326,016| 14-Feb-21| 0:34 \nIeframe.dll.mui| 11.0.9600.19963| 2,019,840| 14-Feb-21| 0:35 \nIeframe.dll.mui| 11.0.9600.19963| 2,071,040| 14-Feb-21| 0:35 \nIeframe.dll.mui| 11.0.9600.19963| 2,082,816| 14-Feb-21| 0:36 \nIeframe.dll.mui| 11.0.9600.19963| 2,307,584| 14-Feb-21| 0:37 \nIeframe.dll.mui| 11.0.9600.19963| 2,170,368| 14-Feb-21| 0:38 \nIeframe.dll.mui| 11.0.9600.19963| 2,153,984| 14-Feb-21| 0:39 \nIeframe.dll.mui| 11.0.9600.19963| 2,291,712| 14-Feb-21| 0:40 \nIeframe.dll.mui| 11.0.9600.19963| 2,283,520| 14-Feb-21| 0:40 \nIeframe.dll.mui| 11.0.9600.19963| 2,052,096| 14-Feb-21| 0:41 \nIeframe.dll.mui| 11.0.9600.19963| 2,301,952| 14-Feb-21| 0:42 \nIeframe.dll.mui| 11.0.9600.19963| 2,093,056| 14-Feb-21| 0:43 \nIeframe.dll.mui| 11.0.9600.19963| 2,075,648| 14-Feb-21| 0:44 \nIeframe.dll.mui| 11.0.9600.19963| 2,299,392| 14-Feb-21| 0:45 \nIeframe.dll.mui| 11.0.9600.19963| 2,094,592| 14-Feb-21| 0:45 \nIeframe.dll.mui| 11.0.9600.19963| 2,316,800| 14-Feb-21| 0:46 \nIeframe.dll.mui| 11.0.9600.19963| 2,305,536| 14-Feb-21| 0:47 \nIeframe.dll.mui| 11.0.9600.19963| 2,278,912| 14-Feb-21| 0:48 \nIeframe.dll.mui| 11.0.9600.19963| 2,277,888| 14-Feb-21| 0:48 \nIeframe.dll.mui| 11.0.9600.19963| 2,060,288| 14-Feb-21| 0:49 \nIeframe.dll.mui| 11.0.9600.19963| 2,315,776| 14-Feb-21| 0:50 \nIeframe.dll.mui| 11.0.9600.19963| 2,278,912| 14-Feb-21| 0:51 \nIeframe.dll.mui| 11.0.9600.19963| 2,324,992| 14-Feb-21| 0:52 \nIeframe.dll.mui| 11.0.9600.19963| 2,098,176| 14-Feb-21| 0:53 \nIeframe.dll.mui| 11.0.9600.19963| 1,890,304| 14-Feb-21| 0:54 \nIeframe.dll.mui| 11.0.9600.19963| 1,890,304| 14-Feb-21| 0:55 \nIeframe.dll| 11.0.9600.19963| #########| 13-Feb-21| 2:09 \nIeframe.ptxml| Not versioned| 24,486| 13-Feb-21| 0:23 \nInetres.adml| Not versioned| 457,561| 14-Feb-21| 0:26 \nInetres.adml| Not versioned| 457,561| 14-Feb-21| 0:26 \nInetres.adml| Not versioned| 526,294| 14-Feb-21| 0:27 \nInetres.adml| Not versioned| 499,654| 14-Feb-21| 0:28 \nInetres.adml| Not versioned| 552,337| 14-Feb-21| 0:29 \nInetres.adml| Not versioned| 944,559| 14-Feb-21| 0:30 \nInetres.adml| Not versioned| 457,561| 14-Feb-21| 1:59 \nInetres.adml| Not versioned| 543,946| 14-Feb-21| 0:31 \nInetres.adml| Not versioned| 457,561| 14-Feb-21| 0:32 \nInetres.adml| Not versioned| 526,557| 14-Feb-21| 0:32 \nInetres.adml| Not versioned| 575,838| 14-Feb-21| 0:33 \nInetres.adml| Not versioned| 457,561| 14-Feb-21| 0:34 \nInetres.adml| Not versioned| 457,561| 14-Feb-21| 0:35 \nInetres.adml| Not versioned| 570,737| 14-Feb-21| 0:36 \nInetres.adml| Not versioned| 548,119| 14-Feb-21| 0:37 \nInetres.adml| Not versioned| 639,271| 14-Feb-21| 0:38 \nInetres.adml| Not versioned| 525,504| 14-Feb-21| 0:38 \nInetres.adml| Not versioned| 457,561| 14-Feb-21| 0:39 \nInetres.adml| Not versioned| 457,561| 14-Feb-21| 0:40 \nInetres.adml| Not versioned| 488,488| 14-Feb-21| 0:41 \nInetres.adml| Not versioned| 548,494| 14-Feb-21| 0:42 \nInetres.adml| Not versioned| 559,343| 14-Feb-21| 0:42 \nInetres.adml| Not versioned| 535,067| 14-Feb-21| 0:43 \nInetres.adml| Not versioned| 541,455| 14-Feb-21| 0:44 \nInetres.adml| Not versioned| 457,561| 14-Feb-21| 0:45 \nInetres.adml| Not versioned| 804,470| 14-Feb-21| 0:46 \nInetres.adml| Not versioned| 457,561| 14-Feb-21| 0:47 \nInetres.adml| Not versioned| 457,561| 14-Feb-21| 0:47 \nInetres.adml| Not versioned| 457,561| 14-Feb-21| 0:48 \nInetres.adml| Not versioned| 503,909| 14-Feb-21| 0:49 \nInetres.adml| Not versioned| 457,561| 14-Feb-21| 0:50 \nInetres.adml| Not versioned| 521,583| 14-Feb-21| 0:51 \nInetres.adml| Not versioned| 457,561| 14-Feb-21| 0:51 \nInetres.adml| Not versioned| 420,082| 14-Feb-21| 0:52 \nInetres.adml| Not versioned| 436,651| 14-Feb-21| 0:53 \nInetres.adml| Not versioned| 436,651| 14-Feb-21| 0:54 \nInetres.admx| Not versioned| 1,678,023| 12-Jan-21| 3:25 \nJscript9.dll.mui| 11.0.9600.19963| 29,184| 14-Feb-21| 0:26 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:26 \nJscript9.dll.mui| 11.0.9600.19963| 32,768| 14-Feb-21| 0:27 \nJscript9.dll.mui| 11.0.9600.19963| 33,280| 14-Feb-21| 0:28 \nJscript9.dll.mui| 11.0.9600.19963| 35,328| 14-Feb-21| 0:29 \nJscript9.dll.mui| 11.0.9600.19963| 37,888| 14-Feb-21| 0:30 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 2:00 \nJscript9.dll.mui| 11.0.9600.19963| 34,304| 14-Feb-21| 0:31 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:31 \nJscript9.dll.mui| 11.0.9600.19963| 33,280| 14-Feb-21| 0:32 \nJscript9.dll.mui| 11.0.9600.19963| 34,304| 14-Feb-21| 0:33 \nJscript9.dll.mui| 11.0.9600.19963| 27,648| 14-Feb-21| 0:34 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:35 \nJscript9.dll.mui| 11.0.9600.19963| 34,304| 14-Feb-21| 0:36 \nJscript9.dll.mui| 11.0.9600.19963| 33,792| 14-Feb-21| 0:36 \nJscript9.dll.mui| 11.0.9600.19963| 23,040| 14-Feb-21| 0:38 \nJscript9.dll.mui| 11.0.9600.19963| 22,016| 14-Feb-21| 0:39 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:39 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:40 \nJscript9.dll.mui| 11.0.9600.19963| 31,232| 14-Feb-21| 0:41 \nJscript9.dll.mui| 11.0.9600.19963| 34,304| 14-Feb-21| 0:42 \nJscript9.dll.mui| 11.0.9600.19963| 35,840| 14-Feb-21| 0:42 \nJscript9.dll.mui| 11.0.9600.19963| 32,768| 14-Feb-21| 0:43 \nJscript9.dll.mui| 11.0.9600.19963| 33,280| 14-Feb-21| 0:45 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:45 \nJscript9.dll.mui| 11.0.9600.19963| 34,816| 14-Feb-21| 0:46 \nJscript9.dll.mui| 11.0.9600.19963| 33,280| 14-Feb-21| 0:47 \nJscript9.dll.mui| 11.0.9600.19963| 32,256| 14-Feb-21| 0:47 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:48 \nJscript9.dll.mui| 11.0.9600.19963| 32,768| 14-Feb-21| 0:49 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:50 \nJscript9.dll.mui| 11.0.9600.19963| 30,720| 14-Feb-21| 0:51 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:51 \nJscript9.dll.mui| 11.0.9600.19963| 16,384| 14-Feb-21| 0:52 \nJscript9.dll.mui| 11.0.9600.19963| 16,896| 14-Feb-21| 0:53 \nJscript9.dll.mui| 11.0.9600.19963| 16,896| 14-Feb-21| 0:54 \nJscript9.dll| 11.0.9600.19963| 4,112,384| 13-Feb-21| 2:14 \nJscript9diag.dll| 11.0.9600.19963| 620,032| 13-Feb-21| 2:37 \nJscript.dll| 5.8.9600.19963| 653,824| 13-Feb-21| 2:37 \nVbscript.dll| 5.8.9600.19963| 498,176| 13-Feb-21| 2:47 \n \n### \n\n__\n\nInternet Explorer 11 on all supported x64-based versions\n\n**File name**| **File version**| **File size**| **Date**| **Time** \n---|---|---|---|--- \nUrlmon.dll| 11.0.9600.19963| 1,569,280| 13-Feb-21| 2:04 \nIexplore.exe| 11.0.9600.19963| 810,408| 14-Feb-21| 1:21 \nWininet.dll.mui| 11.0.9600.19963| 46,592| 14-Feb-21| 1:22 \nWininet.dll.mui| 11.0.9600.19963| 52,736| 14-Feb-21| 1:23 \nWininet.dll.mui| 11.0.9600.19963| 51,200| 14-Feb-21| 1:24 \nWininet.dll.mui| 11.0.9600.19963| 51,200| 14-Feb-21| 1:25 \nWininet.dll.mui| 11.0.9600.19963| 56,320| 14-Feb-21| 1:25 \nWininet.dll.mui| 11.0.9600.19963| 57,856| 14-Feb-21| 1:27 \nWininet.dll.mui| 11.0.9600.19963| 49,664| 14-Feb-21| 2:26 \nWininet.dll.mui| 11.0.9600.19963| 54,272| 14-Feb-21| 1:27 \nWininet.dll.mui| 11.0.9600.19963| 47,616| 14-Feb-21| 1:28 \nWininet.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 1:29 \nWininet.dll.mui| 11.0.9600.19963| 55,296| 14-Feb-21| 1:29 \nWininet.dll.mui| 11.0.9600.19963| 45,056| 14-Feb-21| 1:31 \nWininet.dll.mui| 11.0.9600.19963| 51,712| 14-Feb-21| 1:31 \nWininet.dll.mui| 11.0.9600.19963| 51,712| 14-Feb-21| 1:32 \nWininet.dll.mui| 11.0.9600.19963| 53,248| 14-Feb-21| 1:33 \nWininet.dll.mui| 11.0.9600.19963| 39,424| 14-Feb-21| 1:34 \nWininet.dll.mui| 11.0.9600.19963| 35,840| 14-Feb-21| 1:34 \nWininet.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 1:35 \nWininet.dll.mui| 11.0.9600.19963| 51,200| 14-Feb-21| 1:36 \nWininet.dll.mui| 11.0.9600.19963| 50,688| 14-Feb-21| 1:37 \nWininet.dll.mui| 11.0.9600.19963| 52,736| 14-Feb-21| 1:38 \nWininet.dll.mui| 11.0.9600.19963| 53,760| 14-Feb-21| 1:39 \nWininet.dll.mui| 11.0.9600.19963| 54,272| 14-Feb-21| 1:40 \nWininet.dll.mui| 11.0.9600.19963| 52,736| 14-Feb-21| 1:41 \nWininet.dll.mui| 11.0.9600.19963| 51,200| 14-Feb-21| 1:42 \nWininet.dll.mui| 11.0.9600.19963| 53,248| 14-Feb-21| 1:42 \nWininet.dll.mui| 11.0.9600.19963| 52,736| 14-Feb-21| 1:43 \nWininet.dll.mui| 11.0.9600.19963| 51,712| 14-Feb-21| 1:44 \nWininet.dll.mui| 11.0.9600.19963| 50,688| 14-Feb-21| 1:45 \nWininet.dll.mui| 11.0.9600.19963| 50,688| 14-Feb-21| 1:46 \nWininet.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 1:46 \nWininet.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 1:47 \nWininet.dll.mui| 11.0.9600.19963| 30,720| 14-Feb-21| 1:48 \nWininet.dll.mui| 11.0.9600.19963| 30,720| 14-Feb-21| 1:49 \nWininet.dll.mui| 11.0.9600.19963| 30,720| 14-Feb-21| 1:50 \nInetcpl.cpl| 11.0.9600.19963| 2,132,992| 13-Feb-21| 2:26 \nMshtml.dll.mui| 11.0.9600.19963| 307,200| 14-Feb-21| 1:22 \nMshtml.dll.mui| 11.0.9600.19963| 293,888| 14-Feb-21| 1:23 \nMshtml.dll.mui| 11.0.9600.19963| 290,304| 14-Feb-21| 1:24 \nMshtml.dll.mui| 11.0.9600.19963| 289,280| 14-Feb-21| 1:25 \nMshtml.dll.mui| 11.0.9600.19963| 299,008| 14-Feb-21| 1:26 \nMshtml.dll.mui| 11.0.9600.19963| 303,104| 14-Feb-21| 1:27 \nMshtml.dll.mui| 11.0.9600.19963| 282,112| 14-Feb-21| 2:26 \nMshtml.dll.mui| 11.0.9600.19963| 296,960| 14-Feb-21| 1:27 \nMshtml.dll.mui| 11.0.9600.19963| 283,648| 14-Feb-21| 1:28 \nMshtml.dll.mui| 11.0.9600.19963| 291,840| 14-Feb-21| 1:29 \nMshtml.dll.mui| 11.0.9600.19963| 299,520| 14-Feb-21| 1:30 \nMshtml.dll.mui| 11.0.9600.19963| 275,968| 14-Feb-21| 1:30 \nMshtml.dll.mui| 11.0.9600.19963| 290,816| 14-Feb-21| 1:32 \nMshtml.dll.mui| 11.0.9600.19963| 293,376| 14-Feb-21| 1:32 \nMshtml.dll.mui| 11.0.9600.19963| 296,960| 14-Feb-21| 1:33 \nMshtml.dll.mui| 11.0.9600.19963| 258,048| 14-Feb-21| 1:34 \nMshtml.dll.mui| 11.0.9600.19963| 256,512| 14-Feb-21| 1:35 \nMshtml.dll.mui| 11.0.9600.19963| 289,280| 14-Feb-21| 1:36 \nMshtml.dll.mui| 11.0.9600.19963| 288,256| 14-Feb-21| 1:36 \nMshtml.dll.mui| 11.0.9600.19963| 285,184| 14-Feb-21| 1:37 \nMshtml.dll.mui| 11.0.9600.19963| 295,424| 14-Feb-21| 1:38 \nMshtml.dll.mui| 11.0.9600.19963| 297,472| 14-Feb-21| 1:39 \nMshtml.dll.mui| 11.0.9600.19963| 292,864| 14-Feb-21| 1:40 \nMshtml.dll.mui| 11.0.9600.19963| 295,424| 14-Feb-21| 1:40 \nMshtml.dll.mui| 11.0.9600.19963| 294,400| 14-Feb-21| 1:41 \nMshtml.dll.mui| 11.0.9600.19963| 294,400| 14-Feb-21| 1:42 \nMshtml.dll.mui| 11.0.9600.19963| 292,864| 14-Feb-21| 1:43 \nMshtml.dll.mui| 11.0.9600.19963| 290,816| 14-Feb-21| 1:43 \nMshtml.dll.mui| 11.0.9600.19963| 288,768| 14-Feb-21| 1:44 \nMshtml.dll.mui| 11.0.9600.19963| 286,208| 14-Feb-21| 1:45 \nMshtml.dll.mui| 11.0.9600.19963| 281,600| 14-Feb-21| 1:46 \nMshtml.dll.mui| 11.0.9600.19963| 286,720| 14-Feb-21| 1:46 \nMshtml.dll.mui| 11.0.9600.19963| 292,352| 14-Feb-21| 1:47 \nMshtml.dll.mui| 11.0.9600.19963| 242,176| 14-Feb-21| 1:48 \nMshtml.dll.mui| 11.0.9600.19963| 243,200| 14-Feb-21| 1:49 \nMshtml.dll.mui| 11.0.9600.19963| 243,200| 14-Feb-21| 1:50 \nUrlmon.dll.mui| 11.0.9600.19963| 46,080| 14-Feb-21| 1:23 \nUrlmon.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 1:23 \nUrlmon.dll.mui| 11.0.9600.19963| 48,640| 14-Feb-21| 1:24 \nUrlmon.dll.mui| 11.0.9600.19963| 49,664| 14-Feb-21| 1:25 \nUrlmon.dll.mui| 11.0.9600.19963| 51,712| 14-Feb-21| 1:26 \nUrlmon.dll.mui| 11.0.9600.19963| 54,272| 14-Feb-21| 1:26 \nUrlmon.dll.mui| 11.0.9600.19963| 48,128| 14-Feb-21| 2:26 \nUrlmon.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 1:27 \nUrlmon.dll.mui| 11.0.9600.19963| 47,616| 14-Feb-21| 1:28 \nUrlmon.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 1:29 \nUrlmon.dll.mui| 11.0.9600.19963| 50,688| 14-Feb-21| 1:29 \nUrlmon.dll.mui| 11.0.9600.19963| 45,056| 14-Feb-21| 1:30 \nUrlmon.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 1:31 \nUrlmon.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 1:32 \nUrlmon.dll.mui| 11.0.9600.19963| 49,664| 14-Feb-21| 1:33 \nUrlmon.dll.mui| 11.0.9600.19963| 39,936| 14-Feb-21| 1:34 \nUrlmon.dll.mui| 11.0.9600.19963| 39,424| 14-Feb-21| 1:35 \nUrlmon.dll.mui| 11.0.9600.19963| 47,616| 14-Feb-21| 1:36 \nUrlmon.dll.mui| 11.0.9600.19963| 48,640| 14-Feb-21| 1:38 \nUrlmon.dll.mui| 11.0.9600.19963| 51,200| 14-Feb-21| 1:38 \nUrlmon.dll.mui| 11.0.9600.19963| 50,688| 14-Feb-21| 1:39 \nUrlmon.dll.mui| 11.0.9600.19963| 49,664| 14-Feb-21| 1:40 \nUrlmon.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 1:40 \nUrlmon.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 1:41 \nUrlmon.dll.mui| 11.0.9600.19963| 48,640| 14-Feb-21| 1:42 \nUrlmon.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 1:42 \nUrlmon.dll.mui| 11.0.9600.19963| 48,640| 14-Feb-21| 1:43 \nUrlmon.dll.mui| 11.0.9600.19963| 49,664| 14-Feb-21| 1:44 \nUrlmon.dll.mui| 11.0.9600.19963| 48,640| 14-Feb-21| 1:45 \nUrlmon.dll.mui| 11.0.9600.19963| 48,128| 14-Feb-21| 1:46 \nUrlmon.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 1:46 \nUrlmon.dll.mui| 11.0.9600.19963| 48,128| 14-Feb-21| 1:47 \nUrlmon.dll.mui| 11.0.9600.19963| 35,328| 14-Feb-21| 1:48 \nUrlmon.dll.mui| 11.0.9600.19963| 35,328| 14-Feb-21| 1:49 \nUrlmon.dll.mui| 11.0.9600.19963| 35,328| 14-Feb-21| 1:50 \nJsproxy.dll| 11.0.9600.19963| 54,784| 13-Feb-21| 3:08 \nWininet.dll| 11.0.9600.19963| 4,859,904| 13-Feb-21| 2:15 \nInetcpl.cpl.mui| 11.0.9600.19963| 114,176| 14-Feb-21| 1:22 \nInetcpl.cpl.mui| 11.0.9600.19963| 130,560| 14-Feb-21| 1:23 \nInetcpl.cpl.mui| 11.0.9600.19963| 124,928| 14-Feb-21| 1:24 \nInetcpl.cpl.mui| 11.0.9600.19963| 122,880| 14-Feb-21| 1:25 \nInetcpl.cpl.mui| 11.0.9600.19963| 130,048| 14-Feb-21| 1:26 \nInetcpl.cpl.mui| 11.0.9600.19963| 138,240| 14-Feb-21| 1:26 \nInetcpl.cpl.mui| 11.0.9600.19963| 114,688| 14-Feb-21| 2:26 \nInetcpl.cpl.mui| 11.0.9600.19963| 131,584| 14-Feb-21| 1:27 \nInetcpl.cpl.mui| 11.0.9600.19963| 117,760| 14-Feb-21| 1:28 \nInetcpl.cpl.mui| 11.0.9600.19963| 122,368| 14-Feb-21| 1:29 \nInetcpl.cpl.mui| 11.0.9600.19963| 134,144| 14-Feb-21| 1:30 \nInetcpl.cpl.mui| 11.0.9600.19963| 107,008| 14-Feb-21| 1:30 \nInetcpl.cpl.mui| 11.0.9600.19963| 123,392| 14-Feb-21| 1:31 \nInetcpl.cpl.mui| 11.0.9600.19963| 127,488| 14-Feb-21| 1:32 \nInetcpl.cpl.mui| 11.0.9600.19963| 128,512| 14-Feb-21| 1:33 \nInetcpl.cpl.mui| 11.0.9600.19963| 88,576| 14-Feb-21| 1:34 \nInetcpl.cpl.mui| 11.0.9600.19963| 82,944| 14-Feb-21| 1:35 \nInetcpl.cpl.mui| 11.0.9600.19963| 125,440| 14-Feb-21| 1:36 \nInetcpl.cpl.mui| 11.0.9600.19963| 123,392| 14-Feb-21| 1:36 \nInetcpl.cpl.mui| 11.0.9600.19963| 120,320| 14-Feb-21| 1:37 \nInetcpl.cpl.mui| 11.0.9600.19963| 130,560| 14-Feb-21| 1:38 \nInetcpl.cpl.mui| 11.0.9600.19963| 129,024| 14-Feb-21| 1:39 \nInetcpl.cpl.mui| 11.0.9600.19963| 125,952| 14-Feb-21| 1:39 \nInetcpl.cpl.mui| 11.0.9600.19963| 129,024| 14-Feb-21| 1:40 \nInetcpl.cpl.mui| 11.0.9600.19963| 128,000| 14-Feb-21| 1:41 \nInetcpl.cpl.mui| 11.0.9600.19963| 123,904| 14-Feb-21| 1:42 \nInetcpl.cpl.mui| 11.0.9600.19963| 129,024| 14-Feb-21| 1:43 \nInetcpl.cpl.mui| 11.0.9600.19963| 123,904| 14-Feb-21| 1:43 \nInetcpl.cpl.mui| 11.0.9600.19963| 124,416| 14-Feb-21| 1:44 \nInetcpl.cpl.mui| 11.0.9600.19963| 121,856| 14-Feb-21| 1:45 \nInetcpl.cpl.mui| 11.0.9600.19963| 115,712| 14-Feb-21| 1:46 \nInetcpl.cpl.mui| 11.0.9600.19963| 123,904| 14-Feb-21| 1:46 \nInetcpl.cpl.mui| 11.0.9600.19963| 125,440| 14-Feb-21| 1:47 \nInetcpl.cpl.mui| 11.0.9600.19963| 72,704| 14-Feb-21| 1:48 \nInetcpl.cpl.mui| 11.0.9600.19963| 73,728| 14-Feb-21| 1:49 \nInetcpl.cpl.mui| 11.0.9600.19963| 73,728| 14-Feb-21| 1:50 \nMsfeedsbs.dll| 11.0.9600.19963| 60,416| 13-Feb-21| 2:43 \nMsfeedsbs.mof| Not applicable| 1,574| 13-Feb-21| 0:34 \nMsfeedssync.exe| 11.0.9600.19963| 13,312| 13-Feb-21| 3:17 \nMicrosoft-windows-ie-htmlrendering.ptxml| Not applicable| 3,228| 13-Feb-21| 0:23 \nMshtml.dll| 11.0.9600.19963| #########| 13-Feb-21| 5:02 \nMshtml.tlb| 11.0.9600.19963| 2,724,864| 13-Feb-21| 3:29 \nIeproxy.dll| 11.0.9600.19963| 870,400| 13-Feb-21| 1:48 \nIeshims.dll| 11.0.9600.19963| 387,072| 13-Feb-21| 1:57 \nIertutil.dll| 11.0.9600.19963| 2,915,840| 13-Feb-21| 3:17 \nSqmapi.dll| 6.2.9200.16384| 286,120| 14-Feb-21| 1:21 \nIeframe.dll.mui| 11.0.9600.19963| 2,066,432| 14-Feb-21| 1:23 \nIeframe.dll.mui| 11.0.9600.19963| 2,121,216| 14-Feb-21| 1:24 \nIeframe.dll.mui| 11.0.9600.19963| 2,075,136| 14-Feb-21| 1:24 \nIeframe.dll.mui| 11.0.9600.19963| 2,063,872| 14-Feb-21| 1:25 \nIeframe.dll.mui| 11.0.9600.19963| 2,314,240| 14-Feb-21| 1:26 \nIeframe.dll.mui| 11.0.9600.19963| 2,390,528| 14-Feb-21| 1:27 \nIeframe.dll.mui| 11.0.9600.19963| 2,033,152| 14-Feb-21| 2:26 \nIeframe.dll.mui| 11.0.9600.19963| 2,307,584| 14-Feb-21| 1:27 \nIeframe.dll.mui| 11.0.9600.19963| 2,255,872| 14-Feb-21| 1:28 \nIeframe.dll.mui| 11.0.9600.19963| 2,061,312| 14-Feb-21| 1:29 \nIeframe.dll.mui| 11.0.9600.19963| 2,326,016| 14-Feb-21| 1:30 \nIeframe.dll.mui| 11.0.9600.19963| 2,019,840| 14-Feb-21| 1:31 \nIeframe.dll.mui| 11.0.9600.19963| 2,071,040| 14-Feb-21| 1:32 \nIeframe.dll.mui| 11.0.9600.19963| 2,082,816| 14-Feb-21| 1:32 \nIeframe.dll.mui| 11.0.9600.19963| 2,307,584| 14-Feb-21| 1:33 \nIeframe.dll.mui| 11.0.9600.19963| 2,170,368| 14-Feb-21| 1:34 \nIeframe.dll.mui| 11.0.9600.19963| 2,153,984| 14-Feb-21| 1:35 \nIeframe.dll.mui| 11.0.9600.19963| 2,291,712| 14-Feb-21| 1:36 \nIeframe.dll.mui| 11.0.9600.19963| 2,283,520| 14-Feb-21| 1:37 \nIeframe.dll.mui| 11.0.9600.19963| 2,052,096| 14-Feb-21| 1:37 \nIeframe.dll.mui| 11.0.9600.19963| 2,301,952| 14-Feb-21| 1:38 \nIeframe.dll.mui| 11.0.9600.19963| 2,093,056| 14-Feb-21| 1:39 \nIeframe.dll.mui| 11.0.9600.19963| 2,075,648| 14-Feb-21| 1:40 \nIeframe.dll.mui| 11.0.9600.19963| 2,299,392| 14-Feb-21| 1:41 \nIeframe.dll.mui| 11.0.9600.19963| 2,094,592| 14-Feb-21| 1:41 \nIeframe.dll.mui| 11.0.9600.19963| 2,316,800| 14-Feb-21| 1:42 \nIeframe.dll.mui| 11.0.9600.19963| 2,305,536| 14-Feb-21| 1:43 \nIeframe.dll.mui| 11.0.9600.19963| 2,278,912| 14-Feb-21| 1:44 \nIeframe.dll.mui| 11.0.9600.19963| 2,277,888| 14-Feb-21| 1:44 \nIeframe.dll.mui| 11.0.9600.19963| 2,060,288| 14-Feb-21| 1:45 \nIeframe.dll.mui| 11.0.9600.19963| 2,315,776| 14-Feb-21| 1:46 \nIeframe.dll.mui| 11.0.9600.19963| 2,278,912| 14-Feb-21| 1:47 \nIeframe.dll.mui| 11.0.9600.19963| 2,324,992| 14-Feb-21| 1:48 \nIeframe.dll.mui| 11.0.9600.19963| 2,098,176| 14-Feb-21| 1:48 \nIeframe.dll.mui| 11.0.9600.19963| 1,890,304| 14-Feb-21| 1:49 \nIeframe.dll.mui| 11.0.9600.19963| 1,890,304| 14-Feb-21| 1:50 \nIeframe.dll| 11.0.9600.19963| #########| 13-Feb-21| 2:26 \nIeframe.ptxml| Not applicable| 24,486| 13-Feb-21| 0:23 \nInetres.adml| Not applicable| 457,561| 14-Feb-21| 1:22 \nInetres.adml| Not applicable| 457,561| 14-Feb-21| 1:23 \nInetres.adml| Not applicable| 526,294| 14-Feb-21| 1:24 \nInetres.adml| Not applicable| 499,654| 14-Feb-21| 1:25 \nInetres.adml| Not applicable| 552,337| 14-Feb-21| 1:26 \nInetres.adml| Not applicable| 944,559| 14-Feb-21| 1:26 \nInetres.adml| Not applicable| 457,561| 14-Feb-21| 2:26 \nInetres.adml| Not applicable| 543,946| 14-Feb-21| 1:27 \nInetres.adml| Not applicable| 457,561| 14-Feb-21| 1:28 \nInetres.adml| Not applicable| 526,557| 14-Feb-21| 1:29 \nInetres.adml| Not applicable| 575,838| 14-Feb-21| 1:29 \nInetres.adml| Not applicable| 457,561| 14-Feb-21| 1:30 \nInetres.adml| Not applicable| 457,561| 14-Feb-21| 1:31 \nInetres.adml| Not applicable| 570,737| 14-Feb-21| 1:32 \nInetres.adml| Not applicable| 548,119| 14-Feb-21| 1:33 \nInetres.adml| Not applicable| 639,271| 14-Feb-21| 1:34 \nInetres.adml| Not applicable| 525,504| 14-Feb-21| 1:35 \nInetres.adml| Not applicable| 457,561| 14-Feb-21| 1:36 \nInetres.adml| Not applicable| 488,488| 14-Feb-21| 1:37 \nInetres.adml| Not applicable| 548,494| 14-Feb-21| 1:38 \nInetres.adml| Not applicable| 559,343| 14-Feb-21| 1:39 \nInetres.adml| Not applicable| 535,067| 14-Feb-21| 1:39 \nInetres.adml| Not applicable| 541,455| 14-Feb-21| 1:40 \nInetres.adml| Not applicable| 457,561| 14-Feb-21| 1:41 \nInetres.adml| Not applicable| 804,470| 14-Feb-21| 1:42 \nInetres.adml| Not applicable| 457,561| 14-Feb-21| 1:43 \nInetres.adml| Not applicable| 457,561| 14-Feb-21| 1:44 \nInetres.adml| Not applicable| 503,909| 14-Feb-21| 1:45 \nInetres.adml| Not applicable| 457,561| 14-Feb-21| 1:46 \nInetres.adml| Not applicable| 521,583| 14-Feb-21| 1:47 \nInetres.adml| Not applicable| 457,561| 14-Feb-21| 1:47 \nInetres.adml| Not applicable| 420,082| 14-Feb-21| 1:48 \nInetres.adml| Not applicable| 436,651| 14-Feb-21| 1:49 \nInetres.adml| Not applicable| 436,651| 14-Feb-21| 1:50 \nInetres.admx| Not applicable| 1,678,023| 9-Feb-21| 4:02 \nJscript9.dll.mui| 11.0.9600.19963| 29,184| 14-Feb-21| 1:22 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 1:23 \nJscript9.dll.mui| 11.0.9600.19963| 32,768| 14-Feb-21| 1:24 \nJscript9.dll.mui| 11.0.9600.19963| 33,280| 14-Feb-21| 1:25 \nJscript9.dll.mui| 11.0.9600.19963| 35,328| 14-Feb-21| 1:26 \nJscript9.dll.mui| 11.0.9600.19963| 37,888| 14-Feb-21| 1:26 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 2:26 \nJscript9.dll.mui| 11.0.9600.19963| 34,304| 14-Feb-21| 1:27 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 1:28 \nJscript9.dll.mui| 11.0.9600.19963| 33,280| 14-Feb-21| 1:29 \nJscript9.dll.mui| 11.0.9600.19963| 34,304| 14-Feb-21| 1:29 \nJscript9.dll.mui| 11.0.9600.19963| 27,648| 14-Feb-21| 1:30 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 1:31 \nJscript9.dll.mui| 11.0.9600.19963| 34,304| 14-Feb-21| 1:32 \nJscript9.dll.mui| 11.0.9600.19963| 33,792| 14-Feb-21| 1:33 \nJscript9.dll.mui| 11.0.9600.19963| 23,040| 14-Feb-21| 1:34 \nJscript9.dll.mui| 11.0.9600.19963| 22,016| 14-Feb-21| 1:34 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 1:36 \nJscript9.dll.mui| 11.0.9600.19963| 31,232| 14-Feb-21| 1:37 \nJscript9.dll.mui| 11.0.9600.19963| 34,304| 14-Feb-21| 1:38 \nJscript9.dll.mui| 11.0.9600.19963| 35,840| 14-Feb-21| 1:39 \nJscript9.dll.mui| 11.0.9600.19963| 32,768| 14-Feb-21| 1:39 \nJscript9.dll.mui| 11.0.9600.19963| 33,280| 14-Feb-21| 1:40 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 1:41 \nJscript9.dll.mui| 11.0.9600.19963| 34,816| 14-Feb-21| 1:42 \nJscript9.dll.mui| 11.0.9600.19963| 33,280| 14-Feb-21| 1:42 \nJscript9.dll.mui| 11.0.9600.19963| 32,256| 14-Feb-21| 1:43 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 1:44 \nJscript9.dll.mui| 11.0.9600.19963| 32,768| 14-Feb-21| 1:45 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 1:46 \nJscript9.dll.mui| 11.0.9600.19963| 30,720| 14-Feb-21| 1:47 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 1:47 \nJscript9.dll.mui| 11.0.9600.19963| 16,384| 14-Feb-21| 1:48 \nJscript9.dll.mui| 11.0.9600.19963| 16,896| 14-Feb-21| 1:49 \nJscript9.dll.mui| 11.0.9600.19963| 16,896| 14-Feb-21| 1:50 \nJscript9.dll| 11.0.9600.19963| 5,499,904| 13-Feb-21| 3:04 \nJscript9diag.dll| 11.0.9600.19963| 814,592| 13-Feb-21| 3:03 \nJscript.dll| 5.8.9600.19963| 785,408| 13-Feb-21| 3:04 \nVbscript.dll| 5.8.9600.19963| 581,120| 13-Feb-21| 3:15 \nIexplore.exe| 11.0.9600.19963| 810,400| 14-Feb-21| 0:24 \nMshtml.dll| 11.0.9600.19963| #########| 13-Feb-21| 2:58 \nMshtml.tlb| 11.0.9600.19963| 2,724,864| 13-Feb-21| 2:59 \nWow64_microsoft-windows-ie-htmlrendering.ptxml| Not applicable| 3,228| 13-Feb-21| 0:26 \nIe9props.propdesc| Not applicable| 2,843| 23-Sep-18| 13:32 \nIeframe.dll| 11.0.9600.19963| #########| 13-Feb-21| 2:09 \nWow64_ieframe.ptxml| Not applicable| 24,486| 13-Feb-21| 0:26 \nJscript9.dll| 11.0.9600.19963| 4,112,384| 13-Feb-21| 2:14 \nJscript9diag.dll| 11.0.9600.19963| 620,032| 13-Feb-21| 2:37 \nJscript.dll| 5.8.9600.19963| 653,824| 13-Feb-21| 2:37 \nVbscript.dll| 5.8.9600.19963| 498,176| 13-Feb-21| 2:47 \nUrlmon.dll| 11.0.9600.19963| 1,343,488| 13-Feb-21| 1:50 \nWininet.dll.mui| 11.0.9600.19963| 46,592| 14-Feb-21| 0:26 \nWininet.dll.mui| 11.0.9600.19963| 52,736| 14-Feb-21| 0:27 \nWininet.dll.mui| 11.0.9600.19963| 51,200| 14-Feb-21| 0:27 \nWininet.dll.mui| 11.0.9600.19963| 51,200| 14-Feb-21| 0:28 \nWininet.dll.mui| 11.0.9600.19963| 56,320| 14-Feb-21| 0:29 \nWininet.dll.mui| 11.0.9600.19963| 57,856| 14-Feb-21| 0:30 \nWininet.dll.mui| 11.0.9600.19963| 49,664| 14-Feb-21| 1:59 \nWininet.dll.mui| 11.0.9600.19963| 54,272| 14-Feb-21| 0:31 \nWininet.dll.mui| 11.0.9600.19963| 47,616| 14-Feb-21| 0:32 \nWininet.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 0:32 \nWininet.dll.mui| 11.0.9600.19963| 55,296| 14-Feb-21| 0:33 \nWininet.dll.mui| 11.0.9600.19963| 45,056| 14-Feb-21| 0:34 \nWininet.dll.mui| 11.0.9600.19963| 51,712| 14-Feb-21| 0:35 \nWininet.dll.mui| 11.0.9600.19963| 51,712| 14-Feb-21| 0:36 \nWininet.dll.mui| 11.0.9600.19963| 53,248| 14-Feb-21| 0:36 \nWininet.dll.mui| 11.0.9600.19963| 39,424| 14-Feb-21| 0:38 \nWininet.dll.mui| 11.0.9600.19963| 35,840| 14-Feb-21| 0:38 \nWininet.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 0:39 \nWininet.dll.mui| 11.0.9600.19963| 51,200| 14-Feb-21| 0:40 \nWininet.dll.mui| 11.0.9600.19963| 50,688| 14-Feb-21| 0:41 \nWininet.dll.mui| 11.0.9600.19963| 52,736| 14-Feb-21| 0:42 \nWininet.dll.mui| 11.0.9600.19963| 53,760| 14-Feb-21| 0:42 \nWininet.dll.mui| 11.0.9600.19963| 54,272| 14-Feb-21| 0:44 \nWininet.dll.mui| 11.0.9600.19963| 52,736| 14-Feb-21| 0:45 \nWininet.dll.mui| 11.0.9600.19963| 51,200| 14-Feb-21| 0:46 \nWininet.dll.mui| 11.0.9600.19963| 53,248| 14-Feb-21| 0:47 \nWininet.dll.mui| 11.0.9600.19963| 52,736| 14-Feb-21| 0:47 \nWininet.dll.mui| 11.0.9600.19963| 51,712| 14-Feb-21| 0:48 \nWininet.dll.mui| 11.0.9600.19963| 50,688| 14-Feb-21| 0:49 \nWininet.dll.mui| 11.0.9600.19963| 50,688| 14-Feb-21| 0:50 \nWininet.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 0:51 \nWininet.dll.mui| 11.0.9600.19963| 30,720| 14-Feb-21| 0:52 \nWininet.dll.mui| 11.0.9600.19963| 30,720| 14-Feb-21| 0:53 \nWininet.dll.mui| 11.0.9600.19963| 30,720| 14-Feb-21| 0:54 \nInetcpl.cpl| 11.0.9600.19963| 2,058,752| 13-Feb-21| 2:12 \nMshtml.dll.mui| 11.0.9600.19963| 307,200| 14-Feb-21| 0:26 \nMshtml.dll.mui| 11.0.9600.19963| 293,888| 14-Feb-21| 0:26 \nMshtml.dll.mui| 11.0.9600.19963| 290,304| 14-Feb-21| 0:27 \nMshtml.dll.mui| 11.0.9600.19963| 289,280| 14-Feb-21| 0:28 \nMshtml.dll.mui| 11.0.9600.19963| 299,008| 14-Feb-21| 0:29 \nMshtml.dll.mui| 11.0.9600.19963| 303,104| 14-Feb-21| 0:30 \nMshtml.dll.mui| 11.0.9600.19963| 282,112| 14-Feb-21| 2:00 \nMshtml.dll.mui| 11.0.9600.19963| 296,960| 14-Feb-21| 0:31 \nMshtml.dll.mui| 11.0.9600.19963| 283,648| 14-Feb-21| 0:32 \nMshtml.dll.mui| 11.0.9600.19963| 291,840| 14-Feb-21| 0:32 \nMshtml.dll.mui| 11.0.9600.19963| 299,520| 14-Feb-21| 0:33 \nMshtml.dll.mui| 11.0.9600.19963| 275,968| 14-Feb-21| 0:34 \nMshtml.dll.mui| 11.0.9600.19963| 290,816| 14-Feb-21| 0:35 \nMshtml.dll.mui| 11.0.9600.19963| 293,376| 14-Feb-21| 0:36 \nMshtml.dll.mui| 11.0.9600.19963| 296,960| 14-Feb-21| 0:37 \nMshtml.dll.mui| 11.0.9600.19963| 258,048| 14-Feb-21| 0:38 \nMshtml.dll.mui| 11.0.9600.19963| 256,512| 14-Feb-21| 0:39 \nMshtml.dll.mui| 11.0.9600.19963| 289,280| 14-Feb-21| 0:39 \nMshtml.dll.mui| 11.0.9600.19963| 288,256| 14-Feb-21| 0:40 \nMshtml.dll.mui| 11.0.9600.19963| 285,184| 14-Feb-21| 0:41 \nMshtml.dll.mui| 11.0.9600.19963| 295,424| 14-Feb-21| 0:42 \nMshtml.dll.mui| 11.0.9600.19963| 297,472| 14-Feb-21| 0:43 \nMshtml.dll.mui| 11.0.9600.19963| 292,864| 14-Feb-21| 0:44 \nMshtml.dll.mui| 11.0.9600.19963| 295,424| 14-Feb-21| 0:44 \nMshtml.dll.mui| 11.0.9600.19963| 294,400| 14-Feb-21| 0:45 \nMshtml.dll.mui| 11.0.9600.19963| 294,400| 14-Feb-21| 0:46 \nMshtml.dll.mui| 11.0.9600.19963| 292,864| 14-Feb-21| 0:47 \nMshtml.dll.mui| 11.0.9600.19963| 290,816| 14-Feb-21| 0:47 \nMshtml.dll.mui| 11.0.9600.19963| 288,768| 14-Feb-21| 0:48 \nMshtml.dll.mui| 11.0.9600.19963| 286,208| 14-Feb-21| 0:49 \nMshtml.dll.mui| 11.0.9600.19963| 281,600| 14-Feb-21| 0:50 \nMshtml.dll.mui| 11.0.9600.19963| 286,720| 14-Feb-21| 0:51 \nMshtml.dll.mui| 11.0.9600.19963| 292,352| 14-Feb-21| 0:52 \nMshtml.dll.mui| 11.0.9600.19963| 242,176| 14-Feb-21| 0:52 \nMshtml.dll.mui| 11.0.9600.19963| 243,200| 14-Feb-21| 0:53 \nMshtml.dll.mui| 11.0.9600.19963| 243,200| 14-Feb-21| 0:54 \nUrlmon.dll.mui| 11.0.9600.19963| 46,080| 14-Feb-21| 0:26 \nUrlmon.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 0:26 \nUrlmon.dll.mui| 11.0.9600.19963| 48,640| 14-Feb-21| 0:27 \nUrlmon.dll.mui| 11.0.9600.19963| 49,664| 14-Feb-21| 0:28 \nUrlmon.dll.mui| 11.0.9600.19963| 51,712| 14-Feb-21| 0:29 \nUrlmon.dll.mui| 11.0.9600.19963| 54,272| 14-Feb-21| 0:30 \nUrlmon.dll.mui| 11.0.9600.19963| 48,128| 14-Feb-21| 2:00 \nUrlmon.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 0:31 \nUrlmon.dll.mui| 11.0.9600.19963| 47,616| 14-Feb-21| 0:32 \nUrlmon.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 0:32 \nUrlmon.dll.mui| 11.0.9600.19963| 50,688| 14-Feb-21| 0:33 \nUrlmon.dll.mui| 11.0.9600.19963| 45,056| 14-Feb-21| 0:34 \nUrlmon.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 0:36 \nUrlmon.dll.mui| 11.0.9600.19963| 49,664| 14-Feb-21| 0:36 \nUrlmon.dll.mui| 11.0.9600.19963| 39,936| 14-Feb-21| 0:37 \nUrlmon.dll.mui| 11.0.9600.19963| 39,424| 14-Feb-21| 0:38 \nUrlmon.dll.mui| 11.0.9600.19963| 47,616| 14-Feb-21| 0:39 \nUrlmon.dll.mui| 11.0.9600.19963| 47,616| 14-Feb-21| 0:40 \nUrlmon.dll.mui| 11.0.9600.19963| 48,640| 14-Feb-21| 0:41 \nUrlmon.dll.mui| 11.0.9600.19963| 51,200| 14-Feb-21| 0:42 \nUrlmon.dll.mui| 11.0.9600.19963| 50,688| 14-Feb-21| 0:43 \nUrlmon.dll.mui| 11.0.9600.19963| 49,664| 14-Feb-21| 0:43 \nUrlmon.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 0:44 \nUrlmon.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 0:45 \nUrlmon.dll.mui| 11.0.9600.19963| 48,640| 14-Feb-21| 0:46 \nUrlmon.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 0:47 \nUrlmon.dll.mui| 11.0.9600.19963| 48,640| 14-Feb-21| 0:47 \nUrlmon.dll.mui| 11.0.9600.19963| 49,664| 14-Feb-21| 0:48 \nUrlmon.dll.mui| 11.0.9600.19963| 48,640| 14-Feb-21| 0:49 \nUrlmon.dll.mui| 11.0.9600.19963| 48,128| 14-Feb-21| 0:50 \nUrlmon.