0% found this document useful (0 votes)

1K views1,137 pages

Analisis Active Directory

Uploaded by

Nelson Torres

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

1K views1,137 pages

Analisis Active Directory

Uploaded by

Nelson Torres

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 1137

Active Directory

Report generated by Nessus™ Mon, 09 Sep 2019 12:14:42 -03

TABLE OF CONTENTS

Vulnerabilities by Host
• 192.168.100.4.................................................................................................................................................. .....4

Remediations
• Suggested Remediations.............................................................................................................................. 1136
Vulnerabilities by Host
192.168.100.4

34 209 73 10 279
CRITICAL HIGH MEDIUM LOW INFO

Scan Information

Start time: Mon Sep 9 11:53:14 2019

End time: Mon Sep 9 12:14:41 2019

Host Information

Netbios Name: SERVIDORDOMINIO

IP: 192.168.100.4
MAC Address: E8:39:35:E9:A7:5C E8:39:35:E9:A7:5D
OS: Microsoft Windows Server 2012 R2 Standard

Vulnerabilities
119583 - KB4471322: Windows 8.1 and Windows Server 2012 R2 December 2018 Security Update

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 4471322 or cumulative update 4471320. It is, therefore,
affected by multiple vulnerabilities :

- A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not
properly restrict VBScript under specific conditions. An attacker who exploited the vulnerability could run arbitrary
code with medium-integrity level privileges (the permissions of the current user). (CVE-2018-8619)

- A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input
properly. An attacker who successfully exploited this vulnerability could take control of an affected system.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user
rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted
than users who operate with administrative user rights.
(CVE-2018-8540)

192.168.100.4 4
The security update addresses the vulnerability by correcting how the Windows GDI component handles objects
in memory. (CVE-2018-8595, CVE-2018-8596)

- A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to
properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the
context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this
vulnerability. (CVE-2018-8626)

- An information disclosure vulnerability exists when Remote Procedure Call runtime improperly initializes
objects in memory. (CVE-2018-8514)

- A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context
of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as
the current user. (CVE-2018-8625)

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory.
An attacker who successfully exploited this vulnerability could obtain information to further compromise the
users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application.
The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
(CVE-2018-8622)

- A denial of service vulnerability exists when .NET Framework improperly handles special web requests. An
attacker who successfully exploited this vulnerability could cause a denial of service against an .NET Framework
web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated
attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework application.
The update addresses the vulnerability by correcting how the .NET Framework web application handles web
requests. (CVE-2018-8517)

- An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly
handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in
kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with
full user rights.
(CVE-2018-8641)
- An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle
objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel
mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8639)

See Also

http://www.nessus.org/u?454a6553
http://www.nessus.org/u?56bb4eaa

Solution

Apply Security Only update KB4471322 or Cumulative Update KB4471320.

Risk Factor

Critical

CVSS v3.0 Base Score

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

9.4 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.7 (CVSS2#E:H/RL:OF/RC:C)

References

CVE CVE-2018-8477
CVE CVE-2018-8514
CVE CVE-2018-8517
CVE CVE-2018-8540
CVE CVE-2018-8595
CVE CVE-2018-8596
CVE CVE-2018-8611
CVE CVE-2018-8619
CVE CVE-2018-8622
CVE CVE-2018-8625
CVE CVE-2018-8626
CVE CVE-2018-8631
CVE CVE-2018-8639
CVE CVE-2018-8641
CVE CVE-2018-8643
MSKB 4471322
MSKB 4471320
XREF MSFT:MS18-4471322
XREF MSFT:MS18-4471320

Plugin Information

Published: 2018/12/11, Modified: 2019/04/30

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4471322
- 4471320

C:\Windows\system32\ntoskrnl.exe has not been patched.

Remote version : 6.3.9600.16452
Should be : 6.3.9600.19202
127843 - KB4512489: Windows 8.1 and Windows Server 2012 R2 August 2019 Security Update

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 4512489 or cumulative update 4512488. It is, therefore,
affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local
Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the
security context of the local system. An attacker could then install programs; view, change, or delete data; or
create new accounts with full user rights.
(CVE-2019-1162)

- A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different
origins. The vulnerability allows Microsoft browsers to bypass Same-Origin Policy (SOP) restrictions, and to
allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could
force the browser to send data that would otherwise be restricted.
(CVE-2019-1192)

- An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly
handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to
further compromise the users system. (CVE-2019-1148, CVE-2019-1153)

- A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input. An
attacker who successfully exploited this vulnerability could cause a denial of service against an XML application.
A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to an XML
application. The update addresses the vulnerability by correcting how the XmlLite runtime parses XML input.
(CVE-2019-1187)

- <h1>Executive Summary</h1> Microsoft is aware of the Bluetooth BR/EDR (basic rate/enhanced data rate,
known as "Bluetooth Classic") key negotiation vulnerability that exists at the hardware specification
level of any BR/EDR Bluetooth device. An attacker could potentially be able to negotiate the offered key length
down to 1 byte of entropy, from a maximum of 16 bytes.
(CVE-2019-9506)

- An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory. An
attacker who successfully exploited the vulnerability could execute code with elevated permissions.
(CVE-2019-1180)

- An elevation of privilege exists in the p2pimsvc service where an attacker who successfully exploited the
vulnerability could run arbitrary code with elevated privileges. (CVE-2019-1168)

- An information disclosure vulnerability exists when the Windows Graphics component improperly handles
objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further
compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially
crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component
handles objects in memory. (CVE-2019-1078)

- An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An
attacker who successfully exploited the vulnerability could execute code with elevated permissions.
(CVE-2019-1178)

- A remote code execution vulnerability exists when the Windows font library improperly handles specially
crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the
affected system. An attacker could then install programs; view, change, or delete data; or create new accounts
with full user rights. (CVE-2019-1144, CVE-2019-1145, CVE-2019-1149, CVE-2019-1150, CVE-2019-1151,
CVE-2019-1152)

- A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services
when an unauthenticated attacker connects to the target system using RDP and sends specially crafted
requests.
This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited
this vulnerability could execute arbitrary code on the target system. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1181, CVE-2019-1182)

- A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted
DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on
the client machine. (CVE-2019-0736)

- An elevation of privilege vulnerability exists in the way that the rpcss.dll handles objects in memory. An attacker
who successfully exploited the vulnerability could execute code with elevated permissions.
(CVE-2019-1177)

- A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The
vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context
of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as
the current user. (CVE-2019-1193)
- An information disclosure vulnerability exists in Azure Active Directory (AAD) Microsoft Account (MSA) during
the login request session. An attacker who successfully exploited the vulnerability could take over a user's
account. (CVE-2019-1172)

- A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly
validate input from a privileged user on a guest operating system. An attacker who successfully exploited
the vulnerability could cause the host server to crash. (CVE-2019-0714, CVE-2019-0715, CVE-2019-0718,
CVE-2019-0723)

- A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who
successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2019-0716)

- An information disclosure vulnerability exists when the Windows GDI component improperly discloses the
contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to
further compromise a users system. There are multiple ways an attacker could exploit the vulnerability, such as
by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.
The update addresses the vulnerability by correcting how the Windows GDI component handles objects in
memory.
(CVE-2019-1143, CVE-2019-1158)

- A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to
properly validate input from an authenticated user on a guest operating system. (CVE-2019-0720)

- A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially
crafted packets. An attacker who successfully exploited the vulnerability could cause the DHCP server service to
stop responding. (CVE-2019-1212)

See Also

http://www.nessus.org/u?7c858a23
http://www.nessus.org/u?1fc7ed0c

Solution

Apply Security Only update KB4512489 or Cumulative Update KB4512488.

Risk Factor

Critical

CVSS v3.0 Base Score

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
STIG Severity

References

CVE CVE-2019-0714
CVE CVE-2019-0715
CVE CVE-2019-0716
CVE CVE-2019-0718
CVE CVE-2019-0720
CVE CVE-2019-0723
CVE CVE-2019-0736
CVE CVE-2019-1057
CVE CVE-2019-1078
CVE CVE-2019-1133
CVE CVE-2019-1143
CVE CVE-2019-1144
CVE CVE-2019-1145
CVE CVE-2019-1146
CVE CVE-2019-1147
CVE CVE-2019-1148
CVE CVE-2019-1149
CVE CVE-2019-1150
CVE CVE-2019-1151
CVE CVE-2019-1152
CVE CVE-2019-1153
CVE CVE-2019-1155
CVE CVE-2019-1156
CVE CVE-2019-1157
CVE CVE-2019-1158
CVE CVE-2019-1159
CVE CVE-2019-1162
CVE CVE-2019-1164
CVE CVE-2019-1168
CVE CVE-2019-1172
CVE CVE-2019-1177
CVE CVE-2019-1178
CVE CVE-2019-1180
CVE CVE-2019-1181
CVE CVE-2019-1182
CVE CVE-2019-1183
CVE CVE-2019-1187
CVE CVE-2019-1192
CVE CVE-2019-1193
CVE CVE-2019-1194
CVE CVE-2019-1206
CVE CVE-2019-1212
CVE CVE-2019-9506
MSKB 4512489
MSKB 4512488
XREF MSFT:MS19-4512489
XREF MSFT:MS19-4512488
XREF IAVA:2019-A-0284
XREF IAVA:2019-A-0290

Plugin Information

Published: 2019/08/13, Modified: 2019/08/16

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4512488
- 4512489

C:\Windows\system32\ntoskrnl.exe has not been patched.

Remote version : 6.3.9600.16452
Should be : 6.3.9600.19426
78432 - MS14-057: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414)

Synopsis

The version of the .NET Framework installed on the remote host is affected by a denial of service vulnerability.

Description

The remote Windows host has a version of the Microsoft .NET Framework that is affected by a vulnerability that
allows a remote attacker to to execute code remotely.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-057

Solution

Microsoft has released a set of patches for .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1, and 4.5.2.

Risk Factor

Critical

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

7.4 (CVSS2#E:U/RL:OF/RC:C)

References

BID 70312
BID 70313
BID 70351
CVE CVE-2014-4073
CVE CVE-2014-4121
CVE CVE-2014-4122
MSKB 2968292
MSKB 2968294
MSKB 2968295
MSKB 2968296
MSKB 2972098
MSKB 2972100
MSKB 2972101
MSKB 2972103
MSKB 2972105
MSKB 2972106
MSKB 2972107
MSKB 2978041
MSKB 2978042
MSKB 2979568
MSKB 2979570
MSKB 2979571
MSKB 2979573
MSKB 2979574
MSKB 2979575
MSKB 2979576
MSKB 2979577
MSKB 2979578
XREF MSFT:MS14-057

Plugin Information

Published: 2014/10/15, Modified: 2018/11/15

Plugin Output

tcp/445

- C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.deployment.dll has not been patched.

Remote version : 4.0.30319.33440
Should be : 4.0.30319.34243

- C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.deployment.dll has not been patched.

Remote version : 4.0.30319.33440
Should be : 4.0.30319.34243
79127 - MS14-066: Vulnerability in Schannel Could Allow Remote Code Execution (2992611)

Synopsis

The remote Windows host is affected by a remote code execution vulnerability.

Description

The remote Windows host is affected by a remote code execution vulnerability due to improper processing of
packets by the Secure Channel (Schannel) security package. An attacker can exploit this issue by sending
specially crafted packets to a Windows server.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-066

Solution

Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

Critical

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.3 (CVSS2#E:F/RL:OF/RC:C)

References

BID 70954
CVE CVE-2014-6321
MSKB 2992611
XREF CERT:505120
XREF MSFT:MS14-066

Exploitable With

Core Impact (true)

Plugin Information

Published: 2014/11/12, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 2992611
- C:\Windows\system32\Schannel.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.17385
79638 - MS14-066: Vulnerability in Schannel Could Allow Remote Code Execution (2992611)
(uncredentialed check)

Synopsis

The remote Windows host is affected by a remote code execution vulnerability.

Description

Note that this plugin sends a client Certificate TLS handshake message followed by a CertificateVerify message.
Some Windows hosts will close the connection upon receiving a client certificate for which it did not ask for
with a CertificateRequest message. In this case, the plugin cannot proceed to detect the vulnerability as the
CertificateVerify message cannot be sent.

See Also

http://www.nessus.org/u?64e97902

Solution

Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

Critical

CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.3 (CVSS2#E:F/RL:OF/RC:C)

References

BID 70954
CVE CVE-2014-6321
MSKB 2992611
XREF CERT:505120
XREF MSFT:MS14-066
Exploitable With

Core Impact (true)

Plugin Information

Published: 2014/12/01, Modified: 2019/09/06

Plugin Output

tcp/3389
82771 - MS15-034: Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553)

Synopsis

The remote Windows host is affected by a vulnerability in the HTTP protocol stack.

Description

The version of Windows running on the remote host is affected a vulnerability in the HTTP protocol stack
(HTTP.sys) due to improperly parsing crafted HTTP requests. A remote attacker can exploit this to execute
arbitrary code with System privileges.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-034

Solution

Microsoft has released a set of patches for Windows 7, 2008 R2, 8, 8.1, 2012, and 2012 R2

Risk Factor

Critical

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.3 (CVSS2#E:F/RL:OF/RC:C)

STIG Severity

References

BID 74013
CVE CVE-2015-1635
MSKB 3042553
XREF MSFT:MS15-034
XREF IAVA:2015-A-0092

Exploitable With

Core Impact (true)

Plugin Information

Published: 2015/04/14, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3042553
- C:\Windows\system32\drivers\http.sys has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.17712
82828 - MS15-034: Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553)
(uncredentialed check)

Synopsis

The remote Windows host is affected by a remote code execution vulnerability in the HTTP protocol stack.

Description

The version of Windows running on the remote host is affected by an integer overflow condition in the HTTP
protocol stack (HTTP.sys) due to improper parsing of crafted HTTP requests. An unauthenticated, remote
attacker can exploit this to execute arbitrary code with System privileges.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-034

Solution

Microsoft has released a set of patches for Windows 7, 2008 R2, 8, 8.1, 2012, and 2012 R2

Risk Factor

Critical

CVSS v3.0 Base Score

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

9.0 (CVSS:3.0/E:F/RL:O/RC:C)

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.3 (CVSS2#E:F/RL:OF/RC:C)

STIG Severity

References

BID 74013
CVE CVE-2015-1635
MSKB 3042553
XREF MSFT:MS15-034
XREF IAVA:2015-A-0092
XREF EDB-ID:36773
XREF EDB-ID:36776

Exploitable With

Core Impact (true)

Plugin Information

Published: 2015/04/16, Modified: 2018/11/15

Plugin Output

tcp/80

HTTP response status: HTTP/1.1 416 Requested Range Not Satisfiable

88644 - MS16-012: Security Update for Microsoft Windows PDF Library to Address Remote Code
Execution (3138938)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple code execution
vulnerabilities :

- A remote code execution vulnerability exists in Windows Reader. An attacker can exploit this, by convincing a
user to open a specially crafted file, to execute arbitrary code in the context of the current user.
(CVE-2016-0046)

- A flaw exists in the Microsoft Windows PDF Library due to improper handling of API calls. An attacker can
exploit this, by convincing a user to open a specially crafted file, to execute arbitrary code in the context of the
current user. (CVE-2016-0058).

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-012

Solution

Microsoft has released a set of patches for Windows 2012, 8.1, 2012 R2, and 10.

Risk Factor

Critical

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

7.4 (CVSS2#E:U/RL:OF/RC:C)

References

BID 82636
BID 82638
CVE CVE-2016-0046
CVE CVE-2016-0058
MSKB 3123294
MSKB 3135174
XREF MSFT:MS16-012

Plugin Information

Published: 2016/02/09, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3123294
- C:\Windows\system32\glcndfilter.dll has not been patched.
Remote version : 6.3.9600.16408
Should be : 6.3.9600.18184
91599 - MS16-071: Security Update for Microsoft Windows DNS Server (3164065)

Synopsis

The remote host is affected by a remote code execution vulnerability.

Description

The remote Windows host is affected by a remote code execution vulnerability in the Windows Domain Name
System (DNS) server due to improper handling of DNS requests. An unauthenticated, remote attacker can
exploit this, via specially crafted DNS requests, to execute arbitrary code in the context of the Local System
Account.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-071

Solution

Microsoft has released a set of patches for Windows 2012 and 2012 R2.

Risk Factor

Critical

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

7.4 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 91117
CVE CVE-2016-3227
MSKB 3161951
MSKB 3164065
XREF MSFT:MS16-071
XREF IAVA:2016-A-0153

Plugin Information
Published: 2016/06/14, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3161951
- C:\Windows\system32\dns.exe has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.18340
91605 - MS16-077: Security Update for WPAD (3165191)

Synopsis

The remote host is affected by multiple elevation of privilege vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege
vulnerabilities :

- An elevation of privilege vulnerability exists in the Web Proxy Auto Discovery (WPAD) protocol due to improper
handling of the proxy discovery process. A remote attacker can exploit this, by responding to NetBIOS name
requests for WPAD, to bypass security restrictions and gain elevated privileges. (CVE-2016-3213)

- An elevation of privilege vulnerability exists in the Web Proxy Auto Discovery (WPAD) protocol due to improper
handling of certain proxy discovery scenarios. A remote attacker can exploit this to elevate privileges, resulting in
the ability to disclose or control network traffic. (CVE-2016-3236)

- An elevation of privilege vulnerability exists in NetBIOS due to improper handling of responses. A remote
attacker can exploit this, via specially crafted NetBIOS responses, to appear as a trusted network device,
resulting in the ability to render untrusted content in a browser outside of Enhanced Protected Mode (EPM) or an
application container. (CVE-2016-3299)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-077

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, RT 8.1, 2012 R2, and
10.

Note that cumulative update 3160005 in MS16-063 must also be installed in order to fully resolve
CVE-2016-3213.

Risk Factor

Critical

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.3 (CVSS2#E:F/RL:OF/RC:C)

STIG Severity

I
References

BID 91111
BID 91114
BID 92387
CVE CVE-2016-3213
CVE CVE-2016-3236
CVE CVE-2016-3299
MSKB 3163017
MSKB 3161949
MSKB 3163018
XREF MSFT:MS16-077
XREF IAVA:2016-A-0157

Exploitable With

Core Impact (true)

Plugin Information

Published: 2016/06/14, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3161949
- C:\Windows\system32\ws2_32.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.18340
94012 - MS16-123: Security Update for Windows Kernel-Mode Drivers (3192892)

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver due to improper handling
of objects in memory. A local attacker can exploit these, via a specially crafted application, to execute arbitrary
code in kernel mode. (CVE-2016-3266, CVE-2016-3376, CVE-2016-7185, CVE-2016-7191)

- An elevation of privilege vulnerability exists in Windows Transaction Manager due to improper handling of
objects in memory. A local attacker can exploit this, via a specially crafted application, to execute processes in
an elevated context. (CVE-2016-3341)

See Also

http://www.nessus.org/u?e7e63f93

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and
10.

Risk Factor

Critical

CVSS v3.0 Base Score

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.5 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.7 (CVSS2#E:H/RL:OF/RC:C)

STIG Severity

II
References

BID 93384
BID 93388
BID 93389
BID 93391
BID 93556
CVE CVE-2016-3266
CVE CVE-2016-3341
CVE CVE-2016-3376
CVE CVE-2016-7185
CVE CVE-2016-7211
MSKB 3191203
MSKB 3183431
MSKB 3192391
MSKB 3185330
MSKB 3192392
MSKB 3185331
MSKB 3192393
MSKB 3185332
MSKB 3192440
MSKB 3192441
MSKB 3194798
MSKB 4038788
XREF MSFT:MS16-123
XREF IAVA:2016-A-0279

Plugin Information

Published: 2016/10/12, Modified: 2019/05/30

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 3192392
- 3185331

C:\Windows\System32\Gdiplus.dll has not been patched.

Remote version : 6.3.9600.16384
Should be : 6.3.9600.18468
97737 - MS17-010: Security Update for Microsoft Windows SMB Server (4013389) (ETERNALBLUE)
(ETERNALCHAMPION) (ETERNALROMANCE) (ETERNALSYNERGY) (WannaCry) (EternalRocks)
(Petya)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by the following vulnerabilities :

- Multiple remote code execution vulnerabilities exist in Microsoft Server Message Block 1.0 (SMBv1) due to
improper handling of certain requests. An unauthenticated, remote attacker can exploit these vulnerabilities,
via a specially crafted packet, to execute arbitrary code. (CVE-2017-0143, CVE-2017-0144, CVE-2017-0145,
CVE-2017-0146, CVE-2017-0148)

- An information disclosure vulnerability exists in Microsoft Server Message Block 1.0 (SMBv1) due to improper
handling of certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet,
to disclose sensitive information. (CVE-2017-0147)

ETERNALBLUE, ETERNALCHAMPION, ETERNALROMANCE, and ETERNALSYNERGY are four of multiple

Equation Group vulnerabilities and exploits disclosed on 2017/04/14 by a group known as the Shadow Brokers.
WannaCry / WannaCrypt is a ransomware program utilizing the ETERNALBLUE exploit, and EternalRocks
is a worm that utilizes seven Equation Group vulnerabilities. Petya is a ransomware program that first utilizes
CVE-2017-0199, a vulnerability in Microsoft Office, and then spreads via ETERNALBLUE.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2017/ms17-010
http://www.nessus.org/u?321523eb
http://www.nessus.org/u?065561d0
http://www.nessus.org/u?d9f569cf
https://github.com/stamparm/EternalRocks/
http://www.nessus.org/u?59db5b5b

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10,
and 2016. Microsoft has also released emergency patches for Windows operating systems that are no longer
supported, including Windows XP, 2003, and 8.

Risk Factor

Critical

CVSS v3.0 Base Score

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score

9.4 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.7 (CVSS2#E:H/RL:OF/RC:C)

STIG Severity

References

BID 96703
BID 96704
BID 96705
BID 96706
BID 96707
BID 96709
CVE CVE-2017-0143
CVE CVE-2017-0144
CVE CVE-2017-0145
CVE CVE-2017-0146
CVE CVE-2017-0147
CVE CVE-2017-0148
MSKB 4012212
MSKB 4012213
MSKB 4012214
MSKB 4012215
MSKB 4012216
MSKB 4012217
MSKB 4012606
MSKB 4013198
MSKB 4013429
MSKB 4012598
XREF MSFT:MS17-010
XREF IAVA:2017-A-0065
XREF EDB-ID:41891
XREF EDB-ID:41987
Exploitable With

CANVAS (true) Core Impact (true) Metasploit (true)

Plugin Information

Published: 2017/03/15, Modified: 2018/11/15

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4012213
- 4012216

C:\Windows\System32\win32k.sys has not been patched.

Remote version : 6.3.9600.16650
Should be : 6.3.9600.18603
97833 - MS17-010: Security Update for Microsoft Windows SMB Server (4013389) (ETERNALBLUE)
(ETERNALCHAMPION) (ETERNALROMANCE) (ETERNALSYNERGY) (WannaCry) (EternalRocks)
(Petya) (uncredentialed check)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is affected by the following vulnerabilities :

ETERNALBLUE, ETERNALCHAMPION, ETERNALROMANCE, and ETERNALSYNERGY are four of multiple

See Also

http://www.nessus.org/u?68fc8eff
http://www.nessus.org/u?321523eb
http://www.nessus.org/u?065561d0
http://www.nessus.org/u?d9f569cf
https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/
http://www.nessus.org/u?b9d9ebf9
http://www.nessus.org/u?8dcab5e4
http://www.nessus.org/u?234f8ef8
http://www.nessus.org/u?4c7e0cf3
https://github.com/stamparm/EternalRocks/
http://www.nessus.org/u?59db5b5b

Solution

For unsupported Windows operating systems, e.g. Windows XP, Microsoft recommends that users discontinue
the use of SMBv1. SMBv1 lacks security features that were included in later SMB versions. SMBv1 can
be disabled by following the vendor instructions provided in Microsoft KB2696547. Additionally, US-CERT
recommends that users block SMB directly by blocking TCP port 445 on all network boundary devices. For SMB
over the NetBIOS API, block TCP ports 137 / 139 and UDP ports 137 / 138 on all network boundary devices.

Risk Factor

Critical

CVSS v3.0 Base Score

8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.7 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.7 (CVSS2#E:H/RL:OF/RC:C)

STIG Severity

References

BID 96703
BID 96704
BID 96705
BID 96706
BID 96707
BID 96709
CVE CVE-2017-0143
CVE CVE-2017-0144
CVE CVE-2017-0145
CVE CVE-2017-0146
CVE CVE-2017-0147
CVE CVE-2017-0148
MSKB 4012212
MSKB 4012213
MSKB 4012214
MSKB 4012215
MSKB 4012216
MSKB 4012217
MSKB 4012606
MSKB 4013198
MSKB 4013429
MSKB 4012598
XREF EDB-ID:41891
XREF EDB-ID:41987
XREF MSFT:MS17-010
XREF IAVA:2017-A-0065

Exploitable With

CANVAS (true) Core Impact (true) Metasploit (true)

Plugin Information

Published: 2017/03/20, Modified: 2019/02/26

Plugin Output

tcp/445
97743 - MS17-012: Security Update for Microsoft Windows (4013078)

Synopsis

The remote Windows host is affected multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- A security feature bypass vulnerability exists in Device Guard due to improper validation of certain elements
in a signed PowerShell script. An unauthenticated, remote attacker can exploit this vulnerability to modify the
contents of a PowerShell script without invalidating the signature associated with the file, allowing the execution
of a malicious script. (CVE-2017-0007)

- A denial of service vulnerability exists in the Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3)
client implementations due to improper handling of certain requests sent to the client. An unauthenticated,
remote attacker can exploit this issue, via a malicious SMB server, to cause the system to stop responding until
it is manually restarted. (CVE-2017-0016)

- A remote code execution vulnerability exists due to using an insecure path to load certain dynamic link library
(DLL) files. A local attacker can exploit this, via a specially crafted library placed in the path, to execute arbitrary
code. (CVE-2017-0039)

- An information disclosure vulnerability exists in Windows dnsclient due to improper handling of certain
requests. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted
web page, to gain access to sensitive information on a targeted workstation. If the target is a server, the
attacker can also exploit this issue by tricking the server into sending a DNS query to a malicious DNS server.
(CVE-2017-0057)

- An elevation of privilege vulnerability exists in Helppane.exe due to a failure by an unspecified DCOM

object, configured to run as the interactive user, to properly authenticate the client. An authenticated, remote
attacker can exploit this, via a specially crafted application, to execute arbitrary code in another user's session.
(CVE-2017-0100)

- An integer overflow condition exists in the iSNS Server service due to improper validation of input from
the client. An unauthenticated, remote attacker can exploit this issue, via a specially crafted application that
connects and issues requests to the iSNS server, to execute arbitrary code in the context of the SYSTEM
account. (CVE-2017-0104)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2017/ms17-012

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10,
and 2016.

Risk Factor

Critical
CVSS v3.0 Base Score

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

9.4 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.7 (CVSS2#E:H/RL:OF/RC:C)

STIG Severity

References

BID 95969
BID 96018
BID 96024
BID 96695
BID 96697
BID 96700
CVE CVE-2017-0007
CVE CVE-2017-0016
CVE CVE-2017-0039
CVE CVE-2017-0057
CVE CVE-2017-0100
CVE CVE-2017-0104
MSKB 3217587
MSKB 4012021
MSKB 4012212
MSKB 4012215
MSKB 4012213
MSKB 4012216
MSKB 4012214
MSKB 4012217
MSKB 4012606
MSKB 4013198
XREF CERT:867968
XREF IAVA:2017-A-0070
XREF MSFT:MS17-012

Plugin Information

Published: 2017/03/15, Modified: 2018/11/15

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4012213
- 4012216

C:\Windows\System32\win32k.sys has not been patched.

Remote version : 6.3.9600.16650
Should be : 6.3.9600.18603
72704 - Microsoft .NET Framework Unsupported

Synopsis

An unsupported software framework is installed on the remote Windows host.

Description

According to its self-reported version number, there is at least one version of Microsoft .NET Framework
installed on the remote Windows host that is no longer supported.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it
is likely to contain security vulnerabilities.

See Also

http://www.nessus.org/u?53ee34d3
http://www.nessus.org/u?3b10ac8d

Solution

Upgrade to a version of the Microsoft .NET Framework that is currently supported.

Risk Factor

Critical

CVSS v3.0 Base Score

10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Plugin Information

Published: 2014/02/26, Modified: 2018/11/15

Plugin Output

tcp/445

The following Microsoft .NET Framework version is no longer

supported :

Installed version : Microsoft .NET Framework v4.5.1

EOL date : January 12, 2016
EOL URL : http://support.microsoft.com/lifecycle/search/?sort=pn&alpha=.net+framework
Supported versions : 3.5 / 4.5.2 / 4.6 / 4.6.1 / 4.6.2 / 4.7
100464 - Microsoft Windows SMBv1 Multiple Vulnerabilities

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host has Microsoft Server Message Block 1.0 (SMBv1) enabled. It is, therefore, affected
by multiple vulnerabilities :

- Multiple information disclosure vulnerabilities exist in Microsoft Server Message Block 1.0 (SMBv1) due to
improper handling of SMBv1 packets. An unauthenticated, remote attacker can exploit these vulnerabilities,
via a specially crafted SMBv1 packet, to disclose sensitive information. (CVE-2017-0267, CVE-2017-0268,
CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, CVE-2017-0276)

- Multiple denial of service vulnerabilities exist in Microsoft Server Message Block 1.0 (SMBv1) due to
improper handling of requests. An unauthenticated, remote attacker can exploit these vulnerabilities, via a
specially crafted SMB request, to cause the system to stop responding. (CVE-2017-0269, CVE-2017-0273,
CVE-2017-0280)

- Multiple remote code execution vulnerabilities exist in Microsoft Server Message Block 1.0 (SMBv1) due to
improper handling of SMBv1 packets. An unauthenticated, remote attacker can exploit these vulnerabilities, via a
specially crafted SMBv1 packet, to execute arbitrary code. (CVE-2017-0272, CVE-2017-0277, CVE-2017-0278,
CVE-2017-0279)

Depending on the host's security policy configuration, this plugin cannot always correctly determine if the
Windows host is vulnerable if the host is running a later Windows version (i.e., Windows 8.1, 10, 2012, 2012 R2,
and 2016) specifically that named pipes and shares are allowed to be accessed remotely and anonymously.
Tenable does not recommend this configuration, and the hosts should be checked locally for patches with one
of the following plugins, depending on the Windows version : 100054, 100055, 100057, 100059, 100060, or
100061.

See Also

http://www.nessus.org/u?c21268d4
http://www.nessus.org/u?b9253982
http://www.nessus.org/u?23802c83
http://www.nessus.org/u?8313bb60
http://www.nessus.org/u?7677c678
http://www.nessus.org/u?36da236c
http://www.nessus.org/u?0981b934
http://www.nessus.org/u?c88efefa
http://www.nessus.org/u?695bf5cc
http://www.nessus.org/u?459a1e8c
http://www.nessus.org/u?ea45bbc5
http://www.nessus.org/u?4195776a
http://www.nessus.org/u?fbf092cf
http://www.nessus.org/u?8c0cc566

Solution

Apply the applicable security update for your Windows version :

- Windows Server 2008 : KB4018466

- Windows 7 : KB4019264
- Windows Server 2008 R2 : KB4019264
- Windows Server 2012 : KB4019216
- Windows 8.1 / RT 8.1. : KB4019215
- Windows Server 2012 R2 : KB4019215
- Windows 10 : KB4019474
- Windows 10 Version 1511 : KB4019473
- Windows 10 Version 1607 : KB4019472
- Windows 10 Version 1703 : KB4016871
- Windows Server 2016 : KB4019472

Risk Factor

Critical

CVSS v3.0 Base Score

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

7.4 (CVSS2#E:U/RL:OF/RC:C)

References

BID 98259
BID 98260
BID 98261
BID 98263
BID 98264
BID 98265
BID 98266
BID 98267
BID 98268
BID 98270
BID 98271
BID 98272
BID 98273
BID 98274
CVE CVE-2017-0267
CVE CVE-2017-0268
CVE CVE-2017-0269
CVE CVE-2017-0270
CVE CVE-2017-0271
CVE CVE-2017-0272
CVE CVE-2017-0273
CVE CVE-2017-0274
CVE CVE-2017-0275
CVE CVE-2017-0276
CVE CVE-2017-0277
CVE CVE-2017-0278
CVE CVE-2017-0279
CVE CVE-2017-0280
MSKB 4016871
MSKB 4018466
MSKB 4019213
MSKB 4019214
MSKB 4019215
MSKB 4019216
MSKB 4019263
MSKB 4019264
MSKB 4019472
MSKB 4019473
MSKB 4019474

Plugin Information

Published: 2017/05/26, Modified: 2018/07/16

Plugin Output

tcp/445
73570 - Oracle Java SE Multiple Vulnerabilities (April 2014 CPU)

Synopsis

The remote Windows host contains a programming platform that is potentially affected by multiple vulnerabilities.

Description

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 8
Update 5, 7 Update 55, 6 Update 75, or 5 Update 65. It is, therefore, potentially affected by security issues in the
following components :

- 2D
- AWT
- Deployment
- Hotspot
- JAX-WS
- JAXB
- JAXP
- JNDI
- JavaFX
- Javadoc
- Libraries
- Scripting
- Security
- Sound

See Also

http://www.nessus.org/u?1e3ee66a
http://www.nessus.org/u?f65f6f6e
http://www.nessus.org/u?39cb260f
http://www.nessus.org/u?726f7054
http://www.nessus.org/u?84f3023c

Solution

Update to JDK / JRE 8 Update 5, 7 Update 55, 6 Update 75, or 5 Update 65 or later and, if necessary, remove
any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 5 Update 65 or later or 6
Update 75 or later.

Risk Factor
Critical

CVSS v3.0 Base Score

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

7.4 (CVSS2#E:U/RL:OF/RC:C)

References

BID 63676
BID 64493
BID 65568
BID 66856
BID 66866
BID 66870
BID 66873
BID 66877
BID 66879
BID 66881
BID 66883
BID 66886
BID 66887
BID 66891
BID 66893
BID 66894
BID 66897
BID 66898
BID 66899
BID 66902
BID 66903
BID 66904
BID 66905
BID 66907
BID 66908
BID 66909
BID 66910
BID 66911
BID 66912
BID 66913
BID 66914
BID 66915
BID 66916
BID 66917
BID 66918
BID 66919
BID 66920
CVE CVE-2013-6629
CVE CVE-2013-6954
CVE CVE-2014-0429
CVE CVE-2014-0432
CVE CVE-2014-0446
CVE CVE-2014-0448
CVE CVE-2014-0449
CVE CVE-2014-0451
CVE CVE-2014-0452
CVE CVE-2014-0453
CVE CVE-2014-0454
CVE CVE-2014-0455
CVE CVE-2014-0456
CVE CVE-2014-0457
CVE CVE-2014-0458
CVE CVE-2014-0459
CVE CVE-2014-0460
CVE CVE-2014-0461
CVE CVE-2014-0463
CVE CVE-2014-0464
CVE CVE-2014-1876
CVE CVE-2014-2397
CVE CVE-2014-2398
CVE CVE-2014-2401
CVE CVE-2014-2402
CVE CVE-2014-2403
CVE CVE-2014-2409
CVE CVE-2014-2410
CVE CVE-2014-2412
CVE CVE-2014-2413
CVE CVE-2014-2414
CVE CVE-2014-2420
CVE CVE-2014-2421
CVE CVE-2014-2422
CVE CVE-2014-2423
CVE CVE-2014-2427
CVE CVE-2014-2428

Plugin Information

Published: 2014/04/16, Modified: 2018/11/15

Plugin Output

tcp/445

The following vulnerable instance of Java is installed on the remote host :

Path : C:\Program Files (x86)\Java\jre6

Installed version : 1.6.0_45
Fixed version : 1.5.0_65 / 1.6.0_75 / 1.7.0_55 / 1.8.0_5
82820 - Oracle Java SE Multiple Vulnerabilities (April 2015 CPU) (FREAK)

Synopsis

The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.

Description

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8
Update 45, 7 Update 79, 6 Update 95, or 5 Update 85. It is, therefore, affected by security vulnerabilities in the
following components :

- 2D
- Beans
- Deployment
- Hotspot
- JavaFX
- JCE
- JSSE
- Tools

See Also

http://www.nessus.org/u?56618dc1
http://www.nessus.org/u?abb7def2
http://www.nessus.org/u?7736cf95
http://www.nessus.org/u?726f7054
http://www.nessus.org/u?84f3023c
https://www.smacktls.com/#freak

Solution

Upgrade to Oracle JDK / JRE 8 Update 45, 7 Update 79, 6 Update 95, or 5 Update 85 or later. If necessary,
remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 5 Update 85 or later and 6
Update 95 or later.

Risk Factor

Critical

CVSS v3.0 Base Score

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

7.4 (CVSS2#E:U/RL:OF/RC:C)

References

BID 71936
BID 74072
BID 74083
BID 74094
BID 74097
BID 74104
BID 74111
BID 74119
BID 74129
BID 74135
BID 74141
BID 74145
BID 74147
BID 74149
CVE CVE-2015-0204
CVE CVE-2015-0458
CVE CVE-2015-0459
CVE CVE-2015-0460
CVE CVE-2015-0469
CVE CVE-2015-0470
CVE CVE-2015-0477
CVE CVE-2015-0478
CVE CVE-2015-0480
CVE CVE-2015-0484
CVE CVE-2015-0486
CVE CVE-2015-0488
CVE CVE-2015-0491
CVE CVE-2015-0492

Plugin Information
Published: 2015/04/16, Modified: 2018/11/15

Plugin Output

tcp/445

The following vulnerable instance of Java is installed on the remote host :

Path : C:\Program Files (x86)\Java\jre6

Installed version : 1.6.0_45
Fixed version : 1.5.0_85 / 1.6.0_95 / 1.7.0_79 / 1.8.0_45
71966 - Oracle Java SE Multiple Vulnerabilities (January 2014 CPU)

Synopsis

The remote Windows host contains a programming platform that is potentially affected by multiple vulnerabilities.

Description

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7
Update 51, 6 Update 71, or 5 Update 61. It is, therefore, potentially affected by security issues in the following
components :

- 2D
- Beans
- CORBA
- Deployment
- Hotspot
- Install
- JAAS
- JavaFX
- JAXP
- JNDI
- JSSE
- Libraries
- Networking
- Security
- Serviceability

See Also

https://www.zerodayinitiative.com/advisories/ZDI-14-013/
https://www.zerodayinitiative.com/advisories/ZDI-14-038/
http://www.nessus.org/u?924160cd

Solution

Update to JDK / JRE 7 Update 51, 6 Update 71 or 5 Update 61 or later and, if necessary, remove any affected
versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 5 Update 61 or later or 6
Update 71 or later.

Risk Factor

Critical
CVSS v3.0 Base Score

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

7.4 (CVSS2#E:U/RL:OF/RC:C)

References

BID 64863
BID 64875
BID 64882
BID 64890
BID 64894
BID 64899
BID 64901
BID 64903
BID 64906
BID 64907
BID 64910
BID 64912
BID 64914
BID 64915
BID 64916
BID 64917
BID 64918
BID 64919
BID 64920
BID 64921
BID 64922
BID 64923
BID 64924
BID 64926
BID 64927
BID 64928
BID 64929
BID 64930
BID 64931
BID 64932
BID 64933
BID 64934
BID 64935
BID 64936
BID 64937
CVE CVE-2013-5870
CVE CVE-2013-5878
CVE CVE-2013-5884
CVE CVE-2013-5887
CVE CVE-2013-5889
CVE CVE-2013-5893
CVE CVE-2013-5895
CVE CVE-2013-5896
CVE CVE-2013-5898
CVE CVE-2013-5899
CVE CVE-2013-5902
CVE CVE-2013-5904
CVE CVE-2013-5905
CVE CVE-2013-5906
CVE CVE-2013-5907
CVE CVE-2013-5910
CVE CVE-2014-0368
CVE CVE-2014-0373
CVE CVE-2014-0375
CVE CVE-2014-0376
CVE CVE-2014-0382
CVE CVE-2014-0385
CVE CVE-2014-0387
CVE CVE-2014-0403
CVE CVE-2014-0408
CVE CVE-2014-0410
CVE CVE-2014-0411
CVE CVE-2014-0415
CVE CVE-2014-0416
CVE CVE-2014-0417
CVE CVE-2014-0418
CVE CVE-2014-0422
CVE CVE-2014-0423
CVE CVE-2014-0424
CVE CVE-2014-0428
Plugin Information

Published: 2014/01/15, Modified: 2018/11/15

Plugin Output

tcp/445

The following vulnerable instance of Java is installed on the remote host :

Path : C:\Program Files (x86)\Java\jre6

Installed version : 1.6.0_45
Fixed version: 1.5.0_61 / 1.6.0_71 / 1.7.0_51
80908 - Oracle Java SE Multiple Vulnerabilities (January 2015 CPU) (POODLE)

Synopsis

The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.

Description

The version of Oracle Java SE or Java for Business installed on the remote host is prior to 8 Update 31, 7
Update 75, 6 Update 91, or 5 Update 81. It is, therefore, affected by security vulnerabilities in the following
components :

- 2D
- Deployment
- Hotspot
- Install
- JAX-WS
- JSSE
- Libraries
- RMI
- Security
- Serviceability
- Swing

See Also

http://www.nessus.org/u?75c6cafb
http://www.nessus.org/u?17bff27a
http://www.nessus.org/u?64c6b956
http://www.nessus.org/u?726f7054
http://www.nessus.org/u?84f3023c
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

Solution

Update to JDK / JRE 8 Update 31, 7 Update 75, 6 Update 91, or 5 Update 81 or later, and if necessary, remove
any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 5 Update 81 or later, or 6
Update 91 or later.

Risk Factor
Critical

CVSS v3.0 Base Score

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

8.8 (CVSS:3.0/E:P/RL:O/RC:C)

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

7.8 (CVSS2#E:POC/RL:OF/RC:C)

References

BID 70574
BID 72132
BID 72136
BID 72137
BID 72140
BID 72142
BID 72146
BID 72148
BID 72150
BID 72154
BID 72155
BID 72159
BID 72162
BID 72165
BID 72168
BID 72169
BID 72173
BID 72175
BID 72176
CVE CVE-2014-3566
CVE CVE-2014-6549
CVE CVE-2014-6585
CVE CVE-2014-6587
CVE CVE-2014-6591
CVE CVE-2014-6593
CVE CVE-2014-6601
CVE CVE-2015-0383
CVE CVE-2015-0395
CVE CVE-2015-0400
CVE CVE-2015-0403
CVE CVE-2015-0406
CVE CVE-2015-0407
CVE CVE-2015-0408
CVE CVE-2015-0410
CVE CVE-2015-0412
CVE CVE-2015-0413
CVE CVE-2015-0421
CVE CVE-2015-0437
XREF CERT:577193

Plugin Information

Published: 2015/01/22, Modified: 2018/11/15

Plugin Output

tcp/445

The following vulnerable instance of Java is installed on the remote host :

Path : C:\Program Files (x86)\Java\jre6

Installed version : 1.6.0_45
Fixed versions: 1.5.0_81 / 1.6.0_91 / 1.7.0_75 / 1.8.0_31
88045 - Oracle Java SE Multiple Vulnerabilities (January 2016 CPU) (SLOTH)

Synopsis

The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.

Description

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8
Update 71, 7 Update 95, or 6 Update 111. It is, therefore, affected by security vulnerabilities in the following
components :

- 2D
- AWT
- JAXP
- JMX
- Libraries
- Networking
- Security

See Also

http://www.nessus.org/u?376edd90
http://www.nessus.org/u?f7b6203b
http://www.nessus.org/u?796894ea
http://www.nessus.org/u?b809e094
http://www.mitls.org/pages/attacks/SLOTH
http://www.mitls.org/downloads/transcript-collisions.pdf

Solution

Upgrade to Oracle JDK / JRE 8 Update 71, 7 Update 95, 6 Update 111, or later. If necessary, remove any
affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 111 or later.

Risk Factor

Critical

CVSS v3.0 Base Score

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

7.4 (CVSS2#E:U/RL:OF/RC:C)

References

BID 77568
BID 79684
CVE CVE-2015-7575
CVE CVE-2015-8126
CVE CVE-2016-0402
CVE CVE-2016-0448
CVE CVE-2016-0466
CVE CVE-2016-0475
CVE CVE-2016-0483
CVE CVE-2016-0494

Plugin Information

Published: 2016/01/21, Modified: 2018/11/15

Plugin Output

tcp/445

The following vulnerable instance of Java is installed on the remote host :

Path : C:\Program Files (x86)\Java\jre6

Installed version : 1.6.0_45
Fixed version: 1.6.0_111 / 1.7.0_95 / 1.8.0_71
76532 - Oracle Java SE Multiple Vulnerabilities (July 2014 CPU)

Synopsis

The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.

Description

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8
Update 11, 7 Update 65, 6 Update 81, or 5 Update 71. It is, therefore, affected by security issues in the following
components :

- Deployment
- Hotspot
- JavaFX
- JMX
- Libraries
- Security
- Serviceability
- Swing

See Also

http://www.nessus.org/u?4743a1ef
http://www.nessus.org/u?81911044
http://www.nessus.org/u?39cb260f
http://www.nessus.org/u?726f7054
http://www.nessus.org/u?84f3023c

Solution

Update to JDK / JRE 8 Update 11, 7 Update 65, 6 Update 81, or 5 Update 71 or later and, if necessary, remove
any affected versions.

Note that an extended support contract with Oracle is needed to obtain JDK / JRE 5 Update 71 or later or 6
Update 81 or later.

Risk Factor

Critical

CVSS v3.0 Base Score

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

References

CVE CVE-2014-2483
CVE CVE-2014-2490
CVE CVE-2014-4208
CVE CVE-2014-4209
CVE CVE-2014-4216
CVE CVE-2014-4218
CVE CVE-2014-4219
CVE CVE-2014-4220
CVE CVE-2014-4221
CVE CVE-2014-4223
CVE CVE-2014-4227
CVE CVE-2014-4244
CVE CVE-2014-4247
CVE CVE-2014-4252
CVE CVE-2014-4262
CVE CVE-2014-4263
CVE CVE-2014-4264
CVE CVE-2014-4265
CVE CVE-2014-4266
CVE CVE-2014-4268

Plugin Information

Published: 2014/07/16, Modified: 2018/11/15

Plugin Output

tcp/445

The following vulnerable instance of Java is installed on the remote host :

Path : C:\Program Files (x86)\Java\jre6

Installed version : 1.6.0_45
Fixed version : 1.5.0_71 / 1.6.0_81 / 1.7.0_65 / 1.8.0_11
84824 - Oracle Java SE Multiple Vulnerabilities (July 2015 CPU) (Bar Mitzvah)

Synopsis

The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.

Description

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8
Update 51, 7 Update 85, or 6 Update 101. It is, therefore, affected by security vulnerabilities in the following
components :

- 2D
- CORBA
- Deployment
- Hotspot
- Install
- JCE
- JMX
- JNDI
- JSSE
- Libraries
- RMI
- Security

See Also

http://www.nessus.org/u?c3cf9c18
http://www.nessus.org/u?822f496a
http://www.nessus.org/u?8497a5aa
http://www.nessus.org/u?726f7054

Solution

Upgrade to Oracle JDK / JRE 8 Update 51, 7 Update 85, 6 Update 101, or later. If necessary, remove any
affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.

Risk Factor

Critical

CVSS v3.0 Base Score

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score

9.4 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.7 (CVSS2#E:H/RL:OF/RC:C)

References

BID 73684
BID 74733
BID 75784
BID 75796
BID 75812
BID 75818
BID 75823
BID 75832
BID 75833
BID 75850
BID 75854
BID 75857
BID 75861
BID 75867
BID 75871
BID 75874
BID 75877
BID 75881
BID 75883
BID 75887
BID 75890
BID 75892
BID 75893
BID 75895
CVE CVE-2015-2590
CVE CVE-2015-2596
CVE CVE-2015-2601
CVE CVE-2015-2613
CVE CVE-2015-2619
CVE CVE-2015-2621
CVE CVE-2015-2625
CVE CVE-2015-2627
CVE CVE-2015-2628
CVE CVE-2015-2632
CVE CVE-2015-2637
CVE CVE-2015-2638
CVE CVE-2015-2659
CVE CVE-2015-2664
CVE CVE-2015-2808
CVE CVE-2015-4000
CVE CVE-2015-4729
CVE CVE-2015-4731
CVE CVE-2015-4732
CVE CVE-2015-4733
CVE CVE-2015-4736
CVE CVE-2015-4748
CVE CVE-2015-4749
CVE CVE-2015-4760

Plugin Information

Published: 2015/07/17, Modified: 2018/11/15

Plugin Output

tcp/445

The following vulnerable instance of Java is installed on the remote host :

Path : C:\Program Files (x86)\Java\jre6

Installed version : 1.6.0_45
Fixed version: 1.6.0_101 / 1.7.0_85 / 1.8.0_51
92516 - Oracle Java SE Multiple Vulnerabilities (July 2016 CPU)

Synopsis

The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.

