Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS22_APR_5012599.NASL
HistoryApr 12, 2022 - 12:00 a.m.

KB5012599: Windows 10 Version 20H2 / 21H1 / 21H2 Security Update (April 2022)

2022-04-1200:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
95

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.024 Low

EPSS

Percentile

89.9%

JSON

The remote Windows host is missing security update 5012591.
It is, therefore, affected by multiple vulnerabilities:

  • An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
    (CVE-2022-26789, CVE-2022-26786, CVE-2022-26802, CVE-2022-26803, CVE-2022-26801, CVE-2022-26796, CVE-2022-26787, CVE-2022-26797, CVE-2022-26827, CVE-2022-26810, CVE-2022-26808, CVE-2022-26798, CVE-2022-24549, CVE-2022-26795, CVE-2022-26791, CVE-2022-26794, CVE-2022-26904, CVE-2022-26792, CVE-2022-26807, CVE-2022-26788, CVE-2022-26828, CVE-2022-26790, CVE-2022-26914, CVE-2022-26793, CVE-2022-24496, CVE-2022-24544, CVE-2022-24540, CVE-2022-24489, CVE-2022-24488, CVE-2022-24486, CVE-2022-24481, CVE-2022-24479, CVE-2022-24527, CVE-2022-24474, CVE-2022-24521, CVE-2022-24550, CVE-2022-24499, CVE-2022-24547, CVE-2022-24546, CVE-2022-24494, CVE-2022-24542, CVE-2022-24530)

  • A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2022-26831, CVE-2022-26915, CVE-2022-24538, CVE-2022-24484, CVE-2022-26784)

  • A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-26917, CVE-2022-26916, CVE-2022-26812, CVE-2022-26811, CVE-2022-26919, CVE-2022-26823, CVE-2022-26809, CVE-2022-26824, CVE-2022-26818, CVE-2022-26815, CVE-2022-26814, CVE-2022-26822, CVE-2022-26918, CVE-2022-26829, CVE-2022-26820, CVE-2022-26826, CVE-2022-26819, CVE-2022-26825, CVE-2022-26817, CVE-2022-26821, CVE-2022-26813, CVE-2022-24545, CVE-2022-24541, CVE-2022-24492, CVE-2022-24491, CVE-2022-24537, CVE-2022-24536, CVE-2022-24487, CVE-2022-24534, CVE-2022-24485, CVE-2022-24533, CVE-2022-26903, CVE-2022-24495, CVE-2022-24528, CVE-2022-23257, CVE-2022-21983, CVE-2022-22009, CVE-2022-22008, CVE-2022-24500)

  • An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2022-26816, CVE-2022-26920, CVE-2022-24493, CVE-2022-24539, CVE-2022-24490, CVE-2022-26783, CVE-2022-26785, CVE-2022-24498, CVE-2022-24483)

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(159685);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/02/03");