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 0:51 \nUrlmon.dll.mui| 11.0.9600.19963| 48,128| 14-Feb-21| 0:51 \nUrlmon.dll.mui| 11.0.9600.19963| 35,328| 14-Feb-21| 0:52 \nUrlmon.dll.mui| 11.0.9600.19963| 35,328| 14-Feb-21| 0:53 \nUrlmon.dll.mui| 11.0.9600.19963| 35,328| 14-Feb-21| 0:54 \nJsproxy.dll| 11.0.9600.19963| 47,104| 13-Feb-21| 2:41 \nWininet.dll| 11.0.9600.19963| 4,388,352| 13-Feb-21| 1:53 \nInetcpl.cpl.mui| 11.0.9600.19963| 114,176| 14-Feb-21| 0:26 \nInetcpl.cpl.mui| 11.0.9600.19963| 130,560| 14-Feb-21| 0:26 \nInetcpl.cpl.mui| 11.0.9600.19963| 124,928| 14-Feb-21| 0:27 \nInetcpl.cpl.mui| 11.0.9600.19963| 122,880| 14-Feb-21| 0:28 \nInetcpl.cpl.mui| 11.0.9600.19963| 130,048| 14-Feb-21| 0:29 \nInetcpl.cpl.mui| 11.0.9600.19963| 138,240| 14-Feb-21| 0:30 \nInetcpl.cpl.mui| 11.0.9600.19963| 114,688| 14-Feb-21| 2:00 \nInetcpl.cpl.mui| 11.0.9600.19963| 131,584| 14-Feb-21| 0:31 \nInetcpl.cpl.mui| 11.0.9600.19963| 117,760| 14-Feb-21| 0:32 \nInetcpl.cpl.mui| 11.0.9600.19963| 122,368| 14-Feb-21| 0:33 \nInetcpl.cpl.mui| 11.0.9600.19963| 134,144| 14-Feb-21| 0:33 \nInetcpl.cpl.mui| 11.0.9600.19963| 107,008| 14-Feb-21| 0:34 \nInetcpl.cpl.mui| 11.0.9600.19963| 123,392| 14-Feb-21| 0:35 \nInetcpl.cpl.mui| 11.0.9600.19963| 127,488| 14-Feb-21| 0:36 \nInetcpl.cpl.mui| 11.0.9600.19963| 128,512| 14-Feb-21| 0:37 \nInetcpl.cpl.mui| 11.0.9600.19963| 88,576| 14-Feb-21| 0:38 \nInetcpl.cpl.mui| 11.0.9600.19963| 82,944| 14-Feb-21| 0:39 \nInetcpl.cpl.mui| 11.0.9600.19963| 125,440| 14-Feb-21| 0:39 \nInetcpl.cpl.mui| 11.0.9600.19963| 123,392| 14-Feb-21| 0:40 \nInetcpl.cpl.mui| 11.0.9600.19963| 120,320| 14-Feb-21| 0:41 \nInetcpl.cpl.mui| 11.0.9600.19963| 130,560| 14-Feb-21| 0:42 \nInetcpl.cpl.mui| 11.0.9600.19963| 129,024| 14-Feb-21| 0:43 \nInetcpl.cpl.mui| 11.0.9600.19963| 125,952| 14-Feb-21| 0:44 \nInetcpl.cpl.mui| 11.0.9600.19963| 129,024| 14-Feb-21| 0:44 \nInetcpl.cpl.mui| 11.0.9600.19963| 128,000| 14-Feb-21| 0:45 \nInetcpl.cpl.mui| 11.0.9600.19963| 123,904| 14-Feb-21| 0:46 \nInetcpl.cpl.mui| 11.0.9600.19963| 129,024| 14-Feb-21| 0:47 \nInetcpl.cpl.mui| 11.0.9600.19963| 123,904| 14-Feb-21| 0:47 \nInetcpl.cpl.mui| 11.0.9600.19963| 124,416| 14-Feb-21| 0:49 \nInetcpl.cpl.mui| 11.0.9600.19963| 121,856| 14-Feb-21| 0:49 \nInetcpl.cpl.mui| 11.0.9600.19963| 115,712| 14-Feb-21| 0:50 \nInetcpl.cpl.mui| 11.0.9600.19963| 123,904| 14-Feb-21| 0:51 \nInetcpl.cpl.mui| 11.0.9600.19963| 125,440| 14-Feb-21| 0:51 \nInetcpl.cpl.mui| 11.0.9600.19963| 72,704| 14-Feb-21| 0:52 \nInetcpl.cpl.mui| 11.0.9600.19963| 73,728| 14-Feb-21| 0:53 \nInetcpl.cpl.mui| 11.0.9600.19963| 73,728| 14-Feb-21| 0:54 \nMsfeedsbs.dll| 11.0.9600.19963| 52,736| 13-Feb-21| 2:21 \nMsfeedssync.exe| 11.0.9600.19963| 11,776| 13-Feb-21| 2:48 \nIeproxy.dll| 11.0.9600.19963| 310,784| 13-Feb-21| 1:45 \nIeshims.dll| 11.0.9600.19963| 290,304| 13-Feb-21| 1:51 \nIertutil.dll| 11.0.9600.19963| 2,308,096| 13-Feb-21| 2:44 \nSqmapi.dll| 6.2.9200.16384| 228,256| 14-Feb-21| 0:24 \nIeframe.dll.mui| 11.0.9600.19963| 2,066,432| 14-Feb-21| 0:26 \nIeframe.dll.mui| 11.0.9600.19963| 2,121,216| 14-Feb-21| 0:27 \nIeframe.dll.mui| 11.0.9600.19963| 2,075,136| 14-Feb-21| 0:28 \nIeframe.dll.mui| 11.0.9600.19963| 2,063,872| 14-Feb-21| 0:29 \nIeframe.dll.mui| 11.0.9600.19963| 2,314,240| 14-Feb-21| 0:29 \nIeframe.dll.mui| 11.0.9600.19963| 2,390,528| 14-Feb-21| 0:30 \nIeframe.dll.mui| 11.0.9600.19963| 2,033,152| 14-Feb-21| 2:00 \nIeframe.dll.mui| 11.0.9600.19963| 2,307,584| 14-Feb-21| 0:31 \nIeframe.dll.mui| 11.0.9600.19963| 2,255,872| 14-Feb-21| 0:32 \nIeframe.dll.mui| 11.0.9600.19963| 2,061,312| 14-Feb-21| 0:33 \nIeframe.dll.mui| 11.0.9600.19963| 2,326,016| 14-Feb-21| 0:34 \nIeframe.dll.mui| 11.0.9600.19963| 2,019,840| 14-Feb-21| 0:35 \nIeframe.dll.mui| 11.0.9600.19963| 2,071,040| 14-Feb-21| 0:35 \nIeframe.dll.mui| 11.0.9600.19963| 2,082,816| 14-Feb-21| 0:36 \nIeframe.dll.mui| 11.0.9600.19963| 2,307,584| 14-Feb-21| 0:37 \nIeframe.dll.mui| 11.0.9600.19963| 2,170,368| 14-Feb-21| 0:38 \nIeframe.dll.mui| 11.0.9600.19963| 2,153,984| 14-Feb-21| 0:39 \nIeframe.dll.mui| 11.0.9600.19963| 2,291,712| 14-Feb-21| 0:40 \nIeframe.dll.mui| 11.0.9600.19963| 2,283,520| 14-Feb-21| 0:40 \nIeframe.dll.mui| 11.0.9600.19963| 2,052,096| 14-Feb-21| 0:41 \nIeframe.dll.mui| 11.0.9600.19963| 2,301,952| 14-Feb-21| 0:42 \nIeframe.dll.mui| 11.0.9600.19963| 2,093,056| 14-Feb-21| 0:43 \nIeframe.dll.mui| 11.0.9600.19963| 2,075,648| 14-Feb-21| 0:44 \nIeframe.dll.mui| 11.0.9600.19963| 2,299,392| 14-Feb-21| 0:45 \nIeframe.dll.mui| 11.0.9600.19963| 2,094,592| 14-Feb-21| 0:45 \nIeframe.dll.mui| 11.0.9600.19963| 2,316,800| 14-Feb-21| 0:46 \nIeframe.dll.mui| 11.0.9600.19963| 2,305,536| 14-Feb-21| 0:47 \nIeframe.dll.mui| 11.0.9600.19963| 2,278,912| 14-Feb-21| 0:48 \nIeframe.dll.mui| 11.0.9600.19963| 2,277,888| 14-Feb-21| 0:48 \nIeframe.dll.mui| 11.0.9600.19963| 2,060,288| 14-Feb-21| 0:49 \nIeframe.dll.mui| 11.0.9600.19963| 2,315,776| 14-Feb-21| 0:50 \nIeframe.dll.mui| 11.0.9600.19963| 2,278,912| 14-Feb-21| 0:51 \nIeframe.dll.mui| 11.0.9600.19963| 2,324,992| 14-Feb-21| 0:52 \nIeframe.dll.mui| 11.0.9600.19963| 2,098,176| 14-Feb-21| 0:53 \nIeframe.dll.mui| 11.0.9600.19963| 1,890,304| 14-Feb-21| 0:54 \nIeframe.dll.mui| 11.0.9600.19963| 1,890,304| 14-Feb-21| 0:55 \nJscript9.dll.mui| 11.0.9600.19963| 29,184| 14-Feb-21| 0:26 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:26 \nJscript9.dll.mui| 11.0.9600.19963| 32,768| 14-Feb-21| 0:27 \nJscript9.dll.mui| 11.0.9600.19963| 33,280| 14-Feb-21| 0:28 \nJscript9.dll.mui| 11.0.9600.19963| 35,328| 14-Feb-21| 0:29 \nJscript9.dll.mui| 11.0.9600.19963| 37,888| 14-Feb-21| 0:30 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 2:00 \nJscript9.dll.mui| 11.0.9600.19963| 34,304| 14-Feb-21| 0:31 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:31 \nJscript9.dll.mui| 11.0.9600.19963| 33,280| 14-Feb-21| 0:32 \nJscript9.dll.mui| 11.0.9600.19963| 34,304| 14-Feb-21| 0:33 \nJscript9.dll.mui| 11.0.9600.19963| 27,648| 14-Feb-21| 0:34 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:35 \nJscript9.dll.mui| 11.0.9600.19963| 34,304| 14-Feb-21| 0:36 \nJscript9.dll.mui| 11.0.9600.19963| 33,792| 14-Feb-21| 0:36 \nJscript9.dll.mui| 11.0.9600.19963| 23,040| 14-Feb-21| 0:38 \nJscript9.dll.mui| 11.0.9600.19963| 22,016| 14-Feb-21| 0:39 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:39 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:40 \nJscript9.dll.mui| 11.0.9600.19963| 31,232| 14-Feb-21| 0:41 \nJscript9.dll.mui| 11.0.9600.19963| 34,304| 14-Feb-21| 0:42 \nJscript9.dll.mui| 11.0.9600.19963| 35,840| 14-Feb-21| 0:42 \nJscript9.dll.mui| 11.0.9600.19963| 32,768| 14-Feb-21| 0:43 \nJscript9.dll.mui| 11.0.9600.19963| 33,280| 14-Feb-21| 0:45 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:45 \nJscript9.dll.mui| 11.0.9600.19963| 34,816| 14-Feb-21| 0:46 \nJscript9.dll.mui| 11.0.9600.19963| 33,280| 14-Feb-21| 0:47 \nJscript9.dll.mui| 11.0.9600.19963| 32,256| 14-Feb-21| 0:47 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:48 \nJscript9.dll.mui| 11.0.9600.19963| 32,768| 14-Feb-21| 0:49 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:50 \nJscript9.dll.mui| 11.0.9600.19963| 30,720| 14-Feb-21| 0:51 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:51 \nJscript9.dll.mui| 11.0.9600.19963| 16,384| 14-Feb-21| 0:52 \nJscript9.dll.mui| 11.0.9600.19963| 16,896| 14-Feb-21| 0:53 \nJscript9.dll.mui| 11.0.9600.19963| 16,896| 14-Feb-21| 0:54 \n \n### **Windows 7 and Windows Server 2008 R2**\n\n### \n\n__\n\nInternet Explorer 11 on all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nurlmon.dll| 11.0.9600.19963| 12-Feb-2021| 17:50| 1,343,488 \niexplore.exe| 11.0.9600.19963| 13-Feb-2021| 11:46| 810,376 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 31,744 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 36,352 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 35,328 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 36,864 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 39,424 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 32,768 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 37,376 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 33,280 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 38,400 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 30,720 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 35,328 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 36,864 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 25,600 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 24,576 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 35,840 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 34,304 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 34,304 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 36,352 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 35,840 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 35,840 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 35,840 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 34,304 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 35,840 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 33,280 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 34,304 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 34,304 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 20,992 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 21,504 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 21,504 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 46,592 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 52,736 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 51,200 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 51,200 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 56,320 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 57,856 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 49,664 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 54,272 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 47,616 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 49,152 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 55,296 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 45,056 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 51,712 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 51,712 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 53,248 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 39,424 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 35,840 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 50,176 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 51,200 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 50,688 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 52,736 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 53,760 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 54,272 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 54,272 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 52,736 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 51,200 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 53,248 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 52,736 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 51,712 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 50,688 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 50,688 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 50,176 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 50,176 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 30,720 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 30,720 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 30,720 \ninetcpl.cpl| 11.0.9600.19963| 12-Feb-2021| 18:12| 2,058,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 10,752 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 307,200 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 293,888 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 290,304 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 289,280 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 299,008 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 303,104 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 282,112 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 296,960 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 283,648 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 291,840 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 299,520 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 275,968 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 290,816 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 293,376 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 296,960 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 258,048 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 256,512 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 289,280 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 288,256 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 285,184 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 295,424 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 297,472 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 292,864 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 295,424 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 294,400 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 294,400 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 292,864 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 290,816 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 288,768 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 286,208 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 281,600 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 286,720 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 292,352 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 242,176 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 243,200 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:16| 243,200 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 61,440 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 73,728 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 67,584 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 67,584 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 74,240 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 78,848 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 61,440 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 74,752 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 62,464 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 68,096 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 75,264 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 61,440 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 68,608 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 72,192 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 73,216 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 41,472 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 37,888 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 68,608 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 67,584 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 65,536 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 74,240 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 70,656 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 71,168 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 71,680 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 71,168 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 69,632 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 68,096 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 68,608 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 68,096 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 65,536 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 59,904 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 65,536 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 69,120 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 29,696 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 30,720 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:25| 60,416 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 18:26| 230,912 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 46,080 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 50,176 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 49,664 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 51,712 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 54,272 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 48,128 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 50,176 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 47,616 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 49,152 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 50,688 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 45,056 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 49,152 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 49,152 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 49,664 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 39,936 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 39,424 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 47,616 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 47,616 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 51,200 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 50,688 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 49,664 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 50,176 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 49,152 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 50,176 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 49,664 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 48,128 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 48,128 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 35,328 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 35,328 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:16| 35,328 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 11,264 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 9,216 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 7,680 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 7,680 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 6,656 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 6,656 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:16| 6,656 \nwininet.dll| 11.0.9600.19963| 12-Feb-2021| 17:53| 4,388,352 \njsproxy.dll| 11.0.9600.19963| 12-Feb-2021| 18:41| 47,104 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 114,176 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 130,560 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 124,928 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 122,880 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 130,048 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 138,240 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 114,688 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 131,584 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 117,760 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 122,368 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 134,144 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 107,008 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 123,392 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 127,488 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 128,512 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 88,576 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 82,944 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 125,440 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 123,392 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 120,320 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 130,560 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 129,024 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 125,952 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 129,024 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 128,000 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 123,904 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 129,024 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 123,904 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 124,416 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 121,856 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 115,712 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 123,904 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 125,440 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 72,704 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 73,728 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:16| 73,728 \niedkcs32.dll| 18.0.9600.19963| 13-Feb-2021| 11:46| 341,896 \ninstall.ins| Not versioned| 12-Feb-2021| 16:25| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2018| 6:18| 616,104 \nieapfltr.dll| 11.0.9600.19963| 12-Feb-2021| 17:48| 710,656 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:24| 73,728 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.19963| 12-Feb-2021| 18:50| 489,472 \niedvtool.dll| 11.0.9600.19963| 12-Feb-2021| 18:59| 772,608 \nDiagnosticsHub_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:52| 38,912 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:29| 415,744 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 280,064 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 12-Feb-2021| 16:23| 11,892 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 3,584 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 3,584 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 3,584 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 3,584 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:16| 3,584 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:28| 175,104 \nF12Resources.dll| 11.0.9600.19963| 12-Feb-2021| 18:54| 10,948,096 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 2,048 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:27| 256,000 \nF12.dll| 11.0.9600.19963| 12-Feb-2021| 18:17| 1,207,808 \nmsfeeds.dll| 11.0.9600.19963| 12-Feb-2021| 18:12| 696,320 \nmsfeeds.mof| Not versioned| 12-Feb-2021| 16:34| 1,518 \nmsfeedsbs.mof| Not versioned| 12-Feb-2021| 16:34| 1,574 \nmsfeedsbs.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 52,736 \nmsfeedssync.exe| 11.0.9600.19963| 12-Feb-2021| 18:48| 11,776 \nhtml.iec| 2019.0.0.19963| 12-Feb-2021| 18:46| 341,504 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 76,800 \nmshtmlmedia.dll| 11.0.9600.19963| 12-Feb-2021| 18:11| 1,155,584 \nmshtml.dll| 11.0.9600.19963| 12-Feb-2021| 18:58| 20,296,192 \nmshtml.tlb| 11.0.9600.19963| 12-Feb-2021| 18:59| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 12-Feb-2021| 16:23| 3,228 \nieetwcollector.exe| 11.0.9600.19963| 12-Feb-2021| 18:37| 104,960 \nieetwproxystub.dll| 11.0.9600.19963| 12-Feb-2021| 18:46| 47,616 \nieetwcollectorres.dll| 11.0.9600.19963| 12-Feb-2021| 18:59| 4,096 \nielowutil.exe| 11.0.9600.19963| 12-Feb-2021| 18:39| 221,184 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:45| 310,784 \nIEShims.dll| 11.0.9600.19963| 12-Feb-2021| 17:51| 290,304 \nWindows Pop-up Blocked.wav| Not versioned| 23-Sep-2018| 6:39| 85,548 \nWindows Information Bar.wav| Not versioned| 23-Sep-2018| 6:39| 23,308 \nWindows Feed Discovered.wav| Not versioned| 23-Sep-2018| 6:39| 19,884 \nWindows Navigation Start.wav| Not versioned| 23-Sep-2018| 6:39| 11,340 \nbing.ico| Not versioned| 23-Sep-2018| 6:33| 5,430 \nieUnatt.exe| 11.0.9600.19963| 12-Feb-2021| 18:37| 115,712 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 13-Feb-2021| 13:19| 2,956 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 579,584 \nMemoryAnalyzer.dll| 11.0.9600.19963| 12-Feb-2021| 18:35| 1,399,296 \nMshtmlDac.dll| 11.0.9600.19963| 12-Feb-2021| 18:45| 64,000 \nnetworkinspection.dll| 11.0.9600.19963| 12-Feb-2021| 18:18| 1,075,200 \noccache.dll| 11.0.9600.19963| 12-Feb-2021| 18:18| 130,048 \ndesktop.ini| Not versioned| 23-Sep-2018| 6:26| 65 \nwebcheck.dll| 11.0.9600.19963| 12-Feb-2021| 18:13| 230,400 \ndesktop.ini| Not versioned| 23-Sep-2018| 6:27| 65 \nmsrating.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 168,960 \nicrav03.rat| Not versioned| 23-Sep-2018| 6:27| 8,798 \nticrf.rat| Not versioned| 23-Sep-2018| 6:27| 1,988 \niertutil.dll| 11.0.9600.19963| 12-Feb-2021| 18:44| 2,308,096 \nsqmapi.dll| 6.2.9200.16384| 13-Feb-2021| 11:46| 228,232 \nie4uinit.exe| 11.0.9600.19963| 12-Feb-2021| 18:11| 692,224 \niernonce.dll| 11.0.9600.19963| 12-Feb-2021| 18:40| 30,720 \niesetup.dll| 11.0.9600.19963| 12-Feb-2021| 18:47| 62,464 \nieuinit.inf| Not versioned| 12-Feb-2021| 17:30| 16,303 \ninseng.dll| 11.0.9600.19963| 12-Feb-2021| 18:24| 91,136 \nTimeline.dll| 11.0.9600.19963| 12-Feb-2021| 18:23| 154,112 \nTimeline_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:40| 124,928 \nTimeline.cpu.xml| Not versioned| 23-Sep-2018| 6:26| 3,197 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 818,176 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 2,066,432 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 2,121,216 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 2,075,136 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 2,063,872 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 2,314,240 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 2,390,528 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 2,033,152 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 2,307,584 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 2,255,872 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 2,061,312 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 2,326,016 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 2,019,840 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 2,071,040 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 2,082,816 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 2,307,584 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 2,170,368 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 2,153,984 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 2,291,712 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 2,283,520 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 2,052,096 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 2,301,952 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 2,093,056 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 2,075,648 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 2,299,392 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 2,094,592 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 2,316,800 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 2,305,536 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 2,278,912 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 2,277,888 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 2,060,288 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 2,315,776 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 2,278,912 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 2,324,992 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 2,098,176 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 1,890,304 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:16| 1,890,304 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 3,072 \nieframe.dll| 11.0.9600.19963| 12-Feb-2021| 18:09| 13,881,856 \nieui.dll| 11.0.9600.19963| 12-Feb-2021| 18:38| 476,160 \nieframe.ptxml| Not versioned| 12-Feb-2021| 16:23| 24,486 \nieinstal.exe| 11.0.9600.19963| 12-Feb-2021| 18:20| 475,648 \nInetRes.adml| Not versioned| 13-Feb-2021| 11:47| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 11:48| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 11:49| 526,294 \nInetRes.adml| Not versioned| 13-Feb-2021| 11:50| 499,654 \nInetRes.adml| Not versioned| 13-Feb-2021| 11:51| 552,337 \nInetRes.adml| Not versioned| 13-Feb-2021| 11:51| 944,559 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:20| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 11:52| 543,946 \nInetRes.adml| Not versioned| 13-Feb-2021| 11:53| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 11:54| 526,557 \nInetRes.adml| Not versioned| 13-Feb-2021| 11:55| 575,838 \nInetRes.adml| Not versioned| 13-Feb-2021| 11:56| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 11:57| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 11:57| 570,737 \nInetRes.adml| Not versioned| 13-Feb-2021| 11:58| 548,119 \nInetRes.adml| Not versioned| 13-Feb-2021| 11:59| 639,271 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:00| 525,504 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:01| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:02| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:03| 488,488 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:04| 548,494 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:04| 559,343 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:05| 535,067 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:06| 541,455 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:06| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:07| 804,470 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:08| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:09| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:10| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:11| 503,909 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:11| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:12| 521,583 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:13| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:14| 420,082 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:15| 436,651 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:16| 436,651 \ninetres.admx| Not versioned| 11-Jan-2021| 19:25| 1,678,023 \nMsSpellCheckingFacility.exe| 6.3.9600.19963| 12-Feb-2021| 18:32| 668,672 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 29,184 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 32,768 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 33,280 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 35,328 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 37,888 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 34,304 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 33,280 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 34,304 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 27,648 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 34,304 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 33,792 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 23,040 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 22,016 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 31,232 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 34,304 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 35,840 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 32,768 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 33,280 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 34,816 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 33,280 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 32,256 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 32,768 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 30,720 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 16,384 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 16,896 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 16,896 \njscript9.dll| 11.0.9600.19963| 12-Feb-2021| 18:14| 4,112,384 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 18:37| 620,032 \njscript.dll| 5.8.9600.19963| 12-Feb-2021| 18:37| 653,824 \nvbscript.dll| 5.8.9600.19963| 12-Feb-2021| 18:47| 498,176 \n \n### \n\n__\n\nInternet Explorer 11 on all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nurlmon.dll| 11.0.9600.19963| 12-Feb-2021| 18:04| 1,569,280 \niexplore.exe| 11.0.9600.19963| 13-Feb-2021| 12:45| 810,376 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:46| 31,744 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:47| 36,352 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:48| 35,328 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 36,864 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 39,424 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:48| 32,768 