Description

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8
Update 101, 7 Update 111, or 6 Update 121. It is, therefore, affected by multiple vulnerabilities :

- An unspecified flaw exists in the CORBA subcomponent that allows an unauthenticated, remote attacker to
impact integrity. (CVE-2016-3458)

- An unspecified flaw exists in the Networking subcomponent that allows a local attacker to impact integrity.
(CVE-2016-3485)

- An unspecified flaw exists in the JavaFX subcomponent that allows an unauthenticated, remote attacker to
cause a denial of service condition. (CVE-2016-3498)

- An unspecified flaw exists in the JAXP subcomponent that allows an unauthenticated, remote attacker to cause
a denial of service condition. (CVE-2016-3500)

- An unspecified flaw exists in the Install subcomponent that allows a local attacker to gain elevated privileges.
(CVE-2016-3503)

- An unspecified flaw exists in the JAXP subcomponent that allows an unauthenticated, remote attacker to cause
a denial of service condition. (CVE-2016-3508)

- An unspecified flaw exists in the Deployment subcomponent that allows a local attacker to gain elevated
privileges. (CVE-2016-3511)

- An unspecified flaw exists in the Hotspot subcomponent that allows an unauthenticated, remote attacker to
disclose potentially sensitive information.
(CVE-2016-3550)

- An unspecified flaw exists in the Install subcomponent that allows a local attacker to gain elevated privileges.
(CVE-2016-3552)

- A flaw exists in the Hotspot subcomponent due to improper access to the MethodHandle::invokeBasic()
function. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-3587)

- A flaw exists in the Libraries subcomponent within the MethodHandles::dropArguments() function that allows an
unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3598)

- A flaw exists in the Hotspot subcomponent within the ClassVerifier::ends_in_athrow() function when handling
bytecode verification. An unauthenticated, remote attacker can exploit this to execute arbitrary code.
(CVE-2016-3606)

- An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to
execute arbitrary code. (CVE-2016-3610)

See Also
http://www.nessus.org/u?e71b6836
http://www.nessus.org/u?92867054
http://www.nessus.org/u?6adbf356
http://www.nessus.org/u?81636e81

Solution

Upgrade to Oracle JDK / JRE 8 Update 101 / 7 Update 111 / 6 Update 121 or later. If necessary, remove any
affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.

Risk Factor

Critical

CVSS v3.0 Base Score

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

7.4 (CVSS2#E:U/RL:OF/RC:C)

References

BID 91904
BID 91912
BID 91918
BID 91930
BID 91945
BID 91951
BID 91956
BID 91962
BID 91972
BID 91990
BID 91996
BID 92000
BID 92006
CVE CVE-2016-3458
CVE CVE-2016-3485
CVE CVE-2016-3498
CVE CVE-2016-3500
CVE CVE-2016-3503
CVE CVE-2016-3508
CVE CVE-2016-3511
CVE CVE-2016-3550
CVE CVE-2016-3552
CVE CVE-2016-3587
CVE CVE-2016-3598
CVE CVE-2016-3606
CVE CVE-2016-3610

Plugin Information

Published: 2016/07/22, Modified: 2018/11/15

Plugin Output

tcp/445

The following vulnerable instance of Java is installed on the remote host :

Path : C:\Program Files (x86)\Java\jre6

Installed version : 1.6.0_45
Fixed version: 1.6.0_121 / 1.7.0_111 / 1.8.0_101
66932 - Oracle Java SE Multiple Vulnerabilities (June 2013 CPU)

Synopsis

The remote Windows host contains a programming platform that is potentially affected by multiple vulnerabilities.

Description

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than or
equal to 7 Update 21, 6 Update 45 or 5 Update 45. It is, therefore, potentially affected by security issues in the
following components :

- 2D
- AWT
- CORBA
- Deployment
- Hotspot
- Install
- JDBC
- JMX
- Libraries
- Networking
- Serialization
- Serviceability
- Sound

See Also

http://www.zerodayinitiative.com/advisories/ZDI-13-132/
http://www.zerodayinitiative.com/advisories/ZDI-13-151/
http://www.zerodayinitiative.com/advisories/ZDI-13-152/
http://www.zerodayinitiative.com/advisories/ZDI-13-153/
http://www.zerodayinitiative.com/advisories/ZDI-13-154/
http://www.zerodayinitiative.com/advisories/ZDI-13-155/
http://www.zerodayinitiative.com/advisories/ZDI-13-156/
http://www.zerodayinitiative.com/advisories/ZDI-13-157/
http://www.zerodayinitiative.com/advisories/ZDI-13-158/
http://www.zerodayinitiative.com/advisories/ZDI-13-159/
http://www.zerodayinitiative.com/advisories/ZDI-13-160/
https://seclists.org/fulldisclosure/2013/Aug/211
https://seclists.org/fulldisclosure/2013/Aug/276
http://www.nessus.org/u?a094a6d7
http://www.oracle.com/technetwork/java/eol-135779.html

Solution

Update to JDK / JRE 5 Update 51, 6 Update 51, 7 Update 25 or later and, if necessary, remove any affected
versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 5 Update 51 or later or 6
Update 51 or later.

Risk Factor

Critical

CVSS v3.0 Base Score

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

9.4 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.7 (CVSS2#E:H/RL:OF/RC:C)

References

BID 60617
BID 60618
BID 60619
BID 60620
BID 60621
BID 60622
BID 60623
BID 60624
BID 60625
BID 60626
BID 60627
BID 60629
BID 60630
BID 60631
BID 60632
BID 60633
BID 60634
BID 60635
BID 60636
BID 60637
BID 60638
BID 60639
BID 60640
BID 60641
BID 60643
BID 60644
BID 60645
BID 60646
BID 60647
BID 60649
BID 60650
BID 60651
BID 60652
BID 60653
BID 60654
BID 60655
BID 60656
BID 60657
BID 60658
BID 60659
CVE CVE-2013-1500
CVE CVE-2013-1571
CVE CVE-2013-2400
CVE CVE-2013-2407
CVE CVE-2013-2412
CVE CVE-2013-2437
CVE CVE-2013-2442
CVE CVE-2013-2443
CVE CVE-2013-2444
CVE CVE-2013-2445
CVE CVE-2013-2446
CVE CVE-2013-2447
CVE CVE-2013-2448
CVE CVE-2013-2449
CVE CVE-2013-2450
CVE CVE-2013-2451
CVE CVE-2013-2452
CVE CVE-2013-2453
CVE CVE-2013-2454
CVE CVE-2013-2455
CVE CVE-2013-2456
CVE CVE-2013-2457
CVE CVE-2013-2458
CVE CVE-2013-2459
CVE CVE-2013-2460
CVE CVE-2013-2461
CVE CVE-2013-2462
CVE CVE-2013-2463
CVE CVE-2013-2464
CVE CVE-2013-2465
CVE CVE-2013-2466
CVE CVE-2013-2467
CVE CVE-2013-2468
CVE CVE-2013-2469
CVE CVE-2013-2470
CVE CVE-2013-2471
CVE CVE-2013-2472
CVE CVE-2013-2473
CVE CVE-2013-3743
CVE CVE-2013-3744
XREF CERT:225657
XREF EDB-ID:27754
XREF EDB-ID:27943
XREF EDB-ID:28050

Exploitable With

Core Impact (true) Metasploit (true)

Plugin Information

Published: 2013/06/19, Modified: 2018/11/15

Plugin Output

tcp/445

The following vulnerable instance of Java is installed on the remote host :

Path : C:\Program Files (x86)\Java\jre6

Installed version : 1.6.0_45
Fixed version: 1.5.0_51 / 1.6.0_51 / 1.7.0_25
70472 - Oracle Java SE Multiple Vulnerabilities (October 2013 CPU)

Synopsis

The remote Windows host contains a programming platform that is potentially affected by multiple vulnerabilities.

Description

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7
Update 45, 6 Update 65, or 5 Update 55. It is, therefore, potentially affected by security issues in the following
components :

- 2D
- AWT
- BEANS
- CORBA
- Deployment
- JAX-WS
- JAXP
- JGSS
- jhat
- JNDI
- JavaFX
- Javadoc
- Libraries
- SCRIPTING
- Security
- Swing

See Also

http://www.zerodayinitiative.com/advisories/ZDI-13-244/
http://www.zerodayinitiative.com/advisories/ZDI-13-245/
http://www.zerodayinitiative.com/advisories/ZDI-13-246/
http://www.zerodayinitiative.com/advisories/ZDI-13-247/
http://www.zerodayinitiative.com/advisories/ZDI-13-248/
http://www.nessus.org/u?94fd7b37
http://www.oracle.com/technetwork/java/eol-135779.html

Solution

Update to JDK / JRE 7 Update 45, 6 Update 65, or 5 Update 55 or later and, if necessary, remove any affected
versions.
Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 5 Update 55 or later or 6
Update 65 or later.

Risk Factor

Critical

CVSS v3.0 Base Score

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

7.4 (CVSS2#E:U/RL:OF/RC:C)

References

BID 58507
BID 59141
BID 59153
BID 59165
BID 59167
BID 59170
BID 59184
BID 59187
BID 59194
BID 59206
BID 59212
BID 59213
BID 59219
BID 59228
BID 59243
BID 60617
BID 60618
BID 60619
BID 60620
BID 60621
BID 60622
BID 60623
BID 60624
BID 60625
BID 60626
BID 60627
BID 60629
BID 60630
BID 60631
BID 60632
BID 60633
BID 60634
BID 60635
BID 60637
BID 60638
BID 60639
BID 60640
BID 60641
BID 60643
BID 60644
BID 60645
BID 60646
BID 60647
BID 60649
BID 60650
BID 60651
BID 60652
BID 60653
BID 60654
BID 60655
BID 60656
BID 60657
BID 60658
BID 60659
BID 61310
BID 63079
BID 63082
BID 63089
BID 63095
BID 63098
BID 63101
BID 63102
BID 63103
BID 63106
BID 63110
BID 63111
BID 63112
BID 63115
BID 63118
BID 63120
BID 63121
BID 63122
BID 63124
BID 63126
BID 63127
BID 63128
BID 63129
BID 63130
BID 63131
BID 63132
BID 63133
BID 63134
BID 63135
BID 63136
BID 63137
BID 63139
BID 63140
BID 63141
BID 63142
BID 63143
BID 63144
BID 63145
BID 63146
BID 63147
BID 63148
BID 63149
BID 63150
BID 63151
BID 63152
BID 63153
BID 63154
BID 63155
BID 63156
BID 63157
BID 63158
CVE CVE-2013-3829
CVE CVE-2013-4002
CVE CVE-2013-5772
CVE CVE-2013-5774
CVE CVE-2013-5775
CVE CVE-2013-5776
CVE CVE-2013-5777
CVE CVE-2013-5778
CVE CVE-2013-5780
CVE CVE-2013-5782
CVE CVE-2013-5783
CVE CVE-2013-5784
CVE CVE-2013-5787
CVE CVE-2013-5788
CVE CVE-2013-5789
CVE CVE-2013-5790
CVE CVE-2013-5797
CVE CVE-2013-5800
CVE CVE-2013-5801
CVE CVE-2013-5802
CVE CVE-2013-5803
CVE CVE-2013-5804
CVE CVE-2013-5805
CVE CVE-2013-5806
CVE CVE-2013-5809
CVE CVE-2013-5810
CVE CVE-2013-5812
CVE CVE-2013-5814
CVE CVE-2013-5817
CVE CVE-2013-5818
CVE CVE-2013-5819
CVE CVE-2013-5820
CVE CVE-2013-5823
CVE CVE-2013-5824
CVE CVE-2013-5825
CVE CVE-2013-5829
CVE CVE-2013-5830
CVE CVE-2013-5831
CVE CVE-2013-5832
CVE CVE-2013-5838
CVE CVE-2013-5840
CVE CVE-2013-5842
CVE CVE-2013-5843
CVE CVE-2013-5844
CVE CVE-2013-5846
CVE CVE-2013-5848
CVE CVE-2013-5849
CVE CVE-2013-5850
CVE CVE-2013-5851
CVE CVE-2013-5852
CVE CVE-2013-5854

Plugin Information

Published: 2013/10/17, Modified: 2018/11/15

Plugin Output

tcp/445

The following vulnerable instance of Java is installed on the remote host :

Path : C:\Program Files (x86)\Java\jre6

Installed version : 1.6.0_45
Fixed version: 1.5.0_55 / 1.6.0_65 / 1.7.0_45
78481 - Oracle Java SE Multiple Vulnerabilities (October 2014 CPU)

Synopsis

The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.

Description

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8
Update 25, 7 Update 71, 6 Update 85, or 5 Update 75. It is, therefore, affected by security issues in the following
components :

- 2D
- AWT
- Deployment
- Hotspot
- JAXP
- JSSE
- JavaFX
- Libraries
- Security

See Also

http://www.nessus.org/u?2b7fdf57
http://www.nessus.org/u?631ebd82
http://www.nessus.org/u?cd6e3a16
http://www.nessus.org/u?726f7054
http://www.nessus.org/u?84f3023c

Solution

Update to JDK / JRE 8 Update 25, 7 Update 71, 6 Update 85, or 5 Update 75 or later and, if necessary, remove
any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 5 Update 75 or later or 6
Update 85 or later.

Risk Factor

Critical

CVSS v3.0 Base Score

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

7.4 (CVSS2#E:U/RL:OF/RC:C)

References

BID 70456
BID 70460
BID 70468
BID 70470
BID 70484
BID 70488
BID 70507
BID 70518
BID 70519
BID 70522
BID 70523
BID 70531
BID 70533
BID 70538
BID 70544
BID 70548
BID 70552
BID 70556
BID 70560
BID 70564
BID 70565
BID 70567
BID 70569
BID 70570
BID 70572
CVE CVE-2014-4288
CVE CVE-2014-6456
CVE CVE-2014-6457
CVE CVE-2014-6458
CVE CVE-2014-6466
CVE CVE-2014-6468
CVE CVE-2014-6476
CVE CVE-2014-6485
CVE CVE-2014-6492
CVE CVE-2014-6493
CVE CVE-2014-6502
CVE CVE-2014-6503
CVE CVE-2014-6504
CVE CVE-2014-6506
CVE CVE-2014-6511
CVE CVE-2014-6512
CVE CVE-2014-6513
CVE CVE-2014-6515
CVE CVE-2014-6517
CVE CVE-2014-6519
CVE CVE-2014-6527
CVE CVE-2014-6531
CVE CVE-2014-6532
CVE CVE-2014-6558
CVE CVE-2014-6562

Plugin Information

Published: 2014/10/15, Modified: 2018/11/15

Plugin Output

tcp/445

The following vulnerable instance of Java is installed on the remote host :

Path : C:\Program Files (x86)\Java\jre6

Installed version : 1.6.0_45
Fixed versions: 1.5.0_75 / 1.6.0_85 / 1.7.0_71 / 1.8.0_25
86542 - Oracle Java SE Multiple Vulnerabilities (October 2015 CPU)

Synopsis

The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.

Description

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8
Update 65, 7 Update 91, or 6 Update 105. It is, therefore, affected by security vulnerabilities in the following
components :

- 2D
- CORBA
- Deployment
- JavaFX
- JAXP
- JGSS
- Libraries
- RMI
- Security
- Serialization

See Also

http://www.nessus.org/u?2e5158e8
http://www.nessus.org/u?31d5ce9a
http://www.nessus.org/u?4da55863
http://www.nessus.org/u?af476d66

Solution

Upgrade to Oracle JDK / JRE 8 Update 65, 7 Update 91, 6 Update 105, or later. If necessary, remove any
affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.

Risk Factor

Critical

CVSS v3.0 Base Score

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

7.4 (CVSS2#E:U/RL:OF/RC:C)

References

BID 77126
BID 77148
BID 77159
BID 77160
BID 77162
BID 77163
BID 77164
BID 77181
BID 77192
BID 77194
BID 77200
BID 77207
BID 77209
BID 77211
BID 77214
BID 77221
BID 77223
BID 77225
BID 77226
BID 77229
BID 77238
BID 77241
BID 77242
CVE CVE-2015-4835
CVE CVE-2015-4881
CVE CVE-2015-4843
CVE CVE-2015-4883
CVE CVE-2015-4860
CVE CVE-2015-4805
CVE CVE-2015-4844
CVE CVE-2015-4901
CVE CVE-2015-4868
CVE CVE-2015-4810
CVE CVE-2015-4806
CVE CVE-2015-4871
CVE CVE-2015-4902
CVE CVE-2015-4840
CVE CVE-2015-4882
CVE CVE-2015-4842
CVE CVE-2015-4734
CVE CVE-2015-4903
CVE CVE-2015-4803
CVE CVE-2015-4893
CVE CVE-2015-4911
CVE CVE-2015-4872
CVE CVE-2015-4906
CVE CVE-2015-4916
CVE CVE-2015-4908

Plugin Information

Published: 2015/10/22, Modified: 2018/11/15

Plugin Output

tcp/445

The following vulnerable instance of Java is installed on the remote host :

Path : C:\Program Files (x86)\Java\jre6

Installed version : 1.6.0_45
Fixed version: 1.6.0_105 / 1.7.0_91 / 1.8.0_65
92789 - Oracle VirtualBox Unsupported Version Detection (Windows)

Synopsis

A virtualization application installed on the remote Windows host is no longer supported.

Description

According to its self-reported version number, the installation of Oracle VirtualBox on the remote Windows host
is no longer supported.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it
is likely to contain security vulnerabilities.

See Also

http://www.nessus.org/u?925c7fb8
http://www.nessus.org/u?466fb425
https://www.virtualbox.org/wiki/Download_Old_Builds

Solution

Upgrade to a version of Oracle VirtualBox that is currently supported.

Risk Factor

Critical

CVSS v3.0 Base Score

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Plugin Information

Published: 2016/08/08, Modified: 2017/07/19

Plugin Output

tcp/445

Path : C:\Program Files\Oracle\VirtualBox\

Installed version : 5.0.4.102546
EOL URL
Solution
: Upgrade to a supported version of VirtualBox
101365 - Windows 8.1 and Windows Server 2012 R2 July 2017 Security Updates

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 4025333 or cumulative update 4025336. It is, therefore,
affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in the Windows Performance Monitor Console due to improper
parsing of XML input that contains a reference to an external entity. An unauthenticated, remote attacker can
exploit this, by convincing a user to create a Data Collector Set and import a specially crafted XML file, to
disclose arbitrary files via an XML external entity (XXE) declaration. (CVE-2017-0170)

- A remote code execution vulnerability exists in Windows Explorer due to improper handling of executable files
and shares during rename operations. An unauthenticated, remote attacker can exploit this, by convincing a user
to open a specially crafted file, to execute arbitrary code in the context of the current user. (CVE-2017-8463)

- An elevation of privilege vulnerability exists in the Microsoft Graphics component due to improper handling of
objects in memory. A local attacker can exploit this, via a specially crafted application, to run arbitrary code in
kernel mode. (CVE-2017-8467)

- An information disclosure vulnerability exists in Win32k due to improper handling of objects in memory. A local
attacker can exploit this, via a specially crafted application, to disclose sensitive information.
(CVE-2017-8486)

- A security bypass vulnerability exists in Microsoft Windows when handling Kerberos ticket exchanges due to
a failure to prevent tampering with the SNAME field. A man-in-the-middle attacker can exploit this to bypass the
Extended Protection for Authentication security feature. (CVE-2017-8495)

- An information disclosure vulnerability exists in the Windows System Information Console due to improper
parsing of XML input that contains a reference to an external entity. An unauthenticated, remote attacker can
exploit this, by convincing a user to open a specially crafted file, to disclose arbitrary files via an XML external
entity (XXE) declaration.
(CVE-2017-8557)

- An elevation of privilege vulnerability exists in the Windows kernel due to improper handling of objects in
memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with
elevated permissions. (CVE-2017-8561)

- An elevation of privilege vulnerability exists in Windows due to improper handling of calls to Advanced Local
Procedure Call (ALPC). An authenticated, remote attacker can exploit this via a specially crafted application, to
run processes in an elevated context.
(CVE-2017-8562)

- An elevation of privilege vulnerability exists in Windows due to Kerberos falling back to NT LAN Manager
(NTLM) Authentication Protocol as the default authentication protocol. An authenticated, remote attacker can
exploit this, via an application that sends specially crafted traffic to a domain controller, to run processes in an
elevated context. (CVE-2017-8563)
- An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in
memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to bypass Kernel
Address Space Layout Randomization (KASLR) and disclose the base address of the kernel driver.
(CVE-2017-8564)

- A remote code execution vulnerability exists in PowerShell when handling a PSObject that wraps a CIM
instance. An authenticated, remote attacker can exploit this, via a specially crafted script, to execute arbitrary
code in a PowerShell remote session.
(CVE-2017-8565)

- Multiple elevation of privilege vulnerabilities exist in the Microsoft Graphics Component due to improper
handling of objects in memory. A local attacker can exploit these, via a specially crafted application, to run
arbitrary code in kernel mode. (CVE-2017-8577, CVE-2017-8578, CVE-2017-8580)

- An elevation of privilege vulnerability exists in Windows due to improper handling of objects in memory. A local
attacker can exploit this, via a specially crafted application, to run arbitrary code in kernel mode.
(CVE-2017-8581)

- An information disclosure vulnerability exists in the HTTP.sys server application component due to improper
handling of objects in memory. An unauthenticated, remote attacker can exploit this, via a specially crafted
request, to disclose sensitive information.
(CVE-2017-8582)

- A denial of service vulnerability exists in Windows Explorer that is triggered when Explorer attempts to open a
non-existent file. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially
crafted website, to cause a user's system to stop responding. (CVE-2017-8587)

- A remote code execution vulnerability exists in WordPad due to improper parsing of specially crafted files. An
unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted file, to execute
arbitrary code in the context of the current user. (CVE-2017-8588)

- A remote code execution vulnerability exists in the Windows Search component due to improper handling of
objects in memory. An unauthenticated, remote attacker can exploit this, by sending specially crafted messages
to the Windows Search service, to elevate privileges and execute arbitrary code. (CVE-2017-8589)

- An elevation of privilege vulnerability exists in the Windows Common Log File System (CLFS) driver due to
improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to
run processes in an elevated context. (CVE-2017-8590)

- A security bypass vulnerability exists in Microsoft browsers due to improper handling of redirect requests.
An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to
bypass CORS redirect restrictions. (CVE-2017-8592)

- A remote code execution vulnerability exists in Internet Explorer due to improper handling of objects in
memory.
An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to
execute arbitrary code in the context of the current user. (CVE-2017-8594)

- A spoofing vulnerability exists in Microsoft browsers due to improper parsing of HTTP content. An
unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to
redirect the user to a malicious website.
(CVE-2017-8602)

- A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper
handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit
a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-8606)

- A remote code execution vulnerability exists in Internet Explorer in the VBScript engine due to improper
handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit
a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-8618)

See Also

http://www.nessus.org/u?60b27ab9

Solution

Apply Security Only update KB4025333 or Cumulative update KB4025336.

Risk Factor

Critical

CVSS v3.0 Base Score

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

8.8 (CVSS:3.0/E:P/RL:O/RC:C)

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

7.8 (CVSS2#E:POC/RL:OF/RC:C)

References

BID 99387
BID 99389
BID 99390
BID 99394
BID 99396
BID 99397
BID 99398
BID 99399
BID 99400
BID 99401
BID 99402
BID 99408
BID 99409
BID 99410
BID 99412
BID 99413
BID 99414
BID 99416
BID 99419
BID 99421
BID 99423
BID 99424
BID 99425
BID 99426
BID 99427
BID 99428
BID 99429
BID 99431
BID 99439
CVE CVE-2017-0170
CVE CVE-2017-8463
CVE CVE-2017-8467
CVE CVE-2017-8486
CVE CVE-2017-8495
CVE CVE-2017-8556
CVE CVE-2017-8557
CVE CVE-2017-8561
CVE CVE-2017-8562
CVE CVE-2017-8563
CVE CVE-2017-8564
CVE CVE-2017-8565
CVE CVE-2017-8573
CVE CVE-2017-8577
CVE CVE-2017-8578
CVE CVE-2017-8580
CVE CVE-2017-8581
CVE CVE-2017-8582
CVE CVE-2017-8587
CVE CVE-2017-8588
CVE CVE-2017-8589
CVE CVE-2017-8590
CVE CVE-2017-8592
CVE CVE-2017-8594
CVE CVE-2017-8602
CVE CVE-2017-8606
CVE CVE-2017-8607
CVE CVE-2017-8608
CVE CVE-2017-8618
MSKB 4025333
MSKB 4025336
XREF MSFT:MS17-4025333
XREF MSFT:MS17-4025336

Plugin Information

Published: 2017/07/11, Modified: 2019/05/16

Plugin Output

tcp/445

The registry key "SYSTEM\CurrentControlSet\Services\NTDS\Parameters\LdapEnforceChannelBinding"

is missing or is not equal to "1" or "2"
The remote host is missing one of the following rollup KBs :
- 4025333
- 4025336

C:\Windows\System32\win32k.sys has not been patched.

Remote version : 6.3.9600.16650
Should be : 6.3.9600.18737
100764 - Windows 8.1 and Windows Server 2012 R2 June 2017 Security Updates

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 4022717 or cumulative update 4022726. It is, therefore,
affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists in Windows Hyper-V instruction emulation due to a failure to
properly enforce privilege levels. An attacker on a guest operating system can exploit this to gain elevated
privileges on the guest. Note that the host operating system is not vulnerable. (CVE-2017-0193)

- Multiple information disclosure vulnerabilities exist in Windows Uniscribe due to improper handling of objects
in memory. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a specially
crafted website or open a specially crafted document, to disclose the contents of memory. (CVE-2017-0282,
CVE-2017-0284, CVE-2017-0285)

- Multiple remote code execution vulnerabilities exist in Windows Uniscribe due to improper handling of objects
in memory. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a specially
crafted website or open a specially crafted document, to execute arbitrary code in the context of the current user.
(CVE-2017-0283, CVE-2017-8528)

- Multiple information disclosure vulnerabilities exist in the Windows GDI component due to improper handling
of objects in memory. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a
specially crafted website or open a specially crafted document, to disclose the contents of memory.
(CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, CVE-2017-8533)

- Multiple remote code execution vulnerabilities exist in Microsoft Windows due to improper parsing of PDF files.
An unauthenticated, remote attacker can exploit these, by convincing a user to open a specially crafted PDF file,
to execute arbitrary code in the context of the current user. (CVE-2017-0291, CVE-2017-0292)

- A remote code execution vulnerability exists in Microsoft Windows due to improper handling of cabinet files. An
unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted cabinet file, to
execute arbitrary code in the context of the current user. (CVE-2017-0294)

- An elevation of privilege vulnerability exists in tdx.sys due to a failure to check the length of a buffer prior to
copying memory to it. A local attacker can exploit this, via a specially crafted application, to execute arbitrary
code in an elevated context.
(CVE-2017-0296)

- An elevation of privilege vulnerability exists in the DCOM object in Helppane.exe, when configured to run as the
interactive user, due to a failure to properly authenticate the client. An authenticated, remote attacker can exploit
this, via a specially crafted application, to run arbitrary code in another user's session after that user has logged
on to the same system using Terminal Services or Fast User Switching.
(CVE-2017-0298)
- Multiple information disclosure vulnerabilities exist in the Windows kernel due to improper initialization of
objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to
disclose the base address of the kernel driver.
(CVE-2017-0299, CVE-2017-0300, CVE-2017-8462, CVE-2017-8485)

- An information disclosure vulnerability exists in Microsoft Windows due to improper parsing of PDF files.
An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted PDF file, to
disclose the contents of memory. (CVE-2017-8460)

- A remote code execution vulnerability exists in Windows due to improper handling of shortcuts. An
unauthenticated, remote attacker can exploit this, by convincing a user to insert a removable drive containing
a malicious shortcut and binary, to automatically execute arbitrary code in the context of the current user.
(CVE-2017-8464)

- Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver due to improper handling
of objects in memory. A local attacker can exploit these, via a specially crafted application, to run processes in
an elevated context. (CVE-2017-8465, CVE-2017-8466, CVE-2017-8468)

- Multiple information disclosure vulnerabilities exist in the Windows kernel due to improper initialization of
objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application,
to disclose sensitive information. (CVE-2017-8469, CVE-2017-8470, CVE-2017-8471, CVE-2017-8473,
CVE-2017-8474, CVE-2017-8475, CVE-2017-8476, CVE-2017-8477, CVE-2017-8478, CVE-2017-8479,
CVE-2017-8480, CVE-2017-8481, CVE-2017-8482, CVE-2017-8483, CVE-2017-8484, CVE-2017-8488,
CVE-2017-8489, CVE-2017-8490, CVE-2017-8491, CVE-2017-8492)

- A security bypass vulnerability exists due to a failure to enforce case sensitivity for certain variable checks.
A local attacker can exploit this, via a specially crafted application, to bypass Unified Extensible Firmware
Interface (UEFI) variable security.
(CVE-2017-8493)

- A remote code execution vulnerability exists in the Windows font library due to improper handling of embedded
fonts. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted
website or open a specially crafted Microsoft document, to execute arbitrary code in the context of the current
user. (CVE-2017-8527)

- A remote code execution vulnerability exists in the Windows Search functionality due to improper handling of
objects in memory. An unauthenticated, remote attacker can exploit this, via a specially crafted SMB message,
to execute arbitrary code. (CVE-2017-8543)

- An information disclosure vulnerability exists in the Windows Search functionality due to improper handling of
objects in memory. An unauthenticated, remote attacker can exploit this, via a specially crafted SMB message,
to disclose sensitive information. (CVE-2017-8544)

- Multiple information disclosure vulnerabilities exist in the Windows kernel due to improper handling of objects in
memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to disclose the
contents of memory. (CVE-2017-8553, CVE-2017-8554)

See Also

http://www.nessus.org/u?5f83ad76

Solution

Apply Security Only update KB4022717 or Cumulative update KB4022726.

Risk Factor

Critical

CVSS v3.0 Base Score

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

9.4 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.7 (CVSS2#E:H/RL:OF/RC:C)

References

BID 98818
BID 98819
BID 98820
BID 98821
BID 98824
BID 98826
BID 98835
BID 98836
BID 98837
BID 98839
BID 98840
BID 98842
BID 98843
BID 98844
BID 98845
BID 98846
BID 98847
BID 98848
BID 98849
BID 98850
BID 98852
BID 98853
BID 98854
BID 98856
BID 98857
BID 98858
BID 98859
BID 98860
BID 98862
BID 98864
BID 98865
BID 98867
BID 98869
BID 98870
BID 98878
BID 98884
BID 98885
BID 98887
BID 98900
BID 98901
BID 98902
BID 98903
BID 98914
BID 98918
BID 98920
BID 98922
BID 98923
BID 98929
BID 98933
BID 98940
BID 98942
BID 98949
CVE CVE-2017-0193
CVE CVE-2017-0282
CVE CVE-2017-0283
CVE CVE-2017-0284
CVE CVE-2017-0285
CVE CVE-2017-0287
CVE CVE-2017-0288
CVE CVE-2017-0289
CVE CVE-2017-0291
CVE CVE-2017-0292
CVE CVE-2017-0294
CVE CVE-2017-0296
CVE CVE-2017-0297
CVE CVE-2017-0298
CVE CVE-2017-0299
CVE CVE-2017-0300
CVE CVE-2017-8460
CVE CVE-2017-8462
CVE CVE-2017-8464
CVE CVE-2017-8465
CVE CVE-2017-8466
CVE CVE-2017-8468
CVE CVE-2017-8469
CVE CVE-2017-8470
CVE CVE-2017-8471
CVE CVE-2017-8473
CVE CVE-2017-8474
CVE CVE-2017-8475
CVE CVE-2017-8476
CVE CVE-2017-8477
CVE CVE-2017-8478
CVE CVE-2017-8479
CVE CVE-2017-8480
CVE CVE-2017-8481
CVE CVE-2017-8482
CVE CVE-2017-8483
CVE CVE-2017-8484
CVE CVE-2017-8485
CVE CVE-2017-8488
CVE CVE-2017-8489
CVE CVE-2017-8490
CVE CVE-2017-8491
CVE CVE-2017-8492
CVE CVE-2017-8493
CVE CVE-2017-8527
CVE CVE-2017-8528
CVE CVE-2017-8531
CVE CVE-2017-8532
CVE CVE-2017-8533
CVE CVE-2017-8543
CVE CVE-2017-8544
CVE CVE-2017-8553
CVE CVE-2017-8554
MSKB 4022717
MSKB 4022726
XREF MSFT:MS17-4022717
XREF MSFT:MS17-4022726
Exploitable With

CANVAS (true) Metasploit (true)

Plugin Information

Published: 2017/06/13, Modified: 2018/07/30

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4022717
- 4022726

C:\Windows\System32\win32k.sys has not been patched.

Remote version : 6.3.9600.16650
Should be : 6.3.9600.18698
100057 - Windows 8.1 and Windows Server 2012 R2 May 2017 Security Updates

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 4019213 or cumulative update 4019215. It is, therefore,
affected by multiple vulnerabilities :

- A security bypass vulnerability exists in Internet Explorer due to an unspecified flaw. An unauthenticated,
remote attacker can exploit this, by convincing a user to visit a specially crafted website, to bypass mixed
content warnings and load insecure content (HTTP) from secure locations (HTTPS). (CVE-2017-0064)

- An elevation of privilege vulnerability exists in Windows in the Microsoft DirectX graphics kernel subsystem
(dxgkrnl.sys) due to improper handling of objects in memory. A local attacker can exploit this, via a specially
crafted application, to execute arbitrary code in an elevated context. (CVE-2017-0077)

- A denial of service vulnerability exists in the Windows DNS server when it's configured to answer version
queries. An unauthenticated, remote attacker can exploit this, via a malicious DNS query, to cause the DNS
server to become nonresponsive. (CVE-2017-0171)

- An information disclosure vulnerability exists in the Windows Graphics Device Interface (GDI) due to improper
handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose
sensitive information. (CVE-2017-0190)

- An elevation of privilege vulnerability exists in the Windows COM Aggregate Marshaler due to an unspecified
flaw. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated
privileges. (CVE-2017-0213)

- An elevation of privilege vulnerability exists in Windows due to improper validation of user-supplied input
when loading type libraries. A local attacker can exploit this, via a specially crafted application, to gain elevated
privileges. (CVE-2017-0214)

- A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects
in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted
website, to execute arbitrary code in the context of the current user. (CVE-2017-0222)

- A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper
handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit
a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the
context of the current user. (CVE-2017-0228)

- A spoofing vulnerability exists in Microsoft browsers due to improper rendering of the SmartScreen filter. An
unauthenticated, remote attacker can exploit this, via a specially crafted URL, to redirect users to a malicious
website that appears to be a legitimate website.
(CVE-2017-0231)

- A remote code execution vulnerability exists in Microsoft browsers in the JavaScript scripting engines due to
improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a
user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in
the context of the current user. (CVE-2017-0238)

- An elevation of privilege vulnerability exists in the win32k component due to improper handling of objects
in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with
elevated permissions. Note that an attacker can also cause a denial of service condition on Windows 7 x64 or
later systems. (CVE-2017-0246)

- A security bypass vulnerability exists in the Microsoft .NET Framework and .NET Core components due to
a failure to completely validate certificates. An attacker can exploit this to present a certificate that is marked
invalid for a specific use, but the component uses it for that purpose, resulting in a bypass of the Enhanced Key
Usage taggings. (CVE-2017-0248)

- An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in
memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information.
(CVE-2017-0258)

- An elevation of privilege vulnerability exists in the Windows kernel-mode driver due to improper handling of
objects in memory. A local attacker can exploit this, via a specially crafted application, to run arbitrary code in
kernel mode. (CVE-2017-0263)

- An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to
disclose sensitive information.
(CVE-2017-0267)

- A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially
crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to
cause the system to stop responding.
(CVE-2017-0269)

- A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to
execute arbitrary code on a target server.
(CVE-2017-0272)
- A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially
crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to
cause the system to stop responding.
(CVE-2017-0273)

See Also

http://www.nessus.org/u?09cc032f

Solution

Apply Security Only update KB4019213 or Cumulative update KB4019215.

Risk Factor

Critical
CVSS v3.0 Base Score

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

9.4 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.7 (CVSS2#E:H/RL:OF/RC:C)

STIG Severity

References

BID 98097
BID 98102
BID 98103
BID 98108
BID 98112
BID 98113
BID 98114
BID 98117
BID 98121
BID 98127
BID 98139
BID 98164
BID 98173
BID 98237
BID 98258
BID 98259
BID 98260
BID 98261
BID 98263
BID 98264
BID 98265
BID 98266
BID 98267
BID 98268
BID 98270
BID 98271
BID 98272
BID 98273
BID 98274
BID 98298
CVE CVE-2017-0064
CVE CVE-2017-0077
CVE CVE-2017-0171
CVE CVE-2017-0190
CVE CVE-2017-0213
CVE CVE-2017-0214
CVE CVE-2017-0222
CVE CVE-2017-0226
CVE CVE-2017-0228
CVE CVE-2017-0231
CVE CVE-2017-0238
CVE CVE-2017-0246
CVE CVE-2017-0248
CVE CVE-2017-0258
CVE CVE-2017-0259
CVE CVE-2017-0263
CVE CVE-2017-0267
CVE CVE-2017-0268
CVE CVE-2017-0269
CVE CVE-2017-0270
CVE CVE-2017-0271
CVE CVE-2017-0272
CVE CVE-2017-0273
CVE CVE-2017-0274
CVE CVE-2017-0275
CVE CVE-2017-0276
CVE CVE-2017-0277
CVE CVE-2017-0278
CVE CVE-2017-0279
CVE CVE-2017-0280
MSKB 4019215
MSKB 4019213
XREF MSFT:MS17-4019215
XREF IAVA:2017-A-0148
XREF MSFT:MS17-4019213

Exploitable With
Core Impact (true)

Plugin Information

Published: 2017/05/09, Modified: 2018/07/30

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4019213
- 4019215

C:\Windows\System32\win32k.sys has not been patched.

Remote version : 6.3.9600.16650
Should be : 6.3.9600.18683
103131 - Windows 8.1 and Windows Server 2012 R2 September 2017 Security Updates

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 4038793 or cumulative update 4038792. It is, therefore,
affected by multiple vulnerabilities :

- A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services
when NetBT fails to maintain certain sequencing requirements. (CVE-2017-0161)

- A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who
successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer
to unknowingly route traffic through the attacker's computer. The attacker can then monitor and read the traffic
before sending it on to the intended recipient.
(CVE-2017-8628)

- An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly
handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in
kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with
full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could
then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in
memory.
(CVE-2017-8675)

- An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI)
handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the
information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if
the attacker uses it in combination with another vulnerability. (CVE-2017-8676)

- A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted
embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected
system. An attacker could then install programs; view, change, or delete data; or create new accounts with full
user rights. (CVE-2017-8682)

- A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel
memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further
compromise the users system. (CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, CVE-2017-8684)

- A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends
specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability
could either run arbitrary code on the DHCP failover server or cause the DHCP service to become
nonresponsive. To exploit the vulnerability, an attacker could send a specially crafted packet to a DHCP
server. However, the DHCP server must be set to failover mode for the attack to succeed. The security update
addresses the vulnerability by correcting how DHCP failover servers handle network packets. (CVE-2017-8686)
- An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve
information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who
successfully exploited this vulnerability could retrieve the memory address of a kernel object. (CVE-2017-8687)

- An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+)
handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the
information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if
the attacker uses it in combination with another vulnerability. (CVE-2017-8688)

- A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An
attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could
then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2017-8692)

- An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its
memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise
the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a
user to open a specially crafted document or by convincing a user to visit an untrusted webpage.
The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.
(CVE-2017-8695)

- An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory
address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout
Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base
address of the kernel driver from a compromised process. (CVE-2017-8708)

- An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails
to properly validate input from an authenticated user on a guest operating system. (CVE-2017-8707,
CVE-2017-8713)

- A remote code execution vulnerability exists in the VM Host Agent Service of Remote Desktop Virtual Host
role when it fails to properly validate input from an authenticated user on a guest operating system. To exploit
the vulnerability, an attacker could issue a specially crafted certificate on the guest operating system that could
cause the VM host agent service on the host operating system to execute arbitrary code. The Remote Desktop
Virtual Host role is not enabled by default. An attacker who successfully exploited the vulnerability could execute
arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how
VM host agent service validates guest operating system user input.
(CVE-2017-8714)

- An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle
objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel
mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8720)

- A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker
who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate
website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other
vulnerabilities in web services. To exploit the vulnerability, the user must either browse to a malicious website
or be redirected to it. In an email attack scenario, an attacker could send an email message in an attempt to
convince the user to click a link to the malicious website. (CVE-2017-8733)

- An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification
in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information
that is used in the parent domain.
(CVE-2017-8736)

- A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects
in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in
the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user
rights as the current user. (CVE-2017-8728, CVE-2017-8737)

- A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context
of the current user. (CVE-2017-8750)

- A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An
attacker who successfully exploited this vulnerability in software using the .NET framework could take control
of an affected system. An attacker could then install programs; view, change, or delete data; or create new
accounts with full user rights. (CVE-2017-8759)

See Also

http://www.nessus.org/u?085e4d22
http://www.nessus.org/u?cf3ecec7

Solution

Apply Security Only update KB4038793 or Cumulative update KB4038792.

Risk Factor

Critical

CVSS v3.0 Base Score

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

9.4 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.7 (CVSS2#E:H/RL:OF/RC:C)

References

CVE CVE-2017-0161
CVE CVE-2017-8628
CVE CVE-2017-8675
CVE CVE-2017-8676
CVE CVE-2017-8677
CVE CVE-2017-8678
CVE CVE-2017-8679
CVE CVE-2017-8680
CVE CVE-2017-8681
CVE CVE-2017-8682
CVE CVE-2017-8683
CVE CVE-2017-8684
CVE CVE-2017-8686
CVE CVE-2017-8687
CVE CVE-2017-8688
CVE CVE-2017-8692
CVE CVE-2017-8695
CVE CVE-2017-8699
CVE CVE-2017-8707
CVE CVE-2017-8708
CVE CVE-2017-8709
CVE CVE-2017-8713
CVE CVE-2017-8714
CVE CVE-2017-8719
CVE CVE-2017-8720
CVE CVE-2017-8728
CVE CVE-2017-8733
CVE CVE-2017-8736
CVE CVE-2017-8737
CVE CVE-2017-8741
CVE CVE-2017-8747
CVE CVE-2017-8748
CVE CVE-2017-8749
CVE CVE-2017-8750
CVE CVE-2017-8759
MSKB 4038792
MSKB 4038793
XREF MSFT:MS17-4038792
XREF MSFT:MS17-4038793

Exploitable With

CANVAS (true) Core Impact (true)

Plugin Information

Published: 2017/09/12, Modified: 2019/04/10

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4038792
- 4038793

C:\Windows\system32\ntoskrnl.exe has not been patched.

Remote version : 6.3.9600.16452
Should be : 6.3.9600.18790
56710 - Wireshark / Ethereal Unsupported Version Detection

Synopsis

The remote host contains an unsupported version of Wireshark / Ethereal.

Description

According to its version, the installation of Wireshark / Ethereal on the remote host is no longer supported.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it
is likely to contain security vulnerabilities.

See Also

https://wiki.wireshark.org/Development/LifeCycle

Solution

Upgrade to a version of Wireshark that is currently supported.

Risk Factor

Critical

CVSS v3.0 Base Score

10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Plugin Information

Published: 2011/11/04, Modified: 2018/10/18

Plugin Output

tcp/0

Path : C:\Program Files\Wireshark

Installed version : 2.2.5
End of support date : September 7, 2018
Supported versions : 2.4.x, 2.6.x
105553 - KB4056898: Windows 8.1 and Windows Server 2012 R2 January 2018 Security Update
(Meltdown)(Spectre)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 4056898 or cumulative update 4056895. It is, therefore,
affected by multiple vulnerabilities :

- An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction,
which may allow an attacker with local user access to disclose information via a side-channel analysis.
(CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)

- An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when
it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could
execute arbitrary code and take control of an affected system. An attacker could then install programs; view,
change, or delete data; or create new accounts with full user rights. (CVE-2018-0788)

- An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve
information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who
successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2018-0746,
CVE-2018-0747)

- An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll)
when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability
could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an
attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that
could be used to try to further compromise the affected system. (CVE-2018-0754)

- A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in
Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute
arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could
gain the same user rights as the current user.
(CVE-2018-0762, CVE-2018-0772)

- An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions.
An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process
communication, or interrupt system functionality.
(CVE-2018-0748, CVE-2018-0751, CVE-2018-0752)

- An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an
attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same
machine. An attacker who successfully exploited this vulnerability could bypass certain security checks in the
operating system. (CVE-2018-0749)

192.168.100.4 110
- A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who
successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of
service condition would not allow an attacker to execute code or to elevate user privileges. However, the denial
of service condition could prevent authorized users from using system resources. The security update addresses
the vulnerability by correcting how Windows handles objects in memory. (CVE-2018-0753)

See Also

http://www.nessus.org/u?86127709
http://www.nessus.org/u?2641284e
https://support.microsoft.com/en-us/help/4072699/windows-security-updates-and-antivirus-software

Solution

Apply Security Only update KB4056898 or Cumulative Update KB4056895 as well as refer to the KB4072698
article for additional information.

Note: Due to a compatibility issue with some antivirus software products, it may not be possible to apply the
required updates.
See Microsoft KB article 4072699 for more information.

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.2 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.6 (CVSS2#E:H/RL:OF/RC:C)

STIG Severity

References

BID 102378
CVE CVE-2017-5715

192.168.100.4 11
CVE CVE-2017-5753
CVE CVE-2017-5754
CVE CVE-2018-0744
CVE CVE-2018-0746
CVE CVE-2018-0747
CVE CVE-2018-0748
CVE CVE-2018-0749
CVE CVE-2018-0751
CVE CVE-2018-0752
CVE CVE-2018-0753
CVE CVE-2018-0754
CVE CVE-2018-0762
CVE CVE-2018-0772
CVE CVE-2018-0788
MSKB 4056898
MSKB 4056895
XREF IAVA:2018-A-0019
XREF IAVA:2018-A-0020
XREF MSFT:MS18-4056898
XREF MSFT:MS18-4056895

Exploitable With

CANVAS (true)

Plugin Information

Published: 2018/01/04, Modified: 2019/04/04

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4056898
- 4056895

C:\Windows\system32\shell32.dll has not been patched.

Remote version : 6.3.9600.16660
Should be : 6.3.9600.18895
106800 - KB4074597: Windows 8.1 and Windows Server 2012 R2 February 2018 Security Update

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 4074597 or cumulative update 4074594. It is, therefore,
affected by multiple vulnerabilities :

- An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory,
which could provide an attacker with information to further compromise the users computer or data.
(CVE-2018-0847)

- A remote code execution vulnerability exists in StructuredQuery when the software fails to properly handle
objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the
context of the current user. If the current user is logged on with administrative user rights, an attacker could take
control of the affected system. An attacker could then install programs; view, change, or delete data; or create
new accounts with full user rights.
(CVE-2018-0825)

- An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.
An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
(CVE-2018-0742, CVE-2018-0820)

- A denial of service vulnerability exists in implementations of the Microsoft Server Message Block 2.0 and 3.0
(SMBv2/SMBv3) client. The vulnerability is due to improper handling of certain requests sent by a malicious
SMB server to the client. An attacker who successfully exploited this vulnerability could cause the affected
system to stop responding until it is manually restarted. (CVE-2018-0833)

- A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker
who successfully exploited these vulnerabilities could take control of an affected system. (CVE-2018-0842)

- An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver
improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run
processes in an elevated context. (CVE-2018-0844, CVE-2018-0846)

See Also

http://www.nessus.org/u?81ed62f4
http://www.nessus.org/u?c03fa8a5

Solution

Apply Security Only update KB4074597 or Cumulative Update KB4074594.