  script_cve_id(
    "CVE-2022-21983",
    "CVE-2022-22008",
    "CVE-2022-22009",
    "CVE-2022-23257",
    "CVE-2022-24474",
    "CVE-2022-24479",
    "CVE-2022-24481",
    "CVE-2022-24482",
    "CVE-2022-24483",
    "CVE-2022-24484",
    "CVE-2022-24485",
    "CVE-2022-24486",
    "CVE-2022-24487",
    "CVE-2022-24488",
    "CVE-2022-24489",
    "CVE-2022-24490",
    "CVE-2022-24491",
    "CVE-2022-24492",
    "CVE-2022-24493",
    "CVE-2022-24494",
    "CVE-2022-24495",
    "CVE-2022-24496",
    "CVE-2022-24497",
    "CVE-2022-24498",
    "CVE-2022-24499",
    "CVE-2022-24500",
    "CVE-2022-24521",
    "CVE-2022-24527",
    "CVE-2022-24528",
    "CVE-2022-24530",
    "CVE-2022-24533",
    "CVE-2022-24534",
    "CVE-2022-24536",
    "CVE-2022-24537",
    "CVE-2022-24538",
    "CVE-2022-24539",
    "CVE-2022-24540",
    "CVE-2022-24541",
    "CVE-2022-24542",
    "CVE-2022-24544",
    "CVE-2022-24545",
    "CVE-2022-24546",
    "CVE-2022-24547",
    "CVE-2022-24549",
    "CVE-2022-24550",
    "CVE-2022-26783",
    "CVE-2022-26784",
    "CVE-2022-26785",
    "CVE-2022-26786",
    "CVE-2022-26787",
    "CVE-2022-26788",
    "CVE-2022-26789",
    "CVE-2022-26790",
    "CVE-2022-26791",
    "CVE-2022-26792",
    "CVE-2022-26793",
    "CVE-2022-26794",
    "CVE-2022-26795",
    "CVE-2022-26796",
    "CVE-2022-26797",
    "CVE-2022-26798",
    "CVE-2022-26801",
    "CVE-2022-26802",
    "CVE-2022-26803",
    "CVE-2022-26807",
    "CVE-2022-26808",
    "CVE-2022-26809",
    "CVE-2022-26810",
    "CVE-2022-26811",
    "CVE-2022-26812",
    "CVE-2022-26813",
    "CVE-2022-26814",
    "CVE-2022-26815",
    "CVE-2022-26816",
    "CVE-2022-26817",
    "CVE-2022-26818",
    "CVE-2022-26819",
    "CVE-2022-26820",
    "CVE-2022-26821",
    "CVE-2022-26822",
    "CVE-2022-26823",
    "CVE-2022-26824",
    "CVE-2022-26825",
    "CVE-2022-26826",
    "CVE-2022-26827",
    "CVE-2022-26828",
    "CVE-2022-26829",
    "CVE-2022-26831",
    "CVE-2022-26903",
    "CVE-2022-26904",
    "CVE-2022-26914",
    "CVE-2022-26915",
    "CVE-2022-26916",
    "CVE-2022-26917",
    "CVE-2022-26918",
    "CVE-2022-26919",
    "CVE-2022-26920"
  );
  script_xref(name:"MSKB", value:"5012599");
  script_xref(name:"MSFT", value:"MS22-5012599");
  script_xref(name:"IAVA", value:"2022-A-0147-S");
  script_xref(name:"IAVA", value:"2022-A-0145-S");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/04");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/16");

  script_name(english:"KB5012599: Windows 10 Version 20H2 / 21H1 / 21H2 Security Update (April 2022)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host is missing security update 5012591.
It is, therefore, affected by multiple vulnerabilities:

  - An elevation of privilege vulnerability. An attacker can
    exploit this to gain elevated privileges.
    (CVE-2022-26789, CVE-2022-26786, CVE-2022-26802,
     CVE-2022-26803, CVE-2022-26801, CVE-2022-26796,
     CVE-2022-26787, CVE-2022-26797, CVE-2022-26827,
     CVE-2022-26810, CVE-2022-26808, CVE-2022-26798,
     CVE-2022-24549, CVE-2022-26795, CVE-2022-26791, 
     CVE-2022-26794, CVE-2022-26904, CVE-2022-26792,
     CVE-2022-26807, CVE-2022-26788, CVE-2022-26828, 
     CVE-2022-26790, CVE-2022-26914, CVE-2022-26793, 
     CVE-2022-24496, CVE-2022-24544, CVE-2022-24540, 
     CVE-2022-24489, CVE-2022-24488, CVE-2022-24486, 
     CVE-2022-24481, CVE-2022-24479, CVE-2022-24527, 
     CVE-2022-24474, CVE-2022-24521, CVE-2022-24550, 
     CVE-2022-24499, CVE-2022-24547, CVE-2022-24546, 
     CVE-2022-24494, CVE-2022-24542, CVE-2022-24530)

  - A denial of service (DoS) vulnerability. An attacker can
    exploit this issue to cause the affected component to
    deny system or application services. (CVE-2022-26831, 
    CVE-2022-26915, CVE-2022-24538, CVE-2022-24484, 
    CVE-2022-26784)