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 37,376 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 33,280 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 38,400 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 30,720 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:55| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 35,328 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:57| 36,864 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:58| 25,600 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 24,576 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 35,840 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:00| 34,304 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:01| 34,304 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 36,352 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 35,840 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 35,840 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:05| 35,840 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:06| 34,304 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 35,840 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:09| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:10| 33,280 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:10| 34,304 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 34,304 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:13| 20,992 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:13| 21,504 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:14| 21,504 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:47| 46,592 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:47| 52,736 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:48| 51,200 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 51,200 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 56,320 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 57,856 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:48| 49,664 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:51| 54,272 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 47,616 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 49,152 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 55,296 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 45,056 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 51,712 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 51,712 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:57| 53,248 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:58| 39,424 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:58| 35,840 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 50,176 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:00| 51,200 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:01| 50,688 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 52,736 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 53,760 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 54,272 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 54,272 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:05| 52,736 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:06| 51,200 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 53,248 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 52,736 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 51,712 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:09| 50,688 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:10| 50,688 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 50,176 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 50,176 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:12| 30,720 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:13| 30,720 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:14| 30,720 \ninetcpl.cpl| 11.0.9600.19963| 12-Feb-2021| 18:26| 2,132,992 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:46| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:48| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:48| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:51| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:48| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:51| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:55| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:55| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:57| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:58| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:00| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:01| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:05| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:06| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:09| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:10| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:13| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:13| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:14| 10,752 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:46| 307,200 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:47| 293,888 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:48| 290,304 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 289,280 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 299,008 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:51| 303,104 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:47| 282,112 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:51| 296,960 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 283,648 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 291,840 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 299,520 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:55| 275,968 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:55| 290,816 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 293,376 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:57| 296,960 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:58| 258,048 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 256,512 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 289,280 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:00| 288,256 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 285,184 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 295,424 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 297,472 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 292,864 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 295,424 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:05| 294,400 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:06| 294,400 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 292,864 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 290,816 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 288,768 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:09| 286,208 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:10| 281,600 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 286,720 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 292,352 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:12| 242,176 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:13| 243,200 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:14| 243,200 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:46| 61,440 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:47| 73,728 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:48| 67,584 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 67,584 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 74,240 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 78,848 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:47| 61,440 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:51| 74,752 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 62,464 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 68,096 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 75,264 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 61,440 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:55| 68,608 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 72,192 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:57| 73,216 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:58| 41,472 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:58| 37,888 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 68,608 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:00| 67,584 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:01| 65,536 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 74,240 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 70,656 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 71,168 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 71,680 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:05| 71,168 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:06| 69,632 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 68,096 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 68,608 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 68,096 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:09| 65,536 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:10| 59,904 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 65,536 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 69,120 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:12| 29,696 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:13| 30,720 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:14| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:47| 77,824 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 18:49| 276,480 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:46| 46,080 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:47| 50,176 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:48| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 49,664 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 51,712 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 54,272 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:48| 48,128 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 50,176 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 47,616 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 49,152 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 50,688 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 45,056 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:55| 49,152 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 49,152 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:57| 49,664 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:58| 39,936 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 39,424 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 47,616 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:00| 47,616 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:01| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 51,200 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 50,688 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 49,664 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 50,176 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:05| 49,152 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:06| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 50,176 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 49,664 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:09| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:10| 48,128 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:10| 49,152 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 48,128 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:12| 35,328 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:13| 35,328 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:14| 35,328 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:47| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:47| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:48| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 11,264 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:47| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 9,216 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:55| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:57| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:58| 7,680 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 7,680 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:01| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:01| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:05| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:06| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:09| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:10| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:12| 6,656 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:13| 6,656 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:14| 6,656 \nwininet.dll| 11.0.9600.19963| 12-Feb-2021| 18:15| 4,859,904 \njsproxy.dll| 11.0.9600.19963| 12-Feb-2021| 19:08| 54,784 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:47| 114,176 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:47| 130,560 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:48| 124,928 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 122,880 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 130,048 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 138,240 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:47| 114,688 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:51| 131,584 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 117,760 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 122,368 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 134,144 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 107,008 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:55| 123,392 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 127,488 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:57| 128,512 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:58| 88,576 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 82,944 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 125,440 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:00| 123,392 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:01| 120,320 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 130,560 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 129,024 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 125,952 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 129,024 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:05| 128,000 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:06| 123,904 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 129,024 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 123,904 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 124,416 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:09| 121,856 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:10| 115,712 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:10| 123,904 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 125,440 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:12| 72,704 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:13| 73,728 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:14| 73,728 \niedkcs32.dll| 18.0.9600.19963| 13-Feb-2021| 12:45| 390,560 \ninstall.ins| Not versioned| 12-Feb-2021| 16:26| 464 \nieapfltr.dat| 10.0.9301.0| 25-Jun-2019| 6:11| 616,104 \nieapfltr.dll| 11.0.9600.19963| 12-Feb-2021| 17:53| 800,768 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:47| 88,064 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.19963| 12-Feb-2021| 19:19| 666,624 \niedvtool.dll| 11.0.9600.19963| 12-Feb-2021| 21:02| 950,784 \nDiagnosticsHub_is.dll| 11.0.9600.19963| 12-Feb-2021| 19:21| 50,176 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:53| 491,008 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 18:40| 316,416 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 12-Feb-2021| 16:23| 11,892 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:46| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:47| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:48| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:48| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:48| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:51| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:57| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:58| 3,584 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 3,584 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:00| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:05| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:06| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:09| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:10| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:12| 3,584 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:13| 3,584 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:14| 3,584 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:51| 245,248 \nF12Resources.dll| 11.0.9600.19963| 12-Feb-2021| 19:24| 10,949,120 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:46| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:47| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:48| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:48| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:51| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:55| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:57| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:58| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:00| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:05| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:06| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:09| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:10| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:12| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:13| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:14| 2,048 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:50| 372,224 \nF12.dll| 11.0.9600.19963| 12-Feb-2021| 18:37| 1,422,848 \nmsfeeds.dll| 11.0.9600.19963| 12-Feb-2021| 18:28| 809,472 \nmsfeeds.mof| Not versioned| 12-Feb-2021| 16:34| 1,518 \nmsfeedsbs.mof| Not versioned| 12-Feb-2021| 16:34| 1,574 \nmsfeedsbs.dll| 11.0.9600.19963| 12-Feb-2021| 18:43| 60,416 \nmsfeedssync.exe| 11.0.9600.19963| 12-Feb-2021| 19:17| 13,312 \nhtml.iec| 2019.0.0.19963| 12-Feb-2021| 19:15| 417,280 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:42| 92,672 \nmshtmlmedia.dll| 11.0.9600.19963| 12-Feb-2021| 18:26| 1,360,384 \nmshtml.dll| 11.0.9600.19963| 12-Feb-2021| 21:02| 25,762,816 \nmshtml.tlb| 11.0.9600.19963| 12-Feb-2021| 19:29| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 12-Feb-2021| 16:23| 3,228 \nieetwcollector.exe| 11.0.9600.19963| 12-Feb-2021| 19:04| 116,224 \nieetwproxystub.dll| 11.0.9600.19963| 12-Feb-2021| 19:15| 48,640 \nieetwcollectorres.dll| 11.0.9600.19963| 12-Feb-2021| 19:29| 4,096 \nielowutil.exe| 11.0.9600.19963| 12-Feb-2021| 19:06| 222,720 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:48| 870,400 \nIEShims.dll| 11.0.9600.19963| 12-Feb-2021| 17:57| 387,072 \nWindows Pop-up Blocked.wav| Not versioned| 25-Jun-2019| 6:16| 85,548 \nWindows Information Bar.wav| Not versioned| 25-Jun-2019| 6:16| 23,308 \nWindows Feed Discovered.wav| Not versioned| 25-Jun-2019| 6:16| 19,884 \nWindows Navigation Start.wav| Not versioned| 25-Jun-2019| 6:16| 11,340 \nbing.ico| Not versioned| 25-Jun-2019| 6:14| 5,430 \nieUnatt.exe| 11.0.9600.19963| 12-Feb-2021| 19:04| 144,384 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 13-Feb-2021| 13:47| 2,956 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:44| 628,736 \nMemoryAnalyzer.dll| 11.0.9600.19963| 12-Feb-2021| 19:01| 1,862,656 \nMshtmlDac.dll| 11.0.9600.19963| 12-Feb-2021| 19:14| 88,064 \nnetworkinspection.dll| 11.0.9600.19963| 12-Feb-2021| 18:38| 1,217,024 \noccache.dll| 11.0.9600.19963| 12-Feb-2021| 18:39| 152,064 \ndesktop.ini| Not versioned| 25-Jun-2019| 6:12| 65 \nwebcheck.dll| 11.0.9600.19963| 12-Feb-2021| 18:30| 262,144 \ndesktop.ini| Not versioned| 25-Jun-2019| 6:12| 65 \nmsrating.dll| 11.0.9600.19963| 12-Feb-2021| 18:43| 199,680 \nicrav03.rat| Not versioned| 25-Jun-2019| 6:12| 8,798 \nticrf.rat| Not versioned| 25-Jun-2019| 6:12| 1,988 \niertutil.dll| 11.0.9600.19963| 12-Feb-2021| 19:17| 2,915,840 \nsqmapi.dll| 6.2.9200.16384| 13-Feb-2021| 12:44| 286,088 \nie4uinit.exe| 11.0.9600.19963| 12-Feb-2021| 18:28| 728,064 \niernonce.dll| 11.0.9600.19963| 12-Feb-2021| 19:07| 34,304 \niesetup.dll| 11.0.9600.19963| 12-Feb-2021| 19:16| 66,560 \nieuinit.inf| Not versioned| 12-Feb-2021| 17:31| 16,303 \ninseng.dll| 11.0.9600.19963| 12-Feb-2021| 18:46| 107,520 \nTimeline.dll| 11.0.9600.19963| 12-Feb-2021| 18:45| 219,648 \nTimeline_is.dll| 11.0.9600.19963| 12-Feb-2021| 19:07| 172,032 \nTimeline.cpu.xml| Not versioned| 25-Jun-2019| 6:12| 3,197 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:43| 1,018,880 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:47| 2,066,432 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:46| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:47| 2,121,216 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:47| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:48| 2,075,136 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:48| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 2,063,872 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 2,314,240 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:51| 2,390,528 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:48| 2,033,152 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:48| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 2,307,584 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:51| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 2,255,872 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 2,061,312 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 2,326,016 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:55| 2,019,840 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:55| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 2,071,040 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 2,082,816 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:57| 2,307,584 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:57| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:58| 2,170,368 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:58| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 2,153,984 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:58| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:00| 2,291,712 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:01| 2,283,520 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:00| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 2,052,096 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:01| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 2,301,952 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 2,093,056 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 2,075,648 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:05| 2,299,392 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:05| 2,094,592 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:06| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:06| 2,316,800 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:06| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 2,305,536 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 2,278,912 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:09| 2,277,888 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:09| 2,060,288 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:09| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:10| 2,315,776 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:10| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 2,278,912 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:12| 2,324,992 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:12| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:12| 2,098,176 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:12| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:13| 1,890,304 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:13| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:14| 1,890,304 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:14| 3,072 \nieframe.dll| 11.0.9600.19963| 12-Feb-2021| 18:26| 15,506,944 \nieui.dll| 11.0.9600.19963| 12-Feb-2021| 19:05| 615,936 \nieframe.ptxml| Not versioned| 12-Feb-2021| 16:23| 24,486 \nieinstal.exe| 11.0.9600.19963| 12-Feb-2021| 18:40| 492,032 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:46| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:47| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:48| 526,294 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:49| 499,654 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:50| 552,337 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:50| 944,559 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:48| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:51| 543,946 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:52| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:53| 526,557 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:54| 575,838 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:54| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:55| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:56| 570,737 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:57| 548,119 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:58| 639,271 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:59| 525,504 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:59| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:00| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:01| 488,488 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:02| 548,494 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:03| 559,343 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:03| 535,067 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:04| 541,455 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:05| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:06| 804,470 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:07| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:07| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:08| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:09| 503,909 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:10| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:10| 521,583 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:11| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:13| 420,082 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:13| 436,651 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:14| 436,651 \ninetres.admx| Not versioned| 8-Feb-2021| 20:02| 1,678,023 \nMsSpellCheckingFacility.exe| 6.3.9600.19963| 12-Feb-2021| 18:56| 970,752 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:46| 29,184 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:47| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:48| 32,768 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 33,280 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 35,328 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 37,888 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:48| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 34,304 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 33,280 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 34,304 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:55| 27,648 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:55| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 34,304 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:57| 33,792 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:58| 23,040 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 22,016 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:00| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:01| 31,232 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 34,304 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 35,840 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 32,768 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 33,280 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:05| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:06| 34,816 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 33,280 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 32,256 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:09| 32,768 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:10| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 30,720 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:12| 16,384 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:13| 16,896 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:14| 16,896 \njscript9.dll| 11.0.9600.19963| 12-Feb-2021| 19:04| 5,499,904 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 19:03| 814,592 \njscript.dll| 5.8.9600.19963| 12-Feb-2021| 19:04| 785,408 \nvbscript.dll| 5.8.9600.19963| 12-Feb-2021| 19:15| 581,120 \niexplore.exe| 11.0.9600.19963| 13-Feb-2021| 11:46| 810,376 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:24| 73,728 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:29| 415,744 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 280,064 \nmsfeeds.dll| 11.0.9600.19963| 12-Feb-2021| 18:12| 696,320 \nmsfeeds.mof| Not versioned| 12-Feb-2021| 16:34| 1,518 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 76,800 \nmshtmlmedia.dll| 11.0.9600.19963| 12-Feb-2021| 18:11| 1,155,584 \nmshtml.dll| 11.0.9600.19963| 12-Feb-2021| 18:58| 20,296,192 \nmshtml.tlb| 11.0.9600.19963| 12-Feb-2021| 18:59| 2,724,864 \nwow64_Microsoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 12-Feb-2021| 16:26| 3,228 \nieetwproxystub.dll| 11.0.9600.19963| 12-Feb-2021| 18:46| 47,616 \nieUnatt.exe| 11.0.9600.19963| 12-Feb-2021| 18:37| 115,712 \noccache.dll| 11.0.9600.19963| 12-Feb-2021| 18:18| 130,048 \nwebcheck.dll| 11.0.9600.19963| 12-Feb-2021| 18:13| 230,400 \niernonce.dll| 11.0.9600.19963| 12-Feb-2021| 18:40| 30,720 \niesetup.dll| 11.0.9600.19963| 12-Feb-2021| 18:47| 62,464 \nieuinit.inf| Not versioned| 12-Feb-2021| 17:30| 16,303 \nieframe.dll| 11.0.9600.19963| 12-Feb-2021| 18:09| 13,881,856 \nieui.dll| 11.0.9600.19963| 12-Feb-2021| 18:38| 476,160 \nie9props.propdesc| Not versioned| 23-Sep-2018| 6:32| 2,843 \nwow64_ieframe.ptxml| Not versioned| 12-Feb-2021| 16:26| 24,486 \njscript9.dll| 11.0.9600.19963| 12-Feb-2021| 18:14| 4,112,384 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 18:37| 620,032 \njscript.dll| 