Risk Factor

High

CVSS v3.0 Base Score

8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.7 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.6 (CVSS2#E:H/RL:OF/RC:C)

References

CVE CVE-2018-0742
CVE CVE-2018-0757
CVE CVE-2018-0820
CVE CVE-2018-0825
CVE CVE-2018-0829
CVE CVE-2018-0830
CVE CVE-2018-0832
CVE CVE-2018-0833
CVE CVE-2018-0840
CVE CVE-2018-0842
CVE CVE-2018-0844
CVE CVE-2018-0846
CVE CVE-2018-0847
CVE CVE-2018-0866
MSKB 4074594
MSKB 4074597
XREF MSFT:MS18-4074594
XREF MSFT:MS18-4074597

Plugin Information

Published: 2018/02/13, Modified: 2019/04/05

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4074594
- 4074597

C:\Windows\system32\win32k.sys has not been patched.

Remote version : 6.3.9600.16650
Should be : 6.3.9600.18907
108291 - KB4088879: Windows 8.1 and Windows Server 2012 R2 March 2018 Security Update
(Meltdown)(Spectre)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 4088879 or cumulative update 4088876. It is, therefore,
affected by multiple vulnerabilities :

- An information disclosure vulnerability exists when Windows Remote Assistance incorrectly processes XML
External Entities (XXE). An attacker who successfully exploited the vulnerability could obtain information to
further compromise the users system. (CVE-2018-0878)

- An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.
An attacker who successfully exploited the vulnerability could obtain information to further compromise the users
system. (CVE-2018-0929)

- A remote code execution vulnerability exists when Windows Shell does not properly validate file copy
destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of
the current user. If the current user is logged on with administrative user rights, an attacker could take control
of the affected system. An attacker could then install programs; view, change, or delete data; or create new
accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system
could be less impacted than users who operate with administrative user rights. (CVE-2018-0883)

- An elevation of privilege vulnerability exists in Windows when the Microsoft Video Control mishandles objects
in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in system mode. An
attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0881)

- An elevation of privilege vulnerability exists when Internet Explorer fails a check, allowing sandbox escape.
An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on
an affected system. This vulnerability by itself does not allow arbitrary code execution; however, it could allow
arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code
execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated
privileges when code execution is attempted. The update addresses the vulnerability by correcting how Internet
Explorer handles zone and integrity settings. (CVE-2018-0942)
- An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.
(CVE-2018-0811, CVE-2018-0813, CVE-2018-0814)

- A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly
validate input from a privileged user on a guest operating system. An attacker who successfully exploited the
vulnerability could cause the host server to crash. (CVE-2018-0885)

- A remote code execution vulnerability exists in the Credential Security Support Provider protocol (CredSSP).
An attacker who successfully exploited this vulnerability could relay user credentials and use them to execute
code on the target system. CredSSP is an authentication provider which processes authentication requests for
other applications; any application which depends on CredSSP for authentication may be vulnerable to this type
of attack. As an example of how an attacker would exploit this vulnerability against Remote Desktop Protocol,
the attacker would need to run a specially crafted application and perform a man-in-the-middle attack against
a Remote Desktop Protocol session. An attacker could then install programs; view, change, or delete data; or
create new accounts with full user rights. The security update addresses the vulnerability by correcting how
Credential Security Support Provider protocol (CredSSP) validates requests during the authentication process.
To be fully protected against this vulnerability users must enable Group Policy settings on their systems and
update their Remote Desktop clients. The Group Policy settings are disabled by default to prevent connectivity
problems and users must follow the instructions documented HERE to be fully protected. (CVE-2018-0886)

- An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to
properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run
arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete
data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting
the input sanitization error to preclude unintended elevation. (CVE-2018-0868)

- An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI)
handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in
kernel mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0816, CVE-2018-0817)

- An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to
properly validate input from an authenticated user on a guest operating system. (CVE-2018-0888)

- An information disclosure vulnerability exists when the scripting engine does not properly handle objects in
memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information
to further compromise the users system.
(CVE-2018-0891)

See Also

http://www.nessus.org/u?2ace7125
http://www.nessus.org/u?99648598
http://www.nessus.org/u?573cb1ef

Solution
Apply Security Only update KB4088879 or Cumulative Update KB4088876 as well as refer to the KB article for
additional information.

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.2 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.6 (CVSS2#E:H/RL:OF/RC:C)

STIG Severity

References

BID 103230
BID 103231
BID 103232
BID 103236
BID 103238
BID 103240
BID 103241
BID 103242
BID 103243
BID 103244
BID 103245
BID 103246
BID 103248
BID 103249
BID 103250
BID 103251
BID 103256
BID 103259
BID 103261
BID 103262
BID 103265
BID 103295
BID 103298
BID 103299
BID 103307
BID 103309
BID 103310
BID 103312
CVE CVE-2018-0811
CVE CVE-2018-0813
CVE CVE-2018-0814
CVE CVE-2018-0816
CVE CVE-2018-0817
CVE CVE-2018-0868
CVE CVE-2018-0878
CVE CVE-2018-0881
CVE CVE-2018-0883
CVE CVE-2018-0885
CVE CVE-2018-0886
CVE CVE-2018-0888
CVE CVE-2018-0889
CVE CVE-2018-0891
CVE CVE-2018-0894
CVE CVE-2018-0895
CVE CVE-2018-0896
CVE CVE-2018-0897
CVE CVE-2018-0898
CVE CVE-2018-0899
CVE CVE-2018-0900
CVE CVE-2018-0901
CVE CVE-2018-0904
CVE CVE-2018-0927
CVE CVE-2018-0929
CVE CVE-2018-0932
CVE CVE-2018-0935
CVE CVE-2018-0942
CVE CVE-2017-5715
CVE CVE-2017-5753
CVE CVE-2017-5754
MSKB 4088876
MSKB 4088879
XREF IAVA:2018-A-0019
XREF IAVA:2018-A-0020
XREF MSFT:MS18-4088876
XREF MSFT:MS18-4088879

Exploitable With

CANVAS (true)

Plugin Information

Published: 2018/03/13, Modified: 2019/04/05

Plugin Output

tcp/445

The following registry keys need to be set to the appropriate values as dictated in ADV180002.
This is required to enable the fix for CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754:

SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\FeatureSettingsOverride

SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\FeatureSettingsOverrideMask

See KB Article 4072698 for more details.

The remote host is missing one of the following rollup KBs :
- 4088876
- 4088879

C:\Windows\system32\ntoskrnl.exe has not been patched.

Remote version : 6.3.9600.16452
Should be : 6.3.9600.18946

192.168.100.4 120
108965 - KB4093115: Windows 8.1 and Windows Server 2012 R2 April 2018 Security Update

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 4093115 or cumulative update 4093114. It is, therefore,
affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists when Windows improperly handles objects in memory and
incorrectly maps kernel memory. (CVE-2018-1009)

- An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to
properly validate input from an authenticated user on a guest operating system. (CVE-2018-0957)

- An information disclosure vulnerability exists when the scripting engine does not properly handle objects in
memory in Internet Explorer. An attacker who successfully exploited the vulnerability could obtain information to
further compromise the users system.
(CVE-2018-0987)

- A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code
execution on an affected system. An attacker who successfully exploited this vulnerability could take control
of an affected system. An attacker could then install programs; view, change, or delete data; or create new
accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system
could be less impacted than users who operate with administrative user rights. (CVE-2018-1003)

- A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who
successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of
service condition would not allow an attacker to execute code or to elevate user privileges. However, the denial
of service condition could prevent authorized users from using system resources. The security update addresses
the vulnerability by correcting how Windows handles objects in memory. (CVE-2018-8116)

- A denial of service vulnerability exists in the way that Windows SNMP Service handles malformed SNMP traps.
An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note
that the denial of service condition would not allow an attacker to execute code or to elevate user privileges.

192.168.100.4 12
However, the denial of service condition could prevent authorized users from using system resources. The
security update addresses the vulnerability by correcting how Windows SNMP Service processes SNMP traps.
(CVE-2018-0967)

- An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory
in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could provide an
attacker with information to further compromise the user's computer or data. (CVE-2018-0981, CVE-2018-0989,
CVE-2018-1000)

- A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the
target system using RDP and sends specially crafted requests. An attacker who successfully exploited this
vulnerability could cause the RDP service on the target system to stop responding. (CVE-2018-0976)

- A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted
embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected
system. An attacker could then install programs; view, change, or delete data; or create new accounts with full
user rights. (CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016)

- An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory
address. An attacker who successfully exploited this vulnerability could obtain information to further compromise
the users system. (CVE-2018-0887)

See Also

http://www.nessus.org/u?98d37603
http://www.nessus.org/u?b665658e

Solution

Apply Security Only update KB4093115 or Cumulative Update KB4093114.

Risk Factor

High

CVSS v3.0 Base Score

8.4 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score

8.0 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.3 (CVSS2#E:H/RL:OF/RC:C)

References

CVE CVE-2018-0870
CVE CVE-2018-0887
CVE CVE-2018-0957
CVE CVE-2018-0960
CVE CVE-2018-0967
CVE CVE-2018-0968
CVE CVE-2018-0969
CVE CVE-2018-0970
CVE CVE-2018-0971
CVE CVE-2018-0972
CVE CVE-2018-0973
CVE CVE-2018-0974
CVE CVE-2018-0975
CVE CVE-2018-0976
CVE CVE-2018-0981
CVE CVE-2018-0987
CVE CVE-2018-0988
CVE CVE-2018-0989
CVE CVE-2018-0991
CVE CVE-2018-0996
CVE CVE-2018-0997
CVE CVE-2018-1000
CVE CVE-2018-1001
CVE CVE-2018-1003
CVE CVE-2018-1004
CVE CVE-2018-1008
CVE CVE-2018-1009
CVE CVE-2018-1010
CVE CVE-2018-1012
CVE CVE-2018-1013
CVE CVE-2018-1015
CVE CVE-2018-1016
CVE CVE-2018-1018
CVE CVE-2018-1020
CVE CVE-2018-8116
MSKB 4093115
MSKB 4093114
XREF MSFT:MS18-4093115
XREF MSFT:MS18-4093114

Plugin Information

Published: 2018/04/10, Modified: 2019/04/05

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4093115
- 4093114

C:\Windows\system32\ntoskrnl.exe has not been patched.

Remote version : 6.3.9600.16452
Should be : 6.3.9600.18969
109607 - KB4103715: Windows 8.1 and Windows Server 2012 R2 May 2018 Security Update

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 4103715 or cumulative update 4103725. It is, therefore,
affected by multiple vulnerabilities :

- A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device
Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity
(UMCI) policy on the machine. (CVE-2018-1039)

- An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory,
which could provide an attacker with information to further compromise the users computer or data.
(CVE-2018-8145)

- A remote code execution vulnerability exists in the way that Windows handles objects in memory. An attacker
who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target
system. (CVE-2018-8136)

- A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate
input from an authenticated user on a guest operating system. (CVE-2018-0959)

- An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in
memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise
the users system. (CVE-2018-1025)
- A remote code execution vulnerability exists in Microsoft COM for Windows when it fails to properly handle
serialized objects. An attacker who successfully exploited the vulnerability could use a specially crafted file or
script to perform actions. In an email attack scenario, an attacker could exploit the vulnerability by sending the
specially crafted file to the user and convincing the user to open the file.
(CVE-2018-0824)

- A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents. An
attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application.
A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to a .NET
(or .NET core) application. The update addresses the vulnerability by correcting how .NET and .NET Core
applications handle XML document processing.
(CVE-2018-0765)

See Also

http://www.nessus.org/u?781c2262
http://www.nessus.org/u?dba0079e

Solution

Apply Security Only update KB4103715 or Cumulative Update KB4103725.

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score

7.2 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

References

CVE CVE-2018-0765
CVE CVE-2018-0824
CVE CVE-2018-0954
CVE CVE-2018-0955
CVE CVE-2018-0959
CVE CVE-2018-1022
CVE CVE-2018-1025
CVE CVE-2018-1039
CVE CVE-2018-8114
CVE CVE-2018-8122
CVE CVE-2018-8124
CVE CVE-2018-8127
CVE CVE-2018-8134
CVE CVE-2018-8136
CVE CVE-2018-8145
CVE CVE-2018-8164
CVE CVE-2018-8166
CVE CVE-2018-8167
CVE CVE-2018-8174
CVE CVE-2018-8178
CVE CVE-2018-8897
MSKB 4103715
MSKB 4103725
XREF MSFT:MS18-4103715
XREF MSFT:MS18-4103725

Exploitable With

CANVAS (true) Core Impact (true) Metasploit (true)

Plugin Information
Published: 2018/05/08, Modified: 2019/04/08

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4103715
- 4103725

C:\Windows\system32\ntoskrnl.exe has not been patched.

Remote version : 6.3.9600.16452
Should be : 6.3.9600.19000
110484 - KB4284878: Windows 8.1 and Windows Server 2012 R2 June 2018 Security Update

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 4284878 or cumulative update 4284815. It is, therefore,
affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists when the (Human Interface Device) HID Parser Library driver
improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run
processes in an elevated context. (CVE-2018-8169)

- A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in
memory.
An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data;
or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability,
such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious
webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation
handles objects in memory. (CVE-2018-8251)

- A remote code execution vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails
to properly handle DNS responses. An attacker who successfully exploited the vulnerability could run arbitrary
code in the context of the Local System Account. (CVE-2018-8225)

- A denial of service vulnerability exists in the way that the Windows Code Integrity Module performs hashing.
An attacker who successfully exploited the vulnerability could cause a system to stop responding. Note that the
denial of service condition would not allow an attacker to execute code or to elevate user privileges. However,
the denial of service condition could prevent authorized users from using system resources. An attacker could
host a specially crafted file in a website or SMB share.
The attacker could also take advantage of compromised websites, or websites that accept or host user-provided
content or advertisements, by adding specially crafted content that could exploit the vulnerability. However,
in all cases an attacker would have no way to force users to view the attacker-controlled content. Instead, an
attacker would have to convince users to take action, typically via an enticement in email or instant message, or
by getting them to open an email attachment. The security update addresses the vulnerability by modifying how
the Code Integrity Module performs hashing.
(CVE-2018-1040)

- An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who
successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-1036)

See Also

http://www.nessus.org/u?224e0ffb
http://www.nessus.org/u?43458adc

Solution

Apply Security Only update KB4284878 or Cumulative Update KB4284815.

Risk Factor

High

CVSS v3.0 Base Score

8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVSS Base Score

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

References

BID 104356
BID 104360
BID 104363
BID 104364
BID 104379
BID 104389
BID 104391
BID 104395
BID 104398
BID 104404
BID 104407
CVE CVE-2018-0978
CVE CVE-2018-1036
CVE CVE-2018-1040

192.168.100.4 130
CVE CVE-2018-8169
CVE CVE-2018-8205
CVE CVE-2018-8207
CVE CVE-2018-8210
CVE CVE-2018-8225
CVE CVE-2018-8249
CVE CVE-2018-8251
CVE CVE-2018-8267
MSKB 4284878
MSKB 4284815
XREF MSFT:MS18-4284878
XREF MSFT:MS18-4284815

Plugin Information

Published: 2018/06/12, Modified: 2018/07/13

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4284878
- 4284815

C:\Windows\system32\ntoskrnl.exe has not been patched.

Remote version : 6.3.9600.16452
Should be : 6.3.9600.19035

192.168.100.4 13
110981 - KB4338824: Windows 8.1 and Windows Server 2012 R2 July 2018 Security Update

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 4338824 or cumulative update 4338815. It is, therefore,
affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their
privilege level. (CVE-2018-8202)

- A denial of service vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to
properly handle DNS responses. An attacker who successfully exploited the vulnerability could cause a system
to stop responding. Note that the denial of service condition would not allow an attacker to execute code or
to elevate user privileges. However, the denial of service condition could prevent authorized users from using
system resources. (CVE-2018-8304)

- A denial of service vulnerability exists when Windows improperly handles File Transfer Protocol (FTP)
connections. An attacker who successfully exploited the vulnerability could cause a target system to stop
responding. (CVE-2018-8206)

- A security feature bypass vulnerability exists when Microsoft Internet Explorer improperly handles requests
involving UNC resources. An attacker who successfully exploited the vulnerability could force the browser to load
data that would otherwise be restricted.
(CVE-2018-0949)

- A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE
objects. An attacker who successfully exploited the vulnerability could bypass content blocking. In a file- sharing
attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability,
and then convince a user to open the document file. The security update addresses the vulnerability by
correcting how Microsoft WordPad handles input. (CVE-2018-8307)
- A Remote Code Execution vulnerability exists in .NET software when the software fails to check the source
markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context
of the current user. If the current user is logged on with administrative user rights, an attacker could take control
of the affected system. An attacker could then install programs; view, change, or delete data; or create new
accounts with full user rights.
(CVE-2018-8260)

- An elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape. An
attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an
affected system. This vulnerability by itself does not allow arbitrary code execution. However, the vulnerability
could allow arbitrary code to run if an attacker uses it in combination with another vulnerability, such as a
remote code execution vulnerability or another elevation of privilege vulnerability, that can leverage the elevated
privileges when code execution is attempted. The security update addresses the vulnerability by correcting how
Windows file picker handles paths. (CVE-2018-8314)

- A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly
validate certificates. An attacker could present expired certificates when challenged. The security update
addresses the vulnerability by ensuring that .NET Framework components correctly validate certificates.
(CVE-2018-8356)

See Also

http://www.nessus.org/u?e0106ae8
http://www.nessus.org/u?be1b803d

Solution

Apply Security Only update KB4338824 or Cumulative Update KB4338815.

Risk Factor

High
CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

8.4 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.3 (CVSS2#E:H/RL:OF/RC:C)

References

BID 104617
BID 104620
BID 104622
BID 104629
BID 104631
BID 104634
BID 104636
BID 104637
BID 104638
BID 104648
BID 104652
BID 104664
BID 104665
BID 104666
BID 104667
BID 104668
BID 104669
BID 104670
CVE CVE-2018-0949
CVE CVE-2018-8202
CVE CVE-2018-8206
CVE CVE-2018-8242
CVE CVE-2018-8260
CVE CVE-2018-8282
CVE CVE-2018-8284
CVE CVE-2018-8287
CVE CVE-2018-8288
CVE CVE-2018-8291
CVE CVE-2018-8296
CVE CVE-2018-8304
CVE CVE-2018-8307
CVE CVE-2018-8308
CVE CVE-2018-8309
CVE CVE-2018-8313
CVE CVE-2018-8314
CVE CVE-2018-8356
MSKB 4338815
MSKB 4338824
XREF MSFT:MS18-4338815
XREF MSFT:MS18-4338824

Plugin Information

Published: 2018/07/10, Modified: 2019/06/28

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4338815
- 4338824

C:\Windows\system32\ntoskrnl.exe has not been patched.

Remote version : 6.3.9600.16452
Should be : 6.3.9600.19067
111688 - KB4343888: Windows 8.1 and Windows Server 2012 R2 August 2018 Security Update
(Foreshadow)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 4343888 or cumulative update 4343898. It is, therefore,
affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to
access information in multi-tenant environments. The vulnerability is caused when .NET Framework is used in
high-load/high-density network connections where content from one stream can blend into another stream.
(CVE-2018-8360)

- A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted
embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected
system. An attacker could then install programs; view, change, or delete data; or create new accounts with full
user rights. (CVE-2018-8344)

- A remote code execution vulnerability exists when Internet Explorer improperly validates hyperlinks before
loading executable libraries. An attacker who successfully exploited this vulnerability could take control of an
affected system. An attacker could then install programs; view, change, or delete data; or create new accounts
with full user rights.
(CVE-2018-8316)

- A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in
Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary
code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the
same user rights as the current user.
(CVE-2018-8353, CVE-2018-8371, CVE-2018-8373, CVE-2018-8389)
- A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if
a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights
as the local user. (CVE-2018-8345)

- An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly
handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an
elevated context. (CVE-2018-8405)

- An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys
fails to check the length of a buffer prior to copying memory to it. (CVE-2018-8343)

- An information disclosure vulnerability exists when the Windows GDI component improperly discloses the
contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to
further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such
as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted
webpage.
The security update addresses the vulnerability by correcting how the Windows GDI component handles objects
in memory. (CVE-2018-8394, CVE-2018-8398)

- A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to
properly handle serialized objects. An attacker who successfully exploited the vulnerability could use a specially
crafted file or script to perform actions. In an email attack scenario, an attacker could exploit the vulnerability by
sending the specially crafted file to the user and convincing the user to open the file.
(CVE-2018-8349)

- A security feature bypass vulnerability exists when Active Directory Federation Services (AD FS) improperly
handles multi-factor authentication requests.
(CVE-2018-8340)

- An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame
interaction. An attacker who successfully exploited this vulnerability could allow an attacker to obtain browser
frame or window state from a different domain. For an attack to be successful, an attacker must persuade a user
to open a malicious website from a secure website.
This update addresses the vulnerability by denying permission to read the state of the object model, to which
frames or windows on different domains should not have access. (CVE-2018-8351)

See Also

http://www.nessus.org/u?82e63681
http://www.nessus.org/u?1fda3003

Solution

Apply Security Only update KB4343888 or Cumulative Update KB4343898 as well as refer to the KB article for
additional information.
Risk Factor

High

CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

8.4 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

References

BID 104978
BID 104982
BID 104983
BID 104984
BID 104986
BID 104987
BID 104992
BID 104995
BID 104999
BID 105001
BID 105011
BID 105027
BID 105029
BID 105030
CVE CVE-2018-3615
CVE CVE-2018-3620
CVE CVE-2018-3646
CVE CVE-2018-8316
CVE CVE-2018-8339
CVE CVE-2018-8340
CVE CVE-2018-8341
CVE CVE-2018-8343
CVE CVE-2018-8344
CVE CVE-2018-8345
CVE CVE-2018-8348
CVE CVE-2018-8349
CVE CVE-2018-8351
CVE CVE-2018-8353
CVE CVE-2018-8355
CVE CVE-2018-8360
CVE CVE-2018-8371
CVE CVE-2018-8372
CVE CVE-2018-8373
CVE CVE-2018-8385
CVE CVE-2018-8389
CVE CVE-2018-8394
CVE CVE-2018-8398
CVE CVE-2018-8403
CVE CVE-2018-8404
CVE CVE-2018-8405
MSKB 4343898
MSKB 4343888
XREF MSFT:MS18-4343898
XREF MSFT:MS18-4343888

Exploitable With

Core Impact (true)

Plugin Information

Published: 2018/08/14, Modified: 2019/04/08

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4343898
- 4343888

C:\Windows\system32\ntoskrnl.exe has not been patched.

Remote version : 6.3.9600.16452
Should be : 6.3.9600.19101
117412 - KB4457143: Windows 8.1 and Windows Server 2012 R2 September 2018 Security Update

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 4457143 or cumulative update 4457129. It is, therefore,
affected by multiple vulnerabilities :

- An information disclosure vulnerability exists when the Windows GDI component improperly discloses the
contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to
further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such
as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted
webpage.
The security update addresses the vulnerability by correcting how the Windows GDI component handles objects
in memory. (CVE-2018-8424)

- An elevation of privilege vulnerability exists in Windows that allows a sandbox escape. An attacker who
successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected
system. This vulnerability by itself does not allow arbitrary code execution. However, the vulnerability could
allow arbitrary code to run if an attacker uses it in combination with another vulnerability, such as a remote code
execution vulnerability or another elevation of privilege vulnerability, that can leverage the elevated privileges
when code execution is attempted.
The security update addresses the vulnerability by correcting how Windows parses files. (CVE-2018-8468)

- A remote code execution vulnerability exists when Windows does not properly handle specially crafted image
files. An attacker who successfully exploited the vulnerability could execute arbitrary code.
(CVE-2018-8475)

- A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate
input from an authenticated user on a guest operating system. (CVE-2018-8439)

192.168.100.4 140
- An information disclosure vulnerability exists when the scripting engine does not properly handle objects in
memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information
to further compromise the users system.
(CVE-2018-8452)

- A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code
execution on an affected system. An attacker who successfully exploited this vulnerability could take control
of an affected system. An attacker could then install programs; view, change, or delete data; or create
new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the
system could be less impacted than users who operate with administrative user rights. (CVE-2018-8392,
CVE-2018-8393)

- A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly
validate input from a privileged user on a guest operating system. An attacker who successfully exploited the
vulnerability could cause the host server to crash. (CVE-2018-8438)

- An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to
properly validate input from an authenticated user on a guest operating system. (CVE-2018-8434)

- An information disclosure vulnerability exists when the browser scripting engine improperly handle object types.
An attacker who has successfully exploited this vulnerability might be able to read privileged data across trust
boundaries. In browsing scenarios, an attacker could convince a user to visit a malicious site and leverage
the vulnerability to obtain privileged information from the browser process, such as sensitive data from other
opened tabs. An attacker could also inject malicious code into advertising networks used by trusted sites or
embed malicious code on a compromised, but trusted, site. The security update addresses the vulnerability by
correcting how the browser scripting engine handles object types. (CVE-2018-8315)

- A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends
specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected
system to crash. To attempt to exploit this issue, an attacker would need to send specially crafted SMB requests
to the target system. Note that the denial of service vulnerability would not allow an attacker to execute code
or to elevate their user rights, but it could cause the affected system to stop accepting requests. The security
update addresses the vulnerability by correcting the manner in which SMB handles specially crafted client
requests.
(CVE-2018-8335)

- An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2)
server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special
packet, which could lead to information disclosure from the server. (CVE-2018-8444)

192.168.100.4 14
- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context
of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as
the current user. (CVE-2018-8447)

- An information disclosure vulnerability exists in Windows when the Windows bowser.sys kernel-mode driver
fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could
potentially disclose contents of System memory.
(CVE-2018-8271)

- A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker
who successfully exploited this vulnerability could take control of an affected system. (CVE-2018-8421)

- An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects
in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted
system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application.
The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly
handles objects in memory.
(CVE-2018-8410)

- A security feature bypass vulnerability exists in Internet Explorer due to how scripts are handled that allows
a universal cross-site scripting (UXSS) condition. An attacker could use the UXSS vulnerability to access any
session belonging to web pages currently opened (or cached) by the browser at the time the attack is triggered.
(CVE-2018-8470)

See Also

http://www.nessus.org/u?f733ae62
http://www.nessus.org/u?7080d669

Solution

Apply Security Only update KB4457143 or Cumulative Update KB4457129.

Risk Factor

High

CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score

8.4 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

References

CVE CVE-2018-8271
CVE CVE-2018-8315
CVE CVE-2018-8332
CVE CVE-2018-8335
CVE CVE-2018-8392
CVE CVE-2018-8393
CVE CVE-2018-8410
CVE CVE-2018-8419
CVE CVE-2018-8420
CVE CVE-2018-8421
CVE CVE-2018-8424
CVE CVE-2018-8433
CVE CVE-2018-8434
CVE CVE-2018-8438
CVE CVE-2018-8439
CVE CVE-2018-8440
CVE CVE-2018-8442
CVE CVE-2018-8443
CVE CVE-2018-8444
CVE CVE-2018-8446
CVE CVE-2018-8447
CVE CVE-2018-8452
CVE CVE-2018-8455
CVE CVE-2018-8457
CVE CVE-2018-8468
CVE CVE-2018-8470
CVE CVE-2018-8475
MSKB 4457143
MSKB 4457129
XREF MSFT:MS18-4457143
XREF MSFT:MS18-4457129
Exploitable With

CANVAS (true) Core Impact (true) Metasploit (true)

Plugin Information

Published: 2018/09/11, Modified: 2019/04/08

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4457143
- 4457129

C:\Windows\system32\ntoskrnl.exe has not been patched.

Remote version : 6.3.9600.16452
Should be : 6.3.9600.19125
118002 - KB4462941: Windows 8.1 and Windows Server 2012 R2 October 2018 Security Update

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 4462941 or cumulative update 4462926. It is, therefore,
affected by multiple vulnerabilities :

- A security feature bypass vulnerability exists in DNS Global Blocklist feature. An attacker who successfully
exploited this vulnerability could redirect traffic to malicious DNS endpoints. The update addresses the
vulnerability by updating DNS Server Role record additions to not bypass the Global Query Blocklist.
(CVE-2018-8320)

- An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker
who successfully exploited this vulnerability could obtain information to further compromise the users system.
An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update
addresses the vulnerability by correcting how DirectX handles objects in memory.
(CVE-2018-8486)

- A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate
input from an authenticated user on a guest operating system. (CVE-2018-8489)

- An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented
IP packets. An attacker who successfully exploited this vulnerability could obtain information to further
compromise the users system. (CVE-2018-8493)

- A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes
user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take
control of the users system. (CVE-2018-8494)
- An information disclosure vulnerability exists when Windows Media Player improperly discloses file information.
Successful exploitation of the vulnerability could allow an attacker to determine the presence of files on disk.
(CVE-2018-8481, CVE-2018-8482)

- A remote code execution vulnerability exists when "Windows Theme API" does not properly
decompress files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context
of the current user. If the current user is logged on with administrative user rights, an attacker could take control
of the affected system. An attacker could then install programs; view, change, or delete data; or create new
accounts with full user rights.
Users whose accounts are configured to have fewer user rights on the system could be less impacted than users
who operate with administrative user rights.
(CVE-2018-8413)

- A remote code execution vulnerability exists in the Microsoft JET Database Engine. An attacker who
successfully exploited this vulnerability could take control of an affected system. An attacker could then install
programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts
are configured to have fewer user rights on the system could be less impacted than users who operate with
administrative user rights. (CVE-2018-8423)

- An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory.
An attacker who successfully exploited this vulnerability could execute elevated code and take control of an
affected system. An attacker could then install programs; view, change, or delete data; or create new accounts
with full user rights. (CVE-2018-8333)

See Also

http://www.nessus.org/u?554e569a
http://www.nessus.org/u?9d16a66a

Solution

Apply Security Only update KB4462941 or Cumulative Update KB4462926.

Risk Factor

High

CVSS v3.0 Base Score

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.5 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

References

BID 105477
CVE CVE-2018-8320
CVE CVE-2018-8330
CVE CVE-2018-8333
CVE CVE-2018-8411
CVE CVE-2018-8413
CVE CVE-2018-8423
CVE CVE-2018-8453
CVE CVE-2018-8460
CVE CVE-2018-8472
CVE CVE-2018-8481
CVE CVE-2018-8482
CVE CVE-2018-8484
CVE CVE-2018-8486
CVE CVE-2018-8489
CVE CVE-2018-8491
CVE CVE-2018-8493
CVE CVE-2018-8494
MSKB 4462926
MSKB 4462941
XREF MSFT:MS18-4462926
XREF MSFT:MS18-4462941

Exploitable With

Core Impact (true) Metasploit (true)

Plugin Information

Published: 2018/10/09, Modified: 2019/08/23

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4462926
- 4462941

C:\Windows\system32\ntoskrnl.exe has not been patched.

Remote version : 6.3.9600.16452
Should be : 6.3.9600.19153
118918 - KB4467703: Windows 8.1 and Windows Server 2012 R2 November 2018 Security Update

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 4467703 or cumulative update 4467697. It is, therefore,
affected by multiple vulnerabilities :

- A remote code execution vulnerability exists when PowerShell improperly handles specially crafted files.
An attacker who successfully exploited this vulnerability could execute malicious code on a vulnerable system.
(CVE-2018-8256)

- A security feature bypass exists when Windows incorrectly validates kernel driver signatures. An attacker who
successfully exploited this vulnerability could bypass security features and load improperly signed drivers into
the kernel. In an attack scenario, an attacker could bypass security features intended to prevent improperly
signed drivers from being loaded by the kernel. The update addresses the vulnerability by correcting how
Windows validates kernel driver signatures. (CVE-2018-8549)

- A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code.
(CVE-2018-8415)

- A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server
handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code
with elevated permissions on a target system.
(CVE-2018-8476)

- An information disclosure vulnerability exists when the win32k component improperly provides kernel
information.
An attacker who successfully exploited the vulnerability could obtain information to further compromise the users
system. (CVE-2018-8565)

- An elevation of privilege exists in Windows COM Aggregate Marshaler. An attacker who successfully exploited
the vulnerability could run arbitrary code with elevated privileges. (CVE-2018-8550)

- An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.
(CVE-2018-8408)

- A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active
Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected
AD FS server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to
an affected AD FS server. The attacker who successfully exploited the vulnerability could then perform cross-
site scripting attacks on affected systems and run scripts in the security context of the current user. The attacks
could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to
take actions on the AD FS site on behalf of the user, such as change permissions and delete content, and
inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to
ensure that the open source customization for AD FS properly sanitizes web requests.
(CVE-2018-8547)

- A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects
in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target
system. (CVE-2018-8553)

- An information disclosure vulnerability exists when "Kernel Remote Procedure Call Provider" driver
improperly initializes objects in memory.
(CVE-2018-8407)

- An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker
who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then
install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2018-8485, CVE-2018-8561)

See Also

http://www.nessus.org/u?0d78fde5
http://www.nessus.org/u?98f43c31

Solution

Apply Security Only update KB4467703 or Cumulative Update KB4467697.

Risk Factor

High

192.168.100.4 150
CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

8.4 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

References

BID 105770
BID 105774
BID 105777
BID 105778
BID 105781
BID 105786
BID 105787
BID 105789
BID 105790
BID 105791
BID 105792
BID 105794
BID 105797
BID 105801
BID 105803
BID 105805
BID 105813
CVE CVE-2018-8256
CVE CVE-2018-8407
CVE CVE-2018-8408
CVE CVE-2018-8415
CVE CVE-2018-8450
CVE CVE-2018-8476
CVE CVE-2018-8485
CVE CVE-2018-8544
CVE CVE-2018-8547
CVE CVE-2018-8549

192.168.100.4 15
CVE CVE-2018-8550
CVE CVE-2018-8552
CVE CVE-2018-8553
CVE CVE-2018-8561
CVE CVE-2018-8562
CVE CVE-2018-8563
CVE CVE-2018-8565
MSKB 4467703
MSKB 4467697
XREF MSFT:MS18-4467703
XREF MSFT:MS18-4467697

Plugin Information

Published: 2018/11/13, Modified: 2019/04/10

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4467703
- 4467697

C:\Windows\system32\ntoskrnl.exe has not been patched.

Remote version : 6.3.9600.16452
Should be : 6.3.9600.19179
121014 - KB4480964: Windows 8.1 and Windows Server 2012 R2 January 2019 Security Update

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 4480964 or cumulative update 4480963. It is, therefore,
affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing
Cross- origin Resource Sharing (CORS) configurations. An attacker who successfully exploited the vulnerability
could retrieve content, that is normally restricted, from a web application. The security update addresses the
vulnerability by enforcing CORS configuration to prevent its bypass. (CVE-2019-0545)

- An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to
escape from the AppContainer sandbox in the browser.
An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the Edge
AppContainer sandbox. The vulnerability by itself does not allow arbitrary code to run. However, this vulnerability
could be used in conjunction with one or more vulnerabilities (for example a remote code execution vulnerability
and another elevation of privilege vulnerability) to take advantage of the elevated privileges when running.
The security update addresses the vulnerability by modifying how the Microsoft XmlDocument class enforces
sandboxing.
(CVE-2019-0555)

- An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory.
An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An
attacker could exploit this vulnerability by running a specially crafted application on the victim system. The
update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.
(CVE-2019-0570)

- A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An
attacker could execute arbitrary code in the context of the current user. (CVE-2019-0541)

- An elevation of privilege exists in Windows COM Desktop Broker. An attacker who successfully exploited the
vulnerability could run arbitrary code with elevated privileges. (CVE-2019-0552)

- An elevation of privilege vulnerability exists when Windows improperly handles authentication requests. An
attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker
could exploit this vulnerability by running a specially crafted application on the victim system. The update
addresses the vulnerability by correcting the way Windows handles authentication requests. (CVE-2019-0543)
- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory.
An attacker who successfully exploited this vulnerability could obtain information to further compromise the
users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application.
The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
(CVE-2019-0569)

See Also

http://www.nessus.org/u?5fa9f1a3
http://www.nessus.org/u?fd4ff768

Solution

Apply Security Only update KB4480964 or Cumulative Update KB4480963.

Risk Factor

High

CVSS v3.0 Base Score

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.5 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

References

CVE CVE-2018-3639
CVE CVE-2019-0536
CVE CVE-2019-0538
CVE CVE-2019-0541
CVE CVE-2019-0543
CVE CVE-2019-0545
CVE CVE-2019-0549
CVE CVE-2019-0552
CVE CVE-2019-0554
CVE CVE-2019-0555
CVE CVE-2019-0569
CVE CVE-2019-0570
CVE CVE-2019-0575
CVE CVE-2019-0576
CVE CVE-2019-0577
CVE CVE-2019-0578
CVE CVE-2019-0579
CVE CVE-2019-0580
CVE CVE-2019-0581
CVE CVE-2019-0582
CVE CVE-2019-0583
CVE CVE-2019-0584
MSKB 4480963
MSKB 4480964
XREF MSFT:MS19-4480963
XREF MSFT:MS19-4480964

Plugin Information

Published: 2019/01/08, Modified: 2019/04/30

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4480964
- 4480963

C:\Windows\system32\ntoskrnl.exe has not been patched.

Remote version : 6.3.9600.16452
Should be : 6.3.9600.19228
122120 - KB4487028: Windows 8.1 and Windows Server 2012 R2 February 2019 Security Update

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 4487028 or cumulative update 4487000. It is, therefore,
affected by multiple vulnerabilities :

- An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to
properly validate input from an authenticated user on a guest operating system. (CVE-2019-0635)

- An information disclosure vulnerability exists when the Windows GDI component improperly discloses the
contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to
further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such
as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted
webpage.
The security update addresses the vulnerability by correcting how the Windows GDI component handles
objects in memory. (CVE-2019-0602, CVE-2019-0615, CVE-2019-0616, CVE-2019-0619, CVE-2019-0660,
CVE-2019-0664)

- An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly
handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to
further compromise the victims system. (CVE-2019-0600, CVE-2019-0601)

- A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software
fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run
arbitrary code in the context of the current user. If the current user is logged on with administrative user rights,
an attacker could take control of the affected system. An attacker could then install programs; view, change, or
delete data; or create new accounts with full user rights. (CVE-2019-0613)

- An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.
An attacker who successfully exploited this vulnerability could test for the presence of files on disk. For an attack
to be successful, an attacker must persuade a user to open a malicious website. The security update addresses
the vulnerability by changing the way Internet Explorer handles objects in memory.
(CVE-2019-0676)

- A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's. An
attacker who successfully exploited this vulnerability could use it to bypass security logic intended to ensure that
a user-provided URL belonged to a specific hostname or a subdomain of that hostname. This could be used to
cause privileged communication to be made to an untrusted service as if it was a trusted service.
(CVE-2019-0657)

- A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI)
handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the
affected system. An attacker could then install programs; view, change, or delete data; or create new accounts
with full user rights. (CVE-2019-0618, CVE-2019-0662)

- An information vulnerability exists when Windows improperly discloses file information. Successful exploitation
of the vulnerability could allow the attacker to read the contents of files on disk.
(CVE-2019-0636)

- A spoofing vulnerability exists when Microsoft browsers improperly handles specific redirects. An attacker
who successfully exploited this vulnerability could trick a user into believing that the user was on a legitimate
website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other
vulnerabilities in web services.
(CVE-2019-0654)

- A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2)
server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to
execute code on the target server.
(CVE-2019-0630, CVE-2019-0633)

- A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends
specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run
arbitrary code on the DHCP server. (CVE-2019-0626)

- An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.
To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who
successfully exploited this vulnerability could obtain information to further compromise the user's system.
(CVE-2019-0663)

See Also
http://www.nessus.org/u?220ebfca
http://www.nessus.org/u?1a603136

Solution

Apply Security Only update KB4487028 or Cumulative Update KB4487000.

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.2 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Temporal Score

7.8 (CVSS2#E:H/RL:OF/RC:C)

References

CVE CVE-2019-0595
CVE CVE-2019-0596
CVE CVE-2019-0597
CVE CVE-2019-0598
CVE CVE-2019-0599
CVE CVE-2019-0600
CVE CVE-2019-0601
CVE CVE-2019-0602
CVE CVE-2019-0606
CVE CVE-2019-0613
CVE CVE-2019-0615
CVE CVE-2019-0616
CVE CVE-2019-0618
CVE CVE-2019-0619
CVE CVE-2019-0621
CVE CVE-2019-0623
CVE CVE-2019-0625
CVE CVE-2019-0626
CVE CVE-2019-0628
CVE CVE-2019-0630
CVE CVE-2019-0633
CVE CVE-2019-0635
CVE CVE-2019-0636
CVE CVE-2019-0654
CVE CVE-2019-0656
CVE CVE-2019-0657
CVE CVE-2019-0660
CVE CVE-2019-0662
CVE CVE-2019-0663
CVE CVE-2019-0664
CVE CVE-2019-0676
MSKB 4487028
MSKB 4487000
XREF MSFT:MS19-4487028
XREF MSFT:MS19-4487000

Exploitable With

Core Impact (true)

Plugin Information

Published: 2019/02/12, Modified: 2019/08/23

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4487028
- 4487000

C:\Windows\system32\ntoskrnl.exe has not been patched.

Remote version : 6.3.9600.16452
Should be : 6.3.9600.19263
122784 - KB4489883: Windows 8.1 and Windows Server 2012 R2 March 2019 Security Update

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 4489883 or cumulative update 4489881. It is, therefore,
affected by multiple vulnerabilities :

- A security feature bypass vulnerability exists when Internet Explorer fails to validate the correct Security Zone
of requests for specific URLs. This could allow an attacker to cause a user to access a URL in a less restricted
Internet Security Zone than intended.
(CVE-2019-0761)

- An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain
requests. An authenticated attacker who successfully exploited this vulnerability could craft a special packet,
which could lead to information disclosure from the server. (CVE-2019-0703, CVE-2019-0704, CVE-2019-0821)

- An information disclosure vulnerability exists when the Windows Print Spooler does not properly handle objects
in memory. An attacker who successfully exploited this vulnerability could use the information to further exploit
the victim system. (CVE-2019-0759)

- A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different
origins. The vulnerability allows Microsoft browsers to bypass Same-Site cookie restrictions, and to allow
requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force
the browser to send data that would otherwise be restricted. (CVE-2019-0762)

192.168.100.4 160
- A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly
validate input from a privileged user on a guest operating system. An attacker who successfully exploited the
vulnerability could cause the host server to crash. (CVE-2019-0690)

- A remote code execution vulnerability exists in the way that the ActiveX Data objects (ADO) handles objects in
memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in
the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user
rights as the current user. (CVE-2019-0784)

- An information disclosure vulnerability exists when the Windows GDI component improperly discloses the
contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to
further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such
as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted
webpage.
The security update addresses the vulnerability by correcting how the Windows GDI component handles objects
in memory. (CVE-2019-0614, CVE-2019-0774)

- An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.
(CVE-2019-0767)

- A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in
memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute
arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could
gain the same user rights as the current user. (CVE-2019-0746)

192.168.100.4 16
of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as
the current user. (CVE-2019-0665, CVE-2019-0666, CVE-2019-0667, CVE-2019-0772)

- A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. The
vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of
the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the
current user. (CVE-2019-0765)

See Also

http://www.nessus.org/u?b8fed4ae
http://www.nessus.org/u?ec929c9e

Solution

Apply Security Only update KB4489883 or Cumulative Update KB4489881.

Risk Factor

High

CVSS v3.0 Base Score

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.0 (CVSS:3.0/E:P/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

7.3 (CVSS2#E:POC/RL:OF/RC:C)

References

CVE CVE-2019-0603
CVE CVE-2019-0609
CVE CVE-2019-0614
CVE CVE-2019-0617
CVE CVE-2019-0665
CVE CVE-2019-0666
CVE CVE-2019-0667
CVE CVE-2019-0680
CVE CVE-2019-0690
CVE CVE-2019-0702
CVE CVE-2019-0703
CVE CVE-2019-0704
CVE CVE-2019-0746
CVE CVE-2019-0754
CVE CVE-2019-0755
CVE CVE-2019-0756
CVE CVE-2019-0759
CVE CVE-2019-0761
CVE CVE-2019-0762
CVE CVE-2019-0763
CVE CVE-2019-0765
CVE CVE-2019-0767
CVE CVE-2019-0772
CVE CVE-2019-0774
CVE CVE-2019-0775
CVE CVE-2019-0780
CVE CVE-2019-0782
CVE CVE-2019-0783
CVE CVE-2019-0784
CVE CVE-2019-0797
CVE CVE-2019-0821
MSKB 4489881
MSKB 4489883
XREF MSFT:MS19-4489881
XREF MSFT:MS19-4489883

Plugin Information

Published: 2019/03/12, Modified: 2019/04/30

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4489883
- 4489881

C:\Windows\system32\ntoskrnl.exe has not been patched.

Remote version : 6.3.9600.16452
Should be : 6.3.9600.19304
123940 - KB4493467: Windows 8.1 and Windows Server 2012 R2 April 2019 Security Update

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 4493467 or cumulative update 4493446. It is, therefore,
affected by multiple vulnerabilities :

- A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard
when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited
this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine.
(CVE-2019-0732)

- An information disclosure vulnerability exists when the Terminal Services component improperly discloses
the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to
further compromise a users system. (CVE-2019-0839)

- A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes
user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to
take control of the users system. (CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0793,
CVE-2019-0795)

- A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles
objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a
victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The
update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in
memory. (CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879)
- An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver
(luafv.sys). An attacker who successfully exploited this vulnerability could run arbitrary code in the security
context of the local system. An attacker could then install programs; view, change, or delete data; or create new
accounts with full user rights.
(CVE-2019-0730, CVE-2019-0731, CVE-2019-0805, CVE-2019-0836)

- An information disclosure vulnerability exists when the Windows GDI component improperly discloses the
contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to
further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such
as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted
webpage.
The security update addresses the vulnerability by correcting how the Windows GDI component handles objects
in memory. (CVE-2019-0802, CVE-2019-0849)

- An information disclosure vulnerability exists when Windows Task Scheduler improperly discloses credentials
to Windows Credential Manager. An attacker who successfully exploited the vulnerability could obtain
information to further compromise the users system. An attacker could then install programs; view, change, or
delete data; or create new accounts with full user rights. (CVE-2019-0838)

- An information disclosure vulnerability exists when the scripting engine does not properly handle objects in
memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise
the users system. (CVE-2019-0835)

- An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver
(luafv.sys). An attacker who successfully exploited this vulnerability could set the short name of a file with a long
name to an arbitrary short name, overriding the file system with limited privileges. (CVE-2019-0796)

- An elevation of privilege vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS)
fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run
arbitrary code. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0735)

- A remote code execution vulnerability exists when OLE automation improperly handles objects in memory. An
attacker who successfully exploited the vulnerability could gain execution on the victim system.
(CVE-2019-0794)

- A remote code execution vulnerability exists when the IOleCvt interface renders ASP webpage content. An
attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the
users system. (CVE-2019-0845)

- A tampering vulnerability exists when Microsoft browsers do not properly validate input under specific
conditions. An attacker who exploited the vulnerability could pass custom command line parameters.
(CVE-2019-0764)

See Also

http://www.nessus.org/u?60dedb61
http://www.nessus.org/u?4c9ecc3f

Solution

Apply Security Only update KB4493467 or Cumulative Update KB4493446.

Risk Factor

High

CVSS v3.0 Base Score

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.5 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

References

CVE CVE-2019-0688
CVE CVE-2019-0730
CVE CVE-2019-0731
CVE CVE-2019-0732
CVE CVE-2019-0735
CVE CVE-2019-0752
CVE CVE-2019-0753
CVE CVE-2019-0764
CVE CVE-2019-0790
CVE CVE-2019-0791
CVE CVE-2019-0792
CVE CVE-2019-0793
CVE CVE-2019-0794
CVE CVE-2019-0795
CVE CVE-2019-0796
CVE CVE-2019-0802
CVE CVE-2019-0803
CVE CVE-2019-0805
CVE CVE-2019-0835
CVE CVE-2019-0836
CVE CVE-2019-0838
CVE CVE-2019-0839
CVE CVE-2019-0842
CVE CVE-2019-0844
CVE CVE-2019-0845
CVE CVE-2019-0846
CVE CVE-2019-0847
CVE CVE-2019-0848
CVE CVE-2019-0849
CVE CVE-2019-0851
CVE CVE-2019-0853
CVE CVE-2019-0856
CVE CVE-2019-0859
CVE CVE-2019-0862
CVE CVE-2019-0877
CVE CVE-2019-0879
MSKB 4493446
MSKB 4493467
XREF MSFT:MS19-4493446
XREF MSFT:MS19-4493467

Exploitable With

Core Impact (true)

Plugin Information

Published: 2019/04/09, Modified: 2019/08/23

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4493467
- 4493446

C:\Windows\system32\ntoskrnl.exe has not been patched.