  - A remote code execution vulnerability. An attacker can
    exploit this to bypass authentication and execute
    unauthorized arbitrary commands. (CVE-2022-26917, 
    CVE-2022-26916, CVE-2022-26812, CVE-2022-26811, 
    CVE-2022-26919, CVE-2022-26823, CVE-2022-26809, 
    CVE-2022-26824, CVE-2022-26818, CVE-2022-26815, 
    CVE-2022-26814, CVE-2022-26822, CVE-2022-26918, 
    CVE-2022-26829, CVE-2022-26820, CVE-2022-26826, 
    CVE-2022-26819, CVE-2022-26825, CVE-2022-26817, 
    CVE-2022-26821, CVE-2022-26813, CVE-2022-24545, 
    CVE-2022-24541, CVE-2022-24492, CVE-2022-24491, 
    CVE-2022-24537, CVE-2022-24536, CVE-2022-24487, 
    CVE-2022-24534, CVE-2022-24485, CVE-2022-24533, 
    CVE-2022-26903, CVE-2022-24495, CVE-2022-24528, 
    CVE-2022-23257, CVE-2022-21983, CVE-2022-22009, 
    CVE-2022-22008, CVE-2022-24500)

  - An information disclosure vulnerability. An attacker can
    exploit this to disclose potentially sensitive
    information. (CVE-2022-26816, CVE-2022-26920, 
    CVE-2022-24493, CVE-2022-24539, CVE-2022-24490, 
    CVE-2022-26783, CVE-2022-26785, CVE-2022-24498, 
    CVE-2022-24483)");
  script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/5012591");
  script_set_attribute(attribute:"solution", value:
"Apply Security Update 5012599");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-26809");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'User Profile Arbitrary Junction Creation Local Privilege Elevation');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/04/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/04/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/04/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include('smb_func.inc');
include('smb_hotfixes.inc');
include('smb_hotfixes_fcheck.inc');
include('smb_reg_query.inc');

get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');

bulletin = 'MS22-04';
kbs = make_list(
  '5012599'
);

if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  smb_check_rollup(os:'10',
                   sp:0,
                   os_build:19042,
                   rollup_date:'04_2022',
                   bulletin:bulletin,
                   rollup_kb_list:[5012599])
|| smb_check_rollup(os:'10',
                   sp:0,
                   os_build:19043,
                   rollup_date:'04_2022',
                   bulletin:bulletin,
                   rollup_kb_list:[5012599])
||  smb_check_rollup(os:'10',
                   sp:0,
                   os_build:19044,
                   rollup_date:'04_2022',
                   bulletin:bulletin,
                   rollup_kb_list:[5012599])
)
{
  replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows

References

Related

nessus 10
mskb 15
openvas 7
kaspersky 3
avleonov 1
rapid7blog 1
threatpost 1
thn 1
malwarebytes 1
qualysblog 1
krebs 1
akamaiblog 1
hivepro 1
mscve 35
prion 22
cnvd 11
nvd 32
cvelist 23
cve 23
checkpoint_advisories 3
githubexploit 1
zdi 4
vulnrichment 1
nessus
nessus
KB5012670: Windows 8.1 and Windows Server 2012 R2 Security Update (April 2022)
2022-04-12 00:00:00
KB5012596: Windows 10 version 1607 / Windows Server 2016 Security Update (April 2022)
2022-04-12 00:00:00
KB5012604: Windows Server 2022 Security Update (April 2022)
2022-04-12 00:00:00
mskb
mskb
April 12, 2022—KB5012647 (OS Build 17763.2803)
2022-04-12 08:00:00
April 12, 2022—KB5012599 (OS Builds 19042.1645, 19043.1645, and 19044.1645)
2022-04-12 08:00:00
April 12, 2022—KB5012650 (Monthly Rollup)
2022-04-12 08:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5012653)
2022-04-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5012596)
2022-04-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5012592)
2023-08-08 00:00:00
kaspersky
kaspersky
KLA12509 Multiple vulnerabilities in Microsoft Products (ESU)
2022-04-12 00:00:00
KLA12502 Multiple vulnerabilities in Microsoft Windows
2022-04-12 00:00:00
KLA12503 Multiple vulnerabilities in Microsoft Windows
2022-04-05 00:00:00
avleonov
avleonov
Microsoft Patch Tuesday April 2022 and custom CVE comments sources in Vulristics
2022-04-23 09:22:32
rapid7blog
rapid7blog
Patch Tuesday - April 2022
2022-04-12 18:48:11
threatpost
threatpost
Microsoft Zero-Days, Wormable Bugs Spark Concern
2022-04-12 20:00:54
thn
thn
Microsoft Issues Patches for 2 Windows Zero-Days and 126 Other Vulnerabilities
2022-04-13 03:22:00
malwarebytes
malwarebytes
April’s Patch Tuesday update includes fixes for two zero-day vulnerabilities
2022-04-13 13:57:39
qualysblog
qualysblog
April 2022 Patch Tuesday: Microsoft Releases 145 Vulnerabilities with 10 Critical; Adobe Releases 4 Advisories, 78 Vulnerabilities with 51 Critical.
2022-04-12 20:07:30
krebs
krebs
Microsoft Patch Tuesday, April 2022 Edition
2022-04-13 15:01:24
akamaiblog
akamaiblog
Critical Remote Code Execution Vulnerabilities in Windows RPC Runtime
2022-04-13 09:15:00
hivepro
hivepro
Microsoft Patch Tuesday April 2022 addressed two zero-day vulnerabilities
2022-04-14 05:08:02
mscve
mscve
Windows DNS Server Remote Code Execution Vulnerability
2022-04-12 08:00:00
Windows DNS Server Remote Code Execution Vulnerability
2022-04-12 08:00:00
Windows DNS Server Remote Code Execution Vulnerability
2022-04-12 08:00:00
prion
prion
Privilege escalation
2022-04-15 19:15:00
Information disclosure
2022-04-15 19:15:00
Information disclosure
2022-04-15 19:15:00
cnvd
cnvd
Microsoft Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
2022-04-15 00:00:00
Microsoft Windows Telephony Serve Elevation of Privilege Vulnerability
2022-04-15 00:00:00
Microsoft Windows Hyper-V Remote Code Execution Vulnerability (CNVD-2023-02190)
2022-04-15 00:00:00
nvd
nvd
CVE-2022-22009
2022-04-15 19:15:09
CVE-2022-26785
2022-04-15 19:15:12
CVE-2022-26783
2022-04-15 19:15:12
cvelist
cvelist
CVE-2022-26785 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
2022-04-15 19:04:20
CVE-2022-24547 Windows Digital Media Receiver Elevation of Privilege Vulnerability
2022-04-15 19:04:10
CVE-2022-26823 Windows DNS Server Remote Code Execution Vulnerability
2022-04-15 19:05:13
cve
cve
CVE-2022-26807
2022-04-15 19:15:13
CVE-2022-26784
2022-04-15 19:15:12
CVE-2022-26821
2022-04-15 19:15:14
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2022-24481)
2022-04-12 00:00:00
Microsoft Windows DWM Core Library Elevation of Privilege (CVE-2022-24546)
2022-04-12 00:00:00
Microsoft Windows Network File System Remote Code Execution (CVE-2022-24491)
2022-04-12 00:00:00
githubexploit
githubexploit
Exploit for CVE-2022-24491
2022-04-13 12:40:57
zdi
zdi
Microsoft Windows win32kfull UMPDDrvStrokeAndFillPath Use-After-Free Local Privilege Escalation Vulnerability
2022-08-04 00:00:00
Microsoft Windows win32kfull UMPDDrvLineTo Use-After-Free Local Privilege Escalation Vulnerability
2023-04-24 00:00:00
Microsoft Windows win32kfull UMPDDrvStartBanding Use-After-Free Local Privilege Escalation Vulnerability
2022-07-15 00:00:00
vulnrichment
vulnrichment
CVE-2022-26825 Windows DNS Server Remote Code Execution Vulnerability
2022-04-15 19:05:16

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.024 Low

EPSS

Percentile

89.9%

JSON
Related for SMB_NT_MS22_APR_5012599.NASL
nessus10mskb15openvas7kaspersky3avleonov1rapid7blog1threatpost1thn1malwarebytes1qualysblog1krebs1akamaiblog1hivepro1mscve35prion22cnvd11nvd32cvelist23cve23checkpoint_advisories3githubexploit1zdi4vulnrichment1