5.8.9600.19963| 12-Feb-2021| 18:37| 653,824 \nvbscript.dll| 5.8.9600.19963| 12-Feb-2021| 18:47| 498,176 \nurlmon.dll| 11.0.9600.19963| 12-Feb-2021| 17:50| 1,343,488 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 31,744 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 36,352 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 35,328 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 36,864 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 39,424 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 32,768 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 37,376 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 33,280 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 38,400 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 30,720 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 35,328 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 36,864 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 25,600 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 24,576 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 35,840 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 34,304 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 34,304 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 36,352 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 35,840 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 35,840 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 35,840 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 34,304 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 35,840 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 33,280 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 34,304 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 34,304 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 20,992 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 21,504 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 21,504 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 46,592 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 52,736 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 51,200 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 51,200 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 56,320 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 57,856 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 49,664 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 54,272 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 47,616 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 49,152 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 55,296 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 45,056 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 51,712 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 51,712 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 53,248 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 39,424 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 35,840 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 50,176 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 51,200 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 50,688 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 52,736 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 53,760 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 54,272 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 54,272 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 52,736 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 51,200 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 53,248 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 52,736 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 51,712 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 50,688 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 50,688 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 50,176 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 50,176 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 30,720 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 30,720 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 30,720 \ninetcpl.cpl| 11.0.9600.19963| 12-Feb-2021| 18:12| 2,058,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 10,752 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 307,200 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 293,888 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 290,304 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 289,280 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 299,008 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 303,104 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 282,112 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 296,960 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 283,648 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 291,840 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 299,520 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 275,968 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 290,816 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 293,376 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 296,960 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 258,048 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 256,512 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 289,280 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 288,256 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 285,184 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 295,424 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 297,472 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 292,864 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 295,424 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 294,400 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 294,400 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 292,864 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 290,816 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 288,768 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 286,208 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 281,600 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 286,720 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 292,352 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 242,176 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 243,200 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:16| 243,200 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:25| 60,416 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 46,080 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 50,176 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 49,664 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 51,712 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 54,272 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 48,128 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 50,176 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 47,616 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 49,152 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 50,688 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 45,056 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 49,152 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 49,152 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 49,664 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 39,936 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 39,424 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 47,616 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 47,616 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 51,200 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 50,688 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 49,664 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 50,176 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 49,152 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 50,176 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 49,664 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 48,128 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 48,128 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 35,328 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 35,328 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:16| 35,328 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 11,264 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 9,216 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 7,680 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 7,680 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 6,656 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 6,656 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:16| 6,656 \nwininet.dll| 11.0.9600.19963| 12-Feb-2021| 17:53| 4,388,352 \njsproxy.dll| 11.0.9600.19963| 12-Feb-2021| 18:41| 47,104 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 114,176 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 130,560 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 124,928 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 122,880 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 130,048 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 138,240 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 114,688 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 131,584 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 117,760 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 122,368 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 134,144 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 107,008 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 123,392 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 127,488 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 128,512 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 88,576 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 82,944 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 125,440 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 123,392 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 120,320 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 130,560 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 129,024 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 125,952 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 129,024 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 128,000 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 123,904 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 129,024 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 123,904 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 124,416 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 121,856 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 115,712 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 123,904 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 125,440 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 72,704 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 73,728 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:16| 73,728 \niedkcs32.dll| 18.0.9600.19963| 13-Feb-2021| 11:46| 341,896 \ninstall.ins| Not versioned| 12-Feb-2021| 16:25| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2018| 6:18| 616,104 \nieapfltr.dll| 11.0.9600.19963| 12-Feb-2021| 17:48| 710,656 \niedvtool.dll| 11.0.9600.19963| 12-Feb-2021| 18:59| 772,608 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:28| 175,104 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 2,048 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:27| 256,000 \nmsfeedsbs.mof| Not versioned| 12-Feb-2021| 16:34| 1,574 \nmsfeedsbs.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 52,736 \nmsfeedssync.exe| 11.0.9600.19963| 12-Feb-2021| 18:48| 11,776 \nhtml.iec| 2019.0.0.19963| 12-Feb-2021| 18:46| 341,504 \nielowutil.exe| 11.0.9600.19963| 12-Feb-2021| 18:39| 221,184 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:45| 310,784 \nIEShims.dll| 11.0.9600.19963| 12-Feb-2021| 17:51| 290,304 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 579,584 \nMshtmlDac.dll| 11.0.9600.19963| 12-Feb-2021| 18:45| 64,000 \nnetworkinspection.dll| 11.0.9600.19963| 12-Feb-2021| 18:18| 1,075,200 \nmsrating.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 168,960 \nicrav03.rat| Not versioned| 23-Sep-2018| 6:27| 8,798 \nticrf.rat| Not versioned| 23-Sep-2018| 6:27| 1,988 \niertutil.dll| 11.0.9600.19963| 12-Feb-2021| 18:44| 2,308,096 \nsqmapi.dll| 6.2.9200.16384| 13-Feb-2021| 11:46| 228,232 \ninseng.dll| 11.0.9600.19963| 12-Feb-2021| 18:24| 91,136 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 818,176 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 2,066,432 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 2,121,216 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 2,075,136 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 2,063,872 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 2,314,240 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 2,390,528 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 2,033,152 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 2,307,584 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 2,255,872 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 2,061,312 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 2,326,016 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 2,019,840 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 2,071,040 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 2,082,816 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 2,307,584 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 2,170,368 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 2,153,984 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 2,291,712 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 2,283,520 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 2,052,096 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 2,301,952 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 2,093,056 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 2,075,648 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 2,299,392 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 2,094,592 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 2,316,800 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 2,305,536 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 2,278,912 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 2,277,888 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 2,060,288 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 2,315,776 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 2,278,912 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 2,324,992 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 2,098,176 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 1,890,304 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:16| 1,890,304 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 3,072 \nieinstal.exe| 11.0.9600.19963| 12-Feb-2021| 18:20| 475,648 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 29,184 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 32,768 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 33,280 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 35,328 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 37,888 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 34,304 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 33,280 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 34,304 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 27,648 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 34,304 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 33,792 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 23,040 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 22,016 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 31,232 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 34,304 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 35,840 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 32,768 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 33,280 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 34,816 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 33,280 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 32,256 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 32,768 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 30,720 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 16,384 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 16,896 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 16,896 \n \n### **Windows Server 2008**\n\n### \n\n__\n\nInternet Explorer 9 on all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nurlmon.dll| 9.0.8112.21532| 13-Feb-2021| 11:38| 1,141,248 \niexplore.exe| 9.0.8112.21532| 13-Feb-2021| 11:48| 751,544 \ninetcpl.cpl| 9.0.8112.21532| 13-Feb-2021| 11:36| 1,427,968 \nwininet.dll| 9.0.8112.21532| 13-Feb-2021| 11:37| 1,132,032 \njsproxy.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 75,776 \nWininetPlugin.dll| 1.0.0.1| 13-Feb-2021| 11:36| 66,048 \ntdc.ocx| 9.0.8112.21532| 13-Feb-2021| 11:35| 63,488 \niedvtool.dll| 9.0.8112.21532| 13-Feb-2021| 11:37| 678,912 \ndxtmsft.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 354,304 \ndxtrans.dll| 9.0.8112.21532| 13-Feb-2021| 11:35| 223,744 \nmsfeeds.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 607,744 \nmsfeeds.mof| Not versioned| 13-Feb-2021| 11:11| 1,518 \nmsfeedsbs.mof| Not versioned| 13-Feb-2021| 11:11| 1,574 \nmsfeedsbs.dll| 9.0.8112.21532| 13-Feb-2021| 11:35| 41,472 \nmsfeedssync.exe| 9.0.8112.21532| 13-Feb-2021| 11:35| 10,752 \nmshta.exe| 9.0.8112.21532| 13-Feb-2021| 11:35| 11,776 \nhtml.iec| 2019.0.0.21527| 13-Feb-2021| 11:40| 367,616 \nmshtmled.dll| 9.0.8112.21532| 13-Feb-2021| 11:35| 72,704 \nmshtml.dll| 9.0.8112.21532| 13-Feb-2021| 11:45| 12,844,544 \nmshtml.tlb| 9.0.8112.21532| 13-Feb-2021| 11:35| 2,382,848 \nielowutil.exe| 9.0.8112.21532| 13-Feb-2021| 11:36| 223,232 \nieproxy.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 195,072 \nIEShims.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 194,560 \nExtExport.exe| 9.0.8112.21532| 13-Feb-2021| 11:36| 22,528 \nWindows Pop-up Blocked.wav| Not versioned| 27-Apr-2018| 10:11| 85,548 \nWindows Information Bar.wav| Not versioned| 27-Apr-2018| 10:11| 23,308 \nWindows Feed Discovered.wav| Not versioned| 27-Apr-2018| 10:11| 19,884 \nWindows Navigation Start.wav| Not versioned| 27-Apr-2018| 10:11| 11,340 \nieUnatt.exe| 9.0.8112.21532| 13-Feb-2021| 11:36| 142,848 \njsdbgui.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 388,096 \niertutil.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 1,808,384 \nsqmapi.dll| 6.0.6000.16386| 13-Feb-2021| 11:48| 142,776 \nVGX.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 769,024 \nurl.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 231,936 \nieframe.dll| 9.0.8112.21532| 13-Feb-2021| 11:39| 9,757,696 \nieui.dll| 9.0.8112.21532| 13-Feb-2021| 11:34| 176,640 \nieinstal.exe| 9.0.8112.21532| 13-Feb-2021| 11:36| 474,624 \nInetRes.adml| Not versioned| 13-Feb-2021| 11:53| 393,813 \ninetres.admx| Not versioned| 27-Apr-2018| 10:14| 1,601,204 \njsdebuggeride.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 104,448 \njscript.dll| 5.8.7601.21527| 13-Feb-2021| 11:36| 723,456 \njscript9.dll| 9.0.8112.21532| 13-Feb-2021| 11:43| 1,819,648 \nvbscript.dll| 5.8.7601.21527| 13-Feb-2021| 11:36| 434,176 \n \n### \n\n__\n\nInternet Explorer 9 on all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nurlmon.dll| 9.0.8112.21532| 13-Feb-2021| 12:30| 1,390,592 \niexplore.exe| 9.0.8112.21532| 13-Feb-2021| 12:52| 757,688 \ninetcpl.cpl| 9.0.8112.21532| 13-Feb-2021| 12:28| 1,494,528 \nwininet.dll| 9.0.8112.21532| 13-Feb-2021| 12:30| 1,394,688 \njsproxy.dll| 9.0.8112.21532| 13-Feb-2021| 12:28| 97,280 \nWininetPlugin.dll| 1.0.0.1| 13-Feb-2021| 12:28| 86,528 \ntdc.ocx| 9.0.8112.21532| 13-Feb-2021| 12:27| 76,800 \niedvtool.dll| 9.0.8112.21532| 13-Feb-2021| 12:29| 887,808 \ndxtmsft.dll| 9.0.8112.21532| 13-Feb-2021| 12:28| 452,608 \ndxtrans.dll| 9.0.8112.21532| 13-Feb-2021| 12:28| 281,600 \nmsfeeds.dll| 9.0.8112.21532| 13-Feb-2021| 12:28| 729,088 \nmsfeeds.mof| Not versioned| 13-Feb-2021| 12:02| 1,518 \nmsfeedsbs.mof| Not versioned| 13-Feb-2021| 12:02| 1,574 \nmsfeedsbs.dll| 9.0.8112.21532| 13-Feb-2021| 12:28| 55,296 \nmsfeedssync.exe| 9.0.8112.21532| 13-Feb-2021| 12:28| 11,264 \nmshta.exe| 9.0.8112.21532| 13-Feb-2021| 12:27| 12,800 \nhtml.iec| 2019.0.0.21527| 13-Feb-2021| 12:37| 448,512 \nmshtmled.dll| 9.0.8112.21532| 13-Feb-2021| 12:28| 96,256 \nmshtml.dll| 9.0.8112.21532| 13-Feb-2021| 12:47| 18,810,880 \nmshtml.tlb| 9.0.8112.21532| 13-Feb-2021| 12:27| 2,382,848 \nielowutil.exe| 9.0.8112.21532| 13-Feb-2021| 12:28| 223,744 \nieproxy.dll| 9.0.8112.21532| 13-Feb-2021| 12:28| 550,912 \nIEShims.dll| 9.0.8112.21532| 13-Feb-2021| 12:28| 305,664 \nWindows Pop-up Blocked.wav| Not versioned| 27-Apr-2018| 10:11| 85,548 \nWindows Information Bar.wav| Not versioned| 27-Apr-2018| 10:11| 23,308 \nWindows Feed Discovered.wav| Not versioned| 27-Apr-2018| 10:11| 19,884 \nWindows Navigation Start.wav| Not versioned| 27-Apr-2018| 10:11| 11,340 \nieUnatt.exe| 9.0.8112.21532| 13-Feb-2021| 12:28| 173,568 \njsdbgui.dll| 9.0.8112.21532| 13-Feb-2021| 12:29| 499,712 \niertutil.dll| 9.0.8112.21532| 13-Feb-2021| 12:28| 2,163,200 \nsqmapi.dll| 6.0.6000.16386| 13-Feb-2021| 12:52| 176,048 \nVGX.dll| 9.0.8112.21532| 13-Feb-2021| 12:29| 997,376 \nurl.dll| 9.0.8112.21532| 13-Feb-2021| 12:28| 237,056 \nieframe.dll| 9.0.8112.21532| 13-Feb-2021| 12:33| 10,944,000 \nieui.dll| 9.0.8112.21532| 13-Feb-2021| 12:25| 248,320 \nieinstal.exe| 9.0.8112.21532| 13-Feb-2021| 12:28| 490,496 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:56| 393,813 \ninetres.admx| Not versioned| 27-Apr-2018| 10:14| 1,601,204 \njsdebuggeride.dll| 9.0.8112.21532| 13-Feb-2021| 12:28| 141,312 \njscript.dll| 5.8.7601.21527| 13-Feb-2021| 12:28| 818,176 \njscript9.dll| 9.0.8112.21532| 13-Feb-2021| 12:36| 2,358,784 \nvbscript.dll| 5.8.7601.21527| 13-Feb-2021| 12:28| 583,680 \niexplore.exe| 9.0.8112.21532| 13-Feb-2021| 11:48| 751,544 \nieUnatt.exe| 9.0.8112.21532| 13-Feb-2021| 11:36| 142,848 \nurlmon.dll| 9.0.8112.21532| 13-Feb-2021| 11:38| 1,141,248 \ninetcpl.cpl| 9.0.8112.21532| 13-Feb-2021| 11:36| 1,427,968 \nwininet.dll| 9.0.8112.21532| 13-Feb-2021| 11:37| 1,132,032 \njsproxy.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 75,776 \nWininetPlugin.dll| 1.0.0.1| 13-Feb-2021| 11:36| 66,048 \ntdc.ocx| 9.0.8112.21532| 13-Feb-2021| 11:35| 63,488 \niedvtool.dll| 9.0.8112.21532| 13-Feb-2021| 11:37| 678,912 \ndxtmsft.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 354,304 \ndxtrans.dll| 9.0.8112.21532| 13-Feb-2021| 11:35| 223,744 \nmsfeeds.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 607,744 \nmsfeeds.mof| Not versioned| 13-Feb-2021| 11:11| 1,518 \nmsfeedsbs.mof| Not versioned| 13-Feb-2021| 11:11| 1,574 \nmsfeedsbs.dll| 9.0.8112.21532| 13-Feb-2021| 11:35| 41,472 \nmsfeedssync.exe| 9.0.8112.21532| 13-Feb-2021| 11:35| 10,752 \nmshta.exe| 9.0.8112.21532| 13-Feb-2021| 11:35| 11,776 \nhtml.iec| 2019.0.0.21527| 13-Feb-2021| 11:40| 367,616 \nmshtmled.dll| 9.0.8112.21532| 13-Feb-2021| 11:35| 72,704 \nmshtml.dll| 9.0.8112.21532| 13-Feb-2021| 11:45| 12,844,544 \nmshtml.tlb| 9.0.8112.21532| 13-Feb-2021| 11:35| 2,382,848 \nielowutil.exe| 9.0.8112.21532| 13-Feb-2021| 11:36| 223,232 \nieproxy.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 195,072 \nIEShims.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 194,560 \nExtExport.exe| 9.0.8112.21532| 13-Feb-2021| 11:36| 22,528 \njsdbgui.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 388,096 \niertutil.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 1,808,384 \nsqmapi.dll| 6.0.6000.16386| 13-Feb-2021| 11:48| 142,776 \nVGX.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 769,024 \nurl.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 231,936 \nieframe.dll| 9.0.8112.21532| 13-Feb-2021| 11:39| 9,757,696 \nieui.dll| 9.0.8112.21532| 13-Feb-2021| 11:34| 176,640 \nieinstal.exe| 9.0.8112.21532| 13-Feb-2021| 11:36| 474,624 \njsdebuggeride.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 104,448 \njscript.dll| 5.8.7601.21527| 13-Feb-2021| 11:36| 723,456 \njscript9.dll| 9.0.8112.21532| 13-Feb-2021| 11:43| 1,819,648 \nvbscript.dll| 5.8.7601.21527| 13-Feb-2021| 11:36| 434,176 \n \n## Information about protection and security\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151/windows-security-help>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n\n## References\n\nLearn about the [terminology](<https://support.microsoft.com/help/824684>) that Microsoft uses to describe software updates.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-09T08:00:00", "type": "mskb", "title": "KB5000800: Cumulative security update for Internet Explorer: March 9, 2021", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26411"], "modified": "2021-03-09T08:00:00", "id": "KB5000800", "href": "https://support.microsoft.com/en-us/help/5000800", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-24T11:31:29", "description": "None\n**12/8/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-10-update-servicing-cadence/ba-p/222376>). To view other notes and messages, see the Windows 10, version 1803 update history home page.\n\n## Highlights\n\n * Updates security for the Windows user interface.\n * Updates to improve security when Windows performs basic operations.\n * Updates to improve security when using Microsoft Office products.\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses an elevation of privilege security vulnerability documented in [CVE-2021-1640](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1640>) related to print jobs submitted to \u201cFILE:\u201d ports. After installing Windows updates from March 9, 2021 and later, print jobs that are in a pending state before restarting the print spooler service or restarting the OS will remain in an error state. Manually delete the affected print jobs and resubmit them to the print queue when the print spooler service is online.\n * Security updates to the Windows Shell, Windows User Account Control (UAC), Windows Fundamentals, Windows Core Networking, the Windows Kernel, the Microsoft Graphics Component, Windows Graphics, Internet Explorer, Microsoft Edge Legacy, and Windows Media.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, you might receive an APC_INDEX_MISMATCH error with a blue screen when attempting to print to certain printers in some apps.| This issue is resolved in KB5001565. \nAfter installing updates released March 9, 2021 or March 15, 2021, you might get unexpected results when printing from some apps. Issues might include:\n\n * Elements of the document might print as solid black/color boxes or might be missing, including barcodes, QR codes, and graphics elements, such as logos.\n * Table lines might be missing. Other alignment or formatting issues might also be present.\n * Printing from some apps or to some printers might result in a blank page or label.\n| This issue is resolved in KB5001634. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB4580398) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5000809>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5000809](<https://download.microsoft.com/download/9/0/d/90d4abf0-4129-404c-be46-5a1798eab386/5000809.csv>). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T08:00:00", "type": "mskb", "title": "March 9, 2021\u2014KB5000809 (OS Build 17134.2087)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-26411"], "modified": "2021-03-09T08:00:00", "id": "KB5000809", "href": "https://support.microsoft.com/en-us/help/5000809", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-15T10:41:13", "description": "None\n**2/16/21** \n**IMPORTANT **As part of the end of support for Adobe Flash, KB4577586 is now available as an optional update from Windows Update (WU) and Windows Server Update Services (WSUS). Installing KB4577586 will remove Adobe Flash Player permanently from your Windows device. Once installed, you cannot uninstall KB4577586. For more details about Microsoft\u2019s plans, see [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support>).\n\n**11/17/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-10-update-servicing-cadence/ba-p/222376>). To view other notes and messages, see the Windows 10, version 1809 update history home page.\n\n**Note **This release also contains updates for Microsoft HoloLens (OS Build 17763.1817) released March 9, 2021. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.\n\n## Highlights\n\n * Updates security for the Windows user interface.\n * Updates to improve security when Windows performs basic operations.\n * Updates to improve security when using Microsoft Office products.\n\n## Improvements and fixes\n\n * Addresses an elevation of privilege security vulnerability documented in [CVE-2021-1640](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1640>) related to print jobs submitted to \u201cFILE:\u201d ports. After installing Windows updates from March 9, 2021 and later, print jobs that are in a pending state before restarting the print spooler service or restarting the OS will remain in an error state. Manually delete the affected print jobs and resubmit them to the print queue when the print spooler service is online.\n * Security updates to the Windows Shell, Windows Fundamentals, Windows Management, Windows Apps, Windows User Account Control (UAC), Windows Core Networking, Windows Hybrid Cloud Networking, the Windows Kernel, Windows Virtualization, the Microsoft Graphics Component, Internet Explorer, Microsoft Edge Legacy, and Windows Media.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing KB4493509, devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"| \n\n 1. Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10.\n 2. Select **Check for Updates** and install the April 2019 Cumulative Update. For instructions, see Update Windows 10.\n**Note** If reinstalling the language pack does not mitigate the issue, reset your PC as follows:\n\n 1. Go to the **Settings **app &gt; **Recovery**.\n 2. Select **Get Started** under the **Reset this PC** recovery option.\n 3. Select **Keep my Files**.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing this update, you might receive an APC_INDEX_MISMATCH error with a blue screen when attempting to print to certain printers in some apps.| This issue is resolved in KB5001568. \nAfter installing updates released March 9, 2021 or March 15, 2021, you might get unexpected results when printing from some apps. Issues might include:\n\n * Elements of the document might print as solid black/color boxes or might be missing, including barcodes, QR codes, and graphics elements, such as logos.