Remote version : 6.3.9600.16452
Should be : 6.3.9600.19321
125061 - KB4499165: Windows 8.1 and Windows Server 2012 R2 May 2019 Security Update (MDSUM/
RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 4499165 or cumulative update 4499151. It is, therefore,
affected by multiple vulnerabilities :

- A new subclass of speculative execution side channel vulnerabilities, known as Microarchitectural Data
Sampling, exist in Windows.
An attacker who successfully exploited these vulnerabilities may be able to read privileged data across trust
boundaries. In shared resource environments (such as exists in some cloud services configurations), these
vulnerabilities could allow one virtual machine to improperly access information from another. In non-browsing
scenarios on standalone systems, an attacker would need prior access to the system or an ability to run a
specially crafted application on the target system to leverage these vulnerabilities.
(CVE-2018-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130)

- A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx
strings. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET
application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted
requests to a .NET Framework (or .NET core) application. The update addresses the vulnerability by correcting
how .NET Framework and .NET Core applications handle RegEx string processing. (CVE-2019-0820)

- A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input.
An attacker could exploit the vulnerability to execute malicious code. (CVE-2019-0885)

- An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration.
An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.
A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The
security update addresses the vulnerability by helping to ensure that the Windows Kernel properly handles key
enumeration. (CVE-2019-0881)

- An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle
certain symbolic links. An attacker who successfully exploited this vulnerability could potentially set certain items
to run at a higher level and thereby elevate permissions. (CVE-2019-0936)

- An spoofing vulnerability exists when Internet Explorer improperly handles URLs. An attacker who successfully
exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially
crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web
services. (CVE-2019-0921)

- A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially
crafted packets. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP
server. (CVE-2019-0725)

- A denial of service vulnerability exists when .NET Framework improperly handles objects in heap memory. An
attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application.
(CVE-2019-0864)

- An information disclosure vulnerability exists when the Windows GDI component improperly discloses the
contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to
further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such
as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted
webpage.
The security update addresses the vulnerability by correcting how the Windows GDI component handles objects
in memory. (CVE-2019-0758, CVE-2019-0882, CVE-2019-0961)

- An elevation of privilege vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able
to successfully decode and replace authentication request using Kerberos, allowing an attacker to be validated
as an Administrator. The update addresses this vulnerability by changing how these requests are validated.
(CVE-2019-0734)

- An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files. An
attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker
could then install programs; view, change, or delete data; or create new accounts with administrator privileges.
(CVE-2019-0863)

- A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests.
An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET
Framework or .NET Core web application. The vulnerability can be exploited remotely, without authentication. A
remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET
Framework or .NET Core application.
The update addresses the vulnerability by correcting how .NET Framework or .NET Core web applications
handles web requests. (CVE-2019-0980, CVE-2019-0981)

192.168.100.4 170
See Also

http://www.nessus.org/u?f1eae74c
http://www.nessus.org/u?9defcbe8

Solution

Apply Security Only update KB4499165 or Cumulative Update KB4499151.

Risk Factor

High

CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

8.4 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

References

CVE CVE-2018-11091
CVE CVE-2018-12126
CVE CVE-2018-12127
CVE CVE-2018-12130
CVE CVE-2019-0707
CVE CVE-2019-0725
CVE CVE-2019-0734
CVE CVE-2019-0758
CVE CVE-2019-0820
CVE CVE-2019-0863
CVE CVE-2019-0864
CVE CVE-2019-0881
CVE CVE-2019-0882
CVE CVE-2019-0884
CVE CVE-2019-0885

192.168.100.4 17
CVE CVE-2019-0889
CVE CVE-2019-0890
CVE CVE-2019-0891
CVE CVE-2019-0893
CVE CVE-2019-0894
CVE CVE-2019-0895
CVE CVE-2019-0896
CVE CVE-2019-0897
CVE CVE-2019-0898
CVE CVE-2019-0899
CVE CVE-2019-0900
CVE CVE-2019-0901
CVE CVE-2019-0902
CVE CVE-2019-0903
CVE CVE-2019-0911
CVE CVE-2019-0918
CVE CVE-2019-0921
CVE CVE-2019-0930
CVE CVE-2019-0936
CVE CVE-2019-0940
CVE CVE-2019-0961
CVE CVE-2019-0980
CVE CVE-2019-0981
MSKB 4499151
MSKB 4499165
XREF MSFT:MS19-4499151
XREF MSFT:MS19-4499165

Plugin Information

Published: 2019/05/14, Modified: 2019/06/13

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4499151
- 4499165

C:\Windows\system32\ntoskrnl.exe has not been patched.

Remote version : 6.3.9600.16452
Should be : 6.3.9600.19358
125818 - KB4503290: Windows 8.1 and Windows Server 2012 R2 June 2019 Security Update

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 4503290 or cumulative update 4503276. It is, therefore,
affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly
parses XML input containing a reference to an external entity. An attacker who successfully exploited this
vulnerability could read arbitrary files via an XML external entity (XXE) declaration. (CVE-2019-0948)

- A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate
input from an authenticated user on a guest operating system. (CVE-2019-0620, CVE-2019-0722)

- A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key
and sign messages. (CVE-2019-1019)

- A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully
bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this
vulnerability could gain the ability to downgrade NTLM security features. (CVE-2019-1040)

- A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input
from a privileged user on a guest operating system. (CVE-2019-0710, CVE-2019-0711, CVE-2019-0713)

- An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the
vulnerability could run arbitrary code with elevated privileges. (CVE-2019-1028)

- An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.
(CVE-2019-1039)

- This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS)
caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who
successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service,
which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing
the way that LSASS handles specially crafted authentication requests. (CVE-2019-0972)

- An elevation of privilege vulnerability exists in the way that the Windows Network File System (NFS) handles
objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated
permissions. (CVE-2019-1045)

- An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An
attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox.
(CVE-2019-1053)

- An information disclosure vulnerability exists when the Windows GDI component improperly discloses the
contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to
further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such
as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted
webpage.
The security update addresses the vulnerability by correcting how the Windows GDI component handles objects
in memory. (CVE-2019-1010, CVE-2019-1012, CVE-2019-1046, CVE-2019-1050)

- A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in
memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with the victim
users privileges. An attacker could craft a website that exploits the vulnerability and then convince a victim user
to visit the website. The security update addresses the vulnerability by modifying how ActiveX Data Objects
handle objects in memory.
(CVE-2019-0888)

- A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles
requests. An attacker who successfully exploited this vulnerability could perform a temporary denial of service
against pages configured to use request filtering. (CVE-2019-0941)

- An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly
handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an
elevated context. (CVE-2019-0986)

See Also

http://www.nessus.org/u?953a7c84
http://www.nessus.org/u?1dd73841

Solution

Apply Security Only update KB4503290 or Cumulative Update KB4503276.

Risk Factor

High

CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

8.4 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

References

BID 108570
BID 108577
BID 108581
BID 108583
BID 108584
BID 108585
BID 108586
BID 108591
BID 108594
BID 108597
BID 108599
BID 108600
BID 108603
BID 108604
BID 108606
BID 108607
BID 108609
BID 108612
BID 108613
BID 108614
BID 108620
BID 108624
BID 108630
BID 108632
BID 108633
BID 108638
BID 108641
BID 108644
BID 108646
BID 108648
BID 108650
BID 108651
BID 108654
BID 108655
BID 108656
BID 108666
BID 108667
BID 108668
BID 108669
BID 108708
BID 108709
CVE CVE-2019-0620
CVE CVE-2019-0710
CVE CVE-2019-0711
CVE CVE-2019-0713
CVE CVE-2019-0722
CVE CVE-2019-0888
CVE CVE-2019-0904
CVE CVE-2019-0905
CVE CVE-2019-0906
CVE CVE-2019-0907
CVE CVE-2019-0908
CVE CVE-2019-0909
CVE CVE-2019-0920
CVE CVE-2019-0941
CVE CVE-2019-0943
CVE CVE-2019-0948
CVE CVE-2019-0972
CVE CVE-2019-0973
CVE CVE-2019-0974
CVE CVE-2019-0984
CVE CVE-2019-0986
CVE CVE-2019-0988
CVE CVE-2019-1005
CVE CVE-2019-1010
CVE CVE-2019-1012
CVE CVE-2019-1014
CVE CVE-2019-1017
CVE CVE-2019-1019
CVE CVE-2019-1025
CVE CVE-2019-1028
CVE CVE-2019-1038
CVE CVE-2019-1039
CVE CVE-2019-1040
CVE CVE-2019-1043
CVE CVE-2019-1045
CVE CVE-2019-1046
CVE CVE-2019-1050
CVE CVE-2019-1053
CVE CVE-2019-1055
CVE CVE-2019-1080
CVE CVE-2019-1081
MSKB 4503276
MSKB 4503290
XREF MSFT:MS19-4503276
XREF MSFT:MS19-4503290

Plugin Information
Published: 2019/06/11, Modified: 2019/07/16

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4503276
- 4503290

C:\Windows\system32\ntoskrnl.exe has not been patched.

Remote version : 6.3.9600.16452
Should be : 6.3.9600.19376
126570 - KB4507457: Windows 8.1 and Windows Server 2012 R2 July 2019 Security Update
(SWAPGS)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 4507457 or cumulative update 4507448. It is, therefore,
affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in .NET software when the software fails to check the source
markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context
of the current user. If the current user is logged on with administrative user rights, an attacker could take control
of the affected system. An attacker could then install programs; view, change, or delete data; or create new
accounts with full user rights.
(CVE-2019-1113)

- A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who
successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to
medium-integrity. This vulnerability by itself does not allow arbitrary code execution; however, it could allow
arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code
execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated
privileges when code execution is attempted. (CVE-2019-0880)

- An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents
of its memory. An attacker who successfully exploited this vulnerability could obtain information to further
compromise the users system. (CVE-2019-1108)

- An elevation of privilege vulnerability exists in Microsoft Windows where a certain dll, with Local Service
privilege, is vulnerable to race planting a customized dll. An attacker who successfully exploited this vulnerability
could potentially elevate privilege to SYSTEM. The update addresses this vulnerability by requiring system
privileges for a certain DLL.
(CVE-2019-1082)

- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context
of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as
the current user. (CVE-2019-1063)
- A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The
vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context
of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as
the current user. (CVE-2019-1104)

- An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory.
An attacker who successfully exploited the vulnerability could obtain information to further compromise the users
system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open
a specially crafted document, or by convincing a user to visit an untrusted webpage.
The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.
(CVE-2019-1093, CVE-2019-1097)

- An information disclosure vulnerability exists when the Windows GDI component improperly discloses the
contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to
further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such
as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted
webpage.
The security update addresses the vulnerability by correcting how the Windows GDI component handles objects
in memory. (CVE-2019-1094, CVE-2019-1095)

- An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited
the vulnerability could run arbitrary code with elevated privileges. (CVE-2019-1086, CVE-2019-1087,
CVE-2019-1088)

- An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly
handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated
context. An attacker could then install programs; view, change or delete data. (CVE-2019-1130)

- A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow
an attacker to bypass the extranet lockout policy.
(CVE-2019-1126)

- A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services
when an authenticated attacker abuses clipboard redirection. An attacker who successfully exploited this
vulnerability could execute arbitrary code on the victim system. An attacker could then install programs; view,
change, or delete data; or create new accounts with full user rights. (CVE-2019-0887)

- An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory. An
attacker who successfully exploited the vulnerability could execute code with elevated permissions.
(CVE-2019-1085)

- A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles
web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against

192.168.100.4 180
a .NET web application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially
crafted requests to the .NET application. The update addresses the vulnerability by correcting how the .NET web
application handles web requests. (CVE-2019-1083)

- An elevation of privilege vulnerability exists in rpcss.dll when the RPC service Activation Kernel improperly
handles an RPC request. (CVE-2019-1089)

- An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows
Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys. This vulnerability
allows an attacker to impersonate another user, which can lead to elevation of privileges. The vulnerability exists
in WCF, WIF 3.5 and above in .NET Framework, WIF 1.0 component in Windows, WIF Nuget package, and
WIF implementation in SharePoint. An unauthenticated attacker can exploit this by signing a SAML token with
any arbitrary symmetric key. This security update addresses the issue by ensuring all versions of WCF and WIF
validate the key used to sign SAML tokens correctly.
(CVE-2019-1006)

- A denial of service vulnerability exists in Windows DNS Server when it fails to properly handle DNS queries.
An attacker who successfully exploited this vulnerability could cause the DNS Server service to become
nonresponsive. (CVE-2019-0811)
- An information disclosure vulnerability exists when certain central processing units (CPU) speculatively
access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust
boundaries. (CVE-2019-1125)

See Also

http://www.nessus.org/u?d231fad3
http://www.nessus.org/u?1d422a75

Solution

Apply Security Only update KB4507457 or Cumulative Update KB4507448.

Risk Factor

High

CVSS v3.0 Base Score

192.168.100.4 18
8.4 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.6 (CVSS:3.0/E:P/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

7.3 (CVSS2#E:POC/RL:OF/RC:C)

References

CVE CVE-2019-0785
CVE CVE-2019-0811
CVE CVE-2019-0880
CVE CVE-2019-0887
CVE CVE-2019-1001
CVE CVE-2019-1004
CVE CVE-2019-1006
CVE CVE-2019-1056
CVE CVE-2019-1059
CVE CVE-2019-1063
CVE CVE-2019-1071
CVE CVE-2019-1073
CVE CVE-2019-1082
CVE CVE-2019-1083
CVE CVE-2019-1085
CVE CVE-2019-1086
CVE CVE-2019-1087
CVE CVE-2019-1088
CVE CVE-2019-1089
CVE CVE-2019-1093
CVE CVE-2019-1094
CVE CVE-2019-1095
CVE CVE-2019-1096
CVE CVE-2019-1097
CVE CVE-2019-1102
CVE CVE-2019-1104
CVE CVE-2019-1108
CVE CVE-2019-1113
CVE CVE-2019-1125
CVE CVE-2019-1126
CVE CVE-2019-1130
MSKB 4507448
MSKB 4507457
XREF MSFT:MS19-4507448
XREF MSFT:MS19-4507457

Plugin Information

Published: 2019/07/09, Modified: 2019/08/16

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4507448
- 4507457

C:\Windows\system32\ntoskrnl.exe has not been patched.

Remote version : 6.3.9600.16452
Should be : 6.3.9600.19395
87893 - MS KB3118753: Update for ActiveX Kill Bits

Synopsis

The remote Windows host is missing an update that disables selected ActiveX controls.

Description

The remote Windows host is missing one or more kill bits for ActiveX controls that are known to contain
vulnerabilities.

If any of these ActiveX controls are ever installed on the remote host, either now or in the future, they would
expose the host to various security issues.

Note that the affected controls are from third-party vendors that have asked Microsoft to prevent their controls
from being run in Internet Explorer.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/3118753

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2,
and 10.

Risk Factor

High

CVSS v3.0 Base Score

10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

References

MSKB 3118753

Plugin Information

Published: 2016/01/13, Modified: 2018/11/15

Plugin Output

tcp/445
The kill bit has not been set for the following control :

{D4C0DB38-B682-42A8-AF62-DB9247543354}
71312 - MS13-097: Cumulative Security Update for Internet Explorer (2898785)

Synopsis

The remote host has a web browser that is affected by multiple vulnerabilities.

Description

The remote host is missing Internet Explorer (IE) Security Update 2898785.

The installed version of IE is affected by multiple elevation of privilege and memory corruption vulnerabilities that
could allow an attacker to execute arbitrary code on the remote host.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-13-271/
https://www.zerodayinitiative.com/advisories/ZDI-13-272/
https://www.zerodayinitiative.com/advisories/ZDI-13-273/
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-097

Solution

Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

References

BID 64115
BID 64117
BID 64119
BID 64120
BID 64123
BID 64124
BID 64126
CVE CVE-2013-5045
CVE CVE-2013-5046
CVE CVE-2013-5047
CVE CVE-2013-5048
CVE CVE-2013-5049
CVE CVE-2013-5051
CVE CVE-2013-5052
MSKB 2898785
XREF MSFT:MS13-097

Exploitable With

Core Impact (true) Metasploit (true)

Plugin Information

Published: 2013/12/11, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 2898785
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.16476
72433 - MS14-010: Cumulative Security Update for Internet Explorer (2909921)

Synopsis

The remote host has a web browser that is affected by multiple vulnerabilities.

Description

The remote host is missing Internet Explorer (IE) Security Update 2909921.

The installed version of IE is affected by multiple privilege escalation and memory corruption vulnerabilities that
could allow an attacker to execute arbitrary code on the remote host. Additionally, the installed version of IE is
affected by an information disclosure vulnerability.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-14-021/
https://www.zerodayinitiative.com/advisories/ZDI-14-022/
https://www.zerodayinitiative.com/advisories/ZDI-14-023/
https://www.zerodayinitiative.com/advisories/ZDI-14-024/
https://www.zerodayinitiative.com/advisories/ZDI-14-025/
https://www.zerodayinitiative.com/advisories/ZDI-14-026/
https://www.zerodayinitiative.com/advisories/ZDI-14-027/
https://www.zerodayinitiative.com/advisories/ZDI-14-028/
https://www.zerodayinitiative.com/advisories/ZDI-14-061/
https://www.zerodayinitiative.com/advisories/ZDI-14-062/
https://www.securityfocus.com/archive/1/531600/30/0/threaded
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-010

Solution

Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)
References

BID 65361
BID 65363
BID 65367
BID 65370
BID 65371
BID 65372
BID 65373
BID 65375
BID 65376
BID 65377
BID 65378
BID 65380
BID 65381
BID 65382
BID 65383
BID 65384
BID 65385
BID 65386
BID 65388
BID 65389
BID 65390
BID 65392
BID 65394
BID 65395
CVE CVE-2014-0267
CVE CVE-2014-0268
CVE CVE-2014-0269
CVE CVE-2014-0270
CVE CVE-2014-0271
CVE CVE-2014-0272
CVE CVE-2014-0273
CVE CVE-2014-0274
CVE CVE-2014-0275
CVE CVE-2014-0276
CVE CVE-2014-0277
CVE CVE-2014-0278
CVE CVE-2014-0279
CVE CVE-2014-0280
CVE CVE-2014-0281
CVE CVE-2014-0283
CVE CVE-2014-0284
CVE CVE-2014-0285
CVE CVE-2014-0286
CVE CVE-2014-0287
CVE CVE-2014-0288
CVE CVE-2014-0289
CVE CVE-2014-0290
CVE CVE-2014-0293
MSKB 2909921
XREF MSFT:MS14-010

Plugin Information

Published: 2014/02/12, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 2909921
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.16518

192.168.100.4 190
72434 - MS14-011: Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution
(2928390)

Synopsis

Arbitrary code can be executed on the remote host through the installed VBScript Scripting Engine.

Description

The installed version of the VBScript Scripting Engine has a memory corruption vulnerability due to improper
handling of objects in memory.
If an attacker can trick a user on the system into viewing or opening malicious content, this issue could be
leveraged to execute arbitrary code on the affected system, subject to the user's privileges.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-011

Solution

Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 2008 R2, 7, 8, 8.1, 2012, and 2012
R2.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.9 (CVSS2#E:U/RL:OF/RC:C)

References

BID 65395
CVE CVE-2014-0271
MSKB 2909210
MSKB 2909212
MSKB 2909213
XREF MSFT:MS14-011

Plugin Information

Published: 2014/02/12, Modified: 2018/11/15

192.168.100.4 19
Plugin Output

tcp/445

KB : 2909210
- C:\Windows\system32\Vbscript.dll has not been patched.
Remote version : 5.8.9600.16384
Should be : 5.8.9600.16483
72930 - MS14-012: Cumulative Security Update for Internet Explorer (2925418)

Synopsis

The remote host has a web browser that is affected by multiple vulnerabilities.

Description

The remote host is missing Internet Explorer (IE) Security Update 2925418.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-14-030/
https://www.zerodayinitiative.com/advisories/ZDI-14-031/
https://www.zerodayinitiative.com/advisories/ZDI-14-032/
https://www.zerodayinitiative.com/advisories/ZDI-14-033/
https://www.zerodayinitiative.com/advisories/ZDI-14-034/
https://www.zerodayinitiative.com/advisories/ZDI-14-035/
https://www.zerodayinitiative.com/advisories/ZDI-14-036/
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-012

Solution

Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

References

BID 65551
BID 66023
BID 66025
BID 66026
BID 66027
BID 66028
BID 66029
BID 66030
BID 66031
BID 66032
BID 66033
BID 66034
BID 66035
BID 66036
BID 66037
BID 66038
BID 66039
BID 66040
BID 70266
CVE CVE-2014-0297
CVE CVE-2014-0298
CVE CVE-2014-0299
CVE CVE-2014-0302
CVE CVE-2014-0303
CVE CVE-2014-0304
CVE CVE-2014-0305
CVE CVE-2014-0306
CVE CVE-2014-0307
CVE CVE-2014-0308
CVE CVE-2014-0309
CVE CVE-2014-0311
CVE CVE-2014-0312
CVE CVE-2014-0313
CVE CVE-2014-0314
CVE CVE-2014-0321
CVE CVE-2014-0322
CVE CVE-2014-0324
CVE CVE-2014-4112
MSKB 2925418
XREF CERT:732479
XREF EDB-ID:32851
XREF EDB-ID:32438
XREF EDB-ID:32904
XREF MSFT:MS14-012

Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)

Plugin Information

Published: 2014/03/11, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 2925418
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.16521
73415 - MS14-018: Cumulative Security Update for Internet Explorer (2950467)

Synopsis

The remote host has a web browser that is affected by multiple vulnerabilities.

Description

The remote host is missing Internet Explorer (IE) Security Update 2950467.

The installed version of IE is affected by multiple memory corruption vulnerabilities that could allow an attacker to
execute arbitrary code on the remote host.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-018
https://www.zerodayinitiative.com/advisories/ZDI-14-078/

Solution

Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

References

BID 66646
BID 66647
BID 66648
BID 66652
BID 66653
BID 66654
CVE CVE-2014-0325
CVE CVE-2014-1751
CVE CVE-2014-1752
CVE CVE-2014-1753
CVE CVE-2014-1755
CVE CVE-2014-1760
MSKB 2936068
XREF MSFT:MS14-018

Plugin Information

Published: 2014/04/08, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 2936068
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.16659
73805 - MS14-021: Security Update for Internet Explorer (2965111)

Synopsis

The remote host has a web browser that is affected by a memory corruption vulnerability.

Description

The remote host is missing Internet Explorer (IE) Security Update 2965111.

The installed version of IE is affected by a memory corruption vulnerability that could allow an attacker to
execute arbitrary code on the remote host.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-021

Solution

Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

References

BID 67075
CVE CVE-2014-1776
MSKB 2964358
MSKB 2964444
XREF CERT:222929
XREF MSFT:MS14-021

Exploitable With

Core Impact (true)

Plugin Information
Published: 2014/05/01, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 2964444
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.16661
73988 - MS14-029: Security Update for Internet Explorer (2962482)

Synopsis

The remote host has a web browser that is affected by multiple memory corruption vulnerabilities.

Description

The remote host is missing Internet Explorer (IE) Security Update 2962482.

The installed version of IE is affected by multiple memory corruption vulnerabilities that could allow an attacker to
execute arbitrary code on the remote host.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-029

Solution

Microsoft has released a set of patches for 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

References

BID 67299
BID 67301
CVE CVE-2014-0310
CVE CVE-2014-1815
MSKB 2953522
MSKB 2961851
XREF EDB-ID:34458
XREF MSFT:MS14-029

Plugin Information

Published: 2014/05/14, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 2961851
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.16663
74427 - MS14-035: Cumulative Security Update for Internet Explorer (2969262)

Synopsis

The remote host has a web browser that is affected by multiple vulnerabilities.

Description

The remote host is missing Internet Explorer (IE) Security Update 2969262.

The version of Internet Explorer installed on the remote host is affected by multiple vulnerabilities, the majority of
which are remote code execution vulnerabilities. An attacker could exploit these vulnerabilities by convincing a
user to visit a specially crafted web page.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-035
https://www.securityfocus.com/archive/1/532798/30/0/threaded
https://www.securityfocus.com/archive/1/532799/30/0/threaded
https://www.zerodayinitiative.com/advisories/ZDI-14-194/
https://www.zerodayinitiative.com/advisories/ZDI-14-193/
https://www.zerodayinitiative.com/advisories/ZDI-14-192/
https://www.zerodayinitiative.com/advisories/ZDI-14-191/
https://www.zerodayinitiative.com/advisories/ZDI-14-190/
https://www.zerodayinitiative.com/advisories/ZDI-14-189/
https://www.zerodayinitiative.com/advisories/ZDI-14-188/
https://www.zerodayinitiative.com/advisories/ZDI-14-187/
https://www.zerodayinitiative.com/advisories/ZDI-14-186/
https://www.zerodayinitiative.com/advisories/ZDI-14-185/
https://www.zerodayinitiative.com/advisories/ZDI-14-184/
https://www.zerodayinitiative.com/advisories/ZDI-14-183/
https://www.zerodayinitiative.com/advisories/ZDI-14-182/
https://www.zerodayinitiative.com/advisories/ZDI-14-181/
https://www.zerodayinitiative.com/advisories/ZDI-14-180/
https://www.zerodayinitiative.com/advisories/ZDI-14-179/
https://www.zerodayinitiative.com/advisories/ZDI-14-178/
https://www.zerodayinitiative.com/advisories/ZDI-14-177/
https://www.zerodayinitiative.com/advisories/ZDI-14-176/
https://www.zerodayinitiative.com/advisories/ZDI-14-175/
https://www.zerodayinitiative.com/advisories/ZDI-14-174/
https://www.zerodayinitiative.com/advisories/ZDI-14-140/
Solution

Microsoft has released a set of patches for Internet Explorer 6, 7, 8, 9, 10, and 11.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

References

BID 67295
BID 67511
BID 67518
BID 67544
BID 67827
BID 67831
BID 67833
BID 67834
BID 67835
BID 67836
BID 67838
BID 67839
BID 67840
BID 67841
BID 67842
BID 67843
BID 67845
BID 67846
BID 67847
BID 67848
BID 67849
BID 67850
BID 67851
BID 67852
BID 67854
BID 67855
BID 67856
BID 67857
BID 67858
BID 67859
BID 67860
BID 67861
BID 67862
BID 67864
BID 67866
BID 67867
BID 67869
BID 67871
BID 67873
BID 67874
BID 67875
BID 67876
BID 67877
BID 67878
BID 67879
BID 67880
BID 67881
BID 67882
BID 67883
BID 67884
BID 67885
BID 67886
BID 67887
BID 67889
BID 67890
BID 67891
BID 67892
BID 67915
BID 68101
CVE CVE-2014-0282
CVE CVE-2014-1762
CVE CVE-2014-1764
CVE CVE-2014-1766
CVE CVE-2014-1769
CVE CVE-2014-1770
CVE CVE-2014-1771
CVE CVE-2014-1772
CVE CVE-2014-1773
CVE CVE-2014-1774
CVE CVE-2014-1775
CVE CVE-2014-1777
CVE CVE-2014-1778
CVE CVE-2014-1779
CVE CVE-2014-1780
CVE CVE-2014-1781
CVE CVE-2014-1782
CVE CVE-2014-1783
CVE CVE-2014-1784
CVE CVE-2014-1785
CVE CVE-2014-1786
CVE CVE-2014-1788
CVE CVE-2014-1789
CVE CVE-2014-1790
CVE CVE-2014-1791
CVE CVE-2014-1792
CVE CVE-2014-1794
CVE CVE-2014-1795
CVE CVE-2014-1796
CVE CVE-2014-1797
CVE CVE-2014-1799
CVE CVE-2014-1800
CVE CVE-2014-1802
CVE CVE-2014-1803
CVE CVE-2014-1804
CVE CVE-2014-1805
CVE CVE-2014-2753
CVE CVE-2014-2754
CVE CVE-2014-2755
CVE CVE-2014-2756
CVE CVE-2014-2757
CVE CVE-2014-2758
CVE CVE-2014-2759
CVE CVE-2014-2760
CVE CVE-2014-2761
CVE CVE-2014-2763
CVE CVE-2014-2764
CVE CVE-2014-2765
CVE CVE-2014-2766
CVE CVE-2014-2767
CVE CVE-2014-2768
CVE CVE-2014-2769
CVE CVE-2014-2770
CVE CVE-2014-2771
CVE CVE-2014-2772
CVE CVE-2014-2773
CVE CVE-2014-2775
CVE CVE-2014-2776
CVE CVE-2014-2777
CVE CVE-2014-2782
MSKB 2957689
MSKB 2963950
XREF CERT:239151
XREF EDB-ID:33860
XREF EDB-ID:35213
XREF MSFT:MS14-035

Exploitable With

Core Impact (true)

Plugin Information

Published: 2014/06/11, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 2963950
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.16668
74428 - MS14-036: Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code
Execution (2967487)

Synopsis

The remote Windows host is affected by multiple remote code execution vulnerabilities.

Description

The version of Microsoft's Graphics Component installed on the remote host is affected by code execution
vulnerabilities due to the way GDI+ handles image record types in specially crafted files. A remote,
unauthenticated attacker could exploit these issues by tricking a user into viewing content that contains
malicious files, which could result in arbitrary code execution.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-036

Solution

Microsoft has released a set of patches for Windows Server 2003, Vista, Server 2008, 7, 2008 R2, 8, 8.1, 2012,
2012 R2, Office 2007, Office 2010, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013, and
Lync Basic 2013.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.9 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 67897
BID 67904
CVE CVE-2014-1817
CVE CVE-2014-1818
MSKB 2957503
MSKB 2957509
MSKB 2964736
MSKB 2965155
MSKB 2964718
MSKB 2878233
MSKB 2881069
MSKB 2863942
MSKB 2881071
MSKB 2963285
MSKB 2963282
MSKB 2963284
MSKB 2881013
MSKB 2965161
MSKB 2968966
XREF MSFT:MS14-036
XREF IAVA:2014-A-0080

Plugin Information

Published: 2014/06/11, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 2965161
- C:\Windows\system32\Fntcache.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.16662
76406 - MS14-037: Cumulative Security Update for Internet Explorer (2975687)

Synopsis

The remote host has a web browser that is affected by multiple vulnerabilities.

Description

The remote host is missing Internet Explorer (IE) Security Update 2975687.

See Also

https://www.securityfocus.com/archive/1/532797/30/0/threaded
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-037
https://www.zerodayinitiative.com/advisories/ZDI-14-217/

Solution

Microsoft has released a set of patches for Internet Explorer 6, 7, 8, 9, 10, and 11.

Risk Factor

High

CVSS v3.0 Base Score

8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.1 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.9 (CVSS2#E:U/RL:OF/RC:C)

References

BID 66200
BID 66244
BID 68369
BID 68371
BID 68372
BID 68373
BID 68374
BID 68375
BID 68376
BID 68377
BID 68378
BID 68379
BID 68380
BID 68381
BID 68382
BID 68383
BID 68384
BID 68385
BID 68386
BID 68387
BID 68388
BID 68389
BID 68390
BID 68391
BID 70103
CVE CVE-2014-1763
CVE CVE-2014-1765
CVE CVE-2014-2783
CVE CVE-2014-2785
CVE CVE-2014-2786
CVE CVE-2014-2787
CVE CVE-2014-2788
CVE CVE-2014-2789
CVE CVE-2014-2790
CVE CVE-2014-2791
CVE CVE-2014-2792
CVE CVE-2014-2794
CVE CVE-2014-2795
CVE CVE-2014-2797
CVE CVE-2014-2798
CVE CVE-2014-2800
CVE CVE-2014-2801
CVE CVE-2014-2802
CVE CVE-2014-2803
CVE CVE-2014-2804

192.168.100.4 210
CVE CVE-2014-2806
CVE CVE-2014-2807
CVE CVE-2014-2809
CVE CVE-2014-2813
CVE CVE-2014-4066
MSKB 2962872
MSKB 2963952
XREF MSFT:MS14-037

Plugin Information

Published: 2014/07/08, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 2963952
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.16672

192.168.100.4 21
76408 - MS14-039: Vulnerability in On-Screen Keyboard Could Allow Elevation of Privilege (2975685)

Synopsis

The remote Windows host is affected by a privilege escalation vulnerability.

Description

A privilege escalation vulnerability exists on the remote Windows host due to improper handling of low integrity
processes with the On- Screen Keyboard (OSK). A local attacker could exploit this vulnerability to execute
arbitrary code on the remote host under the privileges of the current user.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-039

Solution

Microsoft has released a set of patches for Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

High

CVSS Base Score

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.3 (CVSS2#E:F/RL:OF/RC:C)

STIG Severity

References

BID 68397
CVE CVE-2014-2781
MSKB 2973201
MSKB 2973906
XREF MSFT:MS14-039
XREF IAVA:2014-A-0096

Exploitable With

Core Impact (true)

Plugin Information

Published: 2014/07/08, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 2973906
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.3.9600.16650
Should be : 6.3.9600.16671
76409 - MS14-040: Vulnerability in Ancillary Function Driver (AFD) Could Allow Elevation of Privilege
(2975684)

Synopsis

The remote Windows host contains a driver that allows elevation of privilege.

Description

The remote Windows host contains a version of the Ancillary Function Driver (afd.sys) that is affected by a
privilege escalation vulnerability. The flaw is due to the Ancillary Function Driver not properly processing user-
supplied input, leading to a double free scenario, allowing a local attacker to elevate privileges by running a
specially crafted application.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-040
https://www.zerodayinitiative.com/advisories/ZDI-14-220/

Solution

Microsoft has released a set of patches for Windows 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8,
2012, 8.1, and 2012 R2.

Risk Factor

High

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.3 (CVSS2#E:H/RL:OF/RC:C)

References

BID 68394
CVE CVE-2014-1767
MSKB 2973408
MSKB 2961072
XREF MSFT:MS14-040

Exploitable With

CANVAS (true) Core Impact (true)

Plugin Information

Published: 2014/07/08, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 2973408
- C:\Windows\system32\drivers\Afd.sys has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.16668
77167 - MS14-049: Vulnerability in Windows Installer Service Could Allow Elevation of Privilege
(2962490)

Synopsis

The remote Windows host is affected by a privilege escalation vulnerability.

Description

A privilege escalation vulnerability exists on the remote Windows host due to improper handling of the repair
functionality in the Windows installer service. A local attacker could exploit this vulnerability to execute arbitrary
code on the remote host under the privileges of the system administrator.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-049

Solution

Microsoft has released a set of patches for 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

High

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

5.3 (CVSS2#E:U/RL:OF/RC:C)

References

BID 69112
CVE CVE-2014-1814
MSKB 2918614
XREF MSFT:MS14-049

Plugin Information

Published: 2014/08/12, Modified: 2018/11/15

Plugin Output

tcp/445
KB : 2918614
- C:\Windows\system32\msi.dll has not been patched.
Remote version : 5.0.9600.16384
Should be : 5.0.9600.17198
77574 - MS14-054: Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege
(2988948)

Synopsis

The remote Windows host is affected by a privilege escalation vulnerability.

Description

The remote Windows host is affected by a privilege escalation vulnerability. The vulnerability is due to improperly
conducted integrity checks on tasks by Windows Task Scheduler. An authenticated attacker can exploit this
vulnerability to execute arbitrary code in the context of the local system user.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-054

Solution

Microsoft has released a set of patches for Windows 8, 2012, 8.1, and 2012 R2.

Risk Factor

High

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

5.3 (CVSS2#E:U/RL:OF/RC:C)

References

BID 69593
CVE CVE-2014-4074
MSKB 2988948
XREF MSFT:MS14-054

Plugin Information

Published: 2014/09/10, Modified: 2018/11/15

Plugin Output

tcp/445
KB : 2988948
- C:\Windows\system32\Schedsvc.dll has not been patched.
Remote version : 6.3.9600.16502
Should be : 6.3.9600.17276
78433 - MS14-058: Vulnerabilities in Kernel-Mode Driver Could Allow Remote Code Execution
(3000061)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is affected by multiple vulnerabilities :

- A privilege escalation vulnerability allows an attacker to run arbitrary code in kernel mode due to the kernel-
mode driver improperly handling objects in memory. (CVE-2014-4113)

- A remote code execution vulnerability allows a remote attacker to run arbitrary code in kernel mode due to the
kernel-mode driver improperly handling TrueType fonts.
An attacker can exploit this vulnerability by convincing a user to open a file or visit a website containing a
specially crafted TrueType font file. (CVE-2014-4148)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-058

Solution

Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

References

BID 70364
BID 70429
CVE CVE-2014-4113
CVE CVE-2014-4148
MSKB 3000061
XREF EDB-ID:35101
XREF MSFT:MS14-058

192.168.100.4 220
Exploitable With

Core Impact (true) Metasploit (true)

Plugin Information

Published: 2014/10/15, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3000061
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.3.9600.16650
Should be : 6.3.9600.17353

192.168.100.4 22
78435 - MS14-060: Vulnerability in Windows OLE Could Allow Remote Code Execution (3000869)

Synopsis

The remote Windows host is affected by a remote code execution vulnerability.

Description

The remote Windows host is affected by a remote code execution vulnerability due to improperly handled OLE
objects. An attacker can exploit this vulnerability by convincing a user to open a file containing a specially crafted
OLE object, resulting in execution of arbitrary code in the context of the current user.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-060

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

References

BID 70419
CVE CVE-2014-4114
MSKB 3000869
XREF EDB-ID:35019
XREF EDB-ID:35055
XREF MSFT:MS14-060

Exploitable With

CANVAS (true) Core Impact (true) Metasploit (true)

Plugin Information

Published: 2014/10/15, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3000869
- C:\Windows\system32\packager.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.17341
79125 - MS14-064: Vulnerabilities in Windows OLE Could Allow Remote Code Execution (3011443)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is affected by multiple vulnerabilities :

- A remote code execution vulnerability due to Internet Explorer improperly handling access to objects in
memory. A remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website
in Internet Explorer, resulting in execution of arbitrary code in the context of the current user.
(CVE-2014-6332)

- A remote code execution vulnerability due to a flaw in the OLE package manager. A remote attacker can
exploit this vulnerability by convincing a user to open an Office file containing specially crafted OLE objects,
resulting in execution of arbitrary code in the context of the current user. (CVE-2014-6352)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-064

Solution

Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

References

BID 70690
BID 70952
CVE CVE-2014-6332
CVE CVE-2014-6352
MSKB 3006226
MSKB 3010788
XREF CERT:158647
XREF EDB-ID:35229
XREF MSFT:MS14-064

Exploitable With

CANVAS (true) Core Impact (true) Metasploit (true)

Plugin Information

Published: 2014/11/11, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3010788
- C:\Windows\system32\packager.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.17408
79311 - MS14-068: Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780)
(ESKIMOROLL)

Synopsis

The remote implementation of Kerberos KDC is affected by a privilege escalation vulnerability.

Description

The remote Windows host is affected by a privilege escalation vulnerability due to the Kerberos Key Distribution
Center (KDC) implementation not properly validating signatures. A remote attacker can exploit this vulnerability
to elevate an unprivileged domain user account to a domain administrator account.

ESKIMOROLL is one of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/14 by a group
known as the Shadow Brokers.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-068

Solution

Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

High

CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

8.4 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Temporal Score

7.8 (CVSS2#E:H/RL:OF/RC:C)

STIG Severity

I
References

BID 70958
CVE CVE-2014-6324
MSKB 3011780
XREF CERT:213119
XREF IAVA:2014-A-0180
XREF MSFT:MS14-068

Exploitable With

CANVAS (true) Core Impact (true)

Plugin Information

Published: 2014/11/18, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3011780
- C:\Windows\system32\kerberos.dll has not been patched.
Remote version : 6.3.9600.16408
Should be : 6.3.9600.17423
79132 - MS14-072: Vulnerability in .NET Framework Could Allow Elevation of Privilege (3005210)

Synopsis

The version of the .NET Framework installed on the remote host is affected by a privilege elevation vulnerability.

Description

The remote Windows host has a version of the Microsoft .NET Framework that is affected by a vulnerability
related to how it handles TypeFilterLevel checks for some malformed objects. This can be used by a remote
attacker to gain privilege elevation via a specially crafted packet sent to a host that is using .NET Remoting.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-072

Solution

Microsoft has released a set of patches for .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1, and
4.5.2.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.9 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 70979
CVE CVE-2014-4149
MSKB 2978114
MSKB 2978116
MSKB 2978120
MSKB 2978121
MSKB 2978122
MSKB 2978124
MSKB 2978125
MSKB 2978126
MSKB 2978127
MSKB 2978128
XREF MSFT:MS14-072
XREF IAVA:2014-A-0173

Plugin Information

Published: 2014/11/12, Modified: 2018/11/15

Plugin Output

tcp/445

- C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.runtime.remoting.dll has not been patched.

Remote version : 4.0.30319.34107
Should be : 4.0.30319.34243
79138 - MS14-079: Vulnerability in Kernel-Mode Driver Could Allow Denial of Service (3002885)

Synopsis

The remote Windows host is affected by denial of service vulnerability.

Description

The remote Windows host is affected by a denial of service vulnerability due to the Windows kernel-mode driver
not properly validating array indexes when loading TrueType font files. An attacker can exploit this vulnerability
by convincing a user to open a file or visit a website containing a specially crafted TrueType font file, resulting in
a restart of the user's system.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-079

Solution

Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

High

CVSS Base Score

7.1 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)

CVSS Temporal Score

5.3 (CVSS2#E:U/RL:OF/RC:C)

References

BID 70949
CVE CVE-2014-6317
MSKB 3002885
XREF MSFT:MS14-079

Plugin Information

Published: 2014/11/12, Modified: 2018/11/15

Plugin Output

tcp/445

192.168.100.4 230
KB : 3002885
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.3.9600.16650
Should be : 6.3.9600.17393

192.168.100.4 23
80490 - MS15-001: Vulnerability in Windows Application Compatibility Cache Could Allow Elevation
of Privilege (3023266)

Synopsis

The remote Windows host is affected by a privilege escalation vulnerability.

Description

The remote Windows host is affected by a privilege escalation vulnerability due to improper validation of the
authorization of a caller's impersonation token in the Microsoft Windows Application Compatibility Infrastructure
(AppCompat) component. A local attacker, with a specially crafted program, can bypass the authorization check
to create cache entries, resulting in an escalation of privileges.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-001

Solution

Microsoft has released a set of patches for Windows 2008, 7, 2008 R2, 8, 8.1, 2012 and 2012 R2.

Risk Factor

High

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.3 (CVSS2#E:H/RL:OF/RC:C)

References

BID 71972
CVE CVE-2015-0002
MSKB 3023266
XREF MSFT:MS15-001

Exploitable With

Metasploit (true)

Plugin Information

Published: 2015/01/13, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3023266
- C:\Windows\system32\drivers\ahcache.sys has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.17555
80492 - MS15-003: Vulnerability in Windows User Profile Service Could Allow Elevation of Privilege
(3021674)

Synopsis

The remote Windows host is affected by a privilege escalation vulnerability.

Description

The remote Windows host is affected by a privilege escalation vulnerability due to improper validation of user
privilege in the Windows User Profile Service (ProfSvc). A local attacker, with a specially crafted application, can
load registry hives associated with other user accounts to execute arbitrary code with elevated permissions.

See Also

https://support.microsoft.com/en-us/help/3021674/ms15-003-vulnerability-in-windows-user-profile-service-could-
allow-ele
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-003

Solution

Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

High

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.3 (CVSS2#E:H/RL:OF/RC:C)

STIG Severity

References

BID 71967
CVE CVE-2015-0004
MSKB 3021674
XREF MSFT:MS15-003
XREF IAVA:2015-A-0008
Plugin Information

Published: 2015/01/13, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3021674
- C:\Windows\system32\profsvc.dll has not been patched.
Remote version : 6.3.9600.16425
Should be : 6.3.9600.17552
81262 - MS15-009: Security Update for Internet Explorer (3034682)

Synopsis

The remote host has a web browser installed that is affected by multiple vulnerabilities.

Description

The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3034682. It
is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities.
An attacker can exploit these by convincing a user to visit a specially crafted web page.

Hosts running Internet Explorer 9, Internet Explorer 10, or Internet Explorer 11 will not be fully protected until
both security update 3021952 and security update 3034196 are applied to the system.
Security update 3034196 may require manual installation depending on your patching method.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-009
https://www.zerodayinitiative.com/advisories/ZDI-14-403/

Solution

Microsoft has released a set of patches for Internet Explorer 6, 7, 8, 9, 10, and 11.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

References

BID 71483
BID 72402
BID 72403
BID 72404
BID 72409
BID 72410
BID 72411
BID 72412
BID 72413
BID 72414
BID 72415
BID 72416
BID 72417
BID 72418
BID 72419
BID 72420
BID 72421
BID 72422
BID 72423
BID 72424
BID 72425
BID 72426
BID 72436
BID 72437
BID 72438
BID 72439
BID 72440
BID 72441
BID 72442
BID 72443
BID 72444
BID 72445
BID 72446
BID 72447
BID 72448
BID 72453
BID 72454
BID 72455
BID 72478
BID 72479
BID 72480
CVE CVE-2014-8967
CVE CVE-2015-0017
CVE CVE-2015-0018
CVE CVE-2015-0019
CVE CVE-2015-0020
CVE CVE-2015-0021
CVE CVE-2015-0022
CVE CVE-2015-0023
CVE CVE-2015-0025
CVE CVE-2015-0026
CVE CVE-2015-0027
CVE CVE-2015-0028
CVE CVE-2015-0029
CVE CVE-2015-0030
CVE CVE-2015-0031
CVE CVE-2015-0035
CVE CVE-2015-0036
CVE CVE-2015-0037
CVE CVE-2015-0038
CVE CVE-2015-0039
CVE CVE-2015-0040
CVE CVE-2015-0041
CVE CVE-2015-0042
CVE CVE-2015-0043
CVE CVE-2015-0044
CVE CVE-2015-0045
CVE CVE-2015-0046
CVE CVE-2015-0048
CVE CVE-2015-0049
CVE CVE-2015-0050
CVE CVE-2015-0051
CVE CVE-2015-0052
CVE CVE-2015-0053
CVE CVE-2015-0054
CVE CVE-2015-0055
CVE CVE-2015-0066
CVE CVE-2015-0067
CVE CVE-2015-0068
CVE CVE-2015-0069
CVE CVE-2015-0070
CVE CVE-2015-0071
MSKB 3021952
MSKB 3034196
XREF MSFT:MS15-009

Plugin Information

Published: 2015/06/05, Modified: 2018/11/15

Plugin Output

tcp/445
KB : 3021952
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.17631

KB : 3034196
- C:\Windows\system32\jscript9.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.17640
81263 - MS15-010: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code
Execution (3036220)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security patch. It is, therefore, affected by the following vulnerabilities :

- A privilege escalation vulnerability exists in the Windows kernel-mode driver that is caused by improperly
handling objects in memory. (CVE-2015-0003, CVE-2015-0057)

- A security feature bypass vulnerability exists in the Cryptography Next Generation kernel-mode driver when
failing to properly validate and enforce impersonation levels. (CVE-2015-0010)

- A privilege escalation vulnerability exists in the Windows kernel-mode driver due to a double-free condition.
(CVE-2015-0058)

- A remote code execution vulnerability exists in the Windows kernel-mode driver that is caused when improperly
handling TrueType fonts. (CVE-2015-0059)

- A denial of service vulnerability exists in the Windows kernel-mode driver that is caused when the Windows
font mapper attempts to scale a font.
(CVE-2015-0060)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-010

Solution

Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

High

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.3 (CVSS2#E:H/RL:OF/RC:C)

References

BID 72457

192.168.100.4 240
BID 72461
BID 72466
BID 72468
BID 72470
BID 72472
CVE CVE-2015-0003
CVE CVE-2015-0010
CVE CVE-2015-0057
CVE CVE-2015-0058
CVE CVE-2015-0059
CVE CVE-2015-0060
MSKB 3013455
MSKB 3023562
MSKB 3036220
XREF MSFT:MS15-010

Exploitable With

Core Impact (true)

Plugin Information

Published: 2015/02/10, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3013455
- C:\Windows\system32\win32k.sys has not been patched.
Remote version : 6.3.9600.16650
Should be : 6.3.9600.17630

192.168.100.4 24
81264 - MS15-011: Vulnerability in Group Policy Could Allow Remote Code Execution (3000483)

Synopsis

The remote Windows host is affected by a remote code execution vulnerability.

Description

The remote Windows host is affected by a remote code execution vulnerability due to how the Group Policy
service manages policy data when a domain-joined system connects to a domain controller. An attacker, using a
controlled network, can exploit this to gain complete control of the host.

Note that Microsoft has no plans to release an update for Windows 2003 even though it is affected by this
vulnerability.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-011

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

7.7 (CVSS2#E:F/RL:OF/RC:C)

STIG Severity

References

BID 72477
CVE CVE-2015-0008
MSKB 3000483
XREF CERT:787252
XREF MSFT:MS15-011
XREF IAVA:2015-A-0033
Exploitable With

Core Impact (true)

Plugin Information

Published: 2015/02/10, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3000483
- C:\Windows\system32\gpsvc.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.17630

Note that in addition to applying the patch, the GPO setting

"Hardened UNC Paths" needs to be enabled.
81268 - MS15-015: Vulnerability in Microsoft Windows Could Allow Elevation of Privilege (3031432)

Synopsis

The remote Windows host is affected by a privilege escalation vulnerability.

Description

The remote Windows host is affected by a privilege escalation vulnerability due to improper validation of the
authorization of a caller's impersonation token when the caller's process uses SeAssignPrimaryTokenPrivilege.
A local attacker, using a specially crafted program, can bypass the authorization check, resulting in an escalation
of privileges.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-015

Solution

Microsoft has released a set of patches for Windows 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

High

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

5.3 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 72458
CVE CVE-2015-0062
MSKB 3031432
XREF MSFT:MS15-015
XREF IAVA:2015-A-0035

Plugin Information

Published: 2015/02/10, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3031432
- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.3.9600.16452
Should be : 6.3.9600.17630
81733 - MS15-018: Cumulative Security Update for Internet Explorer (3032359)

Synopsis

The remote host has a web browser installed that is affected by multiple vulnerabilities.

Description

The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3032359. It
is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities.
An attacker can exploit these by convincing a user to visit a specially crafted website.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-018

Solution

Microsoft has released a set of patches for Internet Explorer 6, 7, 8, 9, 10, and 11.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

References

BID 72489
BID 72910
BID 72923
BID 72924
BID 72925
BID 72926
BID 72927
BID 72928
BID 72929
BID 72930
BID 72931
BID 72932
CVE CVE-2015-0032
CVE CVE-2015-0056
CVE CVE-2015-0072
CVE CVE-2015-0099
CVE CVE-2015-0100
CVE CVE-2015-1622
CVE CVE-2015-1623
CVE CVE-2015-1624
CVE CVE-2015-1625
CVE CVE-2015-1626
CVE CVE-2015-1627
CVE CVE-2015-1634
MSKB 3032359
XREF MSFT:MS15-018

Plugin Information

Published: 2015/03/10, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3032359
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.17690
81735 - MS15-020: Vulnerabilities in Microsoft Windows Could Allow Remote Code Execution
(3041836) (EASYHOOKUP)

Synopsis

The remote Windows host is affected by multiple remote code execution vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by the following vulnerabilities :

- A remote code execution vulnerability exists in Windows Text Services due to improper handling of objects in
memory. A remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website
or open a specially crafted file, resulting in the execution of arbitrary code. (CVE-2015-0059)

- A remote code execution vulnerability exists due to improper loading of DLL files. A remote attacker can exploit
this vulnerability by convincing a user to visit a specially crafted website or remote network share, resulting in the
execution of arbitrary code.
(CVE-2015-0096) (EASYHOOKUP)

EASYHOOKUP is one of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/14 by a
group known as the Shadow Brokers.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-020

Solution

Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

High

CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

8.4 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity

References

BID 72886
BID 72894
CVE CVE-2015-0081
CVE CVE-2015-0096
MSKB 3033889
MSKB 3039066
XREF MSFT:MS15-020
XREF IAVA:2015-A-0053

Exploitable With

CANVAS (true) Metasploit (true)

Plugin Information

Published: 2015/03/10, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3033889
- C:\Windows\system32\msctf.dll has not been patched.
Remote version : 6.3.9600.16418
Should be : 6.3.9600.17664
81736 - MS15-021: Vulnerabilities in Adobe Font Driver Could Allow Remote Code Execution
(3032323)

Synopsis

The Adobe Font driver on the remote host is affected by multiple vulnerabilities.

Description

The remote Windows host is affected by the following vulnerabilities in the Adobe Font driver :

- A flaw exists in the Adobe Font Driver due to improper allocation of memory. This allows a remote attacker,
using a specially crafted font in a file or website, to cause a denial of service. (CVE-2015-0074)

- Multiple flaws exist in the Adobe Font Driver that allow a remote attacker, using specially crafted fonts, to obtain
sensitive information from kernel memory.
(CVE-2015-0087, CVE-2015-0089)

- Multiple flaws exist in the Adobe Font Driver due to improper validation of user-supplied input. A remote
attacker can exploit this, using a specially crafted font in a file or website, to execute arbitrary code.
(CVE-2015-0088, CVE-2015-0090, CVE-2015-0091, CVE-2015-0092, CVE-2015-0093)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-021

Solution

Microsoft has released a set of patches for 2003, Vista, 2008, 7, 2008 R2, 8, Windows RT, 2012, 8.1, Windows
RT 8.1, and 2012 R2.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.9 (CVSS2#E:U/RL:OF/RC:C)

References

BID 72892
BID 72893
BID 72896
BID 72898

192.168.100.4 250
BID 72904
BID 72905
BID 72906
BID 72907
CVE CVE-2015-0074
CVE CVE-2015-0087
CVE CVE-2015-0088
CVE CVE-2015-0089
CVE CVE-2015-0090
CVE CVE-2015-0091
CVE CVE-2015-0092
CVE CVE-2015-0093
MSKB 3032323
XREF MSFT:MS15-021

Plugin Information

Published: 2015/03/10, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3032323
- C:\Windows\system32\atmfd.dll has not been patched.
Remote version : 5.1.2.238
Should be : 5.1.2.241

192.168.100.4 25
81739 - MS15-025: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (3038680)

Synopsis

The remote Windows host is affected by multiple privilege escalation vulnerabilities.

Description

The remote Windows host is affected by multiple privilege escalation vulnerabilities :

- An elevation of privilege vulnerability exists due to Windows Registry Virtualization improperly allowing
a user to modify the virtual store of another user. A local attacker, with a specially crafted application, can
exploit this vulnerability to take control of the account of another user who is logged on to the affected system.
(CVE-2015-0073)

- An elevation of privilege vulnerability exists due to a failure to properly validate and enforce impersonation
levels. A local attacker, with a specially crafted application, can exploit this vulnerability to bypass user account
checks. (CVE-2015-0075)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-025

Solution

Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

KB3035131 (MS15-025) has affected binaries in common with Security Advisory 3033929, which was released
simultaneously. If you download and install updates manually, you should first install KB3035131 (MS15-025)
before installing KB3033929. See the MS15-025 bulletin Update FAQ for more information.

Risk Factor

High

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.3 (CVSS2#E:H/RL:OF/RC:C)

STIG Severity

References

BID 72908
BID 72915
CVE CVE-2015-0073
CVE CVE-2015-0075
MSKB 3038680
MSKB 3035131
MSKB 3033929
MSKB 3033395
XREF MSFT:MS15-025
XREF IAVA:2015-A-0048

Plugin Information

Published: 2015/03/10, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3035131
- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.3.9600.16452
Should be : 6.3.9600.17668
81742 - MS15-028: Vulnerability in Windows Task Scheduler Could Allow Security Feature Bypass
(3030377)

Synopsis

The remote Windows host is affected by a security bypass vulnerability.

Description

The remote Windows host is affected by a security bypass vulnerability due to Windows Task Scheduler not
properly validating and enforcing impersonation levels. Attackers can exploit this flaw to elevate privileges in
order to execute files they have no permission to run.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-028

Solution

Microsoft has released a set of patches for Windows 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

High

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

5.3 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 72913
CVE CVE-2015-0084
MSKB 3030377
XREF MSFT:MS15-028
XREF IAVB:2015-B-0037

Plugin Information

Published: 2015/03/10, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3030377
- C:\Windows\system32\ubpm.dll has not been patched.
Remote version : 6.3.9600.16469
Should be : 6.3.9600.17671
82770 - MS15-032: Cumulative Security Update for Internet Explorer (3038314)

Synopsis

The remote host has a web browser installed that is affected by multiple vulnerabilities.

Description

The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3038314. It
is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities.
An attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website.

Note that KB3038314 was updated on April 22, 2015, for Internet Explorer for Windows Server 2003. If this
update was installed prior to April 22, it will need to be reinstalled to be fully protected.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-032

Solution

Microsoft has released a set of patches for Internet Explorer 6, 7, 8, 9, 10, and 11.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

References

BID 73990
BID 73993
BID 73994
BID 73996
BID 73997
BID 74000
BID 74001
BID 74003
BID 74004
BID 74006
CVE CVE-2015-1652
CVE CVE-2015-1657
CVE CVE-2015-1659
CVE CVE-2015-1660
CVE CVE-2015-1661
CVE CVE-2015-1662
CVE CVE-2015-1665
CVE CVE-2015-1666
CVE CVE-2015-1667
CVE CVE-2015-1668
MSKB 3038314
XREF MSFT:MS15-032

Plugin Information

Published: 2015/04/14, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3038314
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.17728
82774 - MS15-038: Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3049576)

Synopsis

The remote Windows host is affected by multiple privilege escalation vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple privilege escalation
vulnerabilities :

- A elevation of privilege vulnerability exists due to NtCreateTransactionManager type confusion that allows an
authenticated attacker to bypass impersonation-level security checks by running a specially crafted application.
(CVE-2015-1643)

- A elevation of privilege vulnerability exists due to a MS-DOS device name handling flaw that allows an
authenticated attacker to bypass impersonation-level security checks by running a specially crafted application.
(CVE-2015-1644)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-038

Solution

Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

High

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.0 (CVSS2#E:F/RL:OF/RC:C)

STIG Severity

References

BID 73998
BID 74014
CVE CVE-2015-1643
CVE CVE-2015-1644
MSKB 3045685
MSKB 3045999
XREF MSFT:MS15-038
XREF IAVA:2015-A-0091

Exploitable With

Core Impact (true)

Plugin Information

Published: 2015/04/14, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3045999
- C:\Windows\system32\ntdll.dll has not been patched.
Remote version : 6.3.9600.16502
Should be : 6.3.9600.17736
83358 - MS15-043: Cumulative Security Update for Internet Explorer (3049563)

Synopsis

The remote host has a web browser installed that is affected by multiple vulnerabilities.

Description

The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3049563. It
is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities.
An attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-043

Solution

Microsoft has released a set of patches for Internet Explorer 6, 7, 8, 9, 10, and 11.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

References

BID 74504
BID 74505
BID 74506
BID 74507
BID 74508
BID 74509
BID 74510
BID 74511
BID 74512
BID 74513
BID 74514
BID 74515
BID 74516

192.168.100.4 260
BID 74517
BID 74518
BID 74519
BID 74520
BID 74521
BID 74522
BID 74530
BID 74606
BID 74607
CVE CVE-2015-1658
CVE CVE-2015-1684
CVE CVE-2015-1685
CVE CVE-2015-1686
CVE CVE-2015-1688
CVE CVE-2015-1689
CVE CVE-2015-1691
CVE CVE-2015-1692
CVE CVE-2015-1694
CVE CVE-2015-1703
CVE CVE-2015-1704
CVE CVE-2015-1705
CVE CVE-2015-1706
CVE CVE-2015-1708
CVE CVE-2015-1709
CVE CVE-2015-1710
CVE CVE-2015-1711
CVE CVE-2015-1712
CVE CVE-2015-1713
CVE CVE-2015-1714
CVE CVE-2015-1717
CVE CVE-2015-1718
MSKB 3049563
XREF MSFT:MS15-043

Plugin Information

Published: 2015/05/12, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3049563

192.168.100.4 26
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.17801
83440 - MS15-044: Vulnerabilities in Microsoft Font Drivers Could Allow Remote Code Execution
(3057110)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is affected by multiple vulnerabilities :

- An information disclosure vulnerability exists due to improper handling of OpenType fonts by the Windows
DirectWrite library. A remote attacker can exploit this vulnerability by convincing a user to open a file or visit
a website containing a specially crafted OpenType font, resulting in the disclosure of sensitive information.
(CVE-2015-1670)

- A remote code execution vulnerability exists due to improper handling of TrueType font files by the Windows
DirectWrite library. A remote attacker can exploit this vulnerability by convincing a user to open a specially
crafted document or visit a website containing a specially crafted TrueType font file, resulting in execution of
arbitrary code in the context of the current user. (CVE-2015-1671)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-044

Solution

Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Live Meeting 2007 Console,
Lync 2010, Lync 2010 Attendee, Lync 2013, Lync Basic 2013; and .NET Framework 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1,
and 4.5.2.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

References

BID 74485
BID 74490
CVE CVE-2015-1670
CVE CVE-2015-1671
MSKB 3048068
MSKB 3048070
MSKB 3048071
MSKB 3048072
MSKB 3048073
MSKB 3048074
MSKB 3048077
MSKB 3045171
MSKB 3065979
MSKB 2883029
MSKB 2881073
MSKB 3051467
MSKB 3051464
MSKB 3051465
MSKB 3051466
MSKB 3039779
MSKB 3056819
XREF MSFT:MS15-044

Plugin Information

Published: 2015/05/13, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3045171
- C:\Windows\system32\win32k.sys has not been patched.
Remote version : 6.3.9600.16650
Should be : 6.3.9600.17796
83356 - MS15-048: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3057134)

Synopsis

The version of the .NET Framework installed on the remote host is affected by multiple vulnerabilities.

Description

The remote Windows host is running a version of the Microsoft .NET Framework that is affected by multiple
vulnerabilities :

- A denial of service vulnerability exists in the Microsoft .NET Framework due to a recursion flaw that occurs
when decrypting XML data. A remote attacker can exploit this, via specially crafted XML data, to degrade the
performance of a .NET website. (CVE-2015-1672)

- A privilege escalation vulnerability exists in the Microsoft .NET Framework due to improper handling of objects
in memory by .NET's Windows Forms (WinForms) libraries. A remote attacker can exploit this, via a specially
crafted partial trust application, to escalate privileges. (CVE-2015-1673)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-048

Solution

Microsoft has released a set of patches for .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1, and
4.5.2.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.9 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 74482
BID 74487
CVE CVE-2015-1672
CVE CVE-2015-1673
MSKB 3023211
MSKB 3023213
MSKB 3023215
MSKB 3023217
MSKB 3023219
MSKB 3023220
MSKB 3023221
MSKB 3023222
MSKB 3023223
MSKB 3023224
MSKB 3032655
MSKB 3032662
MSKB 3032663
MSKB 3035485
MSKB 3035486
MSKB 3035487
MSKB 3035488
MSKB 3035489
MSKB 3035490
XREF MSFT:MS15-048
XREF IAVA:2015-A-0105

Plugin Information

Published: 2015/05/12, Modified: 2018/11/15

Plugin Output

tcp/445

- C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Security.dll has not been patched.

Remote version : 4.0.30319.33440
Should be : 4.0.30319.34248

- C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll has not been patched.

Remote version : 4.0.30319.33440
Should be : 4.0.30319.34250
83355 - MS15-050: Vulnerability in Service Control Manager Could Allow Elevation of Privilege
(3055642)

Synopsis

The remote Windows host is affected by a privilege escalation vulnerability.

Description

The remote Windows host is affected by a privilege escalation vulnerability in Windows Service Control Manager
(SCM) due to improper verification of impersonation levels. A local attacker can exploit this, via a specially
crafted application, to escalate their privileges and make calls to SCM for which they lack sufficient privilege.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-050

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

High

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

5.3 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 74492
CVE CVE-2015-1702
MSKB 3055642
XREF MSFT:MS15-050
XREF IAVA:2015-A-0107

Plugin Information

Published: 2015/05/12, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3055642
- C:\Windows\system32\services.exe has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.17793
83370 - MS15-051: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of
Privilege (3057191)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The version of Windows running on the remote host is affected by multiple vulnerabilities :

- Multiple information disclosure vulnerabilities exist due to the Win32k.sys kernel-mode driver improperly
handling objects in memory. A local attacker can exploit this to reveal private address information during
a function call, resulting in the disclosure of kernel memory contents. (CVE-2015-1676, CVE-2015-1677,
CVE-2015-1678, CVE-2015-1679, CVE-2015-1680)

- A privilege escalation vulnerability exists due to the Win32k.sys kernel-mode driver improperly handling objects
in memory. A local attacker can exploit this flaw, via a specially crafted application, to execute arbitrary code in
kernel mode. This vulnerability is reportedly being exploited in the wild. (CVE-2015-1701)

See Also

http://www.nessus.org/u?37b0306c
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-051

Solution

Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

High

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.3 (CVSS2#E:H/RL:OF/RC:C)

STIG Severity

References

BID 74245
BID 74483
BID 74494
BID 74495
BID 74496
BID 74497
CVE CVE-2015-1676
CVE CVE-2015-1677
CVE CVE-2015-1678
CVE CVE-2015-1679
CVE CVE-2015-1680
CVE CVE-2015-1701
MSKB 3045171
MSKB 3057191
MSKB 3065979
XREF MSFT:MS15-051
XREF IAVA:2015-A-0108

Exploitable With

CANVAS (true) Core Impact (true) Metasploit (true)

Plugin Information

Published: 2015/05/12, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3045171
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.3.9600.16650
Should be : 6.3.9600.17796

192.168.100.4 270
84053 - MS15-056: Cumulative Security Update for Internet Explorer (3058515)

Synopsis

The remote host has a web browser installed that is affected by multiple vulnerabilities.

Description

The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3058515. It
is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities.
An attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website.

Note that the majority of the vulnerabilities addressed by Cumulative Security Update 3058515 are mitigated by
the Enhanced Security Configuration (ESC) mode which is enabled by default on Windows Server 2003, 2008,
2008 R2, 2012, and 2012 R2.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-056

Solution

Microsoft has released a set of patches for Internet Explorer 6, 7, 8, 9, 10, and 11.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

7.3 (CVSS2#E:POC/RL:OF/RC:C)

References

BID 74972
BID 74973
BID 74974
BID 74975
BID 74976
BID 74978
BID 74979
BID 74981
BID 74982
BID 74983

192.168.100.4 27
BID 74984
BID 74985
BID 74986
BID 74987
BID 74988
BID 74989
BID 74990
BID 74991
BID 74992
BID 74993
BID 74994
BID 74995
BID 74996
BID 74997
BID 75182
CVE CVE-2015-1687
CVE CVE-2015-1730
CVE CVE-2015-1731
CVE CVE-2015-1732
CVE CVE-2015-1735
CVE CVE-2015-1736
CVE CVE-2015-1737
CVE CVE-2015-1739
CVE CVE-2015-1740
CVE CVE-2015-1741
CVE CVE-2015-1742
CVE CVE-2015-1743
CVE CVE-2015-1744
CVE CVE-2015-1745
CVE CVE-2015-1747
CVE CVE-2015-1748
CVE CVE-2015-1750
CVE CVE-2015-1751
CVE CVE-2015-1752
CVE CVE-2015-1753
CVE CVE-2015-1754
CVE CVE-2015-1755
CVE CVE-2015-1765
CVE CVE-2015-1766
MSKB 3058515
XREF MSFT:MS15-056

Plugin Information
Published: 2015/06/09, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3058515
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.17842
84056 - MS15-060: Vulnerability in Microsoft Common Controls Could Allow Remote Code Execution
(3059317)

Synopsis

The remote Windows host is affected by a remote code execution vulnerability.

Description

The remote Windows host is affected by a remote code execution vulnerability due to a user-after-free error
in Microsoft Common Controls. A remote attacker can exploit this vulnerability by convincing a user to click a
specially crafted link, resulting in the execution of arbitrary code in the context of the current user.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-060

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.9 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 75017
CVE CVE-2015-1756
MSKB 3059317
XREF MSFT:MS15-060
XREF IAVA:2015-A-0125

Plugin Information

Published: 2015/06/09, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3059317
None of the versions of 'comctl32.dll' under C:\Windows\WinSxS
have been patched.
Fixed version : 5.82.9600.17810
84059 - MS15-061: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of
Privilege (3057839)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in the Windows kernel-mode driver due to improper handling
of buffer elements. A local attacker can exploit this vulnerability to request the contents of specific memory
addresses. (CVE-2015-1719)

- An elevation of privilege vulnerability exists in the Windows kernel-mode driver due to a user-after-free error. A
remote attacker can exploit this vulnerability by convincing a user to run a specially crafted application, resulting
in the execution of arbitrary code in kernel mode. (CVE-2015-1720)

- A elevation of privilege vulnerability exists in the Windows kernel-mode driver due to a NULL pointer
dereference flaw. A remote attacker can exploit this vulnerability by convincing a user to run a specially crafted
application, resulting in the execution of arbitrary code in kernel mode. (CVE-2015-1721)

- Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver due to improper handling
of objects in memory. A local attacker can exploit these vulnerabilities, with a specially crafted application, to
escalate privileges to full administrative rights.
(CVE-2015-1722, CVE-2015-1723, CVE-2015-1724, CVE-2015-1726)

- Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver due to improperly
validated user-supplied input. A local attacker can exploit these vulnerabilities, with a specially crafted
application, to escalate privileges to full administrative rights. (CVE-2015-1725, CVE-2015-1727)

- Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver due a failure to properly
free memory. A local attacker can exploit these vulnerabilities, with a specially crafted application, to execute
arbitrary code in the context of another user. (CVE-2015-1725, CVE-2015-1727)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-061

Solution

Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score

7.7 (CVSS2#E:F/RL:OF/RC:C)

References

BID 74998
BID 74999
BID 75000
BID 75005
BID 75006
BID 75008
BID 75009
BID 75010
BID 75012
BID 75024
BID 75025
CVE CVE-2015-1719
CVE CVE-2015-1720
CVE CVE-2015-1721
CVE CVE-2015-1722
CVE CVE-2015-1723
CVE CVE-2015-1724
CVE CVE-2015-1725
CVE CVE-2015-1726
CVE CVE-2015-1727
CVE CVE-2015-1768
CVE CVE-2015-2360
MSKB 3057839
XREF MSFT:MS15-061

Exploitable With

Core Impact (true)

Plugin Information

Published: 2015/06/09, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3057839
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.3.9600.16650
Should be : 6.3.9600.17837
84761 - MS15-065: Cumulative Security Update for Internet Explorer (3076321)

Synopsis

The remote host has a web browser installed that is affected by multiple vulnerabilities.

Description

The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3076321. It
is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities.
An attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website.

Hosts running Internet Explorer 10 or Internet Explorer 11 will not be fully protected until both security update
3065822 and security update 3075516 are applied to the system. Security update 3075516 may require manual
installation depending on your patching method.

Note that the majority of the vulnerabilities addressed by Cumulative Security Update 3076321 are mitigated by
the Enhanced Security Configuration (ESC) mode which is enabled by default on Windows Server 2003, 2008,
2008 R2, 2012, and 2012 R2.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-065

Solution

Microsoft has released a set of patches for Internet Explorer 6, 7, 8, 9, 10, and 11.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

References

BID 75626
BID 75631
BID 75636
BID 75677
BID 75679
BID 75687
BID 75689
BID 75690
BID 75745
CVE CVE-2015-1729
CVE CVE-2015-1733
CVE CVE-2015-1738
CVE CVE-2015-1767
CVE CVE-2015-2372
CVE CVE-2015-2383
CVE CVE-2015-2384
CVE CVE-2015-2385
CVE CVE-2015-2388
CVE CVE-2015-2389
CVE CVE-2015-2390
CVE CVE-2015-2391
CVE CVE-2015-2397
CVE CVE-2015-2398
CVE CVE-2015-2401
CVE CVE-2015-2402
CVE CVE-2015-2403
CVE CVE-2015-2404
CVE CVE-2015-2406
CVE CVE-2015-2408
CVE CVE-2015-2410
CVE CVE-2015-2411
CVE CVE-2015-2412
CVE CVE-2015-2413
CVE CVE-2015-2414
CVE CVE-2015-2419
CVE CVE-2015-2421
CVE CVE-2015-2422
CVE CVE-2015-2425
MSKB 3065822
MSKB 3075516
XREF MSFT:MS15-065

Plugin Information

Published: 2015/07/15, Modified: 2018/11/15

Plugin Output

tcp/445

192.168.100.4 280
KB : 3065822
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.17905

KB : 3075516
- C:\Windows\system32\jscript9.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.17923

192.168.100.4 28
84762 - MS15-068: Vulnerabilities in Windows Hyper-V Could Allow Remote Code Execution
(3072000)

Synopsis

The remote Windows host is affected by multiple remote code execution vulnerabilities.

Description

The remote Windows host is affected by multiple remote code execution vulnerabilities in Hyper-V :

- An error exists in how Hyper-V handles packet size memory initialization in guest virtual machines. An
authenticated attacker with access to a guest virtual machine can exploit this by running a specially crafted
application to execute arbitrary code in a host context.
(CVE-2015-2361)

- An error exists in how Hyper-V initializes system data structures in guest virtual machines. An authenticated
attacker with access to a guest virtual machine can exploit this by running a specially crafted application to
execute arbitrary code in a host context.
(CVE-2015-2362)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-068

Solution

Microsoft has released a set of patches for Windows 2008, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

High

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

5.3 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

CVE CVE-2015-2361
CVE CVE-2015-2362
MSKB 3046339
MSKB 3046359
XREF MSFT:MS15-068
XREF IAVB:2015-B-0091

Plugin Information

Published: 2015/07/15, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3046359
- C:\Windows\system32\drivers\storvsp.sys has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.17723
84734 - MS15-069: Vulnerabilities in Windows Could Allow Remote Code Execution (3072631)

Synopsis

The remote Windows host is affected by multiple remote code execution vulnerabilities.

Description

The remote Windows host is affected by multiple remote code execution vulnerabilities :

- A remote code execution vulnerability exists due to improper handling of the loading of dynamic link library
(DLL) files. A remote attacker can exploit this vulnerability by placing a specially crafted DLL file in a user's
current working directory and then convincing the user to launch a program designed to load the DLL, resulting
in the execution of arbitrary code in the context of the current user. (CVE-2015-2368)

- A remote code execution vulnerability exists in Microsoft Windows Media Device Manager due to improper
handling of the loading of dynamic link library (DLL) files. A remote attacker can exploit this vulnerability by
placing a specially crafted DLL file in a user's current working directory and then convincing the user to open
a specially crafted .RTF file, resulting in the execution of arbitrary code in the context of the current user.
(CVE-2015-2369)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-069

Solution

Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8.1, and 2012 R2.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

STIG Severity

References

CVE CVE-2015-2368
CVE CVE-2015-2369
MSKB 3072631
MSKB 3067903
MSKB 3070738
MSKB 3061512
XREF MSFT:MS15-069
XREF IAVA:2015-A-0167

Plugin Information

Published: 2015/07/14, Modified: 2018/11/15

Plugin Output

tcp/445

The remote host is missing KB3061512.

84744 - MS15-072: Vulnerability in Windows Graphics Component Could Allow Elevation of Privilege
(3069392)

Synopsis

The remote Windows host is affected by a privilege escalation vulnerability.

Description

The remote Windows host is affected by a privilege escalation vulnerability due to improper processing of bitmap
conversions in the Windows graphics component. An authenticated attacker can exploit this, via a specially
crafted application, to gain administrative privileges.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-072

Solution

Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

High

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

5.3 (CVSS2#E:U/RL:OF/RC:C)

References

CVE CVE-2015-2364
MSKB 3069392
XREF MSFT:MS15-072

Plugin Information

Published: 2015/07/14, Modified: 2018/11/15

Plugin Output

tcp/445
KB : 3069392
- C:\Windows\system32\gdi32.dll has not been patched.
Remote version : 6.3.9600.16421
Should be : 6.3.9600.17902
84747 - MS15-073: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege
(3070102)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is affected by multiple vulnerabilities :

- Multiple privilege escalation vulnerabilities exist in the Windows kernel-mode driver due to improper handling
of objects in memory. A local attacker can exploit these vulnerabilities, with a specially crafted application, to
elevate privileges to full administrative rights.
(CVE-2015-2363, CVE-2015-2365, CVE-2015-2366)

- An information disclosure vulnerability exists in the Windows kernel-mode driver due to improper handling of
non-initialized values in memory. An attacker can exploit this vulnerability, with a specially crafted application,
to leak memory addresses or other sensitive kernel information that can be used for further exploitation of the
system. (CVE-2015-2367)

- An information disclosure vulnerability exists in the Windows kernel-mode driver due to improper handling
of private address information during a function call. An attacker can exploit this vulnerability, with a specially
crafted application, to request the contents of specific memory addresses. (CVE-2015-2381, CVE-2015-2382)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-073

Solution

Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1,
and 2012 R2.

Risk Factor

High

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

5.6 (CVSS2#E:POC/RL:OF/RC:C)

STIG Severity

II
References

CVE CVE-2015-2363
CVE CVE-2015-2365
CVE CVE-2015-2366
CVE CVE-2015-2367
CVE CVE-2015-2381
CVE CVE-2015-2382
MSKB 3070102
XREF MSFT:MS15-073
XREF IAVA:2015-A-0162

Plugin Information

Published: 2015/07/14, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3070102
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.3.9600.16650
Should be : 6.3.9600.17915
84748 - MS15-076: Vulnerability in Windows Remote Procedure Call Could Allow Elevation of
Privilege (3067505)

Synopsis

The remote Windows host is affected by a privilege escalation vulnerability.

Description

The remote Windows host is affected by a privilege escalation vulnerability in the Microsoft Remote Procedure
Call (RPC) due to incorrectly allowing DCE/RPC connection reflection. A remote, authenticated attacker can
exploit this vulnerability, with a specially crafted application, to elevate privileges.

Note that in order to exploit this issue, an attacker would first have to log onto the system.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-076
https://code.google.com/p/google-security-research/issues/detail?id=325

Solution

Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

High

CVSS Base Score

9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Temporal Score

7.0 (CVSS2#E:POC/RL:OF/RC:C)

STIG Severity

References

CVE CVE-2015-2370
MSKB 3067505
XREF MSFT:MS15-076
XREF IAVA:2015-A-0165

192.168.100.4 290
Plugin Information

Published: 2015/07/14, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3067505
- C:\Windows\system32\Rpcrt4.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.17919

192.168.100.4 29
84746 - MS15-077: Vulnerability in ATM Font Driver Could Allow Elevation of Privilege (3077657)

Synopsis

The Adobe Font driver on the remote host is affected by a privilege escalation vulnerability.

Description

The remote Windows host is affected by a privilege escalation vulnerability in the Adobe Type Manager Font
Driver (ATMFD) due to a failure to properly handle objects in memory. A local attacker can exploit this by running
a specially crafted application, resulting in arbitrary code execution with elevated privileges.

See Also

https://twitter.com/hackerfantastic/status/618104999785156608
http://www.nessus.org/u?f3f38e4f
https://code.google.com/p/google-security-research/issues/detail?id=473
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-077

Solution

Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1,
and 2012 R2.

Risk Factor

High

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.3 (CVSS2#E:H/RL:OF/RC:C)

References

CVE CVE-2015-2387
MSKB 3077657
XREF MSFT:MS15-077

Exploitable With

CANVAS (true)

Plugin Information
Published: 2015/07/14, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3077657
- C:\Windows\system32\atmfd.dll has not been patched.
Remote version : 5.1.2.238
Should be : 5.1.2.242
84882 - MS15-078: Vulnerability in Microsoft Font Driver Could Allow Remote Code Execution
(3079904)

Synopsis

The remote Windows host is affected by a remote code execution vulnerability.

Description

The remote Windows host is affected by a remote code execution vulnerability in the Adobe Type Manager
Library due to improper handling of OpenType fonts. A remote attacker can exploit this vulnerability by
convincing a user to open a document or visit a website containing specially crafted OpenType fonts, resulting in
the execution of arbitrary code in the context of the current user.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-078

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2,
and 10.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

References

BID 75951
CVE CVE-2015-2426
MSKB 3079904
XREF MSFT:MS15-078

Exploitable With

Core Impact (true) Metasploit (true)

Plugin Information
Published: 2015/07/20, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3079904
- C:\Windows\system32\atmfd.dll has not been patched.
Remote version : 5.1.2.238
Should be : 5.1.2.243
85348 - MS15-080 : Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code
Execution (3078662)

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The remote Windows host is affected by multiple vulnerabilities :

- Multiple remote code execution vulnerabilities exist due to the Windows Adobe Type Manager Library not
properly handling specially crafted OpenType fonts. An attacker can exploit these, by using a crafted document
or web page with embedded OpenType fonts, to execute arbitrary code in the context of the current user.
(CVE-2015-2432, CVE-2015-2458, CVE-2015-2459, CVE-2015-2460, CVE-2015-2461, CVE-2015-2462)

- Multiple remote code execution vulnerabilities exist in various components of Windows, .NET Framework,
Office, Lync, and Silverlight due to a failure to properly handle TrueType fonts. An attacker can exploit these, by
using a crafted document or web page with embedded TrueType fonts, to execute arbitrary code in the context
of the current user. (CVE-2015-2435, CVE-2015-2455, CVE-2015-2456 CVE-2015-2463, CVE-2015-2464)

- A remote code execution vulnerability exists due to Microsoft Office not properly handling Office Graphics
Library (OGL) fonts. An attacker can exploit this, by using a crafted document or web page with embedded OGL
fonts, to execute arbitrary code in the context of the user. (CVE-2015-2431)

- A security feature bypass vulnerability exists due to a failure by the Windows kernel to properly initialize
a memory address. An attacker, using a specially crafted application, can exploit this issue to bypass
Kernel Address Space Layout Randomization (KASLR) and retrieve the base address of the kernel driver.
(CVE-2015-2433)

- An elevation of privilege vulnerability exists due to a flaw in the Windows Client/Server Run-time Subsystem
(CSRSS) when terminating a process when a user logs off.
An attacker can exploit this vulnerability to run code that monitors the actions of users who log on to the system,
allowing the disclosure of sensitive information which could be used to elevate privileges or execute code.
(CVE-2015-2453)

- A security feature bypass vulnerability exists due to the Windows kernel-mode driver not properly validating
and enforcing impersonation levels. An attacker can exploit this to gain elevated privileges on a targeted system.
(CVE-2015-2454)

- A security feature bypass vulnerability exists due to the Windows shell not properly validating and enforcing
impersonation levels. An attacker can exploit this to bypass impersonation-level security and gain elevated
privileges on a targeted system. (CVE-2015-2465)

See Also

https://technet.microsoft.com/library/security/MS15-080

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2,
and 10. Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Microsoft Lync 2010,
2010 Attendee, 2013 SP1, Microsoft Live Meeting 2007; and .NET Framework 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2,
and 4.6.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

7.7 (CVSS2#E:F/RL:OF/RC:C)

STIG Severity

References

BID 76203
BID 76207
BID 76209
BID 76210
BID 76211
BID 76213
BID 76215
BID 76216
BID 76218
BID 76223
BID 76225
BID 76235
BID 76238
BID 76239
BID 76240
BID 76241
CVE CVE-2015-2432
CVE CVE-2015-2458
CVE CVE-2015-2459
CVE CVE-2015-2460
CVE CVE-2015-2461
CVE CVE-2015-2462
CVE CVE-2015-2435
CVE CVE-2015-2455
CVE CVE-2015-2456
CVE CVE-2015-2463
CVE CVE-2015-2464
CVE CVE-2015-2431
CVE CVE-2015-2433
CVE CVE-2015-2453
CVE CVE-2015-2454
CVE CVE-2015-2465
MSKB 3054846
MSKB 3054890
MSKB 3055014
MSKB 3072303
MSKB 3072305
MSKB 3072306
MSKB 3072307
MSKB 3072309
MSKB 3072310
MSKB 3072311
MSKB 3075590
MSKB 3075591
MSKB 3075592
MSKB 3075593
MSKB 3078601
MSKB 3080333
MSKB 3081436
XREF MSFT:MS15-080
XREF IAVA:2015-A-0196

Exploitable With

Metasploit (true)

Plugin Information

Published: 2015/08/12, Modified: 2019/04/29

Plugin Output

tcp/445

KB : 3078601
- C:\Windows\system32\atmfd.dll has not been patched.
Remote version : 5.1.2.238
Should be : 5.1.2.245
85330 - MS15-085: Vulnerability in Mount Manager Could Allow Elevation of Privilege (3082487)

Synopsis

The remote Windows host is affected by an elevation of privilege vulnerability.

Description

The remote Windows host is affected by an elevation of privilege vulnerability in the Mount Manager component
due to improper processing of symbolic links. A local attacker can exploit this vulnerability by inserting a
malicious USB device into a user's system, allowing the writing of a malicious binary to disk and the execution of
arbitrary code.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-085

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2,
and 10.

Risk Factor

High

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

5.3 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 76222
CVE CVE-2015-1769
MSKB 3082487
MSKB 3071756
XREF MSFT:MS15-085
XREF IAVA:2015-A-0192
Plugin Information

Published: 2015/08/11, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3071756
- C:\Windows\system32\ntdll.dll has not been patched.
Remote version : 6.3.9600.16502
Should be : 6.3.9600.17936
85877 - MS15-097: Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code
Execution (3089656)

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists in the Windows Adobe Type Manager Library due to improper
handling of specially crafted OpenType fonts. An authenticated, remote attacker can exploit this vulnerability, via
a specially crafted application, to elevate privileges and execute arbitrary code.
(CVE-2015-2506)

- Multiple elevation of privilege vulnerabilities exist in the Windows Adobe Type Manager Library due to
improper handling of objects in memory. A local attacker can exploit these vulnerabilities, via a specially crafted
application, to execute arbitrary code. (CVE-2015-2507, CVE-2015-2508, CVE-2015-2512)

- A remote code execution vulnerability exists in components of Windows, Office, and Lync due to improper
handling of specially crafted OpenType fonts. An unauthenticated, remote attacker can exploit this vulnerability
by convincing a user to open a file or visit a website containing specially crafted OpenType fonts, resulting in
execution of arbitrary code in the context of the current user. (CVE-2015-2510)

- Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver due to improper handling
of objects in memory. A local attacker can exploit these vulnerabilities, via a specially crafted application, to
execute arbitrary code in kernel mode. (CVE-2015-2511, CVE-2015-2517, CVE-2015-2518, CVE-2015-2546)

- An elevation of privilege vulnerability exists in the Windows kernel-mode driver due to improper validation and
enforcement of integrity levels during certain process initialization scenarios. A local attacker can exploit this
vulnerability, via a specially crafted application, to execute arbitrary code in kernel mode.
(CVE-2015-2527)

- A security feature bypass vulnerability exists due to a failure by the Windows kernel to properly initialize a
memory address. A local attacker can exploit this, via a specially crafted application, to bypass Kernel Address
Space Layout Randomization (KASLR) and retrieve the base address of the kernel driver. (CVE-2015-2529)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-097

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2,
and 10. Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Lync 2010, Lync 2010
Attendee, Lync 2013 (Skype for Business), Lync Basic 2013, and Live Meeting 2007.

Risk Factor

High
CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

STIG Severity

References

BID 76563
BID 76589
BID 76591
BID 76592
BID 76593
BID 76597
BID 76599
BID 76602
BID 76606
BID 76607
BID 76608
CVE CVE-2015-2506
CVE CVE-2015-2507
CVE CVE-2015-2508
CVE CVE-2015-2510
CVE CVE-2015-2511
CVE CVE-2015-2512
CVE CVE-2015-2517
CVE CVE-2015-2518
CVE CVE-2015-2527
CVE CVE-2015-2529
CVE CVE-2015-2546
MSKB 3085529
MSKB 3085546
MSKB 3085500
MSKB 3081087
MSKB 3081088
MSKB 3081089
MSKB 3081090
MSKB 3087039
MSKB 3087135
MSKB 3081455
XREF MSFT:MS15-097
XREF IAVA:2015-A-0212

Plugin Information

Published: 2015/09/09, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3087039
- C:\Windows\system32\atmfd.dll has not been patched.
Remote version : 5.1.2.238
Should be : 5.1.2.246
85847 - MS15-101: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3089662)

Synopsis

The version of the .NET Framework installed on the remote host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities in the
Microsoft .NET Framework :

- An elevation of privilege vulnerability exists due to improper validation of the number of objects in memory
before they are copied into an array. A remote, unauthenticated attacker can exploit this to bypass Code Access
Security (CAS) restrictions by convincing a user to run an untrusted .NET application or to visit a website
containing a malicious XAML browser application.
(CVE-2015-2504)

- A denial of service vulnerability exists due to improper handling of specially crafted requests to an ASP .NET
server. A remote, unauthenticated attacker can exploit this to degrade performance. (CVE-2015-2526)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-101

Solution

Microsoft has released a set of patches for .NET Framework 2.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.9 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 76560
BID 76567
CVE CVE-2015-2504
CVE CVE-2015-2526
MSKB 3074228
MSKB 3074229
MSKB 3074230
MSKB 3074231
MSKB 3074232
MSKB 3074233
MSKB 3074541
MSKB 3074543
MSKB 3074544
MSKB 3074545
MSKB 3074547
MSKB 3074548
MSKB 3074549
MSKB 3074550
MSKB 3074552
MSKB 3074553
MSKB 3074554
MSKB 3081455
XREF MSFT:MS15-101
XREF IAVA:2015-A-0213

Plugin Information

Published: 2015/09/08, Modified: 2018/11/15

Plugin Output

tcp/445

- C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.componentmodel.dataannotations.dll has not

been patched.
Remote version : 4.0.30319.33440
Should be : 4.0.30319.34262

- C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.drawing.dll has not been patched.

Remote version : 4.0.30319.33440
Should be : 4.0.30319.34262
85844 - MS15-102: Vulnerabilities in Windows Task Management Could Allow Elevation of Privilege
(3089657)

Synopsis

The remote Windows host is affected by multiple elevation of privilege vulnerabilities.

Description

The remote Windows host is affected by multiple elevation of privilege vulnerabilities in Windows Task
Management :

- An elevation of privilege vulnerability exists due to a failure to properly validate and enforce impersonation
levels. An authenticated, remote attacker can exploit this, via a specially crafted application, to bypass
impersonation-level security checks and gain elevated privileges. (CVE-2015-2524)

- An elevation of privilege vulnerability exists in Windows Task Scheduler due to improper verification of certain
file system interactions. An authenticated, remote attacker can exploit this, via a specially crafted application, to
execute arbitrary code in the security context of the local system. (CVE-2015-2525)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-102

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, 2012 R2, 10.

Risk Factor

High

CVSS Base Score

9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Temporal Score

7.4 (CVSS2#E:F/RL:OF/RC:C)

STIG Severity

References
BID 76587
BID 76590
BID 76653
CVE CVE-2015-2524
CVE CVE-2015-2525
CVE CVE-2015-2528
MSKB 3084135
MSKB 3082089
MSKB 3081455
XREF MSFT:MS15-102
XREF IAVA:2015-A-0215

Exploitable With

CANVAS (true)

Plugin Information

Published: 2015/09/08, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3084135
- C:\Windows\system32\schedsvc.dll has not been patched.
Remote version : 6.3.9600.16502
Should be : 6.3.9600.18001
86366 - MS15-109: Security Update for Windows Shell to Address Remote Code Execution (3096443)

Synopsis

The remote host is affected by multiple remote code execution vulnerabilities.

Description

The remote Windows host is affected by the following vulnerabilities :

- A remote code execution vulnerability exists in the Windows shell due to improper handling of objects in
memory. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted toolbar
object, resulting in the execution of arbitrary code in the context of the current user. (CVE-2015-2515)

- A privilege escalation vulnerability exists in the Microsoft Tablet Input Band due to improper handling of objects
in memory. A remote attacker can exploit this vulnerability to gain the same user rights as the current user by
convincing a user to visit a specially crafted website. (CVE-2015-2548)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-109

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, 2012 R2, and 10.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.9 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 76981
BID 76989
CVE CVE-2015-2515
CVE CVE-2015-2548
MSKB 3080446
MSKB 3096443
MSKB 3093513
MSKB 3097617
XREF MSFT:MS15-109
XREF IAVA:2015-A-0245

Plugin Information

Published: 2015/10/13, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3080446
- C:\Windows\system32\shell32.dll has not been patched.
Remote version : 6.3.9600.16660
Should be : 6.3.9600.18038
86373 - MS15-111: Security Update for Windows Kernel to Address Elevation of Privilege (3096447)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is affected by the following vulnerabilities :

- Multiple elevation of privilege vulnerabilities exist in the Windows kernel due to improper handling of objects in
memory. A local attacker can exploit these vulnerabilities, via a specially crafted application, to execute arbitrary
code in kernel mode. (CVE-2015-2549, CVE-2015-2550, CVE-2015-2554)

- A security feature bypass vulnerability exists due to a failure to properly enforce the Windows Trusted Boot
policy. A local attacker can exploit this, via a specially crafted Boot Configuration Data (BCD) setting, to disable
code integrity checks, resulting in the execution of test-signed executables and drivers.
Additionally, a local attacker can exploit this vulnerability to bypass Trusted Boot integrity validation for BitLocker
and Device Encryption security features. (CVE-2015-2552)

- An elevation of privilege vulnerability exists due to improper validation of junctions in certain scenarios in which
mount points are being created. An unauthenticated, remote attacker can exploit this in conjunction with another
vulnerability to execute arbitrary code in the context of the current user.
(CVE-2015-2553)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-111
https://support.microsoft.com/en-us/help/3096447/ms15-111-security-update-for-windows-kernel-to-address-
elevation-of-pr

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2,
and 10.

Risk Factor

High

CVSS Base Score

9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Temporal Score

7.8 (CVSS2#E:H/RL:OF/RC:C)

STIG Severity

192.168.100.4 310
II

References

BID 76994
BID 76998
BID 76999
BID 77004
BID 77014
CVE CVE-2015-2549
CVE CVE-2015-2550
CVE CVE-2015-2552
CVE CVE-2015-2553
CVE CVE-2015-2554
MSKB 3088195
MSKB 3097617
XREF MSFT:MS15-111
XREF IAVA:2015-A-0242

Plugin Information

Published: 2015/10/13, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3088195
- C:\Windows\system32\winload.exe has not been patched.
Remote version : 6.3.9600.16496
Should be : 6.3.9600.18066

192.168.100.4 31
86822 - MS15-115: Security Update for Microsoft Windows to Address Remote Code Execution
(3105864)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is affected by the following vulnerabilities :

- Multiple elevation of privilege vulnerabilities exist that are related to the handling of objects in memory.
A local attacker can exploit these, via a crafted application, to run arbitrary code in kernel mode.
(CVE-2015-6100, CVE-2015-6101)

- Multiple information disclosure vulnerabilities exist due to a failure to properly initialize memory addresses. A
local attacker can exploit these, via a specially crafted application, to bypass the Kernel Address Space Layout
Randomization (KASLR) and retrieve the base address of the Kernel driver from a compromised process.
(CVE-2015-6102, CVE-2015-6109)

- Multiple remote code execution vulnerabilities exist in the Adobe Type Manager Library due to improper
handling of specially crafted fonts. An unauthenticated, remote attacker can exploit these, via a crafted
document or web page, to execute arbitrary code.
(CVE-2015-6103, CVE-2015-6104)

- A security feature bypass vulnerability exists due to improper validation of permissions. A local attacker can
exploit this to interact with the file system in an inappropriate manner to modify files, by using a crafted, low-
integrity-level, user-mode application.
(CVE-2015-6113)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-115

Solution

Microsoft has released a set of patches for Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, 2012 R2, and 10.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

7.3 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity

References

BID 77458
BID 77460
BID 77462
BID 77463
BID 77464
BID 77465
BID 77466
CVE CVE-2015-6100
CVE CVE-2015-6101
CVE CVE-2015-6102
CVE CVE-2015-6103
CVE CVE-2015-6104
CVE CVE-2015-6109
CVE CVE-2015-6113
MSKB 3097877
MSKB 3101746
MSKB 3105211
MSKB 3105213
XREF MSFT:MS15-115
XREF IAVA:2015-A-0299

Plugin Information

Published: 2015/11/10, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3097877
- C:\Windows\system32\win32k.sys has not been patched.
Remote version : 6.3.9600.16650
Should be : 6.3.9600.18093
86826 - MS15-119: Security Update for Winsock to Address Elevation of Privilege (3104521)

Synopsis

The remote Windows host is affected by an elevation of privilege vulnerability.

Description

The remote Windows host is affected by an elevation of privilege vulnerability due to a flaw in Winsock in which
a call is made to a memory address without verifying that the address is valid. An authenticated, remote attacker
can exploit this, via a specially crafted application, to gain elevated privileges on the host.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-119

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2,
and 10.