\n * Table lines might be missing. Other alignment or formatting issues might also be present.\n * Printing from some apps or to some printers might result in a blank page or label.\n| This issue is resolved in KB5001638. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB5000859) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5000822>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5000822](<https://download.microsoft.com/download/f/2/f/f2fc2870-838b-4900-aaa6-4e1168d79b43/5000822.csv>).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T08:00:00", "type": "mskb", "title": "March 9, 2021\u2014KB5000822 (OS Build 17763.1817)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-26411"], "modified": "2021-03-09T08:00:00", "id": "KB5000822", "href": "https://support.microsoft.com/en-us/help/5000822", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-15T10:41:18", "description": "None\n**Important: **Verify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n\n**Important: **For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2008 Service Pack 2 update history [home page](<https://support.microsoft.com/help/4343218>).\n\n## Improvements and fixes\n\nThis security update includes improvements and fixes that were a part of update [KB4601360](<https://support.microsoft.com/help/4601360>) (released February 9, 2021) and addresses the following issues: \n\n * Addresses an elevation of privilege security vulnerability documented in [CVE-2021-1640](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1640>) related to print jobs submitted to \u201cFILE:\u201d ports. After installing Windows updates from March 9, 2021 and later, print jobs that are in a pending state before restarting the print spooler service or restarting the OS will remain in an error state. Manually delete the affected print jobs and resubmit them to the print queue when the print spooler service is online.\n * Addresses an issue in which a non-native device that is in the same realm does not receive a Kerberos Service ticket from Active Directory DCs. This issue occurs even though Windows Updates are installed that contain [CVE-2020-17049](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049>) protections released between November 10 and December 8, 2020 and configured **PerfromTicketSignature** to **1** or larger. Ticket acquisition fails with **KRB_GENERIC_ERROR** if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without the **USER_NO_AUTH_DATA_REQUIRED** flag being set for the user in User Account Controls.\n * Security updates to Windows Fundamentals, Windows Shell, and Windows Hybrid Cloud Networking.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer\u201d, and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing updates released March 9, 2021, you might get unexpected results when printing from some apps. Issues might include:\n\n * Elements of the document might print as solid black/color boxes or might be missing, including barcodes, QR codes, and graphics elements, such as logos.\n * Table lines might be missing. Other alignment or formatting issues might also be present.\n * Printing from some apps or to some printers might result in a blank page or label.\n| This issue is resolved in KB5001642. \n \n## How to get this update\n\n### Before installing this update\n\n**IMPORTANT** Customers who have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends on January 14, 2020.For more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n\n### **Prerequisite**\n\nYou must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The April 9, 2019 servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released October 8, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. The Extended Security Updates (ESU) Licensing Preparation Package ([KB4538484](<https://support.microsoft.com/help/4538484>)) or the Update for the Extended Security Updates (ESU) Licensing Preparation Package ([KB4575904](<https://support.microsoft.com/help/4575904>)). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, Microsoft strongly recommends that you install the latest SSU ([KB4580971](<https://support.microsoft.com/help/4580971>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).\n\n### Install this update\n\n**Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update if you are an ESU customer. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5000844>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2**Classification**: Security Updates \n \n## File information\n\nFor a list of the files that are provided in this update, download the [file information for cumulative update 5000844](<https://download.microsoft.com/download/b/4/c/b4ca9728-4c2d-46fd-b3b9-769235c4305a/5000844.csv>).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T08:00:00", "type": "mskb", "title": "March 9, 2021\u2014KB5000844 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2021-1640", "CVE-2021-26411"], "modified": "2021-03-09T08:00:00", "id": "KB5000844", "href": "https://support.microsoft.com/en-us/help/5000844", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:41:19", "description": "None\n**Important: ** \n \nWindows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 8.1 and Windows Server 2012 R2 update history [home page](<https://support.microsoft.com/help/4009470>).\n\n**Important: ****March 9, 2021** \nAs part of the end of support for Adobe Flash, [KB4577586](<https://support.microsoft.com/help/4577586>) is now available as an optional update from Windows Update (WU) and Windows Server Update Services (WSUS). Installing KB4577586 will remove Adobe Flash Player permanently from your Windows device. Once installed, you cannot uninstall KB4577586[ ](<https://support.microsoft.com/help/4577586>). For more details about Microsoft\u2019s plans, see [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support>).\n\n## Improvements and fixes\n\nThis security update includes improvements and fixes that were a part of update [KB4601384](<https://support.microsoft.com/help/4601384>) (released February 9, 2021) and addresses the following issues:\n\n * Addresses an issue in which a non-native device that is in the same realm does not receive a Kerberos Service ticket from Active Directory DCs. This issue occurs even though Windows Updates are installed that contain [CVE-2020-17049](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049>) protections released between November 10 and December 8, 2020 and configured **PerfromTicketSignature** to **1** or larger. Ticket acquisition fails with **KRB_GENERIC_ERROR** if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without the **USER_NO_AUTH_DATA_REQUIRED** flag being set for the user in User Account Controls.\n * Addresses an elevation of privilege security vulnerability documented in [CVE-2021-1640](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1640>) related to print jobs submitted to \u201cFILE:\u201d ports. After installing Windows updates from March 9, 2021 and later, print jobs that are in a pending state before restarting the print spooler service or restarting the OS will remain in an error state. Manually delete the affected print jobs and resubmit them to the print queue when the print spooler service is online.\n * Security updates to Windows Fundamentals, Windows Shell, Windows UAC, Windows Hybrid Cloud Networking, Windows Media, and Windows Graphics.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing updates released March 9, 2021, you might get unexpected results when printing from some apps. Issues might include:\n\n * Elements of the document might print as solid black/color boxes or might be missing, including barcodes, QR codes, and graphics elements, such as logos.\n * Table lines might be missing. Other alignment or formatting issues might also be present.\n * Printing from some apps or to some printers might result in a blank page or label.\n| This issue is resolved in KB5001640. \n \n## How to get this update\n\n### Before installing this update\n\nWe strongly recommend that you install the latest servicing stack update (SSU) for your operating system before you install the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB4566425](<https://support.microsoft.com/help/4566425>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). \n\n### Install this update\n\n**Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5000848>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro**Classification**: Security Updates \n \n## File information\n\nFor a list of the files that are provided in this update, download the [file information for update 5000848](<https://download.microsoft.com/download/0/0/3/0036604e-4a48-4a7e-a819-1a9c3657f829/5000848.csv>).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T08:00:00", "type": "mskb", "title": "March 9, 2021\u2014KB5000848 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2021-1640", "CVE-2021-26411"], "modified": "2021-03-09T08:00:00", "id": "KB5000848", "href": "https://support.microsoft.com/en-us/help/5000848", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:41:13", "description": "None\n**NEW 3/9/21** \n**IMPORTANT **As part of the end of support for Adobe Flash, KB4577586 is now available as an optional update from Windows Update (WU) and Windows Server Update Services (WSUS). Installing KB4577586 will remove Adobe Flash Player permanently from your Windows device. Once installed, you cannot uninstall KB4577586. For more details about Microsoft\u2019s plans, see [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support>).\n\n**11/19/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-10-update-servicing-cadence/ba-p/222376>). To view other notes and messages, see the Windows 10, version 1607 update history home page. \n\n## Highlights\n\n * Updates security for the Windows user interface.\n * Updates to improve security when Windows performs basic operations.\n * Updates to improve security when using Microsoft Office products.\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Turns off token binding by default in Windows Internet (WinINet).\n * Addresses an issue in the Windows Management Instrumentation (WMI) service that causes a heap leak each time security settings are applied to WMI namespace permissions.\n * Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerfromTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, \u201cKRB_GENERIC_ERROR\u201d, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag.\n * Addresses an elevation of privilege security vulnerability documented in [CVE-2021-1640](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1640>) related to print jobs submitted to \u201cFILE:\u201d ports. After installing Windows updates from March 9, 2021 and later, print jobs that are in a pending state before restarting the print spooler service or restarting the OS will remain in an error state. Manually delete the affected print jobs and resubmit them to the print queue when the print spooler service is online. \n * Addresses a reliability issue in Remote Desktop.\n * Addresses an issue that might cause stop error 7E in **nfssvr.sys** on servers running the Network File System (NFS) service.\n * Addresses an issue that excessively logs DfsSvc Event 14554 in the System event log by default once every hour for each DFS Namespace (DFSN). This update adds a new registry key, RootShareAcquireSuccessEvent, to enable or disable Event 14554.Keypath: HKEY_LOCAL_MACHINE/L\"System\\CurrentControlSet\\Services\\Dfs\\Parameters\"Default value = 0If RootShareAcquireSuccessEvent is not 0 or is not present = Enable log.If RootShareAcquireSuccessEvent is 0 = Disable log.Whenever you change RootShareAcquireSuccessEvent, you must restart the DFSN service.\n * Addresses an issue that causes an increase in network traffic during update detection for Windows Updates. This issue occurs on devices that are configured to use an authenticated user proxy as the fallback method if update detection with a system proxy fails or there is no proxy.\n * Security updates to the Windows Shell, Windows User Account Control (UAC), Windows Fundamentals, Windows Core Networking, Windows Hybrid Cloud Networking, Windows Kernel, Windows Virtualization, the Microsoft Graphics Component, Internet Explorer, Microsoft Edge Legacy, and Windows Media.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing updates released March 9, 2021 or March 15, 2021, you might get unexpected results when printing from some apps. Issues might include:\n\n * Elements of the document might print as solid black/color boxes or might be missing, including barcodes, QR codes, and graphics elements, such as logos.\n * Table lines might be missing. Other alignment or formatting issues might also be present.\n * Printing from some apps or to some printers might result in a blank page or label.\n| This issue is resolved in KB5001633. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB5001078) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5000803>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5000803](<https://download.microsoft.com/download/7/5/6/756f589c-b505-4341-b064-3f5e93f08aee/5000803.csv>). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T08:00:00", "type": "mskb", "title": "March 9, 2021\u2014KB5000803 (OS Build 14393.4283)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2021-1640", "CVE-2021-26411"], "modified": "2021-03-09T08:00:00", "id": "KB5000803", "href": "https://support.microsoft.com/en-us/help/5000803", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "checkpoint_advisories": [{"lastseen": "2022-02-16T19:35:19", "description": "A memory corruption vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-09T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Internet Explorer Memory Corruption (CVE-2021-26411)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26411"], "modified": "2021-03-09T00:00:00", "id": "CPAI-2021-0108", "href": "", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-16T19:38:23", "description": "A memory corruption vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-08-11T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2020-1380)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1380"], "modified": "2020-08-11T00:00:00", "id": "CPAI-2020-0727", "href": "", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "mscve": [{"lastseen": "2023-03-17T02:34:40", "description": "Internet Explorer Memory Corruption Vulnerability", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-09T08:00:00", "type": "mscve", "title": "Internet Explorer Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26411"], "modified": "2021-03-09T08:00:00", "id": "MS:CVE-2021-26411", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26411", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-17T02:35:17", "description": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked &quot;safe for initialization&quot; in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-08-11T07:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1380"], "modified": "2020-08-11T07:00:00", "id": "MS:CVE-2020-1380", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1380", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-01-11T14:44:30", "description": "The Internet Explorer installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability:\n\n - A memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26411)", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "Security Updates for Internet Explorer (March 2021)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26411"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_MAR_INTERNET_EXPLORER.NASL", "href": "https://www.tenable.com/plugins/nessus/147228", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147228);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2021-26411\");\n script_xref(name:\"MSKB\", value:\"5000847\");\n script_xref(name:\"MSKB\", value:\"5000800\");\n script_xref(name:\"MSKB\", value:\"5000841\");\n script_xref(name:\"MSKB\", value:\"5000844\");\n script_xref(name:\"MSKB\", value:\"5000848\");\n script_xref(name:\"MSFT\", value:\"MS21-5000847\");\n script_xref(name:\"MSFT\", value:\"MS21-5000800\");\n script_xref(name:\"MSFT\", value:\"MS21-5000841\");\n script_xref(name:\"MSFT\", value:\"MS21-5000844\");\n script_xref(name:\"MSFT\", value:\"MS21-5000848\");\n script_xref(name:\"IAVA\", value:\"2021-A-0130-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0015\");\n\n script_name(english:\"Security Updates for Internet Explorer (March 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Internet Explorer installation on the remote host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Internet Explorer installation on the remote host is\nmissing a security update. It is, therefore, affected by the\nfollowing vulnerability:\n\n - A memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26411)\");\n # https://support.microsoft.com/en-us/topic/kb5000800-cumulative-security-update-for-internet-explorer-march-9-2021-b7b43be0-e9ef-48b6-b102-ed28fd89e0f2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e8426b33\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000841-monthly-rollup-3a2cced1-f436-40c3-a8a1-645f86759088\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8c5851d4\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000844-monthly-rollup-d90d0eb1-6319-4a7e-97f6-68fbd306fd5a\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?177a5bc6\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000847-monthly-rollup-8afa2933-e9da-4481-a0bc-18deb314974e\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?df958afd\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000848-monthly-rollup-52f23db9-e1b0-4829-81b9-198fc82891a3\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5ff1e9b3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB5000800\n -KB5000841\n -KB5000844\n -KB5000847\n -KB5000848\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26411\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS21-03';\nkbs = make_list(\n '5000800',\n '5000841',\n '5000844',\n '5000847',\n '5000848'\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nos = get_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 8.1 / Windows Server 2012 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.19963\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"5000800\") ||\n\n # Windows Server 2012\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.19963\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"5000800\") ||\n\n # Windows 7 / Server 2008 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"11.0.9600.19963\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"5000800\") ||\n\n # Windows Server 2008\n # Internet Explorer 9\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"9.0.8112.21532\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"5000800\")\n)\n{\n report = '\\nNote: The fix for this issue is available in either of the following updates:\\n';\n report += ' - KB5000800 : Cumulative Security Update for Internet Explorer\\n';\n\n if(os == \"6.3\")\n {\n report += ' - KB5000848 : Windows 8.1 / Server 2012 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS21-03', kb:'5000848', report);\n }\n else if(os == \"6.2\")\n {\n report += ' - KB5000847 : Windows Server 2012 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS21-03', kb:'5000847', report);\n }\n else if(os == \"6.1\")\n {\n report += ' - KB5000841 : Windows 7 / Server 2008 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS21-03', kb:'5000841', report);\n }\n else if(os == \"6.0\")\n {\n report += ' - KB5000844 : Windows Server 2008 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS21-03', kb:'5000844', report);\n }\n\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n\n port = kb_smb_transport();\n\n hotfix_security_warning();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-15T14:40:48", "description": "The Internet Explorer installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability:\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26419)", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-11T00:00:00", "type": "nessus", "title": "Security Updates for Internet Explorer (May 2021)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26411", "CVE-2021-26419"], "modified": "2021-05-27T00:00:00", "cpe": ["cpe:/a:microsoft:ie"], "id": "SMB_NT_MS21_MAY_INTERNET_EXPLORER.NASL", "href": "https://www.tenable.com/plugins/nessus/149386", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149386);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/27\");\n\n script_cve_id(\"CVE-2021-26419\");\n script_xref(name:\"MSKB\", value:\"5003210\");\n script_xref(name:\"MSFT\", value:\"MS21-5003210\");\n script_xref(name:\"MSKB\", value:\"5003233\");\n script_xref(name:\"MSFT\", value:\"MS21-5003233\");\n script_xref(name:\"MSKB\", value:\"5003209\");\n script_xref(name:\"MSFT\", value:\"MS21-5003209\");\n script_xref(name:\"MSKB\", value:\"5003165\");\n script_xref(name:\"MSKB\", value:\"5003208\");\n script_xref(name:\"MSFT\", value:\"MS21-5003165\");\n script_xref(name:\"MSFT\", value:\"MS21-5003208\");\n script_xref(name:\"IAVA\", value:\"2021-A-0224\");\n\n script_name(english:\"Security Updates for Internet Explorer (May 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Internet Explorer installation on the remote host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Internet Explorer installation on the remote host is\nmissing a security update. It is, therefore, affected by the\nfollowing vulnerability:\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26419)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/topic/5003165\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/topic/5003208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/topic/5003209\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/topic/5003210\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/topic/5003233\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB5003165\n -KB5003208\n -KB5003209\n -KB5003210\n -KB5003233\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26411\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:ie\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nvar bulletin = 'MS21-05';\nvar kbs = make_list(\n '5003165',\n '5003208',\n '5003209',\n '5003210',\n '5003233'\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nvar os = get_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nvar productname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nvar share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 8.1 / Windows Server 2012 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.20016\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"5003165\") ||\n\n # Windows Server 2012\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.20016\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"5003165\") ||\n\n # Windows 7 / Server 2008 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"11.0.9600.20016\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"5003165\") ||\n\n # Windows Server 2008\n # Internet Explorer 9\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"9.0.8112.21542\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"5003165\")\n)\n{\n var report = '\\nNote: The fix for this issue is available in either of the following updates:\\n';\n report += ' - KB5003165 : Cumulative Security Update for Internet Explorer\\n';\n\n if(os == \"6.3\")\n {\n report += ' - KB5003209 : Windows 8.1 / Server 2012 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS21-05', kb:'5003209', report);\n }\n else if(os == \"6.2\")\n {\n report += ' - KB5003208 : Windows Server 2012 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS21-05', kb:'5003208', report);\n }\n else if(os == \"6.1\")\n {\n report += ' - KB5003233 : Windows 7 / Server 2008 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS21-05', kb:'5003233', report);\n }\n else if(os == \"6.0\")\n {\n report += ' - KB5003210 : Windows Server 2008 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS21-05', kb:'5003210', report);\n }\n\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n\n var port = kb_smb_transport();\n\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:19:22", "description": "The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2020-1567)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-08-11T00:00:00", "type": "nessus", "title": "Security Updates for Internet Explorer (August 2020)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1380", "CVE-2020-1567", "CVE-2020-1570"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_AUG_INTERNET_EXPLORER.NASL", "href": "https://www.tenable.com/plugins/nessus/139498", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139498);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-1380\", \"CVE-2020-1567\", \"CVE-2020-1570\");\n script_xref(name:\"MSKB\", value:\"4571729\");\n script_xref(name:\"MSKB\", value:\"4571687\");\n script_xref(name:\"MSKB\", value:\"4571703\");\n script_xref(name:\"MSKB\", value:\"4571730\");\n script_xref(name:\"MSFT\", value:\"MS20-4571729\");\n script_xref(name:\"MSFT\", value:\"MS20-4571687\");\n script_xref(name:\"MSFT\", value:\"MS20-4571703\");\n script_xref(name:\"MSFT\", value:\"MS20-4571730\");\n script_xref(name:\"IAVA\", value:\"2020-A-0375-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n\n script_name(english:\"Security Updates for Internet Explorer (August 2020)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Internet Explorer installation on the remote host is\nmissing security updates. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4571729/windows-7-update\");\n # https://support.microsoft.com/en-us/help/4571687/cumulative-security-update-for-internet-explorer\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fc565208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4571703/windows-8-1-update\");\n # https://support.microsoft.com/en-us/help/4571730/windows-server-2008-update\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?87c93762\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB4571729\n -KB4571687\n -KB4571703\n -KB4571730\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1567\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS20-08';\nkbs = make_list(\n'4571687',\n'4571736',\n'4571730',\n'4571703',\n'4571729'\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nos = get_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 8.1 / Windows Server 2012 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.19780\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4571687\") ||\n\n # Windows Server 2012\n# Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.19780\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4571687\") ||\n \n # Windows 7 / Server 2008 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"11.0.9600.19780\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4571687\") ||\n\n # Windows Server 2008\n # Internet Explorer 9\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"9.0.8112.21475\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4571687\")\n)\n{\n report = '\\nNote: The fix for this issue is available in either of the following updates:\\n';\n report += ' - KB4571687 : Cumulative Security Update for Internet Explorer\\n';\n if(os == \"6.3\")\n {\n report += ' - KB4571703 : Windows 8.1 / Server 2012 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS20-08', kb:'4571703', report);\n }\n else if(os == \"6.2\")\n {\n report += ' - KB4571736 : Windows Server 2012 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS20-08', kb:'4571736', report);\n }\n else if(os == \"6.1\")\n {\n report += ' - KB4571729 : Windows 7 / Server 2008 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS20-08', kb:'4571729', report);\n }\n else if(os == \"6.0\")\n {\n report += ' - KB4571730 : Windows Server 2008 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS20-08', kb:'4571730', report);\n }\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:45:52", "description": "The remote Windows host is missing security update 5000856 or cumulative update 5000844. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26877, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895, CVE-2021-26897)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26872, CVE-2021-26873, CVE-2021-26875, CVE-2021-26878, CVE-2021-26882, CVE-2021-26898, CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26896, CVE-2021-27063)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "KB5000856: Windows Server 2008 March 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-24107", "CVE-2021-26411", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26875", "CVE-2021-26877", "CVE-2021-26878", "CVE-2021-26882", "CVE-2021-26893", "CVE-2021-26894", "CVE-2021-26895", "CVE-2021-26896", "CVE-2021-26897", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26901", "CVE-2021-27063", "CVE-2021-27077"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_MAR_5000844.NASL", "href": "https://www.tenable.com/plugins/nessus/147217", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147217);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2021-1640\",\n \"CVE-2021-24107\",\n \"CVE-2021-26411\",\n \"CVE-2021-26861\",\n \"CVE-2021-26862\",\n \"CVE-2021-26872\",\n \"CVE-2021-26873\",\n \"CVE-2021-26875\",\n \"CVE-2021-26877\",\n \"CVE-2021-26878\",\n \"CVE-2021-26882\",\n \"CVE-2021-26893\",\n \"CVE-2021-26894\",\n \"CVE-2021-26895\",\n \"CVE-2021-26896\",\n \"CVE-2021-26897\",\n \"CVE-2021-26898\",\n \"CVE-2021-26899\",\n \"CVE-2021-26901\",\n \"CVE-2021-27063\",\n \"CVE-2021-27077\"\n );\n script_xref(name:\"MSKB\", value:\"5000844\");\n script_xref(name:\"MSKB\", value:\"5000856\");\n script_xref(name:\"MSFT\", value:\"MS21-5000844\");\n script_xref(name:\"MSFT\", value:\"MS21-5000856\");\n script_xref(name:\"IAVA\", value:\"2021-A-0130-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0134-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0131-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0015\");\n\n script_name(english:\"KB5000856: Windows Server 2008 March 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5000856\nor cumulative update 5000844. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26861,\n CVE-2021-26877, CVE-2021-26893, CVE-2021-26894,\n CVE-2021-26895, CVE-2021-26897)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26872,\n CVE-2021-26873, CVE-2021-26875, CVE-2021-26878,\n CVE-2021-26882, CVE-2021-26898, CVE-2021-26899,\n CVE-2021-26901, CVE-2021-27077)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-24107)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-26896,\n CVE-2021-27063)\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000844-monthly-rollup-d90d0eb1-6319-4a7e-97f6-68fbd306fd5a\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?177a5bc6\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000856-security-only-update-7a0eb0b9-7f1c-44e5-ba3f-4f6e5e92b33e\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?22792d68\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5000856 or Cumulative Update KB5000844.