Risk Factor

High

CVSS Base Score

9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Temporal Score

6.7 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 77478
CVE CVE-2015-2478
MSKB 3092601
MSKB 3105211
MSKB 3105213
XREF MSFT:MS15-119
XREF IAVA:2015-A-0276
Plugin Information

Published: 2015/11/10, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3092601
- C:\Windows\system32\drivers\Afd.sys has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.18089
86828 - MS15-122: Security Update for Kerberos to Address Security Feature Bypass (3105256)

Synopsis

The remote Windows host is affected by a security feature bypass vulnerability.

Description

The remote Windows host is affected by a security feature bypass vulnerability in Kerberos due to a failure to
check the password change of a user signing into a workstation. A remote attacker can exploit this vulnerability
by connecting a workstation to a malicious Kerberos Key Distribution Center (KDC), resulting in the ability to
decrypt drives protected by BitLocker.

Note that this vulnerability can only be exploited if the target system has BitLocker enabled without a PIN or USB
key, and the computer is domain-joined.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-122
https://support.microsoft.com/en-us/help/3101246/ms15-122-description-of-the-security-update-for-windows-
kerberos-novem

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2,
and 10.

Risk Factor

High

CVSS Base Score

7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N)

CVSS Temporal Score

5.8 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 77475
CVE CVE-2015-6095
MSKB 3101246
MSKB 3105213
MSKB 3105211
XREF MSFT:MS15-122
XREF IAVA:2015-A-0278

Plugin Information

Published: 2015/11/10, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3101246
- C:\Windows\system32\Kerberos.dll has not been patched.
Remote version : 6.3.9600.16408
Should be : 6.3.9600.18091
87253 - MS15-124: Cumulative Security Update for Internet Explorer (3116180)

Synopsis

The remote host has a web browser installed that is affected by multiple vulnerabilities.

Description

The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3116180. It
is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities.
An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted
website, resulting in the execution of arbitrary code in the context of the current user.

See Also

http://www.nessus.org/u?f205555e
http://www.nessus.org/u?43c16242

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2,
and 10.

Refer to KB3125869 for additional information.

Risk Factor

High

CVSS v3.0 Base Score

9.0 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

8.6 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

References

BID 78481
BID 78482
BID 78483
BID 78484
BID 78485
BID 78486
BID 78487
BID 78488
BID 78489
BID 78490
BID 78491
BID 78492
BID 78494
BID 78495
BID 78507
BID 78508
BID 78526
BID 78527
BID 78528
BID 78529
BID 78530
BID 78531
BID 78532
BID 78533
BID 78534
BID 78535
BID 78536
BID 78537
BID 78538
BID 78540
CVE CVE-2015-6083
CVE CVE-2015-6134
CVE CVE-2015-6135
CVE CVE-2015-6136
CVE CVE-2015-6138
CVE CVE-2015-6139
CVE CVE-2015-6140
CVE CVE-2015-6141
CVE CVE-2015-6142
CVE CVE-2015-6143
CVE CVE-2015-6144
CVE CVE-2015-6145
CVE CVE-2015-6146
CVE CVE-2015-6147
CVE CVE-2015-6148
CVE CVE-2015-6149
CVE CVE-2015-6150
CVE CVE-2015-6151
CVE CVE-2015-6152
CVE CVE-2015-6153
CVE CVE-2015-6154
CVE CVE-2015-6155
CVE CVE-2015-6156
CVE CVE-2015-6157
CVE CVE-2015-6158
CVE CVE-2015-6159
CVE CVE-2015-6160
CVE CVE-2015-6161
CVE CVE-2015-6162
CVE CVE-2015-6164
MSKB 3104002
MSKB 3116869
MSKB 3116900
MSKB 3125869
XREF MSFT:MS15-124

Plugin Information

Published: 2015/12/08, Modified: 2019/04/15

Plugin Output

tcp/445

ASLR hardening settings for Internet Explorer in KB3125869

have not been applied. The following DWORD keys must be
created with a value of 1:
- HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl
\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING\iexplore.exe
- HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl
\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING\iexplore.exe

192.168.100.4 320
87257 - MS15-128: Security Update for Microsoft Graphics Component to Address Remote Code
Execution (3104503)

Synopsis

The remote host is affected by multiple remote code execution vulnerabilities.

Description

The remote Windows host is affected by multiple remote code execution vulnerabilities due to improper handling
of embedded fonts by the Windows font library. A remote attacker can exploit these by convincing a user to open
a file or visit a website containing a specially crafted embedded font, resulting in execution of arbitrary code in
the context of the current user.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-128

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2,
and 10. Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Word Viewer, Lync
2010, Lync 2010 Attendee, Lync 2013, Lync Basic 2013, Skype for Business 2016, Live Meeting 2007 Console,
Silverlight;
and .NET framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5.1, 4.5.2, and 4.6.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.9 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 78497
BID 78498
BID 78499
CVE CVE-2015-6106

192.168.100.4 32
CVE CVE-2015-6107
CVE CVE-2015-6108
MSKB 3085612
MSKB 3085616
MSKB 3099860
MSKB 3099862
MSKB 3099863
MSKB 3099864
MSKB 3099866
MSKB 3099869
MSKB 3099874
MSKB 3106614
MSKB 3109094
MSKB 3114351
MSKB 3114372
MSKB 3114478
MSKB 3115871
MSKB 3115872
MSKB 3115873
MSKB 3115875
MSKB 3116869
MSKB 3116900
XREF MSFT:MS15-128
XREF IAVA:2015-A-0308

Plugin Information

Published: 2015/12/08, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3109094
- C:\Windows\system32\dwrite.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.18123
87261 - MS15-132: Security Update for Microsoft Windows to Address Remote Code Execution
(3116162)

Synopsis

The remote Windows host is affected by multiple remote code execution vulnerabilities.

Description

The remote Windows host is affected by multiple remote code execution vulnerabilities due to improper input
validation when libraries are linked. A remote attacker can exploit these vulnerabilities by convincing a user to
open a specially crafted file, resulting in the execution of arbitrary code in the context of the current user.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-132

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2,
and 10.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

7.7 (CVSS2#E:F/RL:OF/RC:C)

STIG Severity

References

BID 78496
BID 78614
BID 78615
CVE CVE-2015-6128
CVE CVE-2015-6132
CVE CVE-2015-6133
MSKB 3108347
MSKB 3108371
MSKB 3108381
MSKB 3116162
MSKB 3116869
MSKB 3116900
XREF MSFT:MS15-132
XREF IAVB:2015-B-0143

Exploitable With

Core Impact (true) Metasploit (true)

Plugin Information

Published: 2015/12/08, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3108347
- C:\Windows\system32\authui.dll has not been patched.
Remote version : 6.3.9600.16474
Should be : 6.3.9600.18111
87262 - MS15-133: Security Update for Windows PGM to Address Elevation of Privilege (3116130)

Synopsis

The remote Windows host is affected by an elevation of privilege vulnerability.

Description

The remote Windows host is missing a security update. It is, therefore, affected by an elevation of privilege
vulnerability in the Pragmatic General Multicast (PGM) protocol, installed with the MSMQ service, due to a race
condition that can result in references being made to already freed memory. An local attacker can exploit this,
via a specially crafted application, to gain elevated privileges on the affected host.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-133

Solution

Microsoft has released a set of patches for Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.

Risk Factor

High

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

5.3 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 78509
CVE CVE-2015-6126
MSKB 3109103
MSKB 3116869
MSKB 3116900
XREF MSFT:MS15-133
XREF IAVA:2015-A-0304
Plugin Information

Published: 2015/12/08, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3109103
- C:\Windows\system32\drivers\Rmcast.sys has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.18119
87264 - MS15-135: Security Update for Windows Kernel-Mode Drivers to Address Elevation of
Privilege (3119075)

Synopsis

The remote Windows host is affected by multiple elevation of privilege vulnerabilities.

Description

The remote Windows host is affected by multiple elevation of privilege vulnerabilities due to improper handling of
objects in memory by the Windows kernel. An authenticated, remote attacker can exploit these vulnerabilities by
running a specially crafted application, resulting in an elevation of privileges.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-135

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2,
and 10.

Risk Factor

High

CVSS Base Score

9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Temporal Score

7.4 (CVSS2#E:F/RL:OF/RC:C)

STIG Severity

References

BID 78506
BID 78510
BID 78513
BID 78514
CVE CVE-2015-6171
CVE CVE-2015-6173
CVE CVE-2015-6174
CVE CVE-2015-6175
MSKB 3109094
MSKB 3116869
MSKB 3116900
XREF MSFT:MS15-135
XREF IAVA:2015-A-0299

Exploitable With

Core Impact (true)

Plugin Information

Published: 2015/12/08, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3109094
- C:\Windows\system32\win32k.sys has not been patched.
Remote version : 6.3.9600.16650
Should be : 6.3.9600.18123
87892 - MS16-005: Security Update for Windows Kernel-Mode Drivers to Address Remote Code
Execution (3124584)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in the Windows graphics device interface due to improper
handling of objects in memory. An attacker can exploit this to bypass the Address Space Layout Randomization
(ASLR) feature, resulting in the ability to predict memory offsets in a call stack. (CVE-2016-0008)

- A remote code execution vulnerability exists due to improper handling of objects in memory. An attacker can
exploit this vulnerability by convincing a user to visit a specially crafted website, resulting in execution of arbitrary
code in the context of the current user.
(CVE-2016-0008)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-005

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2,
and 10.

Note that Windows 10 with Citrix XenDesktop installed will not be offered the patch due to an issue with the
XenDesktop software that prevents users from logging on when the patch is applied. To apply the patch you
must first uninstall XenDesktop or contact Citrix for help with the issue.

Risk Factor

High

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

5.3 (CVSS2#E:U/RL:OF/RC:C)

References

BID 79885
BID 79887
CVE CVE-2016-0008
CVE CVE-2016-0009
MSKB 3124000
MSKB 3124001
MSKB 3124263
MSKB 3124266
XREF MSFT:MS16-005

Plugin Information

Published: 2016/01/13, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3124001
- C:\Windows\system32\gdi32.dll has not been patched.
Remote version : 6.3.9600.16421
Should be : 6.3.9600.18155

192.168.100.4 330
87890 - MS16-007: Security Update for Microsoft Windows to Address Remote Code Execution
(3124901)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple elevation of privilege vulnerabilities exist due to improper validation of user-supplied input before
loading DLL files. A local attacker can exploit these, via a crafted application, to elevate their privileges and take
control of the affected system. (CVE-2016-0014, CVE-2016-0020)

- A remote code execution vulnerability exists in DirectShow due to improper validation of user-supplied input. A
remote attacker can exploit this, by convincing a user to open a specially crafted file, to execute arbitrary code in
the context of the current user, resulting in taking control of the affected system.
(CVE-2016-0015)

- Multiple remote code execution vulnerabilities exist due to improper validation of user-supplied input before
loading DLL files. A local attacker can exploit these, via a specially crafted application, to execute arbitrary code.
(CVE-2016-0016, CVE-2016-0018)

- A security bypass vulnerability exists in the Windows Remote Desktop Protocol (RDP) due to a failure to
prevent remote logons to accounts that have no passwords set. A remote attacker can exploit this, by using an
older version of the RDP client to connect to a Windows 10 host, to generate a list of user accounts.
(CVE-2016-0019)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-007

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2,
and 10.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

192.168.100.4 33
CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

STIG Severity

References

BID 79896
BID 79900
BID 79902
BID 79906
BID 79908
BID 79909
CVE CVE-2016-0014
CVE CVE-2016-0015
CVE CVE-2016-0016
CVE CVE-2016-0018
CVE CVE-2016-0019
CVE CVE-2016-0020
MSKB 3108664
MSKB 3109560
MSKB 3110329
MSKB 3121461
MSKB 3121918
MSKB 3124263
MSKB 3124266
MSKB 3124901
XREF MSFT:MS16-007
XREF IAVA:2016-A-0014

Plugin Information

Published: 2016/01/13, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3121918
- C:\Windows\system32\advapi32.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.18155
KB : 3121918
- C:\Windows\system32\advapi32.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.18155
87881 - MS16-008: Security Update for Windows Kernel to Address Elevation of Privilege (3124605)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege
vulnerabilities due to improper validation of reparse points that have been set by sandbox applications. A local
attacker can exploit these vulnerabilities, via a crafted application, to gain elevated privileges and take complete
control of the affected system.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-008

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2,
and 10.

Risk Factor

High

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.3 (CVSS2#E:H/RL:OF/RC:C)

References

BID 79882
BID 79898
CVE CVE-2016-0006
CVE CVE-2016-0007
MSKB 3121212
MSKB 3124263
MSKB 3124266
XREF MSFT:MS16-008
Plugin Information

Published: 2016/01/12, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3121212
- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.3.9600.16452
Should be : 6.3.9600.18185
88646 - MS16-014: Security Update for Microsoft Windows to Address Remote Code Execution
(3134228)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists in the Windows kernel due to improper handling of objects in
memory. A local attacker can exploit this, via a crafted application, to run arbitrary code in kernel mode and
therefore take control of the affected system.
(CVE-2016-0040)

- Multiple code execution vulnerabilities exist due to improper validation of user-supplied input when loading
DLL files. A local attacker can exploit these, via a specially crafted application, to execute arbitrary code.
(CVE-2016-0041, CVE-2016-0042)

- A denial of service vulnerability exists in Microsoft Sync Framework due to improper processing of crafted input
that uses the 'change batch' structure. An authenticated, remote attacker can exploit this, via specially crafted
packets sent to the SyncShareSvc service, to cause the service to stop responding.
(CVE-2016-0044)

- A security feature bypass vulnerability exists when Kerberos fails to check the password change of a user
signing into a workstation. An attacker can exploit this, by connecting the workstation to a malicious Kerberos
Key distribution Center, to bypass Kerberos authentication on a target machine, thus allowing decryption of
drives protected by BitLocker.
(CVE-2016-0049)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-014

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and
10.

Risk Factor

High

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.0 (CVSS2#E:F/RL:OF/RC:C)

STIG Severity

References

BID 82505
BID 82510
BID 82511
BID 82515
CVE CVE-2016-0040
CVE CVE-2016-0041
CVE CVE-2016-0042
CVE CVE-2016-0044
CVE CVE-2016-0049
MSKB 3126041
MSKB 3126587
MSKB 3126593
MSKB 3126434
MSKB 3135174
MSKB 3135173
XREF MSFT:MS16-014
XREF IAVA:2016-A-0050

Exploitable With

Core Impact (true) Metasploit (true)

Plugin Information

Published: 2016/02/09, Modified: 2019/09/06

Plugin Output

tcp/445

KB : 3126587
- C:\Windows\system32\cfgbkend.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.18192

KB : 3126593
- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.3.9600.16452
Should be : 6.3.9600.18192
KB : 3126434
- C:\Windows\system32\winsync.dll has not been patched.
Remote version : 2007.94.9600.16384
Should be : 2007.94.9600.18183

KB : 3126041
- C:\Windows\system32\kerberos.dll has not been patched.
Remote version : 6.3.9600.16408
Should be : 6.3.9600.18192
88649 - MS16-017: Security Update for Remote Desktop Display Driver to Address Elevation of
Privilege (3134700)

Synopsis

The remote Windows host is affected by an elevation of privilege vulnerability.

Description

The remote Windows host is affected by an elevation of privilege vulnerability in the Remote Desktop Protocol
(RDP) due to improper handling of objects in memory. An authenticated, remote attacker can exploit this
by logging on via RDP and sending specially crafted data over the authenticated connection, resulting in an
elevation of privilege.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-017

Solution

Microsoft has released a set of patches for Windows 7, 2012, 8.1, 2012 R2, and 10.

Risk Factor

High

CVSS Base Score

9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Temporal Score

6.7 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 82799
CVE CVE-2016-0036
MSKB 3126446
MSKB 3135174
XREF MSFT:MS16-017
XREF IAVA:2016-A-0048
Plugin Information

Published: 2016/02/09, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3126446
- C:\Windows\system32\rdpudd.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.18167

192.168.100.4 340
88650 - MS16-018: Security Update for Windows Kernel-Mode Drivers to Address Elevation of
Privilege (3136082)

Synopsis

The remote Windows host is affected by an elevation of privilege vulnerability.

Description

The remote Windows host is missing a security update. It is, therefore, affected by an elevation of privilege
vulnerability in the Windows kernel-mode driver due to improper handling of objects in memory. An
authenticated, remote attacker can exploit this, via a specially crafted application, to execute arbitrary code in
kernel mode.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-018

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and
10.

Risk Factor

High

CVSS Base Score

9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Temporal Score

6.7 (CVSS2#E:U/RL:OF/RC:C)

References

BID 82708
CVE CVE-2016-0048
MSKB 3134214
MSKB 3135174
MSKB 3135173
XREF MSFT:MS16-018

Plugin Information

Published: 2016/02/09, Modified: 2018/11/15

192.168.100.4 34
Plugin Output

tcp/445

KB : 3134214
- C:\Windows\system32\win32k.sys has not been patched.
Remote version : 6.3.9600.16650
Should be : 6.3.9600.18190
89749 - MS16-026: Security Update for Graphic Fonts to Address Remote Code Execution (3143148)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is affected by multiple vulnerabilities in the Adobe Type Manager Library :

- A denial of service vulnerability exists due to improper handling of OpenType fonts. A remote attacker can
exploit this vulnerability by convincing a user to open a file or visit a website containing specially crafted
embedded OpenType fonts, resulting in a denial of service condition. (CVE-2016-0120)

- A remote code execution vulnerability exists due to improper handling of specially crafted fonts. A remote
attacker can exploit this vulnerability by convincing a user to open a file or visit a website containing specially
crafted embedded OpenType fonts, resulting in the execution of arbitrary code in the context of the current user.
(CVE-2016-0121)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-026

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and
10.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

7.3 (CVSS2#E:POC/RL:OF/RC:C)

References

BID 84027
BID 84071
CVE CVE-2016-0120
CVE CVE-2016-0121
MSKB 3140735
MSKB 3140745
MSKB 3140768
XREF MSFT:MS16-026

Plugin Information

Published: 2016/03/08, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3140735
- C:\Windows\system32\atmfd.dll has not been patched.
Remote version : 5.1.2.238
Should be : 5.1.2.247
89751 - MS16-028: Security Update for Microsoft Windows PDF Library to Address Remote Code
Execution (3143081)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple remote code
execution vulnerabilities in the Windows PDF library. A remote attacker can exploit these, by convincing user to
open a specially crafted PDF file, to execute arbitrary code in the context of the current user.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-028

Solution

Microsoft has released a set of patches for Windows 2012, 8.1, 2012 R2, and 10.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.9 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 84109
BID 84112
CVE CVE-2016-0117
CVE CVE-2016-0118
MSKB 3137513
MSKB 3140745
MSKB 3140768
XREF MSFT:MS16-028
XREF IAVA:2016-A-0066

Plugin Information

Published: 2016/03/08, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3137513
- C:\Windows\system32\windows.data.pdf.dll has not been patched.
Remote version : 6.3.9600.16408
Should be : 6.3.9600.18229
89753 - MS16-030: Security Update for Windows OLE to Address Remote Code Execution (3143136)

Synopsis

The remote Windows host is affected by multiple remote code execution vulnerabilities.

Description

The remote Windows host is affected by multiple remote code execution vulnerabilities in Microsoft Windows
OLE due to improper validation of user-supplied input. A remote attacker can exploit this vulnerability by
convincing a user to open a specially crafted file, resulting in the execution of arbitrary code in the context of the
current user.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-030

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, 2012 R2, and 10.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.9 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 83944
BID 84125
CVE CVE-2016-0091
CVE CVE-2016-0092
MSKB 3139940
MSKB 3140745
MSKB 3140768
XREF MSFT:MS16-030
XREF IAVA:2016-A-0062

Plugin Information

Published: 2016/03/08, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3139940
- C:\Windows\system32\ole32.dll has not been patched.
Remote version : 6.3.9600.16408
Should be : 6.3.9600.18227
89755 - MS16-032: Security Update for Secondary Logon to Address Elevation of Privilege (3143141)

Synopsis

The remote Windows host is affected by an elevation of privilege vulnerability.

Description

The remote Windows host is affected by an elevation of privilege vulnerability in the Windows Secondary Logon
Service due to improper management of request handles in memory. An authenticated, remote attacker can
exploit this, via a specially crafted application, to elevate privileges, allowing the execution of arbitrary code.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-032

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and
10.

Risk Factor

High

CVSS Base Score

9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Temporal Score

7.8 (CVSS2#E:H/RL:OF/RC:C)

STIG Severity

References

BID 84034
CVE CVE-2016-0099
MSKB 3139914
MSKB 3140768
MSKB 3140745
XREF MSFT:MS16-032
XREF IAVB:2016-B-0049
Exploitable With

CANVAS (true) Core Impact (true) Metasploit (true)

Plugin Information

Published: 2016/03/08, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3139914
- C:\Windows\system32\seclogon.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.18230

192.168.100.4 350
89779 - MS16-033: Security Update for Windows USB Mass Storage Class Driver to Address
Elevation of Privilege (3143142)

Synopsis

The remote host is affected by an elevation of privilege vulnerability.

Description

The remote Windows host is missing a security update. It is, therefore, affected by a flaw in the Windows USB
Mass Storage Class driver due to improper validation of objects in memory. A local attacker can exploit this, via
a specially crafted USB device, to elevate privileges, allowing the execution of arbitrary code.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-033

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and
10.

Risk Factor

High

CVSS v3.0 Base Score

6.8 (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

5.9 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

5.3 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 84035

192.168.100.4 35
CVE CVE-2016-0133
MSKB 3139398
MSKB 3140745
MSKB 3140768
XREF MSFT:MS16-033
XREF IAVB:2016-B-0048

Plugin Information

Published: 2016/03/09, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3139398
- C:\Windows\system32\drivers\usbstor.sys has not been patched.
Remote version : 6.3.9600.16475
Should be : 6.3.9600.18224
89756 - MS16-034: Security Update for Windows Kernel-Mode Drivers to Address Elevation of
Privilege (3143145)

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple flaws in the Win32k
kernel-mode driver due to improper handling of objects in memory. An authenticated, remote attacker can exploit
these, via a specially crafted application, to elevate privileges, allowing the execution of arbitrary code in kernel
mode.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-034

Solution

Microsoft has released a set of patches for Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.

Risk Factor

High

CVSS Base Score

9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Temporal Score

7.0 (CVSS2#E:POC/RL:OF/RC:C)

References

BID 84054
BID 84066
BID 84069
BID 84072
CVE CVE-2016-0093
CVE CVE-2016-0094
CVE CVE-2016-0095
CVE CVE-2016-0096
MSKB 3140768
MSKB 3139852
MSKB 3143145
MSKB 3140745
XREF MSFT:MS16-034

Plugin Information

Published: 2016/03/08, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3139852
- C:\Windows\system32\win32k.sys has not been patched.
Remote version : 6.3.9600.16650
Should be : 6.3.9600.18228
90433 - MS16-039: Security Update for Microsoft Graphics Component (3148522)

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver due to a failure to properly
handle objects in memory. An attacker can exploit these vulnerabilities to execute arbitrary code in kernel mode.
(CVE-2016-0143, CVE-2016-0165, CVE-2016-0167)

- A remote code execution vulnerability exists in the Windows font library due to improper handling of embedded
fonts. An attacker can exploit this vulnerability by convincing a user to open a file or visit a website containing
specially crafted embedded fonts, resulting in the execution of arbitrary code in the context of the current user.
(CVE-2016-0145)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-039

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and
10. Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Word Viewer, Skype for
Business 2016, Lync 2010, Lync 2013, Live Meeting 2007 Console, .NET framework 3.0 SP2, .NET framework
3.5, and .NET framework 3.5.1.

Risk Factor

High

CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

8.1 (CVSS:3.0/E:F/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

7.7 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity

References

BID 85896
BID 85899
BID 85900
BID 85903
CVE CVE-2016-0143
CVE CVE-2016-0145
CVE CVE-2016-0165
CVE CVE-2016-0167
MSKB 3145739
MSKB 3147461
MSKB 3147458
MSKB 3114542
MSKB 3114566
MSKB 3114985
MSKB 3142041
MSKB 3142042
MSKB 3142045
MSKB 3142043
MSKB 3114960
MSKB 3114944
MSKB 3144427
MSKB 3144428
MSKB 3144429
MSKB 3144432
MSKB 4038788
XREF MSFT:MS16-039
XREF IAVA:2016-A-0091

Exploitable With

Core Impact (true)

Plugin Information

Published: 2016/04/12, Modified: 2018/11/15

Plugin Output

tcp/445
KB : 3145739
- C:\Windows\system32\win32k.sys has not been patched.
Remote version : 6.3.9600.16650
Should be : 6.3.9600.18290
90434 - MS16-040: Security Update for Microsoft XML Core Services (3148541)

Synopsis

The remote host is affected by a remote code execution vulnerability.

Description

The remote Windows host is affected by a remote code execution vulnerability in the Microsoft XML Core
Services (MSXML) parser due to improper validation of user-supplied input. An unauthenticated, remote attacker
can exploit this vulnerability, by convincing a user to visit a specially-crafted website that is designed to invoke
MSXML through Internet Explorer, to execute arbitrary code in the context of the current user.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-040

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and
10.

Risk Factor

High

CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.7 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.9 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 85909
CVE CVE-2016-0147
MSKB 3146963
MSKB 3147458
MSKB 3147461
XREF MSFT:MS16-040
XREF IAVA:2016-A-0092

Plugin Information

Published: 2016/04/12, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3146963
- C:\Windows\system32\Msxml3.dll has not been patched.
Remote version : 8.110.9600.16483
Should be : 8.110.9600.18258
90437 - MS16-044: Security Update for Windows OLE (3146706)

Synopsis

The remote Windows host is affected by a remote code execution vulnerability.

Description

The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution
vulnerability in Windows OLE due to improper validation of user-supplied input. An unauthenticated, remote
attacker can exploit this vulnerability by convincing a user to open a specially crafted file, resulting in the
execution of arbitrary code in the context of the current user.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-044

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, and 2012 R2.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.9 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 85912
CVE CVE-2016-0153
MSKB 3146706
XREF MSFT:MS16-044
XREF IAVB:2016-B-0068

Plugin Information

Published: 2016/04/12, Modified: 2018/11/15

192.168.100.4 360
Plugin Output

tcp/445

KB : 3146706
- C:\Windows\system32\ole32.dll has not been patched.
Remote version : 6.3.9600.16408
Should be : 6.3.9600.18256

192.168.100.4 36
90441 - MS16-048: Security Update for CSRSS (3148528)

Synopsis

The remote host is affected by a security feature bypass vulnerability.

Description

The remote Windows host is missing a security update. It is, therefore, affected by a security feature bypass
vulnerability in the Client-Server Run-time Subsystem (CSRSS) due to improper management of process tokens
in memory. A local attacker can exploit this vulnerability, via a specially crafted application, to escalate privileges
and execute arbitrary code as an administrator.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-048

Solution

Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, and 10.

Risk Factor

High

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.3 (CVSS2#E:H/RL:OF/RC:C)

STIG Severity

References

BID 85913
CVE CVE-2016-0151
MSKB 3146723
MSKB 3147458
MSKB 3147461
XREF MSFT:MS16-048
XREF IAVB:2016-B-0065
Plugin Information

Published: 2016/04/12, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3146723
- C:\Windows\system32\basesrv.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.18258
91005 - MS16-055: Security Update for Microsoft Graphics Component (3156754)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple information disclosure vulnerabilities exist in the Windows Graphics component. An unauthenticated,
remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website or
open open a specially crafted document, resulting in the disclosure of memory contents. (CVE-2016-0168,
CVE-2016-0169)

- A remote code execution vulnerability exists in the Windows Graphics component due to improper handling
of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user t
visit a specially crafted website or open open a specially crafted document, resulting in the execution of arbitrary
code in the context of the current user.
(CVE-2016-0170)

- A remote code execution vulnerability exists in the Direct3D component due to a use-after-free error. An
unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted
website or open open a specially crafted document, resulting in the execution of arbitrary code in the context of
the current user. (CVE-2016-0184)

- A remote code execution vulnerability exists in the Windows Imaging component due to improper handling
of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user t
visit a specially crafted website or open open a specially crafted document, resulting in the execution of arbitrary
code in the context of the current user.
(CVE-2016-0195)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-055

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and
10.

Risk Factor

High

CVSS v3.0 Base Score

8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.7 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

References

BID 89862
BID 89863
BID 89864
BID 89892
BID 89901
CVE CVE-2016-0168
CVE CVE-2016-0169
CVE CVE-2016-0170
CVE CVE-2016-0184
CVE CVE-2016-0195
MSKB 3156013
MSKB 3156016
MSKB 3156019
MSKB 3156387
MSKB 3156421
XREF MSFT:MS16-055

Plugin Information

Published: 2016/05/10, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3156019
- C:\Windows\system32\Windowscodecs.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.18302
91007 - MS16-057: Security Update for Windows Shell (3156987)

Synopsis

The remote host is affected by a remote code execution vulnerability.

Description

The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution
vulnerability in Windows Shell due to improper handling of objects in memory. An unauthenticated, remote
attacker can exploit this vulnerability by convincing a user to visit a crafted website, resulting in the execution of
arbitrary code in the context of the current user.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-057

Solution

Microsoft has released a set of patches for Windows 8.1, RT 8.1, 2012 R2, and 10.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.9 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 89868
CVE CVE-2016-0179
MSKB 3156059
MSKB 3156387
MSKB 3156421
XREF MSFT:MS16-057
XREF IAVA:2016-A-0131
Plugin Information

Published: 2016/05/10, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3156059
- C:\Windows\system32\Windows.ui.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.18302
91010 - MS16-060: Security Update for Windows Kernel (3154846)

Synopsis

The remote Windows host is affected by a privilege escalation vulnerability.

Description

The remote Windows host is missing a security update. It is, therefore, affected by a privilege escalation
vulnerability due to improper parsing of certain symbolic links. A local attacker can exploit this vulnerability, via a
specially crafted application, to access privileged registry keys, resulting in an elevation of privileges.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-060

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, RT, 2012, 8.1, RT 8.1, 2012 R2,
and 10.

Risk Factor

High

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

5.3 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 90028
CVE CVE-2016-0180
MSKB 3153171
MSKB 3156387
MSKB 3156421
XREF MSFT:MS16-060
XREF IAVA:2016-A-0126
Plugin Information

Published: 2016/05/10, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3153171
- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.3.9600.16452
Should be : 6.3.9600.18289
91011 - MS16-061: Security Update for Microsoft RPC (3155520)

Synopsis

The remote Windows host is affected by a remote code execution vulnerability.

Description

The remote Windows host is affected by a remote code execution vulnerability in the Microsoft RPC Network
Data Representation (NDR) Engine due to improper handling of memory. An authenticated, remote attacker can
exploit this vulnerability, via malformed RPC requests, to execute arbitrary code.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-061

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and
10.

Risk Factor

High

CVSS Base Score

9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Temporal Score

6.7 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 90032
CVE CVE-2016-0178
MSKB 3153171
MSKB 3153704
MSKB 3156387
MSKB 3156421
XREF MSFT:MS16-061
XREF IAVA:2016-A-0130

192.168.100.4 370
Plugin Information

Published: 2016/05/10, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3153704
- C:\Windows\system32\Rpcrt4.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.18292

192.168.100.4 37
91012 - MS16-062: Security Update for Windows Kernel-Mode Drivers (3158222)

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple privilege escalation vulnerabilities exist in the Windows kernel-mode driver due to a failure to properly
handle objects in memory. An authenticated, remote attacker can exploit this, via a crafted application, to
execute arbitrary code. (CVE-2016-0171, CVE-2016-0173, CVE-2016-0174, CVE-2016-0196)

- A security feature bypass vulnerability exists in the Windows kernel. An authenticated, remote attacker can
exploit this, via a crafted application, to bypass the Kernel Address Space Layout Randomization (KASLR)
feature and retrieve the memory address of a kernel object. (CVE-2016-0175)

- A privilege escalation vulnerability exists in the DirectX Graphics kernel subsystem due to a failure to properly
handle objects in memory. An authenticated, remote attacker can exploit this, via a crafted application, to
execute arbitrary code. (CVE-2016-0176)

- A privilege escalation vulnerability exists in the DirectX Graphics kernel subsystem due to a failure to correctly
map kernel memory and to handle objects in memory. An authenticated, remote attacker can exploit this, via a
crafted application, to execute arbitrary code. (CVE-2016-0197)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-062

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and
10.

Risk Factor

High

CVSS Base Score

9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Temporal Score

7.0 (CVSS2#E:POC/RL:OF/RC:C)

References

BID 89860
BID 90027
BID 90052
BID 90064
BID 90065
BID 90101
BID 90102
CVE CVE-2016-0171
CVE CVE-2016-0173
CVE CVE-2016-0174
CVE CVE-2016-0175
CVE CVE-2016-0176
CVE CVE-2016-0196
CVE CVE-2016-0197
MSKB 3153199
MSKB 3156017
MSKB 3156387
MSKB 3156421
MSKB 3158222
XREF MSFT:MS16-062

Plugin Information

Published: 2016/05/10, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3153199
- C:\Windows\system32\win32k.sys has not been patched.
Remote version : 6.3.9600.16650
Should be : 6.3.9600.18302
91596 - MS16-063: Cumulative Security Update for Internet Explorer (3163649)

Synopsis

The remote host has a web browser installed that is affected by multiple vulnerabilities.

Description

The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3163649. It
is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities.
An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted
website, resulting in the execution of arbitrary code in the context of the current user.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-063

Solution

Microsoft has released a set of patches for Internet Explorer 9, 10, and 11.

Note that the security update in MS16-077 must also be installed in order to fully resolve CVE-2016-3213.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

References

BID 91101
BID 91102
BID 91103
BID 91108
BID 91109
BID 91110
BID 91111
BID 91112
CVE CVE-2016-0199
CVE CVE-2016-0200
CVE CVE-2016-3202
CVE CVE-2016-3205
CVE CVE-2016-3206
CVE CVE-2016-3207
CVE CVE-2016-3210
CVE CVE-2016-3211
CVE CVE-2016-3212
CVE CVE-2016-3213
MSKB 3160005
MSKB 3163017
MSKB 3163018
XREF MSFT:MS16-063

Exploitable With

Core Impact (true)

Plugin Information

Published: 2016/06/14, Modified: 2018/11/15

Plugin Output

tcp/445

The remote host is missing MS16-077.

91600 - MS16-072: Security Update for Group Policy (3163622)

Synopsis

The remote host is affected by an elevation of privilege vulnerability.

Description

The remote Windows host is missing a security update. It is, therefore, affected by an elevation of privilege
vulnerability due to a lack of Kerberos authentication for certain calls over LDAP when processing group policy
updates. A man-in-the-middle attacker can exploit this vulnerability to create arbitrary group policies and grant a
standard user elevated, administrative privileges.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-072

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and
10.

Risk Factor

High

CVSS Base Score

7.1 (CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C)

CVSS Temporal Score

5.6 (CVSS2#E:POC/RL:OF/RC:C)

STIG Severity

References

BID 91119
CVE CVE-2016-3223
MSKB 3159398
MSKB 3163017
MSKB 3163018
XREF MSFT:MS16-072
XREF IAVA:2016-A-0155
Plugin Information

Published: 2016/06/14, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3159398
- C:\Windows\system32\gpprefcl.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.18339
91601 - MS16-073: Security Update for Windows Kernel-Mode Drivers (3164028)

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple elevation of privilege vulnerabilities exist in the kernel-mode driver due to improper handling of objects
in memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to run
arbitrary code in kernel mode. (CVE-2016-3218, CVE-2016-3221)

- An information disclosure vulnerability exists in the Windows Virtual PCI (VPCI) virtual service provider (VSP)
due to improper handling of uninitialized memory.
An authenticated, remote attacker can exploit this, via a specially crafted application, to disclose sensitive
memory contents. (CVE-2016-3232)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-073

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and
10.

Risk Factor

High

CVSS Base Score

9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Temporal Score

6.7 (CVSS2#E:U/RL:OF/RC:C)

References

BID 91121
BID 91122
BID 91123
CVE CVE-2016-3218
CVE CVE-2016-3221
CVE CVE-2016-3232
MSKB 3161664
MSKB 3164294
MSKB 3163017
MSKB 3163018
XREF MSFT:MS16-073

Plugin Information

Published: 2016/06/14, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3164294
- C:\Windows\system32\drivers\vpcivsp.sys has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.18340

KB : 3161664
- C:\Windows\system32\win32k.sys has not been patched.
Remote version : 6.3.9600.16650
Should be : 6.3.9600.18340
91602 - MS16-074: Security Update for Microsoft Graphics Component (3164036)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in the Windows Graphics Component due to a failure to properly
handle objects in memory. A local attacker can exploit this to disclose memory contents. (CVE-2016-3216)

- An elevation of privilege vulnerability exists due to a failure to properly handle objects in memory. A local
attacker can exploit this vulnerability, via a specially crafted application, to run processes in an elevated context.
(CVE-2016-3219)

- An elevation of privilege vulnerability exists in the Adobe Type Manager Font Driver due to improper handling
of objects in memory. A local attacker can exploit this vulnerability, via a specially crafted application, to execute
arbitrary code in an elevated context.
(CVE-2016-3220)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-074

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and
10.

Risk Factor

High

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

5.6 (CVSS2#E:POC/RL:OF/RC:C)

STIG Severity

References

BID 91083

192.168.100.4 380
CVE CVE-2016-3216
CVE CVE-2016-3219
CVE CVE-2016-3220
MSKB 3164033
MSKB 3164035
MSKB 3163017
MSKB 3163018
XREF MSFT:MS16-074
XREF IAVA:2016-A-0149

Plugin Information

Published: 2016/06/14, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3164033
- C:\Windows\system32\atmfd.dll has not been patched.
Remote version : 5.1.2.238
Should be : 5.1.2.248

192.168.100.4 38
91603 - MS16-075: Security Update for Windows SMB Server (3164038)

Synopsis

The remote Windows host is affected by an elevation of privilege vulnerability.

Description

The remote Windows host is missing a security update. It is, therefore, affected by an elevation of privilege
vulnerability in the Microsoft Server Message Block (SMB) server when handling forwarded credential requests
that are intended for another service running on the same host. An authenticated attacker can exploit this, via a
specially crafted application, to execute arbitrary code with elevated permissions.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-075

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and
10.

Risk Factor

High

CVSS Base Score

9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Temporal Score

7.4 (CVSS2#E:F/RL:OF/RC:C)

STIG Severity

References

BID 91080
CVE CVE-2016-3225
MSKB 3161561
MSKB 3163017
MSKB 3163018
XREF MSFT:MS16-075
XREF IAVA:2016-A-0150
Exploitable With

Core Impact (true) Metasploit (true)

Plugin Information

Published: 2016/06/14, Modified: 2019/08/23

Plugin Output

tcp/445

KB : 3161561
- C:\Windows\system32\drivers\srvnet.sys has not been patched.
Remote version : 6.3.9600.16401
Should be : 6.3.9600.18340
91604 - MS16-076: Security Update for Netlogon (3167691)

Synopsis

The remote Windows host is affected by a remote code execution vulnerability.

Description

The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution
vulnerability due to improper handling of objects in memory. A domain-authenticated attacker can exploit this, via
a specially crafted Netlogon request to a domain controller, to execute arbitrary code.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-076

Solution

Microsoft has released a set of patches for Windows 2008, 2008 R2, 2012, and 2012 R2.

Risk Factor

High

CVSS Base Score

9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Temporal Score

6.7 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 91120
CVE CVE-2016-3228
MSKB 3161561
MSKB 3162343
XREF MSFT:MS16-076
XREF IAVA:2016-A-0152

Plugin Information

Published: 2016/06/14, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3162343
- C:\Windows\system32\wdigest.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.18334
91607 - MS16-080: Security Update for Microsoft Windows PDF (3164302)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple information disclosure vulnerabilities exist due to improper parsing of .pdf files. An unauthenticated,
remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted .pdf file,
resulting in the disclosure of sensitive information in the context of the current user. (CVE-2016-3201,
CVE-2016-3215)

- A remote code execution vulnerability exists due to improper parsing of .pdf files. An unauthenticated, remote
attacker can exploit this vulnerability by convincing a user to open a specially crafted .pdf file, resulting in the
execution of arbitrary code in the context of the current user. (CVE-2016-3203)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-080

Solution

Microsoft has released a set of patches for Windows 2012, 8.1, 2012 R2, and 10.

Risk Factor

High

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.9 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 91086
BID 91087
CVE CVE-2016-3201
CVE CVE-2016-3203
CVE CVE-2016-3215
MSKB 3157569
MSKB 3163017
MSKB 3163018
XREF MSFT:MS16-080
XREF IAVB:2016-B-0102

Plugin Information

Published: 2016/06/14, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3157569
- C:\Windows\system32\glcndfilter.dll has not been patched.
Remote version : 6.3.9600.16408
Should be : 6.3.9600.18336
92018 - MS16-087: Security Update for Windows Print Spooler (3170005)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in the Windows Print Spooler service due to improper validation
of print drivers while installing a printer from network servers. An unauthenticated, remote attacker can exploit
this vulnerability, via a man-in-the-middle attack on a workstation or print server or via a rogue print server, to
execute arbitrary code in the context of the current user. (CVE-2016-3238)

- An elevation of privilege vulnerability exists in the Windows Print Spooler service due to improperly allowing
arbitrary writing to the file system. An attacker can exploit this issue, via a specially crafted script or application,
to execute arbitrary code with elevated system privileges. (CVE-2016-3239)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-087

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and
10.

Risk Factor

High

CVSS v3.0 Base Score

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.9 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity
II

References

BID 91609
BID 91612
CVE CVE-2016-3238
CVE CVE-2016-3239
MSKB 3170455
MSKB 4038777
MSKB 4038779
MSKB 4038781
MSKB 4038782
MSKB 4038783
MSKB 4038786
MSKB 4038792
MSKB 4038793
MSKB 4038799
XREF MSFT:MS16-087
XREF IAVA:2016-A-0181

Plugin Information

Published: 2016/07/12, Modified: 2018/11/15

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4038792
- 4038793

C:\Windows\system32\ntoskrnl.exe has not been patched.

Remote version : 6.3.9600.16452
Should be : 6.3.9600.18790
92021 - MS16-090: Security Update for Windows Kernel-Mode Drivers (3171481)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple elevation of privilege vulnerabilities exist in the kernel-mode driver due to improper handling of
objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application,
to run arbitrary code in kernel mode. (CVE-2016-3249, CVE-2016-3250, CVE-2016-3252, CVE-2016-3254,
CVE-2016-3286)

- An information disclosure vulnerability exists in the Windows GDI component due improper handling of objects
in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to disclose
kernel memory addresses. (CVE-2016-3251)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-090

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, 2012 R2, and 10.

Risk Factor

High

CVSS Base Score

9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Temporal Score

7.8 (CVSS2#E:H/RL:OF/RC:C)

References

BID 91597
BID 91600
BID 91613
BID 91614
BID 91615
BID 91616
CVE CVE-2016-3249

192.168.100.4 390
CVE CVE-2016-3250
CVE CVE-2016-3251
CVE CVE-2016-3252
CVE CVE-2016-3254
CVE CVE-2016-3286
MSKB 3163912
MSKB 3168965
MSKB 3172985
XREF MSFT:MS16-090

Plugin Information

Published: 2016/07/12, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3168965
- C:\Windows\system32\win32k.sys has not been patched.
Remote version : 6.3.9600.16650
Should be : 6.3.9600.18377

192.168.100.4 39
92025 - MS16-094: Security Update for Secure Boot (3177404)

Synopsis

The remote host is affected by a security bypass vulnerability.

Description

The remote Windows host is missing a security update. It is, therefore, affected by a security bypass vulnerability
in the Secure Boot component due to improperly applying an affected policy. An attacker who has either
administrative privileges or access to the host can exploit this issue, via installing a crafted policy, to disable
code integrity checks, thus allowing test-signed executables and drivers to be loaded on the target host.
Moreover, the attacker can exploit this issue to bypass the Secure Boot integrity validation for BitLocker and the
device encryption security features.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-094

Solution

Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, and 10

Risk Factor

High

CVSS Base Score

9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Temporal Score

6.7 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 91604
CVE CVE-2016-3287
MSKB 3172727
MSKB 3163912
MSKB 3172985
XREF MSFT:MS16-094
XREF IAVB:2016-B-0112
Plugin Information

Published: 2016/07/12, Modified: 2018/11/15

Plugin Output

tcp/445

The relevant update does not appear to be installed. This was

determined by checking the contents of :

C:\Windows\System32\CodeIntegrity\driver.stl
92843 - MS16-097: Security Update for Microsoft Graphics Component (3177393)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities
in the Graphics component due to improper handling of embedded fonts by the Windows font library. An
unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to visit a malicious
website or open a specially crafted document file, to execute arbitrary code in the context of the current user.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-097

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and
10.

Risk Factor

High

CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.9 (CVSS:3.0/E:P/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

7.3 (CVSS2#E:POC/RL:OF/RC:C)

STIG Severity

References

BID 92288
BID 92301
BID 92302
CVE CVE-2016-3301
CVE CVE-2016-3303
CVE CVE-2016-3304
MSKB 3174301
MSKB 3178034
MSKB 3176492
MSKB 3176493
MSKB 3176495
MSKB 3115109
MSKB 3115131
MSKB 3115481
MSKB 3115408
MSKB 3115431
MSKB 3174302
MSKB 3174304
MSKB 3174305
XREF MSFT:MS16-097
XREF IAVA:2016-A-0205

Plugin Information

Published: 2016/08/10, Modified: 2019/05/29

Plugin Output

tcp/445

KB : 3178034
None of the versions of 'GdiPlus.dll' under C:\Windows\WinSxS
have been patched.
Fixed version : 6.3.9600.18405
92821 - MS16-098: Security Update for Windows Kernel-Mode Drivers (3178466)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities in the
Windows kernel-mode driver due to a failure to properly handle objects in memory. An authenticated, remote
attacker can exploit these issues, via a crafted application, to execute arbitrary code in kernel mode.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-098

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and
10.

Risk Factor

High

CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

8.4 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Temporal Score

7.8 (CVSS2#E:H/RL:OF/RC:C)

STIG Severity

References

BID 92295
BID 92297
BID 92298
BID 92299
CVE CVE-2016-3308
CVE CVE-2016-3309
CVE CVE-2016-3310
CVE CVE-2016-3311
MSKB 3177725
MSKB 3176492
MSKB 3176493
MSKB 3176495
XREF MSFT:MS16-098
XREF IAVA:2016-A-0204

Exploitable With

Core Impact (true)

Plugin Information

Published: 2016/08/09, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3177725
- C:\Windows\system32\win32k.sys has not been patched.
Remote version : 6.3.9600.16650
Should be : 6.3.9600.18405
92822 - MS16-100: Security Update for Secure Boot (3179577)

Synopsis

The remote Windows host is affected by a security bypass vulnerability.

Description

The remote Windows host is missing a security update. It is, therefore, affected by a security bypass vulnerability
in Secure Boot due to improper handling of malicious boot managers. An attacker with administrative privileges
can exploit this vulnerability to bypass code integrity checks and load test-signed executables and drivers.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-100

Solution

Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, and 10. Alternatively, as a
workaround, configure BitLocker to use Trusted Platform Module (TPM)+PIN protection or disable Secure Boot
integrity protection of BitLocker per the vendor advisory.

Risk Factor

High

CVSS v3.0 Base Score

7.2 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

6.3 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Temporal Score

6.7 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 92304
CVE CVE-2016-3320
MSKB 3172729
XREF MSFT:MS16-100
XREF IAVB:2016-B-0122

Plugin Information

Published: 2016/08/09, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3172729
- C:\Windows\system32\tpmtasks.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.18408
92823 - MS16-101: Security Update for Windows Authentication Methods (3178465)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- A security downgrade vulnerability exists in Kerberos due to improper handling of password change requests.
A man-in-the-middle attacker can exploit this to cause the authentication protocol to fall back to the NT LAN
Manager (NTLM) authentication protocol, resulting in a bypass of Kerberos authentication. (CVE-2016-3237)

- An elevation of privilege vulnerability exists in Windows Netlogon due to a failure to properly establish secure
communications to a domain controller. A local attacker who has access to a domain-joined machine that points
to a domain controller running either Windows Server 2012 or 2012 R2 can exploit this vulnerability to gain
elevated privileges via a specially crafted application. (CVE-2016-3300)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-101

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and
10.