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26897\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-03';\nkbs = make_list(\n '5000844',\n '5000856'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.0', \n sp:2,\n rollup_date:'03_2021',\n bulletin:bulletin,\n rollup_kb_list:[5000844, 5000856])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-04T14:40:35", "description": "The remote Windows host is missing security update 5000807.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26866, CVE-2021-26868, CVE-2021-26871, CVE-2021-26872, CVE-2021-26873, CVE-2021-26875, CVE-2021-26878, CVE-2021-26882, CVE-2021-26885, CVE-2021-26898, CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107, CVE-2021-26869, CVE-2021-26884)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26879, CVE-2021-26886)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26881)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "KB5000807: Windows 10 March 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-24107", "CVE-2021-26411", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26866", "CVE-2021-26868", "CVE-2021-26869", "CVE-2021-26871", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26875", "CVE-2021-26878", "CVE-2021-26879", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26884", "CVE-2021-26885", "CVE-2021-26886", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26901", "CVE-2021-27077"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_MAR_5000807.NASL", "href": "https://www.tenable.com/plugins/nessus/147230", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147230);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2021-1640\",\n \"CVE-2021-24107\",\n \"CVE-2021-26411\",\n \"CVE-2021-26861\",\n \"CVE-2021-26862\",\n \"CVE-2021-26866\",\n \"CVE-2021-26868\",\n \"CVE-2021-26869\",\n \"CVE-2021-26871\",\n \"CVE-2021-26872\",\n \"CVE-2021-26873\",\n \"CVE-2021-26875\",\n \"CVE-2021-26878\",\n \"CVE-2021-26879\",\n \"CVE-2021-26881\",\n \"CVE-2021-26882\",\n \"CVE-2021-26884\",\n \"CVE-2021-26885\",\n \"CVE-2021-26886\",\n \"CVE-2021-26898\",\n \"CVE-2021-26899\",\n \"CVE-2021-26901\",\n \"CVE-2021-27077\"\n );\n script_xref(name:\"MSKB\", value:\"5000807\");\n script_xref(name:\"MSFT\", value:\"MS21-5000807\");\n script_xref(name:\"IAVA\", value:\"2021-A-0129-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0130-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0134-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0131-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0015\");\n\n script_name(english:\"KB5000807: Windows 10 March 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5000807.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26866,\n CVE-2021-26868, CVE-2021-26871, CVE-2021-26872,\n CVE-2021-26873, CVE-2021-26875, CVE-2021-26878,\n CVE-2021-26882, CVE-2021-26885, CVE-2021-26898,\n CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-24107, CVE-2021-26869,\n CVE-2021-26884)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-26879,\n CVE-2021-26886)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26861,\n CVE-2021-26881)\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000807-os-build-10240-18874-09c57376-4108-4d34-bc89-3d4baec37ade\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dcda9069\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5000807.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26901\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-26881\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-03';\nkbs = make_list(\n '5000807'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'10240',\n rollup_date:'03_2021',\n bulletin:bulletin,\n rollup_kb_list:[5000807])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:44:31", "description": "The remote Windows host is missing security update 5000851 or cumulative update 5000841. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26877, CVE-2021-26881, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895, CVE-2021-26897)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107, CVE-2021-26869)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26872, CVE-2021-26873, CVE-2021-26875, CVE-2021-26878, CVE-2021-26882, CVE-2021-26898, CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26896, CVE-2021-27063)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "KB5000851: Windows 7 and Windows Server 2008 R2 March 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-24107", "CVE-2021-26411", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26869", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26875", "CVE-2021-26877", "CVE-2021-26878", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26893", "CVE-2021-26894", "CVE-2021-26895", "CVE-2021-26896", "CVE-2021-26897", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26901", "CVE-2021-27063", "CVE-2021-27077"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_MAR_5000841.NASL", "href": "https://www.tenable.com/plugins/nessus/147231", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147231);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2021-1640\",\n \"CVE-2021-24107\",\n \"CVE-2021-26411\",\n \"CVE-2021-26861\",\n \"CVE-2021-26862\",\n \"CVE-2021-26869\",\n \"CVE-2021-26872\",\n \"CVE-2021-26873\",\n \"CVE-2021-26875\",\n \"CVE-2021-26877\",\n \"CVE-2021-26878\",\n \"CVE-2021-26881\",\n \"CVE-2021-26882\",\n \"CVE-2021-26893\",\n \"CVE-2021-26894\",\n \"CVE-2021-26895\",\n \"CVE-2021-26896\",\n \"CVE-2021-26897\",\n \"CVE-2021-26898\",\n \"CVE-2021-26899\",\n \"CVE-2021-26901\",\n \"CVE-2021-27063\",\n \"CVE-2021-27077\"\n );\n script_xref(name:\"MSKB\", value:\"5000841\");\n script_xref(name:\"MSKB\", value:\"5000851\");\n script_xref(name:\"MSFT\", value:\"MS21-5000841\");\n script_xref(name:\"MSFT\", value:\"MS21-5000851\");\n script_xref(name:\"IAVA\", value:\"2021-A-0130-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0134-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0015\");\n\n script_name(english:\"KB5000851: Windows 7 and Windows Server 2008 R2 March 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5000851\nor cumulative update 5000841. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26861,\n CVE-2021-26877, CVE-2021-26881, CVE-2021-26893,\n CVE-2021-26894, CVE-2021-26895, CVE-2021-26897)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-24107, CVE-2021-26869)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26872,\n CVE-2021-26873, CVE-2021-26875, CVE-2021-26878,\n CVE-2021-26882, CVE-2021-26898, CVE-2021-26899,\n CVE-2021-26901, CVE-2021-27077)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-26896,\n CVE-2021-27063)\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000851-security-only-update-9e198918-a6d6-46d3-8cfb-bd2b1e2ecb99\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7cce9359\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000841-monthly-rollup-3a2cced1-f436-40c3-a8a1-645f86759088\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8c5851d4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5000851 or Cumulative Update KB5000841.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26897\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-03';\nkbs = make_list(\n '5000841',\n '5000851'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.1', \n sp:1,\n rollup_date:'03_2021',\n bulletin:bulletin,\n rollup_kb_list:[5000841, 5000851])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-04T14:40:14", "description": "The remote Windows host is missing security update 5000840 or cumulative update 5000847. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26877, CVE-2021-26881, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895, CVE-2021-26897)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107, CVE-2021-26869, CVE-2021-26884)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26886, CVE-2021-26896, CVE-2021-27063)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26868, CVE-2021-26872, CVE-2021-26873, CVE-2021-26875, CVE-2021-26878, CVE-2021-26882, CVE-2021-26898, CVE-2021-26899, CVE-2021-26901)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "KB5000840: Windows Server 2012 March 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-24107", "CVE-2021-26411", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26868", "CVE-2021-26869", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26875", "CVE-2021-26877", "CVE-2021-26878", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26884", "CVE-2021-26886", "CVE-2021-26893", "CVE-2021-26894", "CVE-2021-26895", "CVE-2021-26896", "CVE-2021-26897", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26901", "CVE-2021-27063"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_MAR_5000847.NASL", "href": "https://www.tenable.com/plugins/nessus/147221", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147221);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2021-1640\",\n \"CVE-2021-24107\",\n \"CVE-2021-26411\",\n \"CVE-2021-26861\",\n \"CVE-2021-26862\",\n \"CVE-2021-26868\",\n \"CVE-2021-26869\",\n \"CVE-2021-26872\",\n \"CVE-2021-26873\",\n \"CVE-2021-26875\",\n \"CVE-2021-26877\",\n \"CVE-2021-26878\",\n \"CVE-2021-26881\",\n \"CVE-2021-26882\",\n \"CVE-2021-26884\",\n \"CVE-2021-26886\",\n \"CVE-2021-26893\",\n \"CVE-2021-26894\",\n \"CVE-2021-26895\",\n \"CVE-2021-26896\",\n \"CVE-2021-26897\",\n \"CVE-2021-26898\",\n \"CVE-2021-26899\",\n \"CVE-2021-26901\",\n \"CVE-2021-27063\"\n );\n script_xref(name:\"MSKB\", value:\"5000847\");\n script_xref(name:\"MSKB\", value:\"5000840\");\n script_xref(name:\"MSFT\", value:\"MS21-5000847\");\n script_xref(name:\"MSFT\", value:\"MS21-5000840\");\n script_xref(name:\"IAVA\", value:\"2021-A-0130-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0134-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0015\");\n\n script_name(english:\"KB5000840: Windows Server 2012 March 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5000840\nor cumulative update 5000847. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26861,\n CVE-2021-26877, CVE-2021-26881, CVE-2021-26893,\n CVE-2021-26894, CVE-2021-26895, CVE-2021-26897)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-24107, CVE-2021-26869,\n CVE-2021-26884)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-26886,\n CVE-2021-26896, CVE-2021-27063)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26868,\n CVE-2021-26872, CVE-2021-26873, CVE-2021-26875,\n CVE-2021-26878, CVE-2021-26882, CVE-2021-26898,\n CVE-2021-26899, CVE-2021-26901)\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000847-monthly-rollup-8afa2933-e9da-4481-a0bc-18deb314974e\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?df958afd\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000840-security-only-update-a5261347-8a42-4727-a544-bd66fb3d4d70\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2561ac2c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5000840 or Cumulative Update KB5000847.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26897\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-03';\nkbs = make_list(\n '5000847',\n '5000840'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.2', \n sp:0,\n rollup_date:'03_2021',\n bulletin:bulletin,\n rollup_kb_list:[5000847, 5000840])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-04T14:39:31", "description": "The remote Windows host is missing security update 5000853 or cumulative update 5000848. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26877, CVE-2021-26881, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895, CVE-2021-26897)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26868, CVE-2021-26872, CVE-2021-26873, CVE-2021-26875, CVE-2021-26878, CVE-2021-26882, CVE-2021-26898, CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26879, CVE-2021-26886, CVE-2021-26896, CVE-2021-27063)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107, CVE-2021-26869, CVE-2021-26884)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26411)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "KB5000853: Windows 8.1 and Windows Server 2012 R2 March 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-24107", "CVE-2021-26411", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26868", "CVE-2021-26869", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26875", "CVE-2021-26877", "CVE-2021-26878", "CVE-2021-26879", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26884", "CVE-2021-26886", "CVE-2021-26893", "CVE-2021-26894", "CVE-2021-26895", "CVE-2021-26896", "CVE-2021-26897", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26901", "CVE-2021-27063", "CVE-2021-27077"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_MAR_5000848.NASL", "href": "https://www.tenable.com/plugins/nessus/147229", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147229);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2021-1640\",\n \"CVE-2021-24107\",\n \"CVE-2021-26411\",\n \"CVE-2021-26861\",\n \"CVE-2021-26862\",\n \"CVE-2021-26868\",\n \"CVE-2021-26869\",\n \"CVE-2021-26872\",\n \"CVE-2021-26873\",\n \"CVE-2021-26875\",\n \"CVE-2021-26877\",\n \"CVE-2021-26878\",\n \"CVE-2021-26879\",\n \"CVE-2021-26881\",\n \"CVE-2021-26882\",\n \"CVE-2021-26884\",\n \"CVE-2021-26886\",\n \"CVE-2021-26893\",\n \"CVE-2021-26894\",\n \"CVE-2021-26895\",\n \"CVE-2021-26896\",\n \"CVE-2021-26897\",\n \"CVE-2021-26898\",\n \"CVE-2021-26899\",\n \"CVE-2021-26901\",\n \"CVE-2021-27063\",\n \"CVE-2021-27077\"\n );\n script_xref(name:\"MSKB\", value:\"5000848\");\n script_xref(name:\"MSKB\", value:\"5000853\");\n script_xref(name:\"MSFT\", value:\"MS21-5000848\");\n script_xref(name:\"MSFT\", value:\"MS21-5000853\");\n script_xref(name:\"IAVA\", value:\"2021-A-0130-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0134-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0015\");\n\n script_name(english:\"KB5000853: Windows 8.1 and Windows Server 2012 R2 March 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5000853\nor cumulative update 5000848. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26861,\n CVE-2021-26877, CVE-2021-26881, CVE-2021-26893,\n CVE-2021-26894, CVE-2021-26895, CVE-2021-26897)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26868,\n CVE-2021-26872, CVE-2021-26873, CVE-2021-26875,\n CVE-2021-26878, CVE-2021-26882, CVE-2021-26898,\n CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-26879,\n CVE-2021-26886, CVE-2021-26896, CVE-2021-27063)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-24107, CVE-2021-26869,\n CVE-2021-26884)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26411)\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000853-security-only-update-8dac9fb9-dbc9-4484-8e56-df5492d20808\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?be16b68e\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000848-monthly-rollup-52f23db9-e1b0-4829-81b9-198fc82891a3\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5ff1e9b3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5000853 or Cumulative Update KB5000848.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26897\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-03';\nkbs = make_list(\n '5000848',\n '5000853'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.3', \n sp:0,\n rollup_date:'03_2021',\n bulletin:bulletin,\n rollup_kb_list:[5000848, 5000853])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-04T14:40:17", "description": "The remote Windows host is missing security update 5000803.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107, CVE-2021-26869, CVE-2021-26884)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26864, CVE-2021-26865, CVE-2021-26866, CVE-2021-26868, CVE-2021-26872, CVE-2021-26873, CVE-2021-26875, CVE-2021-26878, CVE-2021-26880, CVE-2021-26882, CVE-2021-26891, CVE-2021-26898, CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26877, CVE-2021-26881, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895, CVE-2021-26897)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26879, CVE-2021-26886, CVE-2021-26896, CVE-2021-27063)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2021-26892)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "KB5000803: Windows Security Update (March 2021)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-24107", "CVE-2021-26411", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26864", "CVE-2021-26865", "CVE-2021-26866", "CVE-2021-26868", "CVE-2021-26869", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26875", "CVE-2021-26877", "CVE-2021-26878", "CVE-2021-26879", "CVE-2021-26880", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26884", "CVE-2021-26886", "CVE-2021-26891", "CVE-2021-26892", "CVE-2021-26893", "CVE-2021-26894", "CVE-2021-26895", "CVE-2021-26896", "CVE-2021-26897", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26901", "CVE-2021-27063", "CVE-2021-27077"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_MAR_5000803.NASL", "href": "https://www.tenable.com/plugins/nessus/147222", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147222);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2021-1640\",\n \"CVE-2021-24107\",\n \"CVE-2021-26411\",\n \"CVE-2021-26861\",\n \"CVE-2021-26862\",\n \"CVE-2021-26864\",\n \"CVE-2021-26865\",\n \"CVE-2021-26866\",\n \"CVE-2021-26868\",\n \"CVE-2021-26869\",\n \"CVE-2021-26872\",\n \"CVE-2021-26873\",\n \"CVE-2021-26875\",\n \"CVE-2021-26877\",\n \"CVE-2021-26878\",\n \"CVE-2021-26879\",\n \"CVE-2021-26880\",\n \"CVE-2021-26881\",\n \"CVE-2021-26882\",\n \"CVE-2021-26884\",\n \"CVE-2021-26886\",\n \"CVE-2021-26891\",\n \"CVE-2021-26892\",\n \"CVE-2021-26893\",\n \"CVE-2021-26894\",\n \"CVE-2021-26895\",\n \"CVE-2021-26896\",\n \"CVE-2021-26897\",\n \"CVE-2021-26898\",\n \"CVE-2021-26899\",\n \"CVE-2021-26901\",\n \"CVE-2021-27063\",\n \"CVE-2021-27077\"\n );\n script_xref(name:\"MSKB\", value:\"5000803\");\n script_xref(name:\"MSFT\", value:\"MS21-5000803\");\n script_xref(name:\"IAVA\", value:\"2021-A-0129-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0130-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0134-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0131-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0015\");\n\n script_name(english:\"KB5000803: Windows Security Update (March 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5000803.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-24107, CVE-2021-26869,\n CVE-2021-26884)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26864,\n CVE-2021-26865, CVE-2021-26866, CVE-2021-26868,\n CVE-2021-26872, CVE-2021-26873, CVE-2021-26875,\n CVE-2021-26878, CVE-2021-26880, CVE-2021-26882,\n CVE-2021-26891, CVE-2021-26898, CVE-2021-26899,\n CVE-2021-26901, CVE-2021-27077)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26861,\n CVE-2021-26877, CVE-2021-26881, CVE-2021-26893,\n CVE-2021-26894, CVE-2021-26895, CVE-2021-26897)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-26879,\n CVE-2021-26886, CVE-2021-26896, CVE-2021-27063)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2021-26892)\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000803-os-build-14393-4283-711d10dd-adcb-490b-a640-aaa25009cfed\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?41f8ea83\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5000803.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26897\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-03';\nkbs = make_list(\n '5000803'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'14393',\n rollup_date:'03_2021',\n bulletin:bulletin,\n rollup_kb_list:[5000803])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-04T14:40:14", "description": "The remote Windows host is missing security update 5000809.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107, CVE-2021-26869, CVE-2021-26884)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26879, CVE-2021-26886)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-1729, CVE-2021-24095, CVE-2021-26862, CVE-2021-26863, CVE-2021-26866, CVE-2021-26868, CVE-2021-26870, CVE-2021-26871, CVE-2021-26872, CVE-2021-26873, CVE-2021-26875, CVE-2021-26878, CVE-2021-26880, CVE-2021-26882, CVE-2021-26885, CVE-2021-26889, CVE-2021-26898, CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26876, CVE-2021-26881, CVE-2021-27085)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2021-26892)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "KB5000809: Windows 10 Version 1803 March 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-1729", "CVE-2021-24095", "CVE-2021-24107", "CVE-2021-26411", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26863", "CVE-2021-26866", "CVE-2021-26868", "CVE-2021-26869", "CVE-2021-26870", "CVE-2021-26871", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26875", "CVE-2021-26876", "CVE-2021-26878", "CVE-2021-26879", "CVE-2021-26880", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26884", "CVE-2021-26885", "CVE-2021-26886", "CVE-2021-26889", "CVE-2021-26892", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26901", "CVE-2021-27077", "CVE-2021-27085"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_MAR_5000809.NASL", "href": "https://www.tenable.com/plugins/nessus/147224", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147224);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2021-1640\",\n \"CVE-2021-1729\",\n \"CVE-2021-24095\",\n \"CVE-2021-24107\",\n \"CVE-2021-26411\",\n \"CVE-2021-26861\",\n \"CVE-2021-26862\",\n \"CVE-2021-26863\",\n \"CVE-2021-26866\",\n \"CVE-2021-26868\",\n \"CVE-2021-26869\",\n \"CVE-2021-26870\",\n \"CVE-2021-26871\",\n \"CVE-2021-26872\",\n \"CVE-2021-26873\",\n \"CVE-2021-26875\",\n \"CVE-2021-26876\",\n \"CVE-2021-26878\",\n \"CVE-2021-26879\",\n \"CVE-2021-26880\",\n \"CVE-2021-26881\",\n \"CVE-2021-26882\",\n \"CVE-2021-26884\",\n \"CVE-2021-26885\",\n \"CVE-2021-26886\",\n \"CVE-2021-26889\",\n \"CVE-2021-26892\",\n \"CVE-2021-26898\",\n \"CVE-2021-26899\",\n \"CVE-2021-26901\",\n \"CVE-2021-27077\",\n \"CVE-2021-27085\"\n );\n script_xref(name:\"MSKB\", value:\"5000809\");\n script_xref(name:\"MSFT\", value:\"MS21-5000809\");\n script_xref(name:\"IAVA\", value:\"2021-A-0129-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0130-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0134-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0131-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0015\");\n\n script_name(english:\"KB5000809: Windows 10 Version 1803 March 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5000809.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-24107, CVE-2021-26869,\n CVE-2021-26884)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-26879,\n CVE-2021-26886)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-1729, CVE-2021-24095,\n CVE-2021-26862, CVE-2021-26863, CVE-2021-26866,\n CVE-2021-26868, CVE-2021-26870, CVE-2021-26871,\n CVE-2021-26872, CVE-2021-26873, CVE-2021-26875,\n CVE-2021-26878, CVE-2021-26880, CVE-2021-26882,\n CVE-2021-26885, CVE-2021-26889, CVE-2021-26898,\n CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26861,\n CVE-2021-26876, CVE-2021-26881, CVE-2021-27085)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2021-26892)\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000809-os-build-17134-2087-2601a686-8e12-449d-913c-a63a9b73e2eb\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4ef7d4b2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5000809.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27085\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-26881\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-03';\nkbs = make_list(\n '5000809'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'17134',\n rollup_date:'03_2021',\n bulletin:bulletin,\n rollup_kb_list:[5000809])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-04T14:39:51", "description": "The remote Windows host is missing security update 5000802.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-1729, CVE-2021-24090, CVE-2021-24095, CVE-2021-26860, CVE-2021-26862, CVE-2021-26863, CVE-2021-26864, CVE-2021-26865, CVE-2021-26866, CVE-2021-26868, CVE-2021-26870, CVE-2021-26871, CVE-2021-26872, CVE-2021-26873, CVE-2021-26874, CVE-2021-26875, CVE-2021-26878, CVE-2021-26880, CVE-2021-26882, CVE-2021-26885, CVE-2021-26889, CVE-2021-26891, CVE-2021-26898, CVE-2021-26899, CVE-2021-26900, CVE-2021-26901, CVE-2021-27070, CVE-2021-27077)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107, CVE-2021-26869, CVE-2021-26884)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26867, CVE-2021-26876, CVE-2021-26881, CVE-2021-26890, CVE-2021-27085)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26879, CVE-2021-26886)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2021-26892)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "KB5000802: Windows Security Update (March 2021)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-1729", "CVE-2021-24090", "CVE-2021-24095", "CVE-2021-24107", "CVE-2021-26411", "CVE-2021-26860", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26863", "CVE-2021-26864", "CVE-2021-26865", "CVE-2021-26866", "CVE-2021-26867", "CVE-2021-26868", "CVE-2021-26869", "CVE-2021-26870", "CVE-2021-26871", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26874", "CVE-2021-26875", "CVE-2021-26876", "CVE-2021-26878", "CVE-2021-26879", "CVE-2021-26880", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26884", "CVE-2021-26885", "CVE-2021-26886", "CVE-2021-26889", "CVE-2021-26890", "CVE-2021-26891", "CVE-2021-26892", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26900", "CVE-2021-26901", "CVE-2021-27070", "CVE-2021-27077", "CVE-2021-27085"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_MAR_5000802.NASL", "href": "https://www.tenable.com/plugins/nessus/147226", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147226);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2021-1640\",\n \"CVE-2021-1729\",\n \"CVE-2021-24090\",\n \"CVE-2021-24095\",\n \"CVE-2021-24107\",\n \"CVE-2021-26411\",\n \"CVE-2021-26860\",\n \"CVE-2021-26861\",\n \"CVE-2021-26862\",\n \"CVE-2021-26863\",\n \"CVE-2021-26864\",\n \"CVE-2021-26865\",\n \"CVE-2021-26866\",\n \"CVE-2021-26867\",\n \"CVE-2021-26868\",\n \"CVE-2021-26869\",\n \"CVE-2021-26870\",\n \"CVE-2021-26871\",\n \"CVE-2021-26872\",\n \"CVE-2021-26873\",\n \"CVE-2021-26874\",\n \"CVE-2021-26875\",\n \"CVE-2021-26876\",\n \"CVE-2021-26878\",\n \"CVE-2021-26879\",\n \"CVE-2021-26880\",\n \"CVE-2021-26881\",\n \"CVE-2021-26882\",\n \"CVE-2021-26884\",\n \"CVE-2021-26885\",\n \"CVE-2021-26886\",\n \"CVE-2021-26889\",\n \"CVE-2021-26890\",\n \"CVE-2021-26891\",\n \"CVE-2021-26892\",\n \"CVE-2021-26898\",\n \"CVE-2021-26899\",\n \"CVE-2021-26900\",\n \"CVE-2021-26901\",\n \"CVE-2021-27070\",\n \"CVE-2021-27077\",\n \"CVE-2021-27085\"\n );\n script_xref(name:\"MSKB\", value:\"5000802\");\n script_xref(name:\"MSFT\", value:\"MS21-5000802\");\n script_xref(name:\"IAVA\", value:\"2021-A-0129-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0130-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0134-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0131-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0015\");\n\n script_name(english:\"KB5000802: Windows Security Update (March 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5000802.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-1729, CVE-2021-24090,\n CVE-2021-24095, CVE-2021-26860, CVE-2021-26862,\n CVE-2021-26863, CVE-2021-26864, CVE-2021-26865,\n CVE-2021-26866, CVE-2021-26868, CVE-2021-26870,\n CVE-2021-26871, CVE-2021-26872, CVE-2021-26873,\n CVE-2021-26874, CVE-2021-26875, CVE-2021-26878,\n CVE-2021-26880, CVE-2021-26882, CVE-2021-26885,\n CVE-2021-26889, CVE-2021-26891, CVE-2021-26898,\n CVE-2021-26899, CVE-2021-26900, CVE-2021-26901,\n CVE-2021-27070, CVE-2021-27077)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-24107, CVE-2021-26869,\n CVE-2021-26884)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26861,\n CVE-2021-26867, CVE-2021-26876, CVE-2021-26881,\n CVE-2021-26890, CVE-2021-27085)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-26879,\n CVE-2021-26886)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2021-26892)\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000802-os-builds-19041-867-and-19042-867-63552d64-fe44-4132-8813-ef56d3626e14\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8437e591\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5000802.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27070\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-26881\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-03';\nkbs = make_list(\n '5000802'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'19041',\n rollup_date:'03_2021',\n bulletin:bulletin,\n rollup_kb_list:[5000802])\n|| \n smb_check_rollup(os:'10',\n sp:0,\n os_build:'19042',\n rollup_date:'03_2021',\n bulletin:bulletin,\n rollup_kb_list:[5000802])\n\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-04T14:39:51", "description": "The remote Windows host is missing security update 5000808.