Risk Factor

High

CVSS v3.0 Base Score

7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.0 (CVSS:3.0/E:P/RL:O/RC:C)

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

5.6 (CVSS2#E:POC/RL:OF/RC:C)

STIG Severity
II

References

BID 92290
BID 92296
CVE CVE-2016-3237
CVE CVE-2016-3300
MSKB 3167679
MSKB 3177108
MSKB 3192391
MSKB 3185330
MSKB 3192392
MSKB 3185331
MSKB 3192393
MSKB 3185332
XREF MSFT:MS16-101
XREF IAVA:2016-A-0207
XREF EDB-ID:40409

Plugin Information

Published: 2016/08/09, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3177108
- C:\Windows\system32\netlogon.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.18405
92824 - MS16-102: Security Update for Microsoft Windows PDF Library (3182248)

Synopsis

The remote Windows host is affected by a remote code execution vulnerability.

Description

The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution
vulnerability in the Microsoft Windows PDF Library due to improper handling of objects in memory. An
unauthenticated, remote attacker can exploit this vulnerability by convincing a user to open a specially crafted
PDF file or visit a website containing specially crafted PDF content, resulting in the execution of arbitrary code in
the context of the current user.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-102

Solution

Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, and 10.

Risk Factor

High

CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.7 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.9 (CVSS2#E:U/RL:OF/RC:C)

References

BID 92293
CVE CVE-2016-3319
MSKB 3175887
MSKB 3176492
MSKB 3176493
MSKB 3176495
XREF MSFT:MS16-102

Plugin Information

Published: 2016/08/09, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3175887
- C:\Windows\system32\windows.data.pdf.dll has not been patched.
Remote version : 6.3.9600.16408
Should be : 6.3.9600.18403
93466 - MS16-106: Security Update for Microsoft Graphics Component (3185848)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple elevation of privilege vulnerabilities exist in Windows kernel-mode drivers due to improper handling of
objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to run
arbitrary code in kernel mode. (CVE-2016-3348, CVE-2016-3349)

- An information disclosure vulnerability exists in the Graphics Device Interface (GDI) due to improper handling
of objects in memory. An authenticated, remote attacker can exploit this, via a specially crafted application,
to circumvent the Address Space Layout Randomization (ASLR) feature and disclose sensitive memory
information. (CVE-2016-3354)

- An elevation of privilege vulnerability exists in the Graphics Device Interface (GDI) due to improper handling of
objects in memory. An authenticated, remote attacker can exploit this to run arbitrary code in kernel mode.
(CVE-2016-3355)

- An unspecified flaw exists in the Graphics Device Interface (GDI) due to improper handling of objects in
memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted
website or open a malicious document, to execute arbitrary code in the context of the current user.
(CVE-2016-3356

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-106

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and
10.

Risk Factor

High

CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.7 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.9 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 92782
BID 92783
BID 92784
BID 92787
BID 92792
CVE CVE-2016-3348
CVE CVE-2016-3349
CVE CVE-2016-3354
CVE CVE-2016-3355
CVE CVE-2016-3356
MSKB 3185911
MSKB 3185611
MSKB 3185614
MSKB 3189866
XREF MSFT:MS16-106
XREF IAVA:2016-A-0240

Plugin Information

Published: 2016/09/13, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3185911
- C:\Windows\system32\win32k.sys has not been patched.
Remote version : 6.3.9600.16650
Should be : 6.3.9600.18439
93469 - MS16-110: Security Update for Microsoft Windows (3178467)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists due to a failure to properly enforce permissions when loading
specially crafted DLLs. A local attacker can exploit this vulnerability to execute arbitrary code with administrator
privileges. (CVE-2016-3346)

- An information disclosure vulnerability exists due to a failure to properly validate NT LAN Manager (NTLM)
Single Sign-On (SSO) requests during Microsoft Account (MSA) login sessions. An unauthenticated, remote
attacker can exploit this vulnerability, by convincing a user to load a malicious document that initiates an NTLM
SSO validation request or to visit a malicious website or SMB / UNC path destination, to disclose a user's NTLM
password hash. (CVE-2016-3352)

- A remote code execution vulnerability exists due to improper handling of objects in memory. A remote attacker
with a domain user account can exploit this vulnerability, via a specially crafted request, to execute arbitrary
code with elevated permissions.
(CVE-2016-3368)

- A denial of service vulnerability exists due to improper handling of objects in memory. An unauthenticated,
remote attacker can exploit this to cause the system to stop responding. (CVE-2016-3369)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-110

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and
10.

Risk Factor

High

CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.7 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Temporal Score

6.7 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 92846
BID 92847
BID 92850
BID 92852
CVE CVE-2016-3346
CVE CVE-2016-3352
CVE CVE-2016-3368
CVE CVE-2016-3369
MSKB 3184471
MSKB 3187754
MSKB 3185611
MSKB 3185614
MSKB 3189866
XREF MSFT:MS16-110
XREF IAVA:2016-A-0250

Plugin Information

Published: 2016/09/13, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3184471
- C:\Windows\system32\ntdsai.dll has not been patched.
Remote version : 6.3.9600.16517
Should be : 6.3.9600.18435
93470 - MS16-111: Security Update for Windows Kernel (3186973)

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple elevation of privilege vulnerabilities exist due to improper handling of session objects. A local attacker
can exploit these, via a specially crafted application, to hijack the session of another user.
(CVE-2016-3305, CVE-2016-3306)

- A flaw exists in the Windows Kernel API due to improper enforcement of permissions. A local attacker can
exploit this, via a specially crafted application, to elevate privileges and thereby disclose potentially sensitive
information. (CVE-2016-3371)

- An elevation of privilege vulnerability exists in the Windows Kernel API due to improper enforcement of
permissions. A local attacker can exploit this, via a specially crafted application, to impersonate processes,
interject cross-process communication, or interrupt system functionality. (CVE-2016-3372)

- A flaw exists in the Windows Kernel API due to improperly allowing access to sensitive registry information. A
local attacker can exploit this, via a specially crafted application, to elevate privileges and thereby gain access to
user account information.
(CVE-2016-3373)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-111

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and
10.

Risk Factor

High

CVSS v3.0 Base Score

7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.5 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.3 (CVSS2#E:H/RL:OF/RC:C)

STIG Severity

References

BID 92812
BID 92813
BID 92814
BID 92815
BID 92845
CVE CVE-2016-3305
CVE CVE-2016-3306
CVE CVE-2016-3371
CVE CVE-2016-3372
CVE CVE-2016-3373
MSKB 3175024
MSKB 3185611
MSKB 3185614
MSKB 3189866
MSKB 4025342
MSKB 3175024
MSKB 3185611
MSKB 3185614
MSKB 3189866
XREF MSFT:MS16-111
XREF IAVA:2016-A-0242

Exploitable With

CANVAS (true)

Plugin Information

Published: 2016/09/13, Modified: 2019/04/11

Plugin Output

tcp/445
KB : 3175024
- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.3.9600.16452
Should be : 6.3.9600.18438

192.168.100.4 410
93471 - MS16-112: Security Update for Windows Lock Screen (3178469)

Synopsis

The remote Windows host is affected by an elevation of privilege vulnerability.

Description

The remote Windows host is missing a security update. It is, therefore, affected by an elevation of privilege
vulnerability due to improperly allowing web content to load from the Windows lock screen.
A local attacker can exploit this, by connecting to a maliciously configured WiFi hotspot or by inserting a mobile
broadband adapter, to elevate privileges and execute arbitrary code.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-112

Solution

Microsoft has released a set of patches for Windows 8.1, RT 8.1, 2012 R2, and 10.

Risk Factor

High

CVSS v3.0 Base Score

6.8 (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

5.9 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

5.3 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 92853

192.168.100.4 41
CVE CVE-2016-3302
MSKB 3178469
MSKB 3185614
MSKB 3185611
MSKB 3189866
XREF MSFT:MS16-112
XREF IAVA:2016-A-0249

Plugin Information

Published: 2016/09/13, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3178539
- C:\Windows\system32\pnidui.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.18434
93473 - MS16-114: Security Update for Windows SMBv1 Server (3185879)

Synopsis

The remote host is affected by a remote code execution vulnerability.

Description

The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution
vulnerability in the Microsoft Server Message Block 1.0 (SMBv1) Server due to improper handling of certain
requests. An authenticated, remote attacker can exploit this, via specially crafted packets, to cause a denial of
service condition or the execution of arbitrary code.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-114

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and
10.

Risk Factor

High

CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.7 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Temporal Score

6.7 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 92859
CVE CVE-2016-3345
MSKB 3177186
MSKB 3185611
MSKB 3185614
MSKB 3189866
XREF MSFT:MS16-114
XREF IAVA:2016-A-0248

Plugin Information

Published: 2016/09/13, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3177186
- C:\Windows\system32\drivers\srv.sys has not been patched.
Remote version : 6.3.9600.16421
Should be : 6.3.9600.18432
93651 - MS16-116: Security Update in OLE Automation for VBScript Scripting Engine (3188724)

Synopsis

The remote host is affected by a remote code execution vulnerability.

Description

The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution
vulnerability in the Microsoft OLE Automation mechanism and the VBScript Scripting Engine due to improper
handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit
a specially crafted website, to execute arbitrary code in context of the current user.

Note that MS16-104 must also be installed in order to fully resolve the vulnerability.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-116
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-104

Solution

Microsoft has released a set of patches for Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10

Risk Factor

High

CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.7 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.9 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

I
References

BID 92835
CVE CVE-2016-3375
MSKB 3184122
MSKB 3185611
MSKB 3185614
MSKB 3189866
XREF MSFT:MS16-116
XREF IAVA:2016-A-0245

Plugin Information

Published: 2016/09/22, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3184122
- C:\Windows\system32\Oleaut32.dll has not been patched.
Remote version : 6.3.9600.16451
Should be : 6.3.9600.18434
94011 - MS16-118: Cumulative Security Update for Internet Explorer (3192887)

Synopsis

The remote host has a web browser installed that is affected by multiple vulnerabilities.

Description

The version of Internet Explorer installed on the remote Windows host is missing Cumulative Security Update
3192887. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution
vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit
a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-118

Solution

Microsoft has released a set of patches for Internet Explorer 9, 10, and 11.

Note that security update 3193515 in MS16-126 must also be installed in order to fully resolve CVE-2016-3298
on Windows Vista and Windows Server 2008.

Risk Factor

High

CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

8.4 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

STIG Severity

II
References

BID 93376
BID 93379
BID 93381
BID 93382
BID 93383
BID 93386
BID 93387
BID 93392
BID 93393
BID 93396
BID 93397
CVE CVE-2016-3267
CVE CVE-2016-3298
CVE CVE-2016-3331
CVE CVE-2016-3382
CVE CVE-2016-3383
CVE CVE-2016-3384
CVE CVE-2016-3385
CVE CVE-2016-3387
CVE CVE-2016-3388
CVE CVE-2016-3390
CVE CVE-2016-3391
MSKB 3185330
MSKB 3185331
MSKB 3185332
MSKB 3191492
MSKB 3192391
MSKB 3192392
MSKB 3192393
MSKB 3192440
MSKB 3192441
MSKB 3194798
XREF MSFT:MS16-118
XREF IAVB:2016-B-0150

Plugin Information

Published: 2016/10/12, Modified: 2019/04/11

Plugin Output

tcp/445
The remote host is missing one of the following rollup KBs :
- 3192392
- 3185331

C:\Windows\System32\Gdiplus.dll has not been patched.

Remote version : 6.3.9600.16384
Should be : 6.3.9600.18468
94017 - MS16-120: Security Update for Microsoft Graphics Component (3192884)

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple information disclosure vulnerabilities exist in the Windows GDI component due to improper handling of
objects in memory. A local attacker can exploit these vulnerabilities, via a specially crafted application, to predict
memory offsets in a call stack and bypass the Address Space Layout Randomization (ASLR) feature, resulting in
the disclosure of memory contents.
(CVE-2016-3209, CVE-2016-3262, CVE-2016-3263)

- An elevation of privilege vulnerability exists in the Windows kernel due to improper handling of objects in
memory. A local attacker can exploit this to elevate privileges and execute code in kernel mode.
(CVE-2016-3270)

- A remote code execution vulnerability exists in the Windows GDI component due to improper handling of
objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to
visit a specially crafted website or open a specially crafted file, resulting in the execution of arbitrary code in the
context of the current user. (CVE-2016-3393)

- A remote code execution vulnerability exists in the Windows font library due to improper handling of embedded
fonts. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially
crafted website or open a specially crafted document file, resulting in the execution of arbitrary code in the
context of the current user.
(CVE-2016-3396)
- An elevation of privilege vulnerability exists in the Windows GDI component due to improper handling of objects
in memory. A local attacker can exploit this to elevate privileges and execute code in kernel mode.
(CVE-2016-7182)

See Also

https://technet.microsoft.com/library/security/MS16-120

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and
10. Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Word Viewer, Skype for
Business 2016, Lync 2010, Lync 2013, Live Meeting 2007 Console, .NET Framework 3.0 SP2, .NET Framework
3.5, .NET Framework 3.5.1, .NET Framework 4.5.2, .NET Framework 4.6, and Silverlight 5.

Risk Factor

High

192.168.100.4 420
CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.9 (CVSS:3.0/E:P/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

7.3 (CVSS2#E:POC/RL:OF/RC:C)

STIG Severity

References

BID 93377
BID 93380
BID 93385
BID 93390
BID 93394
BID 93395
BID 93403
CVE CVE-2016-3209
CVE CVE-2016-3262
CVE CVE-2016-3263
CVE CVE-2016-3270
CVE CVE-2016-3393
CVE CVE-2016-3396
CVE CVE-2016-7182
MSKB 3191203
MSKB 3192391
MSKB 3185330
MSKB 3192392
MSKB 3185331
MSKB 3192393
MSKB 3185332
MSKB 3192440
MSKB 3192441
MSKB 3194798

192.168.100.4 42
MSKB 3188726
MSKB 3189039
MSKB 3189040
MSKB 3188730
MSKB 3188732
MSKB 3188731
MSKB 3188735
MSKB 3189051
MSKB 3189052
MSKB 3188740
MSKB 3188743
MSKB 3188741
MSKB 3118301
MSKB 3118317
MSKB 3118394
MSKB 3118327
MSKB 3118348
MSKB 3188397
MSKB 3188399
MSKB 3188400
MSKB 3189647
MSKB 3193713
XREF MSFT:MS16-120
XREF IAVA:2016-A-0278

Plugin Information

Published: 2016/10/12, Modified: 2018/07/30

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 3192392
- 3185331

C:\Windows\System32\Gdiplus.dll has not been patched.

Remote version : 6.3.9600.16384
Should be : 6.3.9600.18468
94631 - MS16-130: Security Update for Microsoft Windows (3199172)

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update or security rollup. It is, therefore, affected by the following
vulnerabilities :

- A remote code execution vulnerability exists in the Windows image file handling functionality due to improper
handling of image files. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user
to open a specially crafted image file from a web page or email message, resulting in the execution of arbitrary
code in the context of the current user. (CVE-2016-7212)

- An elevation of privilege vulnerability exists in Windows Input Method Editor (IME) due to improper loading
of DLL files. A local attacker can exploit this, via a specially crafted application, to elevate privileges.
(CVE-2016-7221)

- An elevation of privilege vulnerability exists in Windows Task Scheduler due to improper handling of UNC
paths. An authenticated, remote attacker can exploit this vulnerability by scheduling a new task with a specially
crafted UNC path, resulting in the execution of arbitrary code with elevated system privileges.
(CVE-2016-7222)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-130

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10,
and 2016.

Risk Factor

High

CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.7 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score

6.9 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 94021
BID 94023
BID 94027
CVE CVE-2016-7212
CVE CVE-2016-7221
CVE CVE-2016-7222
MSKB 3193418
MSKB 3196718
MSKB 3197867
MSKB 3197868
MSKB 3197873
MSKB 3197874
MSKB 3197876
MSKB 3197877
MSKB 3198585
MSKB 3198586
MSKB 3200970
XREF MSFT:MS16-130
XREF IAVA:2016-A-0321

Plugin Information

Published: 2016/11/08, Modified: 2018/11/15

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 3197873
- 3197874

C:\Windows\System32\win32k.sys has not been patched.

Remote version : 6.3.9600.16650
Should be : 6.3.9600.18524
94633 - MS16-132: Security Update for Microsoft Graphics Component (3199120)

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in the Windows Animation Manager due to improper handling of
objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to
visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.
(CVE-2016-7205)

- An information disclosure vulnerability exists in the ATMFD component due to improper handling of Open
Type fonts. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a
specially crafted website or open a specially crafted file, resulting in the disclosure of sensitive information.
(CVE-2016-7210)

- A remote code execution vulnerability exists in the Windows Media Foundation due to improper handling of
objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit
a specially crafted website or open a specially crafted document, resulting in the execution of arbitrary code in
the context of the current user.
(CVE-2016-7217)

- A remote code execution vulnerability exists in the Windows font library due to improper handling of embedded
Open Type fonts. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a
specially crafted website or open a specially crafted document, resulting in the execution of arbitrary code in the
context of the current user.
(CVE-2016-7256)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-132

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10,
and 2016.

Risk Factor

High

CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

8.4 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

STIG Severity

References

BID 94030
BID 94033
BID 94066
BID 94156
CVE CVE-2016-7205
CVE CVE-2016-7210
CVE CVE-2016-7217
CVE CVE-2016-7256
MSKB 3203859
MSKB 3197867
MSKB 3197868
MSKB 3197873
MSKB 3197874
MSKB 3197876
MSKB 3197877
MSKB 3198585
MSKB 3198586
MSKB 3200970
XREF MSFT:MS16-132
XREF IAVA:2016-A-0318

Plugin Information

Published: 2016/11/08, Modified: 2018/11/15

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 3197873
- 3197874

C:\Windows\System32\win32k.sys has not been patched.

Remote version : 6.3.9600.16650
Should be : 6.3.9600.18524
94635 - MS16-134: Security Update for Common Log File System Driver (3193706)

Synopsis

The remote host is affected by multiple elevation of privilege vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege
vulnerabilities in the Windows Common Log File System (CLFS) driver due to improper handling of objects in
memory. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-134

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10,
and 2016.

Risk Factor

High

CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.7 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

5.3 (CVSS2#E:U/RL:OF/RC:C)

References

BID 93998
BID 94007
BID 94008
BID 94009
BID 94010
BID 94011
BID 94012
BID 94013
BID 94014
BID 94015
CVE CVE-2016-0026
CVE CVE-2016-3332
CVE CVE-2016-3333
CVE CVE-2016-3334
CVE CVE-2016-3335
CVE CVE-2016-3338
CVE CVE-2016-3340
CVE CVE-2016-3342
CVE CVE-2016-3343
CVE CVE-2016-7184
MSKB 3181707
MSKB 3197873
MSKB 3197874
MSKB 3197876
MSKB 3197877
MSKB 3197867
MSKB 3197868
MSKB 3198585
MSKB 3200970
MSKB 3198586
XREF MSFT:MS16-134

Plugin Information

Published: 2016/11/08, Modified: 2018/11/15

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 3197873
- 3197874

C:\Windows\System32\win32k.sys has not been patched.

Remote version : 6.3.9600.16650
Should be : 6.3.9600.18524
94636 - MS16-135: Security Update for Windows Kernel-Mode Drivers (3199135)

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in the Windows kernel that allows a local attacker, via a specially
crafted application, to bypass the Address Space Layout Randomization (ASLR) feature and retrieve the
memory address of a kernel object. (CVE-2016-7214)

- An information disclosure vulnerability exists in the bowser.sys kernel-mode driver due to improper handling
objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive
information. (CVE-2016-7218)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-135

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10,
and 2016.

Risk Factor

High

CVSS v3.0 Base Score

7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.5 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.3 (CVSS2#E:H/RL:OF/RC:C)

192.168.100.4 430
STIG Severity

References

BID 93991
BID 94000
BID 94004
BID 94063
BID 94064
CVE CVE-2016-7214
CVE CVE-2016-7215
CVE CVE-2016-7218
CVE CVE-2016-7246
CVE CVE-2016-7255
MSKB 3198234
MSKB 3194371
MSKB 3197867
MSKB 3197868
MSKB 3197873
MSKB 3197874
MSKB 3197876
MSKB 3197877
MSKB 3198585
MSKB 3198586
MSKB 3200970
XREF MSFT:MS16-135
XREF IAVA:2016-A-0322

Exploitable With

CANVAS (true) Core Impact (true)

Plugin Information

Published: 2016/11/08, Modified: 2018/11/15

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 3197873
- 3197874

192.168.100.4 43
C:\Windows\System32\win32k.sys has not been patched.
Remote version : 6.3.9600.16650
Should be : 6.3.9600.18524
94638 - MS16-137: Security Update for Windows Authentication Methods (3199173)

Synopsis

The remote Windows host is affected multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in Windows Virtual Secure Mode due to improper handling of
objects in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to
disclose sensitive information. (CVE-2016-7220)

- A denial of service vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when
handling specially crafted requests. An authenticated, remote attacker can exploit this to cause the host to
become non-responsive. (CVE-2016-7237)

- An elevation of privilege vulnerability exists due to improper handling of NTLM password change requests.
An authenticated, remote attacker can exploit this, via a specially crafted application, to gain administrative
privileges. (CVE-2016-7238)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-137

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10,
and 2016.

Risk Factor

High

CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

8.1 (CVSS:3.0/E:F/RL:O/RC:C)

CVSS Base Score

9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Temporal Score

7.4 (CVSS2#E:F/RL:OF/RC:C)
References

BID 94036
BID 94040
BID 94045
CVE CVE-2016-7220
CVE CVE-2016-7237
CVE CVE-2016-7238
MSKB 3197867
MSKB 3197868
MSKB 3197873
MSKB 3197874
MSKB 3197876
MSKB 3197877
MSKB 3198510
MSKB 3198585
MSKB 3198586
MSKB 3200970
XREF MSFT:MS16-137

Exploitable With

Core Impact (true)

Plugin Information

Published: 2016/11/08, Modified: 2018/11/15

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 3197873
- 3197874

C:\Windows\System32\win32k.sys has not been patched.

Remote version : 6.3.9600.16650
Should be : 6.3.9600.18524
94639 - MS16-138: Security Update for Microsoft Virtual Hard Disk Driver (3199647)

Synopsis

The remote host is affected by multiple elevation of privilege vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege
vulnerabilities in the Windows Virtual Hard Disk Driver due to improper handling of user access to certain files.
A local attacker can exploit these, via a specially crafted application, to manipulate files not intended to be
available to the user.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-138

Solution

Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.

Risk Factor

High

CVSS v3.0 Base Score

7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.0 (CVSS:3.0/E:P/RL:O/RC:C)

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

5.6 (CVSS2#E:POC/RL:OF/RC:C)

STIG Severity

References

BID 94003
BID 94016
BID 94017
BID 94018
CVE CVE-2016-7223
CVE CVE-2016-7224
CVE CVE-2016-7225
CVE CVE-2016-7226
MSKB 3197873
MSKB 3197874
MSKB 3197876
MSKB 3197877
MSKB 3198585
MSKB 3198586
MSKB 3200970
XREF MSFT:MS16-138
XREF IAVA:2016-A-0317

Plugin Information

Published: 2016/11/08, Modified: 2018/11/15

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 3197873
- 3197874

C:\Windows\System32\win32k.sys has not been patched.

Remote version : 6.3.9600.16650
Should be : 6.3.9600.18524
94641 - MS16-140: Security Update for Boot Manager (3193479)

Synopsis

The remote host is affected by a security bypass vulnerability.

Description

The remote Windows host is missing a security update. It is, therefore, affected a security bypass vulnerability
in Windows Secure Boot due to the use of an insecure boot policy in firmware. A local attacker can exploit this
issue to disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target
device.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-140

Solution

Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.

Risk Factor

High

CVSS v3.0 Base Score

7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

6.8 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

5.3 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 94058
CVE CVE-2016-7247
MSKB 3197873
MSKB 3197874
MSKB 3197876
MSKB 3197877
MSKB 3198585
MSKB 3198586
MSKB 3200970
XREF MSFT:MS16-140
XREF IAVB:2016-B-0162

Plugin Information

Published: 2016/11/08, Modified: 2018/11/15

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 3197873
- 3197874

C:\Windows\System32\win32k.sys has not been patched.

Remote version : 6.3.9600.16650
Should be : 6.3.9600.18524
94643 - MS16-142: Cumulative Security Update for Internet Explorer (3198467)

Synopsis

The remote host has a web browser installed that is affected by multiple vulnerabilities.

Description

The version of Internet Explorer installed on the remote Windows host is missing Cumulative Security Update
3198467. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution
vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit
a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-142

Solution

Microsoft has released a set of patches for Internet Explorer 9, 10, and 11.

Risk Factor

High

CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.9 (CVSS:3.0/E:P/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

7.3 (CVSS2#E:POC/RL:OF/RC:C)

References

BID 94051
BID 94052
BID 94053
BID 94055
BID 94057
BID 94059
BID 94065
CVE CVE-2016-7195
CVE CVE-2016-7196
CVE CVE-2016-7198
CVE CVE-2016-7199
CVE CVE-2016-7227
CVE CVE-2016-7239
CVE CVE-2016-7241
MSKB 3197655
MSKB 3197867
MSKB 3197868
MSKB 3197873
MSKB 3197874
MSKB 3197876
MSKB 3197877
MSKB 3198585
MSKB 3198586
MSKB 3200970
XREF MSFT:MS16-142

Plugin Information

Published: 2016/11/08, Modified: 2018/11/15

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 3197873
- 3197874

C:\Windows\System32\win32k.sys has not been patched.

Remote version : 6.3.9600.16650
Should be : 6.3.9600.18524

192.168.100.4 440
95764 - MS16-144: Cumulative Security Update for Internet Explorer (3204059)

Synopsis

The remote host has a web browser installed that is affected by multiple vulnerabilities.

Description

The version of Internet Explorer installed on the remote Windows host is missing Cumulative Security Update
3204059. It is, therefore, affected by multiple vulnerabilities, the most severe of which are remote code execution
vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit
a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-144

Solution

Microsoft has released a set of patches for Internet Explorer 9, 10, and 11.

Note that security update 3208481 in MS16-144 must also be installed in order to fully resolve CVE-2016-7278
on Windows Vista and Windows Server 2008.

Risk Factor

High

CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

8.4 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

References

BID 94042
BID 94716
BID 94719

192.168.100.4 44
BID 94722
BID 94723
BID 94724
BID 94725
BID 94726
CVE CVE-2016-7202
CVE CVE-2016-7278
CVE CVE-2016-7279
CVE CVE-2016-7281
CVE CVE-2016-7282
CVE CVE-2016-7283
CVE CVE-2016-7284
CVE CVE-2016-7287
MSKB 3203621
MSKB 3208481
MSKB 3205408
MSKB 3205409
MSKB 3205394
MSKB 3207752
MSKB 3205400
MSKB 3205401
MSKB 3205383
MSKB 3205386
MSKB 3206632
XREF MSFT:MS16-144
XREF EDB-ID:40793

Plugin Information

Published: 2016/12/13, Modified: 2018/11/15

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 3205400
- 3205401

C:\Windows\System32\win32k.sys has not been patched.

Remote version : 6.3.9600.16650
Should be : 6.3.9600.18533
95765 - MS16-146: Security Update for Microsoft Graphics Component (3204066)

Synopsis

The remote Windows host is affected multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in the Windows GDI component due to improper handling of
objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially
crafted website or open a specially crafted document file, to disclose the contents of memory.
(CVE-2016-7257)

- Multiple remote code execution vulnerabilities exist in the Windows Graphics Component due to improper
handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit
a specially crafted website or open a specially crafted document file, to execute arbitrary code in the context of
the current user. (CVE-2016-7272, CVE-2016-7273)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-146

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10,
and 2016.

Risk Factor

High

CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

8.4 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity

References

BID 94739
BID 94752
BID 94755
CVE CVE-2016-7257
CVE CVE-2016-7272
CVE CVE-2016-7273
MSKB 3204724
MSKB 3205638
MSKB 3205394
MSKB 3207752
MSKB 3205400
MSKB 3205401
MSKB 3205408
MSKB 3205409
MSKB 3205383
MSKB 3205386
MSKB 3206632
XREF MSFT:MS16-146
XREF IAVA:2016-A-0346

Plugin Information

Published: 2016/12/13, Modified: 2018/11/15

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 3205400
- 3205401

C:\Windows\System32\win32k.sys has not been patched.

Remote version : 6.3.9600.16650
Should be : 6.3.9600.18533
95766 - MS16-147: Security Update for Microsoft Uniscribe (3204063)

Synopsis

The remote host is affected by a remote code execution vulnerability.

Description

The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution
vulnerability in Windows Uniscribe due to improper handling of objects in memory. An unauthenticated, remote
attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or open a specially
crafted document, resulting in the execution of arbitrary code in the context of the current user.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-147

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10,
and 2016.

Risk Factor

High

CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.9 (CVSS:3.0/E:P/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

7.3 (CVSS2#E:POC/RL:OF/RC:C)

STIG Severity

References

BID 94758
CVE CVE-2016-7274
MSKB 3196348
MSKB 3205394
MSKB 3207752
MSKB 3205400
MSKB 3205401
MSKB 3205408
MSKB 3205409
MSKB 3205383
MSKB 3205386
MSKB 3206632
XREF MSFT:MS16-147
XREF IAVA:2016-A-0352

Plugin Information

Published: 2016/12/13, Modified: 2018/11/15

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 3205400
- 3205401

C:\Windows\System32\win32k.sys has not been patched.

Remote version : 6.3.9600.16650
Should be : 6.3.9600.18533
95813 - MS16-149: Security Update for Microsoft Windows (3205655)

Synopsis

The remote Windows host is affected multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in a Windows Crypto driver running in kernel mode due to
improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to
disclose sensitive information. (CVE-2016-7219)

- An elevation of privilege vulnerability exists in the Windows installer due to improper sanitization of input,
leading to insecure library loading behavior. A local attacker can exploit this to run arbitrary code with elevated
system privileges. (CVE-2016-7292)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-149

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10,
and 2016.

Risk Factor

High

CVSS v3.0 Base Score

7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

6.8 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

5.3 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

II
References

BID 94764
BID 94768
CVE CVE-2016-7219
CVE CVE-2016-7292
MSKB 3204808
MSKB 3196726
MSKB 3205394
MSKB 3207752
MSKB 3205408
MSKB 3205409
MSKB 3205400
MSKB 3205401
MSKB 3205383
MSKB 3205386
MSKB 3206632
XREF MSFT:MS16-149
XREF IAVA:2016-A-0350

Plugin Information

Published: 2016/12/14, Modified: 2018/11/15

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 3205400
- 3205401

C:\Windows\System32\win32k.sys has not been patched.

Remote version : 6.3.9600.16650
Should be : 6.3.9600.18533
95768 - MS16-151: Security Update for Windows Kernel-Mode Drivers (3205651)

Synopsis

The remote host is affected by multiple elevation of privilege vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege
vulnerabilities :

- An elevation of privilege vulnerability exists in the Windows Graphics Component due to improper handling of
objects in memory. A local attacker can exploit this vulnerability, via a specially crafted application, to execute
arbitrary code in an elevated context.
(CVE-2016-7259)

- An elevation of privilege vulnerability exists in the Windows kernel-mode driver due to improper handling of
objects in memory. A local attacker can exploit this vulnerability, via a specially crafted application, to execute
arbitrary code in kernel mode.
(CVE-2016-7260)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-151

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10,
and 2016.

Risk Factor

High

CVSS v3.0 Base Score

7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.2 (CVSS:3.0/E:F/RL:O/RC:C)

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.0 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity

References

BID 94771
BID 94785
CVE CVE-2016-7259
CVE CVE-2016-7260
MSKB 3204723
MSKB 3205394
MSKB 3207752
MSKB 3205400
MSKB 3205401
MSKB 3205408
MSKB 3205409
MSKB 3205383
MSKB 3205386
MSKB 3206632
XREF MSFT:MS16-151
XREF IAVA:2016-A-0347

Exploitable With

Core Impact (true)

Plugin Information

Published: 2016/12/13, Modified: 2018/11/15

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 3205400
- 3205401

C:\Windows\System32\win32k.sys has not been patched.

Remote version : 6.3.9600.16650
Should be : 6.3.9600.18533

192.168.100.4 450
97729 - MS17-006: Cumulative Security Update for Internet Explorer (4013073)

Synopsis

The remote host has a web browser installed that is affected by multiple vulnerabilities.

Description

The version of Internet Explorer installed on the remote Windows host is missing Cumulative Security Update
4013073. It is, therefore, affected by multiple vulnerabilities, the most severe of which are remote code execution
vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit
a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2017/ms17-006

Solution

Microsoft has released a set of patches for Internet Explorer 9, 10, and 11.

Note that security update 3218362 in MS17-006 must also be installed in order to fully resolve CVE-2017-0008
on Windows Vista and Windows Server 2008.

Risk Factor

High

CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

8.4 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

References

BID 96073
BID 96077
BID 96085

192.168.100.4 45
BID 96086
BID 96087
BID 96088
BID 96094
BID 96095
BID 96645
BID 96647
BID 96724
BID 96766
CVE CVE-2017-0008
CVE CVE-2017-0009
CVE CVE-2017-0012
CVE CVE-2017-0018
CVE CVE-2017-0033
CVE CVE-2017-0037
CVE CVE-2017-0040
CVE CVE-2017-0049
CVE CVE-2017-0059
CVE CVE-2017-0130
CVE CVE-2017-0149
CVE CVE-2017-0154
MSKB 3218362
MSKB 4012204
MSKB 4012215
MSKB 4012216
MSKB 4012217
MSKB 4012606
MSKB 4013198
MSKB 4013429
XREF MSFT:MS17-006

Plugin Information

Published: 2017/03/14, Modified: 2018/11/15

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4012216

C:\Windows\System32\win32k.sys has not been patched.

Remote version : 6.3.9600.16650
Should be : 6.3.9600.18603
KB : 4012204
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.18618
97731 - MS17-009: Security Update for Microsoft Windows PDF Library (4010319)

Synopsis

The remote Windows host is affected by a remote code execution vulnerability.

Description

The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution
vulnerability in the Windows PDF Library due to improper handling of objects in memory. An unauthenticated,
remote attacker can exploit this vulnerability, by convincing a user to open a specially crafted PDF file or visit a
website containing specially crafted PDF content, to execute arbitrary code.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2017/ms17-009

Solution

Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.

Risk Factor

High

CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.7 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.9 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 96075
CVE CVE-2017-0023
MSKB 4012213
MSKB 4012214
MSKB 4012216
MSKB 4012217
MSKB 4012606
MSKB 4013198
MSKB 4013429
XREF MSFT:MS17-009
XREF IAVA:2017-A-0064

Plugin Information

Published: 2017/03/14, Modified: 2018/11/15

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4012213
- 4012216

C:\Windows\System32\win32k.sys has not been patched.

Remote version : 6.3.9600.16650
Should be : 6.3.9600.18603
97732 - MS17-011: Security Update for Microsoft Uniscribe (4013076)

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple remote code execution vulnerabilities exist in Windows Uniscribe due to improper handling of objects
in memory. An unauthenticated, remote attacker can exploit these to execute arbitrary code by convincing a user
to view a specially crafted website or open a specially crafted document file.
(CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088,
CVE-2017-0089, CVE-2017-0090)

- Multiple information disclosure vulnerabilities exist in Windows Uniscribe that allow an unauthenticated, remote
attacker to gain access to sensitive information by convincing a user to view a specially crafted website or
open a specially crafted document file. (CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111,
CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117,
CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123,
CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, CVE-2017-0128)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2017/ms17-011

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10,
and 2016.

Risk Factor

High

CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.9 (CVSS:3.0/E:P/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

7.3 (CVSS2#E:POC/RL:OF/RC:C)

STIG Severity

References

BID 96599
BID 96603
BID 96604
BID 96605
BID 96606
BID 96607
BID 96608
BID 96610
BID 96652
BID 96657
BID 96658
BID 96659
BID 96660
BID 96661
BID 96663
BID 96665
BID 96666
BID 96667
BID 96668
BID 96669
BID 96670
BID 96672
BID 96673
BID 96674
BID 96675
BID 96676
BID 96678
BID 96679
BID 96680
CVE CVE-2017-0072
CVE CVE-2017-0083
CVE CVE-2017-0084
CVE CVE-2017-0085
CVE CVE-2017-0086
CVE CVE-2017-0087
CVE CVE-2017-0088
CVE CVE-2017-0089
CVE CVE-2017-0090
CVE CVE-2017-0091
CVE CVE-2017-0092
CVE CVE-2017-0111
CVE CVE-2017-0112
CVE CVE-2017-0113
CVE CVE-2017-0114
CVE CVE-2017-0115
CVE CVE-2017-0116
CVE CVE-2017-0117
CVE CVE-2017-0118
CVE CVE-2017-0119
CVE CVE-2017-0120
CVE CVE-2017-0121
CVE CVE-2017-0122
CVE CVE-2017-0123
CVE CVE-2017-0124
CVE CVE-2017-0125
CVE CVE-2017-0126
CVE CVE-2017-0127
CVE CVE-2017-0128
MSKB 4012212
MSKB 4012213
MSKB 4012214
MSKB 4012215
MSKB 4012216
MSKB 4012217
MSKB 4012583
MSKB 4012606
MSKB 4013198
MSKB 4013429
XREF MSFT:MS17-011
XREF IAVA:2017-A-0066

Plugin Information

Published: 2017/03/14, Modified: 2018/11/15

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4012213
- 4012216

C:\Windows\System32\win32k.sys has not been patched.

Remote version : 6.3.9600.16650
Should be : 6.3.9600.18603
97794 - MS17-013: Security Update for Microsoft Graphics Component (4013075)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple elevation of privilege vulnerabilities exist in the Windows Graphics Device Interface (GDI) component
due to improper handling of objects in memory. A local attacker can exploit these vulnerabilities, via a
specially crafted application, to execute arbitrary code in kernel mode. (CVE-2017-0001, CVE-2017-0005,
CVE-2017-0025, CVE-2017-0047)

- Multiple remote code execution vulnerabilities exist in the Windows Graphics component due to improper
handling of objects in memory. An unauthenticated, remote attacker can exploit these vulnerabilities, by
convincing a user to visit a specially crafted web page or open a specially crafted document, to execute arbitrary
code. (CVE-2017-0014, CVE-2017-0108)

- An information disclosure vulnerability exists in the Windows Graphics Device Interface (GDI) component due
to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing
a user to visit a specially crafted web page or open a specially crafted document, to disclose the contents of
memory. (CVE-2017-0038)

- Multiple information disclosure vulnerabilities exist in the Windows Graphics Device Interface (GDI) component
due to improper handling of memory addresses. A local attacker can exploit these vulnerabilities, via a specially
crafted application, to disclose sensitive information. (CVE-2017-0060, CVE-2017-0062, CVE-2017-0073)

- Multiple information disclosure vulnerabilities exist in the Color Management Module (ICM32.dll) due to
improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a
user to visit a specially crafted web page, to disclose sensitive information and bypass usermode Address Space
Layout Randomization (ASLR). (CVE-2017-0061, CVE-2017-0063)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2017/ms17-013

Solution

Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012
R2, 10, and 2016.
Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Word Viewer, Skype for
Business 2016, Lync 2010, Lync 2010 Attendee, Lync 2013, Lync Basic 2013, Live Meeting 2007 Console, and
Silverlight 5.

Risk Factor

High

CVSS v3.0 Base Score

192.168.100.4 460
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

8.4 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

STIG Severity

References

BID 96013
BID 96023
BID 96033
BID 96034
BID 96057
BID 96626
BID 96637
BID 96638
BID 96643
BID 96713
BID 96715
BID 96722
CVE CVE-2017-0001
CVE CVE-2017-0005
CVE CVE-2017-0014
CVE CVE-2017-0025
CVE CVE-2017-0038
CVE CVE-2017-0047
CVE CVE-2017-0060
CVE CVE-2017-0061
CVE CVE-2017-0062
CVE CVE-2017-0063
CVE CVE-2017-0073
CVE CVE-2017-0108
MSKB 3127945
MSKB 3127958

192.168.100.4 46
MSKB 3141535
MSKB 3172539
MSKB 3178653
MSKB 3178656
MSKB 3178688
MSKB 3178693
MSKB 4010096
MSKB 4010299
MSKB 4010300
MSKB 4010301
MSKB 4010303
MSKB 4010304
MSKB 4012212
MSKB 4012213
MSKB 4012214
MSKB 4012215
MSKB 4012216
MSKB 4012217
MSKB 4012497
MSKB 4012583
MSKB 4017018
MSKB 4012584
MSKB 4012606
MSKB 4013198
MSKB 4013429
MSKB 4013867
XREF MSFT:MS17-013
XREF IAVA:2017-A-0063

Plugin Information

Published: 2017/03/17, Modified: 2018/11/15

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4012213
- 4012216

C:\Windows\System32\win32k.sys has not been patched.

Remote version : 6.3.9600.16650
Should be : 6.3.9600.18603
97733 - MS17-017: Security Update for Windows Kernel (4013081)

Synopsis

The remote Windows host is affected multiple elevation of privilege vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege
vulnerabilities :

- An elevation of privilege vulnerability exists in the Windows Kernel API due to improper enforcement of
permissions. A local attacker can exploit this, via a specially crafted application, to run processes in an elevated
context. (CVE-2017-0050)

- An elevation of privilege vulnerability exists in the Windows Transaction Manager due to improper handling of
objects in memory. A local attacker can exploit this, via a specially crafted application, to run processes in an
elevated context. (CVE-2017-0101)

- An elevation of privilege vulnerability exists due to a failure to check the length of a buffer prior to copying
memory. A local attacker can exploit this, by copying a file to a shared folder or drive, to gain elevated privileges.
(CVE-2017-0102)

- An elevation of privilege vulnerability exists in the Windows Kernel API due to improper handling of objects
in memory. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges.
(CVE-2017-0103)

See Also

https://technet.microsoft.com/library/security/ms17-017

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10,
and 2016.

Risk Factor

High

CVSS v3.0 Base Score

7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.5 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score

6.3 (CVSS2#E:H/RL:OF/RC:C)

STIG Severity

References

BID 96025
BID 96623
BID 96625
BID 96627
CVE CVE-2017-0050
CVE CVE-2017-0101
CVE CVE-2017-0102
CVE CVE-2017-0103
MSKB 4011981
MSKB 4012212
MSKB 4012213
MSKB 4012214
MSKB 4012215
MSKB 4012216
MSKB 4012217
MSKB 4012606
MSKB 4013198
MSKB 4013429
XREF MSFT:MS17-017
XREF IAVA:2017-A-0068

Plugin Information

Published: 2017/03/14, Modified: 2018/07/30

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4012213
- 4012216

C:\Windows\System32\win32k.sys has not been patched.

Remote version : 6.3.9600.16650
Should be : 6.3.9600.18603
97738 - MS17-018: Security Update for Windows Kernel-Mode Drivers (4013083)

Synopsis

The remote Windows host is affected multiple elevation of privilege vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege
vulnerabilities in the Windows kernel-mode driver due to improper handling of objects in memory. A local
attacker can exploit this, via a specially crafted application, to run arbitrary code in kernel mode.

See Also

https://technet.microsoft.com/library/security/ms17-018

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10,
and 2016.

Risk Factor

High

CVSS v3.0 Base Score

7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.5 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.3 (CVSS2#E:H/RL:OF/RC:C)

STIG Severity

References

BID 96029
BID 96032
BID 96630
BID 96631
BID 96632
BID 96633
BID 96634
BID 96635
CVE CVE-2017-0024
CVE CVE-2017-0026
CVE CVE-2017-0056
CVE CVE-2017-0078
CVE CVE-2017-0079
CVE CVE-2017-0080
CVE CVE-2017-0081
CVE CVE-2017-0082
MSKB 4012497
MSKB 4012212
MSKB 4012213
MSKB 4012214
MSKB 4012215
MSKB 4012216
MSKB 4012217
MSKB 4012606
MSKB 4013198
MSKB 4013429
XREF MSFT:MS17-018
XREF IAVA:2017-A-0069

Plugin Information

Published: 2017/03/15, Modified: 2018/07/30

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4012213
- 4012216

C:\Windows\System32\win32k.sys has not been patched.

Remote version : 6.3.9600.16650
Should be : 6.3.9600.18603
10907 - Microsoft Windows Guest Account Belongs to a Group

Synopsis

The 'Guest' account has excessive privileges.

Description

Using the supplied credentials, Nessus was able to determine that the 'Guest' user belongs to groups other than
'Guests' (RID 546) or 'Domain Guests' (RID 514). Guest users should not have any additional privileges.

Solution

Edit the local or domain policy to restrict group membership for the guest account.

Risk Factor

High

CVSS v3.0 Base Score

7.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVSS Base Score

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Plugin Information

Published: 2002/03/15, Modified: 2019/09/05

Plugin Output

tcp/0

Domain groups :

Invitados del dominio

103876 - Microsoft Windows SMB Server (2017-10) Multiple Vulnerabilities (uncredentialed check)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is affected by the following vulnerabilities :

- A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1)
server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to
execute code on the target server.
(CVE-2017-11780)

Note that Microsoft uses AC:H for these two vulnerabilities. This could mean that an exploitable target is
configured in a certain way that may include that a publicly accessible file share is available and share
enumeration is allowed for anonymous users.

See Also

http://www.nessus.org/u?72a4ce73
http://www.nessus.org/u?42adf289

Solution

Microsoft has released a set of patches for Windows 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and
2016.

Risk Factor

High

CVSS v3.0 Base Score

8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.1 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS Base Score

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

5.6 (CVSS2#E:U/RL:OF/RC:C)

References

BID 101110
BID 101140
CVE CVE-2017-11780
CVE CVE-2017-11781
MSKB 4041676
MSKB 4041678
MSKB 4041679
MSKB 4041681
MSKB 4041687
MSKB 4041689
MSKB 4041690
MSKB 4041691
MSKB 4041693
MSKB 4041995
MSKB 4042895
XREF MSFT:MS17-4041676
XREF MSFT:MS17-4041678
XREF MSFT:MS17-4041679
XREF MSFT:MS17-4041681
XREF MSFT:MS17-4041687
XREF MSFT:MS17-4041689
XREF MSFT:MS17-4041690
XREF MSFT:MS17-4041691
XREF MSFT:MS17-4041693
XREF MSFT:MS17-4041995
XREF MSFT:MS17-4042895

Plugin Information

Published: 2017/10/17, Modified: 2018/07/17

Plugin Output

tcp/445

192.168.100.4 470
90625 - Oracle Java SE Multiple Vulnerabilities (April 2016 CPU)

Synopsis

The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.

Description

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8
Update 91, 7 Update 101, or 6 Update 115. It is, therefore, affected by security vulnerabilities in the following
subcomponents :

- 2D
- Deployment
- Hotspot
- JAXP
- JCE
- JMX
- Security
- Serialization

See Also

http://www.nessus.org/u?ffb7b96f
http://www.nessus.org/u?ab3dbcc8
http://www.nessus.org/u?2fbcacca
http://www.nessus.org/u?c856cce4

Solution

Upgrade to Oracle JDK / JRE 8 Update 91, 7 Update 101, or 6 Update 115 or later. If necessary, remove any
affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 115 or later.

Risk Factor

High

CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.7 (CVSS:3.0/E:U/RL:O/RC:C)

192.168.100.4 47
CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.9 (CVSS2#E:U/RL:OF/RC:C)

References

CVE CVE-2016-0686
CVE CVE-2016-0687
CVE CVE-2016-0695
CVE CVE-2016-3422
CVE CVE-2016-3425
CVE CVE-2016-3426
CVE CVE-2016-3427
CVE CVE-2016-3443
CVE CVE-2016-3449

Plugin Information

Published: 2016/04/21, Modified: 2018/11/15

Plugin Output

tcp/445

The following vulnerable instance of Java is installed on the remote host :

Path : C:\Program Files (x86)\Java\jre6

Installed version : 1.6.0_45
Fixed version: 1.6.0_115 / 1.7.0_101 / 1.8.0_91
99588 - Oracle Java SE Multiple Vulnerabilities (April 2017 CPU)

Synopsis

The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.