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-1729, CVE-2021-24090, CVE-2021-24095, CVE-2021-26860, CVE-2021-26862, CVE-2021-26863, CVE-2021-26864, CVE-2021-26865, CVE-2021-26866, CVE-2021-26868, CVE-2021-26870, CVE-2021-26871, CVE-2021-26872, CVE-2021-26873, CVE-2021-26874, CVE-2021-26875, CVE-2021-26878, CVE-2021-26880, CVE-2021-26882, CVE-2021-26885, CVE-2021-26889, CVE-2021-26891, CVE-2021-26898, CVE-2021-26899, CVE-2021-26900, CVE-2021-26901, CVE-2021-27077)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107, CVE-2021-26869, CVE-2021-26884)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26867, CVE-2021-26876, CVE-2021-26881, CVE-2021-26890, CVE-2021-27085)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26879, CVE-2021-26886)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2021-26892)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "KB5000808: Windows 10 Version 1909 March 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-1729", "CVE-2021-24090", "CVE-2021-24095", "CVE-2021-24107", "CVE-2021-26411", "CVE-2021-26860", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26863", "CVE-2021-26864", "CVE-2021-26865", "CVE-2021-26866", "CVE-2021-26867", "CVE-2021-26868", "CVE-2021-26869", "CVE-2021-26870", "CVE-2021-26871", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26874", "CVE-2021-26875", "CVE-2021-26876", "CVE-2021-26878", "CVE-2021-26879", "CVE-2021-26880", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26884", "CVE-2021-26885", "CVE-2021-26886", "CVE-2021-26889", "CVE-2021-26890", "CVE-2021-26891", "CVE-2021-26892", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26900", "CVE-2021-26901", "CVE-2021-27077", "CVE-2021-27085"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_MAR_5000808.NASL", "href": "https://www.tenable.com/plugins/nessus/147220", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147220);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2021-1640\",\n \"CVE-2021-1729\",\n \"CVE-2021-24090\",\n \"CVE-2021-24095\",\n \"CVE-2021-24107\",\n \"CVE-2021-26411\",\n \"CVE-2021-26860\",\n \"CVE-2021-26861\",\n \"CVE-2021-26862\",\n \"CVE-2021-26863\",\n \"CVE-2021-26864\",\n \"CVE-2021-26865\",\n \"CVE-2021-26866\",\n \"CVE-2021-26867\",\n \"CVE-2021-26868\",\n \"CVE-2021-26869\",\n \"CVE-2021-26870\",\n \"CVE-2021-26871\",\n \"CVE-2021-26872\",\n \"CVE-2021-26873\",\n \"CVE-2021-26874\",\n \"CVE-2021-26875\",\n \"CVE-2021-26876\",\n \"CVE-2021-26878\",\n \"CVE-2021-26879\",\n \"CVE-2021-26880\",\n \"CVE-2021-26881\",\n \"CVE-2021-26882\",\n \"CVE-2021-26884\",\n \"CVE-2021-26885\",\n \"CVE-2021-26886\",\n \"CVE-2021-26889\",\n \"CVE-2021-26890\",\n \"CVE-2021-26891\",\n \"CVE-2021-26892\",\n \"CVE-2021-26898\",\n \"CVE-2021-26899\",\n \"CVE-2021-26900\",\n \"CVE-2021-26901\",\n \"CVE-2021-27077\",\n \"CVE-2021-27085\"\n );\n script_xref(name:\"MSKB\", value:\"5000808\");\n script_xref(name:\"MSFT\", value:\"MS21-5000808\");\n script_xref(name:\"IAVA\", value:\"2021-A-0129-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0130-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0134-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0131-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0015\");\n\n script_name(english:\"KB5000808: Windows 10 Version 1909 March 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5000808.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-1729, CVE-2021-24090,\n CVE-2021-24095, CVE-2021-26860, CVE-2021-26862,\n CVE-2021-26863, CVE-2021-26864, CVE-2021-26865,\n CVE-2021-26866, CVE-2021-26868, CVE-2021-26870,\n CVE-2021-26871, CVE-2021-26872, CVE-2021-26873,\n CVE-2021-26874, CVE-2021-26875, CVE-2021-26878,\n CVE-2021-26880, CVE-2021-26882, CVE-2021-26885,\n CVE-2021-26889, CVE-2021-26891, CVE-2021-26898,\n CVE-2021-26899, CVE-2021-26900, CVE-2021-26901,\n CVE-2021-27077)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-24107, CVE-2021-26869,\n CVE-2021-26884)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26861,\n CVE-2021-26867, CVE-2021-26876, CVE-2021-26881,\n CVE-2021-26890, CVE-2021-27085)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-26879,\n CVE-2021-26886)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2021-26892)\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000808-os-build-18363-1440-6989940a-252d-48f3-a2a7-a42bf19fa2c8\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c8c6d108\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5000808.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-24090\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-26881\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-03';\nkbs = make_list(\n '5000808'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'18363',\n rollup_date:'03_2021',\n bulletin:bulletin,\n rollup_kb_list:[5000808])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-04T14:40:16", "description": "The remote Windows host is missing security update 5000822.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-1729, CVE-2021-24095, CVE-2021-26860, CVE-2021-26862, CVE-2021-26863, CVE-2021-26864, CVE-2021-26865, CVE-2021-26866, CVE-2021-26868, CVE-2021-26870, CVE-2021-26872, CVE-2021-26873, CVE-2021-26874, CVE-2021-26875, CVE-2021-26878, CVE-2021-26880, CVE-2021-26882, CVE-2021-26889, CVE-2021-26891, CVE-2021-26898, CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107, CVE-2021-26869, CVE-2021-26884)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26876, CVE-2021-26877, CVE-2021-26881, CVE-2021-26890, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895, CVE-2021-26897, CVE-2021-27085)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26879, CVE-2021-26886, CVE-2021-26896, CVE-2021-27063)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2021-26892)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "KB5000822: Windows 10 Version 1809 and Windows Server 2019 March 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-1729", "CVE-2021-24095", "CVE-2021-24107", "CVE-2021-26411", "CVE-2021-26860", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26863", "CVE-2021-26864", "CVE-2021-26865", "CVE-2021-26866", "CVE-2021-26868", "CVE-2021-26869", "CVE-2021-26870", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26874", "CVE-2021-26875", "CVE-2021-26876", "CVE-2021-26877", "CVE-2021-26878", "CVE-2021-26879", "CVE-2021-26880", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26884", "CVE-2021-26886", "CVE-2021-26889", "CVE-2021-26890", "CVE-2021-26891", "CVE-2021-26892", "CVE-2021-26893", "CVE-2021-26894", "CVE-2021-26895", "CVE-2021-26896", "CVE-2021-26897", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26901", "CVE-2021-27063", "CVE-2021-27077", "CVE-2021-27085"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_MAR_5000822.NASL", "href": "https://www.tenable.com/plugins/nessus/147223", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147223);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2021-1640\",\n \"CVE-2021-1729\",\n \"CVE-2021-24095\",\n \"CVE-2021-24107\",\n \"CVE-2021-26411\",\n \"CVE-2021-26860\",\n \"CVE-2021-26861\",\n \"CVE-2021-26862\",\n \"CVE-2021-26863\",\n \"CVE-2021-26864\",\n \"CVE-2021-26865\",\n \"CVE-2021-26866\",\n \"CVE-2021-26868\",\n \"CVE-2021-26869\",\n \"CVE-2021-26870\",\n \"CVE-2021-26872\",\n \"CVE-2021-26873\",\n \"CVE-2021-26874\",\n \"CVE-2021-26875\",\n \"CVE-2021-26876\",\n \"CVE-2021-26877\",\n \"CVE-2021-26878\",\n \"CVE-2021-26879\",\n \"CVE-2021-26880\",\n \"CVE-2021-26881\",\n \"CVE-2021-26882\",\n \"CVE-2021-26884\",\n \"CVE-2021-26886\",\n \"CVE-2021-26889\",\n \"CVE-2021-26890\",\n \"CVE-2021-26891\",\n \"CVE-2021-26892\",\n \"CVE-2021-26893\",\n \"CVE-2021-26894\",\n \"CVE-2021-26895\",\n \"CVE-2021-26896\",\n \"CVE-2021-26897\",\n \"CVE-2021-26898\",\n \"CVE-2021-26899\",\n \"CVE-2021-26901\",\n \"CVE-2021-27063\",\n \"CVE-2021-27077\",\n \"CVE-2021-27085\"\n );\n script_xref(name:\"MSKB\", value:\"5000822\");\n script_xref(name:\"MSFT\", value:\"MS21-5000822\");\n script_xref(name:\"IAVA\", value:\"2021-A-0129-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0130-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0134-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0131-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0015\");\n\n script_name(english:\"KB5000822: Windows 10 Version 1809 and Windows Server 2019 March 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5000822.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-1729, CVE-2021-24095,\n CVE-2021-26860, CVE-2021-26862, CVE-2021-26863,\n CVE-2021-26864, CVE-2021-26865, CVE-2021-26866,\n CVE-2021-26868, CVE-2021-26870, CVE-2021-26872,\n CVE-2021-26873, CVE-2021-26874, CVE-2021-26875,\n CVE-2021-26878, CVE-2021-26880, CVE-2021-26882,\n CVE-2021-26889, CVE-2021-26891, CVE-2021-26898,\n CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-24107, CVE-2021-26869,\n CVE-2021-26884)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26861,\n CVE-2021-26876, CVE-2021-26877, CVE-2021-26881,\n CVE-2021-26890, CVE-2021-26893, CVE-2021-26894,\n CVE-2021-26895, CVE-2021-26897, CVE-2021-27085)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-26879,\n CVE-2021-26886, CVE-2021-26896, CVE-2021-27063)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2021-26892)\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000822-os-build-17763-1817-2eb6197f-e3b1-4f42-ab51-84345e063564\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1b432623\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5000822.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26897\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nvar bulletin = 'MS21-03';\nvar kbs = make_list(\n '5000822'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nvar share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'17763',\n rollup_date:'03_2021',\n bulletin:bulletin,\n rollup_kb_list:[5000822])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-07T14:40:15", "description": "The remote Windows host is missing security update 4571702 or cumulative update 4571736. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system (CVE-2020-1383)\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1486)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RD Gateway service on the target system to stop responding.\n (CVE-2020-1466)\n\n - An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. (CVE-2020-1517, CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the &quot;Public Account Pictures&quot; folder improperly handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. (CVE-2020-1472)\n\n - An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. (CVE-2020-1046)\n\n - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2020-1567)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1529)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. (CVE-2020-1579)\n\n - An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1562)\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-1464)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-08-11T00:00:00", "type": "nessus", "title": "KB4571702: Windows Server 2012 August 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1046", "CVE-2020-1337", "CVE-2020-1339", "CVE-2020-1377", "CVE-2020-1378", "CVE-2020-1379", "CVE-2020-1380", "CVE-2020-1383", "CVE-2020-1464", "CVE-2020-1466", "CVE-2020-1467", "CVE-2020-1472", "CVE-2020-1473", "CVE-2020-1474", "CVE-2020-1475", "CVE-2020-1476", "CVE-2020-1477", "CVE-2020-1478", "CVE-2020-1485", "CVE-2020-1486", "CVE-2020-1488", "CVE-2020-1489", "CVE-2020-1509", "CVE-2020-1513", "CVE-2020-1515", "CVE-2020-1517", "CVE-2020-1518", "CVE-2020-1519", "CVE-2020-1520", "CVE-2020-1529", "CVE-2020-1530", "CVE-2020-1537", "CVE-2020-1538", "CVE-2020-1554", "CVE-2020-1557", "CVE-2020-1558", "CVE-2020-1562", "CVE-2020-1564", "CVE-2020-1565", "CVE-2020-1567", "CVE-2020-1570", "CVE-2020-1577", "CVE-2020-1579", "CVE-2020-1584", "CVE-2020-1587"], "modified": "2023-02-06T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_AUG_4571736.NASL", "href": "https://www.tenable.com/plugins/nessus/139493", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139493);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/06\");\n\n script_cve_id(\n \"CVE-2020-1046\",\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1464\",\n \"CVE-2020-1466\",\n \"CVE-2020-1467\",\n \"CVE-2020-1472\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1475\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1488\",\n \"CVE-2020-1489\",\n \"CVE-2020-1509\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1517\",\n \"CVE-2020-1518\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1529\",\n \"CVE-2020-1530\",\n \"CVE-2020-1537\",\n \"CVE-2020-1538\",\n \"CVE-2020-1554\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1565\",\n \"CVE-2020-1567\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"IAVA\", value:\"0001-A-0647\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"MSKB\", value:\"4571702\");\n script_xref(name:\"MSKB\", value:\"4571736\");\n script_xref(name:\"MSFT\", value:\"MS20-4571702\");\n script_xref(name:\"MSFT\", value:\"MS20-4571736\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n\n script_name(english:\"KB4571702: Windows Server 2012 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4571702\nor cumulative update 4571736. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists in the\n way that the srmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1486)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A denial of service vulnerability exists in Windows\n Remote Desktop Gateway (RD Gateway) when an attacker\n connects to the target system using RDP and sends\n specially crafted requests. An attacker who successfully\n exploited this vulnerability could cause the RD Gateway\n service on the target system to stop responding.\n (CVE-2020-1466)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists when the\n Windows File Server Resource Management Service\n improperly handles memory. (CVE-2020-1517,\n CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n &quot;Public Account Pictures&quot; folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when an\n attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the\n Netlogon Remote Protocol (MS-NRPC). An attacker who\n successfully exploited the vulnerability could run a\n specially crafted application on a device on the\n network. (CVE-2020-1472)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1529)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1562)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\");\n # https://support.microsoft.com/en-us/help/4571736/windows-server-2012-update\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a0551e21\");\n # https://support.microsoft.com/en-us/help/4571702/windows-server-2012-update\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1ece3db7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4571702 or Cumulative Update KB4571736.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-08';\nkbs = make_list(\n '4571736',\n '4571702'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.2', \n sp:0,\n rollup_date:'08_2020',\n bulletin:bulletin,\n rollup_kb_list:[4571736, 4571702])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-08T15:05:37", "description": "The remote Windows host is missing security update 4571719 or cumulative update 4571729. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system (CVE-2020-1383)\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1486)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. (CVE-2020-1517, CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-1534)\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. (CVE-2020-1472)\n\n - An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. (CVE-2020-1046)\n\n - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2020-1567)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1529)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. (CVE-2020-1579)\n\n - An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1562)\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-1464)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-08-11T00:00:00", "type": "nessus", "title": "KB4571719: Windows 7 and Windows Server 2008 R2 August 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1046", "CVE-2020-1337", "CVE-2020-1339", "CVE-2020-1377", "CVE-2020-1378", "CVE-2020-1379", "CVE-2020-1380", "CVE-2020-1383", "CVE-2020-1464", "CVE-2020-1467", "CVE-2020-1470", "CVE-2020-1472", "CVE-2020-1473", "CVE-2020-1474", "CVE-2020-1475", "CVE-2020-1476", "CVE-2020-1477", "CVE-2020-1478", "CVE-2020-1484", "CVE-2020-1485", "CVE-2020-1486", "CVE-2020-1489", "CVE-2020-1513", "CVE-2020-1515", "CVE-2020-1516", "CVE-2020-1517", "CVE-2020-1518", "CVE-2020-1519", "CVE-2020-1520", "CVE-2020-1529", "CVE-2020-1530", "CVE-2020-1534", "CVE-2020-1537", "CVE-2020-1538", "CVE-2020-1552", "CVE-2020-1554", "CVE-2020-1557", "CVE-2020-1558", "CVE-2020-1562", "CVE-2020-1564", "CVE-2020-1567", "CVE-2020-1570", "CVE-2020-1577", "CVE-2020-1579", "CVE-2020-1584", "CVE-2020-1587"], "modified": "2023-02-06T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_AUG_4571729.NASL", "href": "https://www.tenable.com/plugins/nessus/139491", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139491);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/06\");\n\n script_cve_id(\n \"CVE-2020-1046\",\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1464\",\n \"CVE-2020-1467\",\n \"CVE-2020-1470\",\n \"CVE-2020-1472\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1475\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1484\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1489\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1516\",\n \"CVE-2020-1517\",\n \"CVE-2020-1518\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1529\",\n \"CVE-2020-1530\",\n \"CVE-2020-1534\",\n \"CVE-2020-1537\",\n \"CVE-2020-1538\",\n \"CVE-2020-1552\",\n \"CVE-2020-1554\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1567\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"IAVA\", value:\"0001-A-0647\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"MSKB\", value:\"4571719\");\n script_xref(name:\"MSKB\", value:\"4571729\");\n script_xref(name:\"MSFT\", value:\"MS20-4571719\");\n script_xref(name:\"MSFT\", value:\"MS20-4571729\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n\n script_name(english:\"KB4571719: Windows 7 and Windows Server 2008 R2 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4571719\nor cumulative update 4571729. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists in the\n way that the srmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1486)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists when the\n Windows File Server Resource Management Service\n improperly handles memory. (CVE-2020-1517,\n CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - An elevation of privilege vulnerability exists when an\n attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the\n Netlogon Remote Protocol (MS-NRPC). An attacker who\n successfully exploited the vulnerability could run a\n specially crafted application on a device on the\n network. (CVE-2020-1472)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1529)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1562)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4571729/windows-7-update\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4571719/windows-7-update\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4571719 or Cumulative Update KB4571729.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-08';\nkbs = make_list(\n '4571729',\n '4571719'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.1', \n sp:1,\n rollup_date:'08_2020',\n bulletin:bulletin,\n rollup_kb_list:[4571729, 4571719])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-07T14:39:37", "description": "The remote Windows host is missing security update 4571723 or cumulative update 4571703. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system (CVE-2020-1383)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RD Gateway service on the target system to stop responding.\n (CVE-2020-1466)\n\n - An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. (CVE-2020-1517, CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the &quot;Public Account Pictures&quot; folder improperly handles junctions. (CVE-2020-1565)\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-1464)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1486)\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. (CVE-2020-1472)\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. (CVE-2020-1046)\n\n - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2020-1567)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1529)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. (CVE-2020-1579)\n\n - An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1475)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-08-11T00:00:00", "type": "nessus", "title": "KB4571723: Windows 8.1 and Windows Server 2012 R2 August 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1046", "CVE-2020-1337", "CVE-2020-1339", "CVE-2020-1377", "CVE-2020-1378", "CVE-2020-1379", "CVE-2020-1380", "CVE-2020-1383", "CVE-2020-1464", "CVE-2020-1466", "CVE-2020-1467", "CVE-2020-1470", "CVE-2020-1472", "CVE-2020-1473", "CVE-2020-1474", "CVE-2020-1475", "CVE-2020-1476", "CVE-2020-1477", "CVE-2020-1478", "CVE-2020-1484", "CVE-2020-1485", "CVE-2020-1486", "CVE-2020-1487", "CVE-2020-1488", "CVE-2020-1489", "CVE-2020-1492", "CVE-2020-1509", "CVE-2020-1513", "CVE-2020-1515", "CVE-2020-1516", "CVE-2020-1517", "CVE-2020-1518", "CVE-2020-1519", "CVE-2020-1520", "CVE-2020-1529", "CVE-2020-1538", "CVE-2020-1552", "CVE-2020-1554", "CVE-2020-1557", "CVE-2020-1558", "CVE-2020-1562", "CVE-2020-1564", "CVE-2020-1565", "CVE-2020-1567", "CVE-2020-1570", "CVE-2020-1577", "CVE-2020-1579", "CVE-2020-1584", "CVE-2020-1587"], "modified": "2023-02-06T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_AUG_4571703.NASL", "href": "https://www.tenable.com/plugins/nessus/139489", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139489);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/06\");\n\n script_cve_id(\n \"CVE-2020-1046\",\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1464\",\n \"CVE-2020-1466\",\n \"CVE-2020-1467\",\n \"CVE-2020-1470\",\n \"CVE-2020-1472\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1475\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1484\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1487\",\n \"CVE-2020-1488\",\n \"CVE-2020-1489\",\n \"CVE-2020-1492\",\n \"CVE-2020-1509\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1516\",\n \"CVE-2020-1517\",\n \"CVE-2020-1518\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1529\",\n \"CVE-2020-1538\",\n \"CVE-2020-1552\",\n \"CVE-2020-1554\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1565\",\n \"CVE-2020-1567\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"IAVA\", value:\"0001-A-0647\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"MSKB\", value:\"4571703\");\n script_xref(name:\"MSKB\", value:\"4571723\");\n script_xref(name:\"MSFT\", value:\"MS20-4571703\");\n script_xref(name:\"MSFT\", value:\"MS20-4571723\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n\n script_name(english:\"KB4571723: Windows 8.1 and Windows Server 2012 R2 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4571723\nor cumulative update 4571703. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A denial of service vulnerability exists in Windows\n Remote Desktop Gateway (RD Gateway) when an attacker\n connects to the target system using RDP and sends\n specially crafted requests. An attacker who successfully\n exploited this vulnerability could cause the RD Gateway\n service on the target system to stop responding.\n (CVE-2020-1466)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows File Server Resource Management Service\n improperly handles memory. (CVE-2020-1517,\n CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n &quot;Public Account Pictures&quot; folder improperly\n handles junctions. (CVE-2020-1565)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1486)\n\n - An elevation of privilege vulnerability exists when an\n attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the\n Netlogon Remote Protocol (MS-NRPC). An attacker who\n successfully exploited the vulnerability could run a\n specially crafted application on a device on the\n network. (CVE-2020-1472)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1529)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists in the\n way that the srmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1475)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4571723/windows-8-1-update\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4571703/windows-8-1-update\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4571723 or Cumulative Update KB4571703.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-08';\nkbs = make_list(\n '4571703',\n '4571723'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (!\n (smb_check_rollup(os:'6.3',\n sp:0,\n rollup_date:'08_2020',\n bulletin:bulletin,\n rollup_kb_list:[4571703, 4571723])\n )\n)\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\nelse\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\n\n\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-07T14:41:59", "description": "The remote Windows host is missing security update 4571694.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554)\n\n - A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. (CVE-2020-1511)\n\n - An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the Windows Network Connection Broker improperly handles memory. (CVE-2020-1526)\n\n - An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system (CVE-2020-1383)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RD Gateway service on the target system to stop responding.\n (CVE-2020-1466)\n\n - An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1486, CVE-2020-1566)\n\n - An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. (CVE-2020-1517, CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the &quot;Public Account Pictures&quot; folder improperly handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. (CVE-2020-1472)\n\n - An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. (CVE-2020-1046)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1529)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1561, CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-1464)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-08-11T00:00:00", "type": "nessus", "title": "KB4571694: Windows 10 Version 1607 and Windows Server 2016 August 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1046", "CVE-2020-1337", "CVE-2020-1339", "CVE-2020-1377", "CVE-2020-1378", "CVE-2020-1379", "CVE-2020-1380", "CVE-2020-1383", "CVE-2020-1464", "CVE-2020-1466", "CVE-2020-1467", "CVE-2020-1470", "CVE-2020-1472", "CVE-2020-1473", "CVE-2020-1474", "CVE-2020-1475", "CVE-2020-1476", "CVE-2020-1477", "CVE-2020-1478", "CVE-2020-1484", "CVE-2020-1485", "CVE-2020-1486", "CVE-2020-1487", "CVE-2020-1488", "CVE-2020-1489", "CVE-2020-1490", "CVE-2020-1492", "CVE-2020-1509", "CVE-2020-1511", "CVE-2020-1512", "CVE-2020-1513", "CVE-2020-1515", "CVE-2020-1516", "CVE-2020-1517", "CVE-2020-1518", "CVE-2020-1519", "CVE-2020-1520", "CVE-2020-1521", "CVE-2020-1522", "CVE-2020-1525", "CVE-2020-1526", "CVE-2020-1527", "CVE-2020-1529", "CVE-2020-1530", "CVE-2020-1531", "CVE-2020-1533", "CVE-2020-1534", "CVE-2020-1537", "CVE-2020-1538", "CVE-2020-1549", "CVE-2020-1550", "CVE-2020-1552", "CVE-2020-1553", "CVE-2020-1554", "CVE-2020-1556", "CVE-2020-1557", "CVE-2020-1558", "CVE-2020-1561", "CVE-2020-1562", "CVE-2020-1564", "CVE-2020-1565", "CVE-2020-1566", "CVE-2020-1567", "CVE-2020-1568", "CVE-2020-1570", "CVE-2020-1577", "CVE-2020-1579", "CVE-2020-1584", "CVE-2020-1587"], "modified": "2023-02-06T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_AUG_4571694.NASL", "href": "https://www.tenable.com/plugins/nessus/139488", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139488);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/06\");\n\n script_cve_id(\n \"CVE-2020-1046\",\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1464\",\n \"CVE-2020-1466\",\n \"CVE-2020-1467\",\n \"CVE-2020-1470\",\n \"CVE-2020-1472\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1475\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1484\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1487\",\n \"CVE-2020-1488\",\n \"CVE-2020-1489\",\n \"CVE-2020-1490\",\n \"CVE-2020-1492\",\n \"CVE-2020-1509\",\n \"CVE-2020-1511\",\n \"CVE-2020-1512\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1516\",\n \"CVE-2020-1517\",\n \"CVE-2020-1518\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1521\",\n \"CVE-2020-1522\",\n \"CVE-2020-1525\",\n \"CVE-2020-1526\",\n \"CVE-2020-1527\",\n \"CVE-2020-1529\",\n \"CVE-2020-1530\",\n \"CVE-2020-1531\",\n \"CVE-2020-1533\",\n \"CVE-2020-1534\",\n \"CVE-2020-1537\",\n \"CVE-2020-1538\",\n \"CVE-2020-1549\",\n \"CVE-2020-1550\",\n \"CVE-2020-1552\",\n \"CVE-2020-1553\",\n \"CVE-2020-1554\",\n \"CVE-2020-1556\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1561\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1565\",\n \"CVE-2020-1566\",\n \"CVE-2020-1567\",\n \"CVE-2020-1568\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"IAVA\", value:\"0001-A-0647\");\n script_xref(name:\"IAVA\", value:\"2020-A-0361-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0370-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"MSKB\", value:\"4571694\");\n script_xref(name:\"MSFT\", value:\"MS20-4571694\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n\n script_name(english:\"KB4571694: Windows 10 Version 1607 and Windows Server 2016 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4571694.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1525, CVE-2020-1554)\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-1511)\n\n - An elevation of privilege vulnerability exists in the\n way that the srmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An elevation of privilege vulnerability exists when the\n Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the\n Windows Network Connection Broker improperly handles\n memory. (CVE-2020-1526)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows Custom Protocol Engine improperly handles\n memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the\n Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A denial of service vulnerability exists in Windows\n Remote Desktop Gateway (RD Gateway) when an attacker\n connects to the target system using RDP and sends\n specially crafted requests. An attacker who successfully\n exploited this vulnerability could cause the RD Gateway\n service on the target system to stop responding.\n (CVE-2020-1466)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An information disclosure vulnerability exists when the\n Windows State Repository Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way the\n Windows State Repository Service handles objects in\n memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1486, CVE-2020-1566)\n\n - An elevation of privilege vulnerability exists when the\n Windows File Server Resource Management Service\n improperly handles memory. (CVE-2020-1517,\n CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n &quot;Public Account Pictures&quot; folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when an\n attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the\n Netlogon Remote Protocol (MS-NRPC). An attacker who\n successfully exploited the vulnerability could run a\n specially crafted application on a device on the\n network. (CVE-2020-1472)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1529)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1561, CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\");\n # https://support.microsoft.com/en-us/help/4571694/windows-10-update-kb4571694\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1446acfc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4571694.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-08';\nkbs = make_list(\n '4571694'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'14393',\n rollup_date:'08_2020',\n bulletin:bulletin,\n rollup_kb_list:[4571694])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-07T14:40:15", "description": "The remote Windows host is missing security update 4571692.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. (CVE-2020-1511)\n\n - A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. (CVE-2020-1339)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system (CVE-2020-1383)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1510)\n\n - An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1486, CVE-2020-1566)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the Windows Network Connection Broker improperly handles memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the &quot;Public Account Pictures&quot; folder improperly handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. (CVE-2020-1046)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1561, CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-1464)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-08-11T00:00:00", "type": "nessus", "title": "KB4571692: Windows 10 August 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1046", "CVE-2020-1337", "CVE-2020-1339", "CVE-2020-1377", "CVE-2020-1378", "CVE-2020-1379", "CVE-2020-1380", "CVE-2020-1383", "CVE-2020-1464", "CVE-2020-1470", "CVE-2020-1473", "CVE-2020-1474", "CVE-2020-1476", "CVE-2020-1477", "CVE-2020-1478", "CVE-2020-1484", "CVE-2020-1485", "CVE-2020-1486", "CVE-2020-1487", "CVE-2020-1488", "CVE-2020-1489", "CVE-2020-1490", "CVE-2020-1492", "CVE-2020-1509", "CVE-2020-1510", "CVE-2020-1511", "CVE-2020-1512", "CVE-2020-1513", "CVE-2020-1515", "CVE-2020-1516", "CVE-2020-1519", "CVE-2020-1520", "CVE-2020-1525", "CVE-2020-1526", "CVE-2020-1527", "CVE-2020-1529", "CVE-2020-1530", "CVE-2020-1531", "CVE-2020-1533", "CVE-2020-1534", "CVE-2020-1535", "CVE-2020-1536", "CVE-2020-1537", "CVE-2020-1538", "CVE-2020-1539", "CVE-2020-1540", "CVE-2020-1541", "CVE-2020-1542", "CVE-2020-1543", "CVE-2020-1544", "CVE-2020-1545", "CVE-2020-1546", "CVE-2020-1547", "CVE-2020-1551", "CVE-2020-1552", "CVE-2020-1553", "CVE-2020-1554", "CVE-2020-1556", "CVE-2020-1557", "CVE-2020-1558", "CVE-2020-1561", "CVE-2020-1562", "CVE-2020-1564", "CVE-2020-1565", "CVE-2020-1566", "CVE-2020-1567", "CVE-2020-1568", "CVE-2020-1570", "CVE-2020-1577", "CVE-2020-1579", "CVE-2020-1584", "CVE-2020-1587"], "modified": "2023-02-06T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_AUG_4571692.NASL", "href": "https://www.tenable.com/plugins/nessus/139487", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139487);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/06\");\n\n script_cve_id(\n \"CVE-2020-1046\",\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1464\",\n \"CVE-2020-1470\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1484\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1487\",\n \"CVE-2020-1488\",\n \"CVE-2020-1489\",\n \"CVE-2020-1490\",\n \"CVE-2020-1492\",\n \"CVE-2020-1509\",\n \"CVE-2020-1510\",\n \"CVE-2020-1511\",\n \"CVE-2020-1512\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1516\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1525\",\n \"CVE-2020-1526\",\n \"CVE-2020-1527\",\n \"CVE-2020-1529\",\n \"CVE-2020-1530\",\n \"CVE-2020-1531\",\n \"CVE-2020-1533\",\n \"CVE-2020-1534\",\n \"CVE-2020-1535\",\n \"CVE-2020-1536\",\n \"CVE-2020-1537\",\n \"CVE-2020-1538\",\n \"CVE-2020-1539\",\n \"CVE-2020-1540\",\n \"CVE-2020-1541\",\n \"CVE-2020-1542\",\n \"CVE-2020-1543\",\n \"CVE-2020-1544\",\n \"CVE-2020-1545\",\n \"CVE-2020-1546\",\n \"CVE-2020-1547\",\n \"CVE-2020-1551\",\n \"CVE-2020-1552\",\n \"CVE-2020-1553\",\n \"CVE-2020-1554\",\n \"CVE-2020-1556\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1561\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1565\",\n \"CVE-2020-1566\",\n \"CVE-2020-1567\",\n \"CVE-2020-1568\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"MSKB\", value:\"4571692\");\n script_xref(name:\"MSFT\", value:\"MS20-4571692\");\n script_xref(name:\"IAVA\", value:\"2020-A-0361-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0370-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n\n script_name(english:\"KB4571692: Windows 10 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4571692.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-1511)\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows Custom Protocol Engine improperly handles\n memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the\n Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-1510)\n\n - An information disclosure vulnerability exists when the\n Windows State Repository Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way the\n Windows State Repository Service handles objects in\n memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1486, CVE-2020-1566)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n Windows Network Connection Broker improperly handles\n memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n &quot;Public Account Pictures&quot; folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539,\n CVE-2020-1540, CVE-2020-1541, CVE-2020-1542,\n CVE-2020-1543, CVE-2020-1544, CVE-2020-1545,\n CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1561, CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\");\n # https://support.microsoft.com/en-us/help/4571692/windows-10-update-kb4571692\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?481aa152\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4571692.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1561\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-08';\nkbs = make_list(\n '4571692'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'10240',\n rollup_date:'08_2020',\n bulletin:bulletin,\n rollup_kb_list:[4571692])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-07T14:40:14", "description": "The remote Windows host is missing security update 4565349.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554)\n\n - A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. (CVE-2020-1511)\n\n - An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1569)\n\n - An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RD Gateway service on the target system to stop responding.\n (CVE-2020-1466)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1509)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. (CVE-2020-1517, CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the Windows Network Connection Broker improperly handles memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when the Windows Speech Shell Components improperly handle memory. (CVE-2020-1524)\n\n - An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the &quot;Public Account Pictures&quot; folder improperly handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. (CVE-2020-1472)\n\n - An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the Windows WaasMedic Service improperly handles memory.\n (CVE-2020-1548)\n\n - An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. (CVE-2020-1046)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2020-1578)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1561, CVE-2020-1562)\n\n - An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-1464)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-08-11T00:00:00", "type": "nessus", "title": "KB4565349: Windows 10 Version 1809 and Windows Server 2019 August 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1046", "CVE-2020-1337", "CVE-2020-1339", "CVE-2020-1377", "CVE-2020-1378", "CVE-2020-1379", "CVE-2020-1380", "CVE-2020-1383", "CVE-2020-1417", "CVE-2020-1464", "CVE-2020-1466", "CVE-2020-1467", "CVE-2020-1470", "CVE-2020-1472", "CVE-2020-1473", "CVE-2020-1474", "CVE-2020-1475", "CVE-2020-1476", "CVE-2020-1477", "CVE-2020-1478", "CVE-2020-1479", "CVE-2020-1480", "CVE-2020-1484", "CVE-2020-1485", "CVE-2020-1486", "CVE-2020-1487", "CVE-2020-1488", "CVE-2020-1489", "CVE-2020-1490", "CVE-2020-1492", "CVE-2020-1509", "CVE-2020-1511", "CVE-2020-1512", "CVE-2020-1513", "CVE-2020-1515", "CVE-2020-1516", "CVE-2020-1517", "CVE-2020-1518", "CVE-2020-1519", "CVE-2020-1520", "CVE-2020-1521", "CVE-2020-1522", "CVE-2020-1524", "CVE-2020-1525", "CVE-2020-1526", "CVE-2020-1527", "CVE-2020-1528", "CVE-2020-1529", "CVE-2020-1530", "CVE-2020-1531", "CVE-2020-1533", "CVE-2020-1534", "CVE-2020-1537", "CVE-2020-1538", "CVE-2020-1548", "CVE-2020-1549", "CVE-2020-1550", "CVE-2020-1552", "CVE-2020-1553", "CVE-2020-1554", "CVE-2020-1555", "CVE-2020-1556", "CVE-2020-1557", "CVE-2020-1558", "CVE-2020-1561", "CVE-2020-1562", "CVE-2020-1564", "CVE-2020-1565", "CVE-2020-1566", "CVE-2020-1567", "CVE-2020-1568", "CVE-2020-1569", "CVE-2020-1570", "CVE-2020-1577", "CVE-2020-1578", "CVE-2020-1579", "CVE-2020-1584", "CVE-2020-1587"], "modified": "2023-02-06T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_AUG_4565349.NASL", "href": "https://www.tenable.com/plugins/nessus/139484", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139484);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/06\");\n\n script_cve_id(\n \"CVE-2020-1046\",\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1417\",\n \"CVE-2020-1464\",\n \"CVE-2020-1466\",\n \"CVE-2020-1467\",\n \"CVE-2020-1470\",\n \"CVE-2020-1472\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1475\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1479\",\n \"CVE-2020-1480\",\n \"CVE-2020-1484\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1487\",\n \"CVE-2020-1488\",\n \"CVE-2020-1489\",\n \"CVE-2020-1490\",\n \"CVE-2020-1492\",\n \"CVE-2020-1509\",\n \"CVE-2020-1511\",\n \"CVE-2020-1512\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1516\",\n \"CVE-2020-1517\",\n \"CVE-2020-1518\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1521\",\n \"CVE-2020-1522\",\n \"CVE-2020-1524\",\n \"CVE-2020-1525\",\n \"CVE-2020-1526\",\n \"CVE-2020-1527\",\n \"CVE-2020-1528\",\n \"CVE-2020-1529\",\n \"CVE-2020-1530\",\n \"CVE-2020-1531\",\n \"CVE-2020-1533\",\n \"CVE-2020-1534\",\n \"CVE-2020-1537\",\n \"CVE-2020-1538\",\n \"CVE-2020-1548\",\n \"CVE-2020-1549\",\n \"CVE-2020-1550\",\n \"CVE-2020-1552\",\n \"CVE-2020-1553\",\n \"CVE-2020-1554\",\n \"CVE-2020-1555\",\n \"CVE-2020-1556\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1561\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1565\",\n \"CVE-2020-1566\",\n \"CVE-2020-1567\",\n \"CVE-2020-1568\",\n \"CVE-2020-1569\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1578\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"IAVA\", value:\"0001-A-0647\");\n script_xref(name:\"IAVA\", value:\"2020-A-0361-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0370-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"MSKB\", value:\"4565349\");\n script_xref(name:\"MSFT\", value:\"MS20-4565349\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n\n script_name(english:\"KB4565349: Windows 10 Version 1809 and Windows Server 2019 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565349.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1525, CVE-2020-1554)\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-1511)\n\n - An elevation of privilege vulnerability exists in the\n way that the srmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-1569)\n\n - An elevation of privilege vulnerability exists when the\n Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the\n Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge (HTML-based). The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the\n Windows Custom Protocol Engine improperly handles\n memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the\n Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A denial of service vulnerability exists in Windows\n Remote Desktop Gateway (RD Gateway) when an attacker\n connects to the target system using RDP and sends\n specially crafted requests. An attacker who successfully\n exploited this vulnerability could cause the RD Gateway\n service on the target system to stop responding.\n (CVE-2020-1466)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows File Server Resource Management Service\n improperly handles memory. (CVE-2020-1517,\n CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n Windows Network Connection Broker improperly handles\n memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Shell Components improperly handle\n memory. (CVE-2020-1524)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n &quot;Public Account Pictures&quot; folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when an\n attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the\n Netlogon Remote Protocol (MS-NRPC). An attacker who\n successfully exploited the vulnerability could run a\n specially crafted application on a device on the\n network. (CVE-2020-1472)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows WaasMedic Service improperly handles memory.\n (CVE-2020-1548)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2020-1578)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1561, CVE-2020-1562)\n\n - An information disclosure vulnerability exists when the\n Windows State Repository Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way the\n Windows State Repository Service handles objects in\n memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\");\n # https://support.microsoft.com/en-us/help/4565349/windows-10-update-kb4565349\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5b03d5e5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4565349.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-08\";\nkbs = make_list('4565349');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17763\",\n rollup_date:\"08_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4565349])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-07T14:39:37", "description": "The remote Windows host is missing security update 4571741.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. (CVE-2020-1511)\n\n - A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the Windows Network Connection Broker improperly handles memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the &quot;Public Account Pictures&quot; folder improperly handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. (CVE-2020-1046)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1510)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1561, CVE-2020-1562)\n\n - An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-1464)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-08-11T00:00:00", "type": "nessus", "title": "KB4571741: Windows 10 Version 1709 August 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1046", "CVE-2020-1337", "CVE-2020-1339", "CVE-2020-1377", "CVE-2020-1378", "CVE-2020-1379", "CVE-2020-1380", "CVE-2020-1383", "CVE-2020-1417", "CVE-2020-1464", "CVE-2020-1470", "CVE-2020-1473", "CVE-2020-1474", "CVE-2020-1476", "CVE-2020-1477", "CVE-2020-1478", "CVE-2020-1479", "CVE-2020-1480", "CVE-2020-1484", "CVE-2020-1485", "CVE-2020-1486", "CVE-2020-1487", "CVE-2020-1488", "CVE-2020-1489", "CVE-2020-1490", "CVE-2020-1492", "CVE-2020-1509", "CVE-2020-1510", "CVE-2020-1511", "CVE-2020-1512", "CVE-2020-1513", "CVE-2020-1515", "CVE-2020-1516", "CVE-2020-1519", "CVE-2020-1520", "CVE-2020-1521", "CVE-2020-1522", "CVE-2020-1525", "CVE-2020-1526", "CVE-2020-1527", "CVE-2020-1528", "CVE-2020-1529", "CVE-2020-1530", "CVE-2020-1531", "CVE-2020-1533", "CVE-2020-1534", "CVE-2020-1535", "CVE-2020-1536", "CVE-2020-1537", "CVE-2020-1538", "CVE-2020-1539", "CVE-2020-1540", "CVE-2020-1541", "CVE-2020-1542", "CVE-2020-1543", "CVE-2020-1544", "CVE-2020-1545", "CVE-2020-1546", "CVE-2020-1547", "CVE-2020-1549", "CVE-2020-1550", "CVE-2020-1551", "CVE-2020-1552", "CVE-2020-1553", "CVE-2020-1554", "CVE-2020-1555", "CVE-2020-1556", "CVE-2020-1557", "CVE-2020-1558", "CVE-2020-1561", "CVE-2020-1562", "CVE-2020-1564", "CVE-2020-1565", "CVE-2020-1566", "CVE-2020-1567", "CVE-2020-1568", "CVE-2020-1570", "CVE-2020-1577", "CVE-2020-1579", "CVE-2020-1584", "CVE-2020-1587"], "modified": "2023-02-06T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_AUG_4571741.NASL", "href": "https://www.tenable.com/plugins/nessus/139494", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139494);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/06\");\n\n script_cve_id(\n \"CVE-2020-1046\",\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1417\",\n \"CVE-2020-1464\",\n \"CVE-2020-1470\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1479\",\n \"CVE-2020-1480\",\n \"CVE-2020-1484\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1487\",\n \"CVE-2020-1488\",\n \"CVE-2020-1489\",\n \"CVE-2020-1490\",\n \"CVE-2020-1492\",\n \"CVE-2020-1509\",\n \"CVE-2020-1510\",\n \"CVE-2020-1511\",\n \"CVE-2020-1512\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1516\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1521\",\n \"CVE-2020-1522\",\n \"CVE-2020-1525\",\n \"CVE-2020-1526\",\n \"CVE-2020-1527\",\n \"CVE-2020-1528\",\n \"CVE-2020-1529\",\n \"CVE-2020-1530\",\n \"CVE-2020-1531\",\n \"CVE-2020-1533\",\n \"CVE-2020-1534\",\n \"CVE-2020-1535\",\n \"CVE-2020-1536\",\n \"CVE-2020-1537\",\n \"CVE-2020-1538\",\n \"CVE-2020-1539\",\n \"CVE-2020-1540\",\n \"CVE-2020-1541\",\n \"CVE-2020-1542\",\n \"CVE-2020-1543\",\n \"CVE-2020-1544\",\n \"CVE-2020-1545\",\n \"CVE-2020-1546\",\n \"CVE-2020-1547\",\n \"CVE-2020-1549\",\n \"CVE-2020-1550\",\n \"CVE-2020-1551\",\n \"CVE-2020-1552\",\n \"CVE-2020-1553\",\n \"CVE-2020-1554\",\n \"CVE-2020-1555\",\n \"CVE-2020-1556\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1561\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1565\",\n \"CVE-2020-1566\",\n \"CVE-2020-1567\",\n \"CVE-2020-1568\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"MSKB\", value:\"4571741\");\n script_xref(name:\"MSFT\", value:\"MS20-4571741\");\n script_xref(name:\"IAVA\", value:\"2020-A-0361-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0370-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n\n script_name(english:\"KB4571741: Windows 10 Version 1709 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4571741.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-1511)\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the\n Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the\n Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge (HTML-based). The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows Custom Protocol Engine improperly handles\n memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the\n Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n Windows Network Connection Broker improperly handles\n memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n &quot;Public Account Pictures&quot; folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-1510)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539,\n CVE-2020-1540, CVE-2020-1541, CVE-2020-1542,\n CVE-2020-1543, CVE-2020-1544, CVE-2020-1545,\n CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1561, CVE-2020-1562)\n\n - An information disclosure vulnerability exists when the\n Windows State Repository Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way the\n Windows State Repository Service handles objects in\n memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\");\n # https://support.microsoft.com/en-us/help/4571741/windows-10-update-kb4571741\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9371bc74\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4571741.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1561\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-08';\nkbs = make_list(\n '4571741'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'16299',\n rollup_date:'08_2020',\n bulletin:bulletin,\n rollup_kb_list:[4571741])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-07T14:40:15", "description": "The remote Windows host is missing security update 4571709.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. (CVE-2020-1511)\n\n - A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. (CVE-2020-1339)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1569)\n\n - An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the Windows Network Connection Broker improperly handles memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - An elevation of privilege vulnerability exists when the Windows Speech Shell Components improperly handle memory. (CVE-2020-1524)\n\n - An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the &quot;Public Account Pictures&quot; folder improperly handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the Windows WaasMedic Service improperly handles memory.\n (CVE-2020-1548)\n\n - An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. (CVE-2020-1046)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1510)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2020-1578)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1561, CVE-2020-1562)\n\n - An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-1464)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-08-11T00:00:00", "type": "nessus", "title": "KB4571709: Windows 10 Version 1803 August 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1046", "CVE-2020-1337", "CVE-2020-1339", "CVE-2020-1377", "CVE-2020-1378", "CVE-2020-1379", "CVE-2020-1380", "CVE-2020-1383", "CVE-2020-1417", "CVE-2020-1464", "CVE-2020-1470", "CVE-2020-1473", "CVE-2020-1474", "CVE-2020-1476", "CVE-2020-1477", "CVE-2020-1478", "CVE-2020-1479", "CVE-2020-1480", "CVE-2020-1484", "CVE-2020-1485", "CVE-2020-1486", "CVE-2020-1487", "CVE-2020-1488", "CVE-2020-1489", "CVE-2020-1490", "CVE-2020-1492", "CVE-2020-1509", "CVE-2020-1510", "CVE-2020-1511", "CVE-2020-1512", "CVE-2020-1513", "CVE-2020-1515", "CVE-2020-1516", "CVE-2020-1519", "CVE-2020-1520", "CVE-2020-1521", "CVE-2020-1522", "CVE-2020-1524", "CVE-2020-1525", "CVE-2020-1526", "CVE-2020-1527", "CVE-2020-1528", "CVE-2020-1529", "CVE-2020-1530", "CVE-2020-1531", "CVE-2020-1533", "CVE-2020-1534", "CVE-2020-1535", "CVE-2020-1536", "CVE-2020-1537", "CVE-2020-1538", "CVE-2020-1539", "CVE-2020-1540", "CVE-2020-1541", "CVE-2020-1542", "CVE-2020-1543", "CVE-2020-1544", "CVE-2020-1545", "CVE-2020-1546", "CVE-2020-1547", "CVE-2020-1548", "CVE-2020-1549", "CVE-2020-1550", "CVE-2020-1551", "CVE-2020-1552", "CVE-2020-1553", "CVE-2020-1554", "CVE-2020-1555", "CVE-2020-1556", "CVE-2020-1557", "CVE-2020-1558", "CVE-2020-1561", "CVE-2020-1562", "CVE-2020-1564", "CVE-2020-1565", "CVE-2020-1566", "CVE-2020-1567", "CVE-2020-1568", "CVE-2020-1569", "CVE-2020-1570", "CVE-2020-1577", "CVE-2020-1578", "CVE-2020-1579", "CVE-2020-1584", "CVE-2020-1587"], "modified": "2023-02-06T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_AUG_4571709.NASL", "href": "https://www.tenable.com/plugins/nessus/139490", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139490);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/06\");\n\n script_cve_id(\n \"CVE-2020-1046\",\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1417\",\n \"CVE-2020-1464\",\n \"CVE-2020-1470\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1479\",\n \"CVE-2020-1480\",\n \"CVE-2020-1484\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1487\",\n \"CVE-2020-1488\",\n \"CVE-2020-1489\",\n \"CVE-2020-1490\",\n \"CVE-2020-1492\",\n \"CVE-2020-1509\",\n \"CVE-2020-1510\",\n \"CVE-2020-1511\",\n \"CVE-2020-1512\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1516\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1521\",\n \"CVE-2020-1522\",\n \"CVE-2020-1524\",\n \"CVE-2020-1525\",\n \"CVE-2020-1526\",\n \"CVE-2020-1527\",\n \"CVE-2020-1528\",\n \"CVE-2020-1529\",\n \"CVE-2020-1530\",\n \"CVE-2020-1531\",\n \"CVE-2020-1533\",\n \"CVE-2020-1534\",\n \"CVE-2020-1535\",\n \"CVE-2020-1536\",\n \"CVE-2020-1537\",\n \"CVE-2020-1538\",\n \"CVE-2020-1539\",\n \"CVE-2020-1540\",\n \"CVE-2020-1541\",\n \"CVE-2020-1542\",\n \"CVE-2020-1543\",\n \"CVE-2020-1544\",\n \"CVE-2020-1545\",\n \"CVE-2020-1546\",\n \"CVE-2020-1547\",\n \"CVE-2020-1548\",\n \"CVE-2020-1549\",\n \"CVE-2020-1550\",\n \"CVE-2020-1551\",\n \"CVE-2020-1552\",\n \"CVE-2020-1553\",\n \"CVE-2020-1554\",\n \"CVE-2020-1555\",\n \"CVE-2020-1556\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1561\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1565\",\n \"CVE-2020-1566\",\n \"CVE-2020-1567\",\n \"CVE-2020-1568\",\n \"CVE-2020-1569\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1578\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"MSKB\", value:\"4571709\");\n script_xref(name:\"MSFT\", value:\"MS20-4571709\");\n script_xref(name:\"IAVA\", value:\"2020-A-0361-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0370-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n\n script_name(english:\"KB4571709: Windows 10 Version 1803 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4571709.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-1511)\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-1569)\n\n - An elevation of privilege vulnerability exists when the\n Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the\n Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge (HTML-based). The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the\n Windows Custom Protocol Engine improperly handles\n memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the\n Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows Network Connection Broker improperly handles\n memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Shell Components improperly handle\n memory. (CVE-2020-1524)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n &quot;Public Account Pictures&quot; folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows WaasMedic Service improperly handles memory.\n (CVE-2020-1548)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-1510)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539,\n CVE-2020-1540, CVE-2020-1541, CVE-2020-1542,\n CVE-2020-1543, CVE-2020-1544, CVE-2020-1545,\n CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2020-1578)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1561, CVE-2020-1562)\n\n - An information disclosure vulnerability exists when the\n Windows State Repository Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way the\n Windows State Repository Service handles objects in\n memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\");\n # https://support.microsoft.com/en-us/help/4571709/windows-10-update-kb4571709\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c3c857b4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4571709.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1561\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-08';\nkbs = make_list(\n '4571709'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'17134',\n rollup_date:'08_2020',\n bulletin:bulletin,\n rollup_kb_list:[4571709])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-07T14:42:00", "description": "The remote Windows host is missing security update 4565351.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. (CVE-2020-1511)\n\n - An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists on ARM implementations that use speculative execution in control flow via a side-channel analysis, aka &quot ;straight-line speculation.&quot; (CVE-2020-1459)\n\n - An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1509)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. (CVE-2020-1517, CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the Windows Network Connection Broker improperly handles memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when the Windows Speech Shell Components improperly handle memory. (CVE-2020-1524)\n\n - An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)\n\n - An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the &quot;Public Account Pictures&quot; folder improperly handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the Windows WaasMedic Service improperly handles memory.\n (CVE-2020-1548)\n\n - An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1569)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1510)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2020-1578)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1561, CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-1464)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-08-11T00:00:00", "type": "nessus", "title": "KB4565351: Windows 10 Version 1903 and Windows 10 Version 1909 August 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1337", "CVE-2020-1339", "CVE-2020-1377", "CVE-2020-1378", "CVE-2020-1379", "CVE-2020-1380", "CVE-2020-1383", "CVE-2020-1417", "CVE-2020-1459", "CVE-2020-1464", "CVE-2020-1467", "CVE-2020-1470", "CVE-2020-1473", "CVE-2020-1474", "CVE-2020-1475", "CVE-2020-1476", "CVE-2020-1477", "CVE-2020-1478", "CVE-2020-1479", "CVE-2020-1480", "CVE-2020-1484", "CVE-2020-1485", "CVE-2020-1486", "CVE-2020-1487", "CVE-2020-1488", "CVE-2020-1489", "CVE-2020-1490", "CVE-2020-1492", "CVE-2020-1509", "CVE-2020-1510", "CVE-2020-1511", "CVE-2020-1512", "CVE-2020-1513", "CVE-2020-1515", "CVE-2020-1516", "CVE-2020-1517", "CVE-2020-1518", "CVE-2020-1519", "CVE-2020-1520", "CVE-2020-1521", "CVE-2020-1522", "CVE-2020-1524", "CVE-2020-1525", "CVE-2020-1526", "CVE-2020-1527", "CVE-2020-1528", "CVE-2020-1529", "CVE-2020-1530", "CVE-2020-1531", "CVE-2020-1533", "CVE-2020-1534", "CVE-2020-1535", "CVE-2020-1536", "CVE-2020-1537", "CVE-2020-1538", "CVE-2020-1539", "CVE-2020-1540", "CVE-2020-1541", "CVE-2020-1542", "CVE-2020-1543", "CVE-2020-1544", "CVE-2020-1545", "CVE-2020-1546", "CVE-2020-1547", "CVE-2020-1548", "CVE-2020-1549", "CVE-2020-1550", "CVE-2020-1551", "CVE-2020-1552", "CVE-2020-1553", "CVE-2020-1554", "CVE-2020-1555", "CVE-2020-1556", "CVE-2020-1557", "CVE-2020-1558", "CVE-2020-1561", "CVE-2020-1562", "CVE-2020-1564", "CVE-2020-1565", "CVE-2020-1566", "CVE-2020-1567", "CVE-2020-1568", "CVE-2020-1569", "CVE-2020-1570", "CVE-2020-1577", "CVE-2020-1578", "CVE-2020-1579", "CVE-2020-1584", "CVE-2020-1587"], "modified": "2023-02-06T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_AUG_4565351.NASL", "href": "https://www.tenable.com/plugins/nessus/139485", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139485);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/06\");\n\n script_cve_id(\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1417\",\n \"CVE-2020-1459\",\n \"CVE-2020-1464\",\n \"CVE-2020-1467\",\n \"CVE-2020-1470\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1475\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1479\",\n \"CVE-2020-1480\",\n \"CVE-2020-1484\&qu