Description

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 6
Update 151, 7 Update 141, or 8 Update 131. It is, therefore, affected by multiple vulnerabilities :

- An unspecified flaw exists in the Networking subcomponent that allows an unauthenticated, remote attacker to
impact confidentiality and integrity.
(CVE-2017-3509)

- An unspecified flaw exists in the JCE subcomponent that allows a local attacker to gain elevated privileges.
This vulnerability does not affect Java SE version 6.
(CVE-2017-3511)

- An unspecified flaw exists in the AWT subcomponent that allows an unauthenticated, remote attacker to
execute arbitrary code. This vulnerability does not affect Java SE version 6. (CVE-2017-3512)

- An unspecified flaw exists in the AWT subcomponent that allows an unauthenticated, remote attacker to
execute arbitrary code. (CVE-2017-3514)

- An unspecified flaw exists in the JAXP subcomponent that allows an unauthenticated, remote attacker to cause
a denial of service condition. (CVE-2017-3526)

- Multiple unspecified flaws exist in the Networking subcomponent that allow an unauthenticated, remote
attacker to gain update, insert, or delete access to unauthorized data. (CVE-2017-3533, CVE-2017-3544)

- An unspecified flaw exists in the Security subcomponent that allows an unauthenticated, remote attacker to
gain update, insert, or delete access to unauthorized data.
(CVE-2017-3539)

See Also

http://www.nessus.org/u?02dc6498
http://www.nessus.org/u?ce35fa3a
http://www.nessus.org/u?2fbcacca
http://www.nessus.org/u?726f7054
http://www.nessus.org/u?eb4db3c7

Solution

Upgrade to Oracle JDK / JRE 6 Update 151 / 7 Update 141 / 8 Update 131 or later. If necessary, remove any
affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.
Risk Factor

High

CVSS v3.0 Base Score

8.3 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.2 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.9 (CVSS2#E:U/RL:OF/RC:C)

References

BID 97727
BID 97729
BID 97731
BID 97733
BID 97737
BID 97740
BID 97745
BID 97752
CVE CVE-2017-3509
CVE CVE-2017-3511
CVE CVE-2017-3512
CVE CVE-2017-3514
CVE CVE-2017-3526
CVE CVE-2017-3533
CVE CVE-2017-3539
CVE CVE-2017-3544

Plugin Information

Published: 2017/04/21, Modified: 2018/11/15

Plugin Output

tcp/445
The following vulnerable instance of Java is installed on the remote host :

Path : C:\Program Files (x86)\Java\jre6

Installed version : 1.6.0_45
Fixed version: 1.6.0_151 / 1.7.0_141 / 1.8.0_131
109202 - Oracle Java SE Multiple Vulnerabilities (April 2018 CPU)

Synopsis

The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.

Description

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 10
Update 1, 8 Update 171, 7 Update 181, or 6 Update 191. It is, therefore, affected by multiple vulnerabilities
related to the following components :

- AWT
- Concurrency
- Hotspot
- Install
- JAXP
- JMX
- Libraries
- RMI
- Security
- Serialization

See Also

http://www.nessus.org/u?76507bf8
http://www.nessus.org/u?6f630e2b
http://www.nessus.org/u?9bf6e180
http://www.nessus.org/u?2fbcacca
http://www.nessus.org/u?726f7054

Solution

Upgrade to Oracle JDK / JRE 10 Update 1, 8 Update 171 / 7 Update 181 / 6 Update 191 or later. If necessary,
remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.

Risk Factor

High

CVSS v3.0 Base Score

8.3 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

References

BID 103796
BID 103810
BID 103817
BID 103832
BID 103848
BID 103849
BID 103872
CVE CVE-2018-2783
CVE CVE-2018-2790
CVE CVE-2018-2794
CVE CVE-2018-2795
CVE CVE-2018-2796
CVE CVE-2018-2797
CVE CVE-2018-2798
CVE CVE-2018-2799
CVE CVE-2018-2800
CVE CVE-2018-2811
CVE CVE-2018-2814
CVE CVE-2018-2815
CVE CVE-2018-2825
CVE CVE-2018-2826

Plugin Information

Published: 2018/04/20, Modified: 2018/11/15

Plugin Output

tcp/445

The following vulnerable instance of Java is installed on the remote host :

Path : C:\Program Files (x86)\Java\jre6

Installed version : 1.6.0_45
Fixed version : 1.6.0_191 / 1.7.0_181 / 1.8.0_171 / 1.10.0_1
96628 - Oracle Java SE Multiple Vulnerabilities (January 2017 CPU) (SWEET32)

Synopsis

The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.

Description

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8
Update 121, 7 Update 131, or 6 Update 141. It is, therefore, affected by multiple vulnerabilities :

- A vulnerability exists in the Libraries subcomponent, known as SWEET32, in the 3DES and Blowfish algorithms
due to the use of weak 64-bit block ciphers by default.
A man-in-the-middle attacker who has sufficient resources can exploit this vulnerability, via a 'birthday' attack,
to detect a collision that leaks the XOR between the fixed secret and a known plaintext, allowing the disclosure
of the secret text, such as secure HTTPS cookies, and possibly resulting in the hijacking of an authenticated
session. (CVE-2016-2183)

- An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to
impact integrity. (CVE-2016-5546)

- An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to
cause a denial of service condition. (CVE-2016-5547)

- Multiple unspecified flaws exist in the Libraries subcomponent that allow an unauthenticated, remote attacker to
disclose sensitive information.
(CVE-2016-5548, CVE-2016-5549)

- An unspecified flaw exists in the Networking subcomponent that allows an unauthenticated, remote attacker to
impact integrity. (CVE-2016-5552)

- An unspecified flaw exists in the Mission Control subcomponent that allows an unauthenticated, remote
attacker to impact integrity. (CVE-2016-8328)

- Multiple unspecified flaws exist in the Networking subcomponent that allow an unauthenticated, remote
attacker to disclose sensitive information.
(CVE-2017-3231, CVE-2017-3261)

- An unspecified flaw exists in the RMI subcomponent that allows an unauthenticated, remote attacker to
execute arbitrary code. (CVE-2017-3241)

- An unspecified flaw exists in the JAAS subcomponent that allows an unauthenticated, remote attacker to
impact integrity. (CVE-2017-3252)

- An unspecified flaw exists in the 2D subcomponent that allows an unauthenticated, remote attacker to cause a
denial of service condition. (CVE-2017-3253)

- An unspecified flaw exists in the Deployment subcomponent that allows an unauthenticated, remote attacker to
disclose sensitive information.
(CVE-2017-3259)

- An unspecified flaw exists in the AWT subcomponent that allows an unauthenticated, remote attacker to
execute arbitrary code. (CVE-2017-3260)
- An unspecified flaw exists in the Java Mission Control subcomponent that allows an unauthenticated, remote
attacker to disclose sensitive information.
(CVE-2017-3262)

- An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to
execute arbitrary code. (CVE-2017-3272)

- An unspecified flaw exists in the Hotspot subcomponent that allows an unauthenticated, remote attacker to
execute arbitrary code. (CVE-2017-3289)

Note that CVE-2017-3241 can only be exploited by supplying data to APIs in the specified component without
using untrusted Java Web Start applications or untrusted Java applets, such as through a web service.
Note that CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5552, CVE-2017-3252, and
CVE-2017-3253 can be exploited through sandboxed Java Web Start applications and sandboxed Java applets.
They can also be exploited by supplying data to APIs in the specified component without using sandboxed Java
Web Start applications or sandboxed Java applets, such as through a web service.

See Also

http://www.nessus.org/u?951bfdb7
http://www.nessus.org/u?c3776cd3
http://www.nessus.org/u?2fbcacca
http://www.nessus.org/u?726f7054
https://sweet32.info
https://www.openssl.org/blog/blog/2016/08/24/sweet32/

Solution

Upgrade to Oracle JDK / JRE 8 Update 121 / 7 Update 131 / 6 Update 141 or later. If necessary, remove any
affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.

Risk Factor

High

CVSS v3.0 Base Score

9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

8.6 (CVSS:3.0/E:P/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score

7.3 (CVSS2#E:POC/RL:OF/RC:C)

References

BID 92630
BID 95488
BID 95498
BID 95506
BID 95509
BID 95512
BID 95521
BID 95525
BID 95530
BID 95533
BID 95559
BID 95563
BID 95566
BID 95570
BID 95576
BID 95578
BID 95581
CVE CVE-2016-2183
CVE CVE-2016-5546
CVE CVE-2016-5547
CVE CVE-2016-5548
CVE CVE-2016-5549
CVE CVE-2016-5552
CVE CVE-2016-8328
CVE CVE-2017-3231
CVE CVE-2017-3241
CVE CVE-2017-3252
CVE CVE-2017-3253
CVE CVE-2017-3259
CVE CVE-2017-3260
CVE CVE-2017-3261
CVE CVE-2017-3262
CVE CVE-2017-3272
CVE CVE-2017-3289

Plugin Information

Published: 2017/01/19, Modified: 2018/11/15

192.168.100.4 480
Plugin Output

tcp/445

The following vulnerable instance of Java is installed on the remote host :

Path : C:\Program Files (x86)\Java\jre6

Installed version : 1.6.0_45
Fixed version: 1.6.0_141 / 1.7.0_131 / 1.8.0_121

192.168.100.4 48
106190 - Oracle Java SE Multiple Vulnerabilities (January 2018 CPU)

Synopsis

The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.

Description

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 9
Update 4, 8 Update 161, 7 Update 171, or 6 Update 181. It is, therefore, affected by multiple vulnerabilities
related to the following components :

- AWT
- Deployment
- Hotspot
- I18n
- Installer
- JCE
- JGSS
- JMX
- JNDI
- JavaFX
- LDAP
- Libraries
- Serialization

See Also

http://www.nessus.org/u?29ce2b01
http://www.nessus.org/u?793c3773
http://www.nessus.org/u?cc061f9a
http://www.nessus.org/u?2fbcacca
http://www.nessus.org/u?726f7054

Solution

Upgrade to Oracle JDK / JRE 9 Update 4, 8 Update 161 / 7 Update 171 / 6 Update 181 or later. If necessary,
remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.

Risk Factor

High
CVSS v3.0 Base Score

8.3 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.2 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.9 (CVSS2#E:U/RL:OF/RC:C)

References

BID 102546
BID 102556
BID 102557
BID 102576
BID 102584
BID 102592
BID 102597
BID 102605
BID 102612
BID 102615
BID 102625
BID 102629
BID 102633
BID 102636
BID 102642
BID 102656
BID 102659
BID 102661
BID 102662
BID 102663
CVE CVE-2018-2579
CVE CVE-2018-2581
CVE CVE-2018-2582
CVE CVE-2018-2588
CVE CVE-2018-2599
CVE CVE-2018-2602
CVE CVE-2018-2603
CVE CVE-2018-2618
CVE CVE-2018-2627
CVE CVE-2018-2629
CVE CVE-2018-2633
CVE CVE-2018-2634
CVE CVE-2018-2637
CVE CVE-2018-2638
CVE CVE-2018-2639
CVE CVE-2018-2641
CVE CVE-2018-2657
CVE CVE-2018-2663
CVE CVE-2018-2677
CVE CVE-2018-2678

Plugin Information

Published: 2018/01/19, Modified: 2018/11/15

Plugin Output

tcp/445

The following vulnerable instance of Java is installed on the remote host :

Path : C:\Program Files (x86)\Java\jre6

Installed version : 1.6.0_45
Fixed version : 1.6.0_181 / 1.7.0_171 / 1.8.0_161 / 1.9.0_4
101843 - Oracle Java SE Multiple Vulnerabilities (July 2017 CPU)

Synopsis

The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.

Description

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8
Update 141, 7 Update 151, or 6 Update 161. It is, therefore, affected by multiple vulnerabilities :

- An unspecified flaw exists in the 2D component that allows an unauthenticated, remote attacker to cause a
denial of service condition. (CVE-2017-10053)

- Multiple unspecified flaws exist in the Security component that allow an unauthenticated, remote attacker to
execute arbitrary code. (CVE-2017-10067, CVE-2017-10116)

- An unspecified flaw exists in the Hotspot component that allows an unauthenticated, remote attacker to
execute arbitrary code. (CVE-2017-10074)

- An unspecified flaw exists in the Scripting component that allows an authenticated, remote attacker to impact
confidentiality and integrity. (CVE-2017-10078)

- An unspecified flaw exists in the Hotspot component that allows an unauthenticated, remote attacker to impact
integrity. (CVE-2017-10081)

- Multiple unspecified flaws exist in the JavaFX component that allow an unauthenticated, remote attacker to
execute arbitrary code. (CVE-2017-10086, CVE-2017-10114)

- Multiple unspecified flaws exist in the Libraries component that allow an unauthenticated, remote attacker to
execute arbitrary code. (CVE-2017-10087, CVE-2017-10090, CVE-2017-10111)

- An unspecified flaw exists in the ImageIO component that allows an unauthenticated, remote attacker to
execute arbitrary code. (CVE-2017-10089)

- Multiple unspecified flaws exist in the JAXP component that allow an unauthenticated, remote attacker to
execute arbitrary code. (CVE-2017-10096, CVE-2017-10101)

- Multiple unspecified flaws exist in the RMI component that allow an unauthenticated, remote attacker to
execute arbitrary code. (CVE-2017-10102, CVE-2017-10107)

- Multiple unspecified flaws exist in the Server component of the Java Advanced Management Console that
allow an authenticated, remote attacker to impact confidentiality, integrity, and availability.
(CVE-2017-10104, CVE-2017-10145)

- An unspecified flaw exists in the Deployment component that allows an unauthenticated, remote attacker to
impact integrity. (CVE-2017-10105)

- Multiple unspecified flaws exist in the Serialization component that allow an unauthenticated, remote attacker to
exhaust available memory, resulting in a denial of service condition. (CVE-2017-10108, CVE-2017-10109)

- An unspecified flaw exists in the AWT component that allows an unauthenticated, remote attacker to execute
arbitrary code. (CVE-2017-10110)

- Multiple unspecified flaws exist in the JCE component that allow an unauthenticated, remote attacker to
disclose sensitive information. (CVE-2017-10115, CVE-2017-10118, CVE-2017-10135)
- An unspecified flaw exists in the Server component of the Java Advanced Management Console that allows an
unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-10117)

- An unspecified flaw exists in the Server component of the Java Advanced Management Console that allows an
unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-10121)

- An unspecified flaw exists in the Deployment component that allows a local attacker to impact confidentiality,
integrity, and availability. (CVE-2017-10125)

- Multiple unspecified flaws exist in the Security component that allow an unauthenticated, remote attacker to
disclose sensitive information. (CVE-2017-10176, CVE-2017-10193, CVE-2017-10198)

- An unspecified flaw exists in the JAX-WS component that allows an unauthenticated, remote attacker to impact
confidentiality and availability. (CVE-2017-10243)

See Also

http://www.nessus.org/u?76f5def7
http://www.nessus.org/u?755142b1
http://www.nessus.org/u?2fbcacca
http://www.nessus.org/u?726f7054

Solution

Upgrade to Oracle JDK / JRE 8 Update 141 / 7 Update 151 / 6 Update 161 or later. If necessary, remove any
affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.

Risk Factor

High

CVSS v3.0 Base Score

9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

8.3 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.9 (CVSS2#E:U/RL:OF/RC:C)

References
BID 99643
BID 99659
BID 99662
BID 99670
BID 99674
BID 99703
BID 99706
BID 99707
BID 99712
BID 99719
BID 99726
BID 99731
BID 99734
BID 99752
BID 99756
BID 99774
BID 99782
BID 99788
BID 99797
BID 99804
BID 99809
BID 99818
BID 99827
BID 99832
BID 99835
BID 99839
BID 99842
BID 99846
BID 99847
BID 99851
BID 99853
BID 99854
CVE CVE-2017-10053
CVE CVE-2017-10067
CVE CVE-2017-10074
CVE CVE-2017-10078
CVE CVE-2017-10081
CVE CVE-2017-10086
CVE CVE-2017-10087
CVE CVE-2017-10089
CVE CVE-2017-10090
CVE CVE-2017-10096
CVE CVE-2017-10101
CVE CVE-2017-10102
CVE CVE-2017-10104
CVE CVE-2017-10105
CVE CVE-2017-10107
CVE CVE-2017-10108
CVE CVE-2017-10109
CVE CVE-2017-10110
CVE CVE-2017-10111
CVE CVE-2017-10114
CVE CVE-2017-10115
CVE CVE-2017-10116
CVE CVE-2017-10117
CVE CVE-2017-10118
CVE CVE-2017-10121
CVE CVE-2017-10125
CVE CVE-2017-10135
CVE CVE-2017-10145
CVE CVE-2017-10176
CVE CVE-2017-10193
CVE CVE-2017-10198
CVE CVE-2017-10243

Plugin Information

Published: 2017/07/20, Modified: 2018/11/15

Plugin Output

tcp/445

The following vulnerable instance of Java is installed on the remote host :

Path : C:\Program Files (x86)\Java\jre6

Installed version : 1.6.0_45
Fixed version: 1.6.0_161 / 1.7.0_151 / 1.8.0_141
94138 - Oracle Java SE Multiple Vulnerabilities (October 2016 CPU)

Synopsis

The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.

Description

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8
Update 111, 7 Update 121, or 6 Update 131. It is, therefore, affected by multiple vulnerabilities :

- An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to
impact integrity. (CVE-2016-5542)

- An unspecified flaw exists in the JMX subcomponent that allows an unauthenticated, remote attacker to impact
integrity. (CVE-2016-5554)

- An unspecified flaw exists in the 2D subcomponent that allows an unauthenticated, remote attacker to execute
arbitrary code. (CVE-2016-5556)

- An unspecified flaw exists in the AWT subcomponent that allows an unauthenticated, remote attacker to
execute arbitrary code. (CVE-2016-5568)

- Multiple unspecified flaws exist in the Hotspot subcomponent that allow an unauthenticated, remote attacker to
execute arbitrary code. (CVE-2016-5573, CVE-2016-5582)

- An unspecified flaw exists in the Networking subcomponent that allows an unauthenticated, remote attacker to
disclose sensitive information.
(CVE-2016-5597)

See Also

http://www.nessus.org/u?bac902d5
http://www.nessus.org/u?10d5f7a6
http://www.nessus.org/u?2fbcacca
http://www.nessus.org/u?726f7054

Solution

Upgrade to Oracle JDK / JRE 8 Update 111 / 7 Update 121 / 6 Update 131 or later. If necessary, remove any
affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.

Risk Factor

High

CVSS v3.0 Base Score

9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score

8.3 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.9 (CVSS2#E:U/RL:OF/RC:C)

References

BID 93618
BID 93621
BID 93623
BID 93628
BID 93636
BID 93637
BID 93643
CVE CVE-2016-5542
CVE CVE-2016-5554
CVE CVE-2016-5556
CVE CVE-2016-5568
CVE CVE-2016-5573
CVE CVE-2016-5582
CVE CVE-2016-5597
XREF EDB-ID:118073

Plugin Information

Published: 2016/10/19, Modified: 2018/11/15

Plugin Output

tcp/445

The following vulnerable instance of Java is installed on the remote host :

Path : C:\Program Files (x86)\Java\jre6

Installed version : 1.6.0_45
Fixed version: 1.6.0_131 / 1.7.0_121 / 1.8.0_111

192.168.100.4 490
103963 - Oracle Java SE Multiple Vulnerabilities (October 2017 CPU)

Synopsis

The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.

Description

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 9
Update 1, 8 Update 151, 7 Update 161, or 6 Update 171. It is, therefore, affected by multiple vulnerabilities
related to the following components :

- 2D (Little CMS 2)
- Deployment
- Hotspot
- JAX-WS
- JAXP
- Javadoc
- Libraries
- Networking
- RMI
- Security
- Serialization
- Smart Card IO
- Util (zlib)

See Also

http://www.nessus.org/u?ffb85cfa
http://www.nessus.org/u?dfeae1af
http://www.nessus.org/u?bbe7f5cf
http://www.nessus.org/u?2fbcacca
http://www.nessus.org/u?726f7054

Solution

Upgrade to Oracle JDK / JRE 9 Update 1, 8 Update 151 / 7 Update 161 / 6 Update 171 or later. If necessary,
remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.

Risk Factor

High

192.168.100.4 49
CVSS v3.0 Base Score

9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

8.6 (CVSS:3.0/E:P/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

7.3 (CVSS2#E:POC/RL:OF/RC:C)

References

BID 101315
BID 101319
BID 101321
BID 101328
BID 101333
BID 101338
BID 101341
BID 101348
BID 101354
BID 101355
BID 101369
BID 101378
BID 101382
BID 101384
BID 101396
BID 101413
CVE CVE-2016-9841
CVE CVE-2016-10165
CVE CVE-2017-10274
CVE CVE-2017-10281
CVE CVE-2017-10285
CVE CVE-2017-10293
CVE CVE-2017-10295
CVE CVE-2017-10309
CVE CVE-2017-10345
CVE CVE-2017-10346
CVE CVE-2017-10347
CVE CVE-2017-10348
CVE CVE-2017-10349
CVE CVE-2017-10350
CVE CVE-2017-10355
CVE CVE-2017-10356
CVE CVE-2017-10357
CVE CVE-2017-10388

Plugin Information

Published: 2017/10/19, Modified: 2018/11/15

Plugin Output

tcp/445

The following vulnerable instance of Java is installed on the remote host :

Path : C:\Program Files (x86)\Java\jre6

Installed version : 1.6.0_45
Fixed version : 1.6.0_171 / 1.7.0_161 / 1.8.0_151 / 1.9.0_1
94168 - Oracle VM VirtualBox 5.0.x < 5.0.28 / 5.1.x < 5.1.8 Multiple Vulnerabilities (October 2016 CPU)

Synopsis

An application installed on the remote host is affected by multiple vulnerabilities.

Description

The version of the Oracle VM VirtualBox application installed on the remote host is 5.0.x prior to 5.0.28 or 5.1.x
prior to 5.1.8. It is, therefore, affected by multiple vulnerabilities :

- Multiple unspecified flaws exist in the Core subcomponent that allow a local attacker to gain elevated
privileges. (CVE-2016-5501, CVE-2016-5538)

- An unspecified flaw exists in the VirtualBox Remote Desktop Extension (VRDE) subcomponent that allows an
unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-5605)

- Multiple unspecified flaws exist in the Core subcomponent that allow a local attacker to cause a denial of
service condition. (CVE-2016-5608, CVE-2016-5613)

- An unspecified flaw exists in the Core subcomponent that allows a local attacker to impact on integrity and
availability. (CVE-2016-5610)

- An unspecified flaw exists in the Core subcomponent that allows a local attacker to disclose sensitive
information. (CVE-2016-5611)

- A flaw exists in the OpenSSL subcomponent, specifically within the ssl_parse_clienthello_tlsext() function
in t1_lib.c due, to improper handling of overly large OCSP Status Request extensions from clients. An
unauthenticated, remote attacker can exploit this, via large OCSP Status Request extensions, to exhaust
memory resources, resulting in a denial of service condition.
(CVE-2016-6304)

See Also

http://www.nessus.org/u?bac902d5
https://www.virtualbox.org/wiki/Changelog

Solution

Upgrade to Oracle VM VirtualBox version 5.0.28 / 5.1.8 or later as referenced in the October 2016 Oracle Critical
Patch Update advisory.

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score

6.5 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

9.4 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N)

CVSS Temporal Score

7.0 (CVSS2#E:U/RL:OF/RC:C)

References

BID 93150
BID 93685
BID 93687
BID 93697
BID 93711
BID 93718
BID 93728
BID 93744
CVE CVE-2016-5501
CVE CVE-2016-5538
CVE CVE-2016-5605
CVE CVE-2016-5608
CVE CVE-2016-5610
CVE CVE-2016-5611
CVE CVE-2016-5613
CVE CVE-2016-6304

Plugin Information

Published: 2016/10/20, Modified: 2019/02/26

Plugin Output

tcp/445

Path : C:\Program Files\Oracle\VirtualBox\

Installed version : 5.0.4.102546 Fixed version: 5.0.26
96609 - Oracle VM VirtualBox 5.0.x < 5.0.32 / 5.1.x < 5.1.14 Multiple Vulnerabilities (January 2017
CPU)

Synopsis

An application installed on the remote host is affected by multiple vulnerabilities.

Description

The version of Oracle VM VirtualBox installed on the remote host is 5.0.x prior to 5.0.32 or 5.1.x prior to 5.1.14. It
is, therefore, affected by multiple vulnerabilities :

- An unspecified flaw exists in the GUI subcomponent that allows an unauthenticated, remote attacker to impact
confidentiality, integrity, and availability.
(CVE-2016-5545)

- An unspecified flaw exists in the Shared Folder subcomponent that allows a local attacker to impact integrity
and availability. (CVE-2017-3290)

- An unspecified flaw exists in the GUI subcomponent that allows an authenticated, remote attacker to execute
arbitrary code. (CVE-2017-3316)

- An unspecified flaw exists in the VirtualBox SVGA Emulation subcomponent that allows a local attacker to
impact integrity and availability. (CVE-2017-3332)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported
version number.

See Also

http://www.nessus.org/u?89a8e429
https://www.virtualbox.org/wiki/Changelog

Solution

Upgrade to Oracle VM VirtualBox version 5.0.32 / 5.1.14 or later as referenced in the January 2017 Oracle
Critical Patch Update advisory.

Risk Factor

High

CVSS v3.0 Base Score

6.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)

CVSS v3.0 Temporal Score

5.7 (CVSS:3.0/E:P/RL:O/RC:C)
CVSS Base Score

8.5 (CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)

CVSS Temporal Score

6.7 (CVSS2#E:POC/RL:OF/RC:C)

References

BID 95579
BID 95590
BID 95599
BID 95601
CVE CVE-2016-5545
CVE CVE-2017-3290
CVE CVE-2017-3316
CVE CVE-2017-3332

Plugin Information

Published: 2017/01/18, Modified: 2019/02/26

Plugin Output

tcp/445

Path : C:\Program Files\Oracle\VirtualBox\

Installed version : 5.0.4.102546 Fixed version: 5.0.32
99509 - Oracle VM VirtualBox 5.0.x < 5.0.38 / 5.1.x < 5.1.20 (April 2017 CPU)

Synopsis

An application installed on the remote host is affected by multiple vulnerabilities.

Description

The version of Oracle VM VirtualBox installed on the remote host is 5.0.x prior to 5.0.38 or 5.1.x prior to 5.1.20. It
is, therefore, affected by multiple vulnerabilities :

- An unspecified flaw exists in the Core component that allows a local attacker to disclose potentially sensitive
information. (CVE-2017-3513)

- A flaw exists in the Shared Folder component, specifically when cooperating guests access files within a
shared folder while moving it. A local attacker within a guest can exploit this to read arbitrary files on the host.
(CVE-2017-3538)

- Multiple unspecified flaws exist in the Core component that allow a local attacker to impact confidentiality,
integrity, and availability. (CVE-2017-3558, CVE-2017-3559, CVE-2017-3561, CVE-2017-3563,
CVE-2017-3576)

- An unspecified flaw exists in the Core component that allows a local attacker to impact integrity and availability.
(CVE-2017-3575)

- An unspecified flaw exists in the Shared Folder component that allows a local attacker to impact integrity and
availability. (CVE-2017-3587)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported
version number.

See Also

http://www.nessus.org/u?623d2c22
https://www.virtualbox.org/wiki/Changelog
http://www.nessus.org/u?eb4db3c7

Solution

Upgrade to Oracle VM VirtualBox version 5.0.38 / 5.1.20 or later as referenced in the April 2017 Oracle Critical
Patch Update advisory.

Note that vulnerability CVE-2017-3538 was fixed in versions 5.0.34 and 5.1.16.

Risk Factor

High

CVSS v3.0 Base Score

8.5 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H)
CVSS v3.0 Temporal Score

7.6 (CVSS:3.0/E:P/RL:O/RC:C)

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

5.6 (CVSS2#E:POC/RL:OF/RC:C)

References

BID 97698
BID 97730
BID 97732
BID 97736
BID 97739
BID 97744
BID 97750
BID 97755
BID 97759
CVE CVE-2017-3513
CVE CVE-2017-3558
CVE CVE-2017-3559
CVE CVE-2017-3561
CVE CVE-2017-3563
CVE CVE-2017-3575
CVE CVE-2017-3576
CVE CVE-2017-3587

Plugin Information

Published: 2017/04/20, Modified: 2019/02/26

Plugin Output

tcp/445

Path : C:\Program Files\Oracle\VirtualBox\

Installed version : 5.0.4.102546 Fixed version: 5.0.38
88051 - Oracle VM VirtualBox < 4.0.36 / 4.1.44 / 4.2.36 / 4.3.34 / 5.0.10 Multiple Vulnerabilities (January
2016 CPU)

Synopsis

An application installed on the remote host is affected by multiple vulnerabilities.

Description

The Oracle VM VirtualBox application installed on the remote host is a version prior to 4.0.36, 4.1.44, 4.2.36,
4.3.34, or 5.0.10. It is, therefore, affected by the following vulnerabilities :

- A denial of service vulnerability exists due to an infinite loop condition in the KVM subsystem of the Linux
kernel. A local attacker can exploit this, by triggering many Alignment Check (#AC) exceptions, to cause an OS
panic or hang. (CVE-2015-5307)

- A integer overflow condition exists in the PL_ARENA_ALLOCATE implementation in Netscape Portable

Runtime (NSPR) due to a failure to properly validate user-supplied input during memory allocation. A remote
attacker can exploit this to corrupt memory, resulting in a denial of service or execution of arbitrary code.
(CVE-2015-7183)

- A denial of service vulnerability exists due to an infinite loop condition in the KVM subsystem of the Linux
kernel. A local attacker can exploit this, by triggering many Debug (#DB) exceptions, to cause an OS panic or
hang.
(CVE-2015-8104)

See Also

http://www.nessus.org/u?ab4ebec1
https://www.virtualbox.org/wiki/Changelog

Solution

Upgrade to Oracle VM VirtualBox version 4.0.36 / 4.1.44 / 4.2.36 / 4.3.34 / 5.0.10 or later as referenced in the
January 2016 Oracle Critical Patch Update advisory.

Risk Factor

High

CVSS Base Score

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Temporal Score

5.5 (CVSS2#E:U/RL:OF/RC:C)

References
BID 77415
BID 77524
BID 77528
CVE CVE-2015-5307
CVE CVE-2015-7183
CVE CVE-2015-8104

Plugin Information

Published: 2016/01/21, Modified: 2018/11/15

Plugin Output

tcp/445

Path : C:\Program Files\Oracle\VirtualBox\

Installed version : 5.0.4.102546 Fixed version: 5.0.10
92458 - Oracle VM VirtualBox < 5.0.22 Multiple Vulnerabilities (July 2016 CPU)

Synopsis

An application installed on the remote host is affected by multiple vulnerabilities.

Description

The Oracle VM VirtualBox application installed on the remote host is a version prior to 5.0.22. It is, therefore,
affected by multiple vulnerabilities in the bundled OpenSSL component :

- A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c
that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit
this to cause a denial of service condition. (CVE-2016-2105)

- A heap buffer overflow condition exists in the EVP_EncryptUpdate() function within file crypto/evp/evp_enc.c
that is triggered when handling a large amount of input data after a previous call occurs to the same function
with a partial block. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.
(CVE-2016-2106)

- Flaws exist in the aesni_cbc_hmac_sha1_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha1.c and the

aesni_cbc_hmac_sha256_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered when
the connection uses an AES-CBC cipher and AES-NI is supported by the server. A man-in-the-middle attacker
can exploit these to conduct a padding oracle attack, resulting in the ability to decrypt the network traffic.
(CVE-2016-2107)

- Multiple unspecified flaws exist in the d2i BIO functions when reading ASN.1 data from a BIO due to invalid
encoding causing a large allocation of memory.
An unauthenticated, remote attacker can exploit these to cause a denial of service condition through resource
exhaustion. (CVE-2016-2109)

- An out-of-bounds read error exists in the X509_NAME_oneline() function within file crypto/x509/x509_obj.c
when handling very long ASN1 strings. An unauthenticated, remote attacker can exploit this to disclose the
contents of stack memory.
(CVE-2016-2176)

See Also

http://www.nessus.org/u?453b5f8c
https://www.virtualbox.org/wiki/Changelog

Solution

Upgrade to Oracle VM VirtualBox version 5.0.22 or later as referenced in the July 2016 Oracle Critical Patch
Update advisory.

Risk Factor

High
CVSS Base Score

7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Temporal Score

6.1 (CVSS2#E:POC/RL:OF/RC:C)

References

BID 87940
BID 89744
BID 89746
BID 89757
BID 89760
CVE CVE-2016-2105
CVE CVE-2016-2106
CVE CVE-2016-2107
CVE CVE-2016-2109
CVE CVE-2016-2176
CVE CVE-2016-3612
XREF EDB-ID:39768

Plugin Information

Published: 2016/07/20, Modified: 2018/11/07

Plugin Output

tcp/445

Path : C:\Program Files\Oracle\VirtualBox\

Installed version : 5.0.4.102546 Fixed version: 5.0.22
123418 - PuTTY < 0.71 Multiple Vulnerabilities

Synopsis

The remote Windows host has an SSH client that is affected by multiple vulnerabilities.

Description

The remote host has a version of PuTTY installed that is prior to 0.71. It is, therefore, affected by multiple
vulnerabilities including:

- A remotely triggerable buffer overflow in any kind of server-to-client forwarding. (CVE-2019-9895)

- Potential recycling of random numbers used in cryptography.

(CVE-2019-9898)

- A remotely triggerable memory overwrite in RSA key exchange can occur before host key verification.
(CVE-2019-9894)

See Also

http://www.nessus.org/u?fc188a9c http://www.nessus.org/u?
cd82820f http://www.nessus.org/u?e116cf63
http://www.nessus.org/u?39988fba http://www.nessus.org/u?
50d03d73 http://www.nessus.org/u?dc4b5e69
http://www.nessus.org/u?d52aebfd http://www.nessus.org/u?
819250a8
http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html

Solution

Upgrade to PuTTY version 0.71 or later.

Risk Factor

High

CVSS v3.0 Base Score

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVSS Base Score

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
References

BID 107484
BID 107523
CVE CVE-2019-9894
CVE CVE-2019-9895
CVE CVE-2019-9896
CVE CVE-2019-9897
CVE CVE-2019-9898

Plugin Information

Published: 2019/03/27, Modified: 2019/03/27

Plugin Output

tcp/445

Path : C:\Program Files\PuTTY

Installed version : 0.70 Fixed version: 0.71
20007 - SSL Version 2 and 3 Protocol Detection

Synopsis

The remote service encrypts traffic using a protocol with known weaknesses.

Description

The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are
affected by several cryptographic flaws, including:

- An insecure padding scheme with CBC ciphers.

- Insecure session renegotiation and resumption schemes.

An attacker can exploit these flaws to conduct man-in-the-middle attacks or to decrypt communications between
the affected service and clients.

Although SSL/TLS has a secure means for choosing the highest supported version of the protocol (so that
these versions will be used only if the client or server support nothing better), many web browsers implement
this in an unsafe way that allows an attacker to downgrade a connection (such as in POODLE). Therefore, it is
recommended that these protocols be disabled entirely.

NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of
enforcement found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC's definition of 'strong
cryptography'.

See Also

https://www.schneier.com/academic/paperfiles/paper-ssl.pdf
http://www.nessus.org/u?b06c7e95
http://www.nessus.org/u?247c4540
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://www.nessus.org/u?5d15ba70
https://www.imperialviolet.org/2014/10/14/poodle.html
https://tools.ietf.org/html/rfc7507
https://tools.ietf.org/html/rfc7568

Solution

Consult the application's documentation to disable SSL 2.0 and 3.0.

Use TLS 1.1 (with approved cipher suites) or higher instead.

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVSS Base Score

7.1 (CVSS2#AV:N/AC:M/Au:N/C:C/I:N/A:N)

Plugin Information

Published: 2005/10/12, Modified: 2019/03/27

Plugin Output

tcp/636

and the server supports at least one cipher. Explanation: TLS 1.0 and SSL 3.0 cipher suites may be used with SSLv3

phers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1

ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256

The fields above are :

OpenSSL ciphername} Kx={key exchange} Au={authentication}

nc={symmetric encryption method} Mac={message authentication code}
export flag}
20007 - SSL Version 2 and 3 Protocol Detection

Synopsis

The remote service encrypts traffic using a protocol with known weaknesses.

Description

The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are
affected by several cryptographic flaws, including:

- An insecure padding scheme with CBC ciphers.

- Insecure session renegotiation and resumption schemes.

An attacker can exploit these flaws to conduct man-in-the-middle attacks or to decrypt communications between
the affected service and clients.

See Also

Solution

Consult the application's documentation to disable SSL 2.0 and 3.0.

Use TLS 1.1 (with approved cipher suites) or higher instead.

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVSS Base Score

7.1 (CVSS2#AV:N/AC:M/Au:N/C:C/I:N/A:N)

Plugin Information

Published: 2005/10/12, Modified: 2019/03/27

Plugin Output

tcp/3269

and the server supports at least one cipher. Explanation: TLS 1.0 and SSL 3.0 cipher suites may be used with SSLv3

phers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1

The fields above are :

OpenSSL ciphername} Kx={key exchange} Au={authentication}

nc={symmetric encryption method} Mac={message authentication code}
export flag}
104889 - Security Updates for Internet Explorer (April 2017)

Synopsis

The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.

Description

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by
multiple vulnerabilities :

- An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain
policies, which could allow an attacker to access information from one domain and inject it into another domain.
(CVE-2017-0210)

See Also

http://www.nessus.org/u?e9bccd2b
http://www.nessus.org/u?782139c0
http://www.nessus.org/u?d871fd1d
http://www.nessus.org/u?2731a8f6

Solution

Microsoft has released security updates for the affected versions of Internet Explorer.

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

6.7 (CVSS:3.0/E:P/RL:O/RC:C)

192.168.100.4 510
CVSS Base Score

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.0 (CVSS2#E:POC/RL:OF/RC:C)

References

BID 97441
BID 97454
BID 97512
CVE CVE-2017-0201
CVE CVE-2017-0202
CVE CVE-2017-0210
MSKB 4015549
MSKB 4015551
MSKB 4015550
MSKB 4014661
XREF MSFT:MS17-4015549
XREF MSFT:MS17-4015551
XREF MSFT:MS17-4015550
XREF MSFT:MS17-4014661

Plugin Information

Published: 2017/11/30, Modified: 2018/08/03

Plugin Output

tcp/445

KB : 4014661
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.18639

Note: The fix for this issue is available in either of the following updates:
- KB4014661 : Cumulative Security Update for Internet Explorer
- KB4015550 : Windows 8.1 / Server 2012 R2 Monthly Rollup

192.168.100.4 51
108971 - Security Updates for Internet Explorer (April 2018)

Synopsis

The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.

Description

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by
multiple vulnerabilities :

See Also

http://www.nessus.org/u?b665658e
http://www.nessus.org/u?e474951c
http://www.nessus.org/u?2d3b2bb1
http://www.nessus.org/u?cf0e57cc

Solution

Microsoft has released the following security updates to address this issue:
-KB4093114
-KB4093123
-KB4093118
-KB4092946

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.2 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.6 (CVSS2#E:H/RL:OF/RC:C)

References

CVE CVE-2018-0870
CVE CVE-2018-0981
CVE CVE-2018-0987
CVE CVE-2018-0988
CVE CVE-2018-0989
CVE CVE-2018-0991
CVE CVE-2018-0996
CVE CVE-2018-0997
CVE CVE-2018-1000
CVE CVE-2018-1001
CVE CVE-2018-1004
CVE CVE-2018-1018
CVE CVE-2018-1020
MSKB 4093114
MSKB 4093123
MSKB 4093118
MSKB 4092946
XREF MSFT:MS18-4093114
XREF MSFT:MS18-4093123
XREF MSFT:MS18-4093118
XREF MSFT:MS18-4092946
Plugin Information

Published: 2018/04/10, Modified: 2019/04/05

Plugin Output

tcp/445

KB : 4092946
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.18978

Note: The fix for this issue is available in either of the following updates:
- KB4092946 : Cumulative Security Update for Internet Explorer
- KB4093114 : Windows 8.1 / Server 2012 R2 Monthly Rollup
123951 - Security Updates for Internet Explorer (April 2019)

Synopsis

The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.

Description

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by
multiple vulnerabilities :

See Also

http://www.nessus.org/u?60dedb61
http://www.nessus.org/u?78333a24
http://www.nessus.org/u?6116930e
http://www.nessus.org/u?3b9c0466
http://www.nessus.org/u?c8128373

Solution

Microsoft has released the following security updates to address this issue:
-KB4493446
-KB4493471
-KB4493472
-KB4493451
-KB4493435

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.2 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.6 (CVSS2#E:H/RL:OF/RC:C)

References

CVE CVE-2019-0752
CVE CVE-2019-0753
CVE CVE-2019-0764
CVE CVE-2019-0835
CVE CVE-2019-0862
MSKB 4493446
MSKB 4493471
MSKB 4493472
MSKB 4493451
MSKB 4493435
XREF MSFT:MS19-4493446
XREF MSFT:MS19-4493471
XREF MSFT:MS19-4493472
XREF MSFT:MS19-4493451
XREF MSFT:MS19-4493435

Plugin Information

Published: 2019/04/09, Modified: 2019/06/18

Plugin Output

tcp/445

KB : 4493435
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.19326

Note: The fix for this issue is available in either of the following updates:
- KB4493435 : Cumulative Security Update for Internet Explorer
- KB4493446 : Windows 8.1 / Server 2012 R2 Monthly Rollup
104890 - Security Updates for Internet Explorer (August 2017)

Synopsis

The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.

Description

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by
multiple vulnerabilities :

- A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in
memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could
execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability
could gain the same user rights as the current user. (CVE-2017-0228)

- A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.
The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the
context of the current user. An attacker who successfully exploited the vulnerability could gain the same user
rights as the current user. (CVE-2017-8653)

- A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render
content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker
could execute arbitrary code in the context of the current user. In a web-based attack scenario, an attacker could
host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers and then
convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for
initialization" in an application or Microsoft Office document that hosts the related rendering engine.
The attacker could also take advantage of compromised websites, and websites that accept or host user-
provided content or advertisements. These websites could contain specially crafted content that could exploit
the vulnerability. An attacker who successfully exploited the vulnerability could gain the same user rights as the
current user. (CVE-2017-8636)

See Also

http://www.nessus.org/u?8d0edc6a
http://www.nessus.org/u?1d4d1833
http://www.nessus.org/u?bf044da8
http://www.nessus.org/u?5a9af664

Solution

Microsoft has released security updates for the affected versions of Internet Explorer.

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

6.7 (CVSS:3.0/E:P/RL:O/RC:C)

CVSS Base Score

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.0 (CVSS2#E:POC/RL:OF/RC:C)

References

BID 98164
BID 100055
BID 100056
BID 100057
BID 100058
BID 100059
BID 100068
CVE CVE-2017-0228
CVE CVE-2017-8635
CVE CVE-2017-8636
CVE CVE-2017-8641
CVE CVE-2017-8651
CVE CVE-2017-8653
CVE CVE-2017-8669
MSKB 4034733
MSKB 4034681
MSKB 4034664
MSKB 4034665
XREF MSFT:MS17-4034733
XREF MSFT:MS17-4034681
XREF MSFT:MS17-4034664
XREF MSFT:MS17-4034665

Plugin Information

Published: 2017/11/30, Modified: 2018/08/03

Plugin Output

tcp/445

KB : 4034733
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.18763

Note: The fix for this issue is available in either of the following updates:
- KB4034733 : Cumulative Security Update for Internet Explorer
- KB4034681 : Windows 8.1 / Server 2012 R2 Monthly Rollup

192.168.100.4 520
111695 - Security Updates for Internet Explorer (August 2018)

Synopsis

The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.

Description

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by
multiple vulnerabilities :

See Also

http://www.nessus.org/u?f5f0e9e7
http://www.nessus.org/u?82e63681
http://www.nessus.org/u?c7990c33
http://www.nessus.org/u?f8d177a9
http://www.nessus.org/u?3a469b20

192.168.100.4 52
Solution

Microsoft has released the following security updates to address this issue:
-KB4343205
-KB4343898
-KB4343900
-KB4343901

Note that CVE-2018-8316 notes that users can install the Security-Only patch to cover this vulnerability
(KB4343899).
Refer to the link for KB4343899 for more information.

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.2 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.6 (CVSS2#E:H/RL:OF/RC:C)

References

CVE CVE-2018-8316
CVE CVE-2018-8351
CVE CVE-2018-8353
CVE CVE-2018-8355
CVE CVE-2018-8371
CVE CVE-2018-8372
CVE CVE-2018-8373
CVE CVE-2018-8385
CVE CVE-2018-8389
CVE CVE-2018-8403
MSKB 4343205
MSKB 4343898
MSKB 4343900
MSKB 4343901
XREF MSFT:MS18-4343205
XREF MSFT:MS18-4343898
XREF MSFT:MS18-4343900
XREF MSFT:MS18-4343901

Exploitable With

Core Impact (true)

Plugin Information

Published: 2018/08/14, Modified: 2019/04/08

Plugin Output

tcp/445

KB : 4343205
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.19101

Note: The fix for this issue is available in either of the following updates:
- KB4343205 : Cumulative Security Update for Internet Explorer
- KB4343898 : Windows 8.1 / Server 2012 R2 Monthly Rollup
105188 - Security Updates for Internet Explorer (December 2017)

Synopsis

The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.

Description

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by
multiple vulnerabilities :

See Also

http://www.nessus.org/u?47a822ee
http://www.nessus.org/u?b8a7a2b3
http://www.nessus.org/u?18bd5547
http://www.nessus.org/u?db8ca30f

Solution

Microsoft has released the following security updates to address this issue:
-KB4054520
-KB4052978
-KB4054519
-KB4054518
Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.2 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.6 (CVSS2#E:H/RL:OF/RC:C)

References

BID 102045
BID 102046
BID 102047
BID 102053
BID 102054
BID 102058
BID 102062
BID 102063
BID 102078
BID 102082
BID 102091
BID 102092
BID 102093
CVE CVE-2017-11886
CVE CVE-2017-11887
CVE CVE-2017-11890
CVE CVE-2017-11894
CVE CVE-2017-11895
CVE CVE-2017-11901
CVE CVE-2017-11903
CVE CVE-2017-11906
CVE CVE-2017-11907
CVE CVE-2017-11912
CVE CVE-2017-11913
CVE CVE-2017-11919
CVE CVE-2017-11930
MSKB 4054520
MSKB 4052978
MSKB 4054519
MSKB 4054518
XREF MSFT:MS17-4054520
XREF MSFT:MS17-4052978
XREF MSFT:MS17-4054519
XREF MSFT:MS17-4054518

Plugin Information

Published: 2017/12/12, Modified: 2018/07/30

Plugin Output

tcp/445

KB : 4052978
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.18860

Note: The fix for this issue is available in either of the following updates:
- KB4052978 : Cumulative Security Update for Internet Explorer
- KB4054519 : Windows 8.1 / Server 2012 R2 Monthly Rollup
119774 - Security Updates for Internet Explorer (December 2018 OOB)

Synopsis

The Internet Explorer installation on the remote host is affected by a remote code execution vulnerability.

Description

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by a
remote code execution vulnerability:

- A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in
Internet Explorer.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context
of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as
the current user. If the current user is logged on with administrative user rights, an attacker who successfully
exploited the vulnerability could take control of an affected system. An attacker could then install programs; view,
change, or delete data; or create new accounts with full user rights. (CVE-2018-8653)

See Also

http://www.nessus.org/u?7cb04547

Solution

Microsoft has released the following security updates to address this issue:
-KB4483187

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.2 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)
References

CVE CVE-2018-8653
MSKB 4483187
XREF MSFT:MS18-4483187

Plugin Information

Published: 2018/12/19, Modified: 2019/04/30

Plugin Output

tcp/445

KB : 4483187
- C:\Windows\system32\jscript.dll has not been patched.
Remote version : 5.8.9600.16384
Should be : 5.8.9600.19230
119594 - Security Updates for Internet Explorer (December 2018)

Synopsis

The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.

Description

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by
multiple vulnerabilities :

See Also

http://www.nessus.org/u?2da08abc
http://www.nessus.org/u?56bb4eaa
http://www.nessus.org/u?4b518909
http://www.nessus.org/u?720406bc
http://www.nessus.org/u?801bfd5d

Solution

Microsoft has released the following security updates to address this issue:
-KB4471325
-KB4471320
-KB4471318
-KB4471330
-KB4470199
Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

6.7 (CVSS:3.0/E:P/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

7.3 (CVSS2#E:POC/RL:OF/RC:C)

References

BID 106117
BID 106118
BID 106119
BID 106122
CVE CVE-2018-8619
CVE CVE-2018-8625
CVE CVE-2018-8631
CVE CVE-2018-8643
MSKB 4471325
MSKB 4471320
MSKB 4471318
MSKB 4471330
MSKB 4470199
XREF MSFT:MS18-4471325
XREF MSFT:MS18-4471320
XREF MSFT:MS18-4471318
XREF MSFT:MS18-4471330
XREF MSFT:MS18-4470199

Plugin Information

Published: 2018/12/11, Modified: 2019/04/05

Plugin Output

192.168.100.4 530
tcp/445

KB : 4470199
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.19204

Note: The fix for this issue is available in either of the following updates:
- KB4470199 : Cumulative Security Update for Internet Explorer
- KB4471320 : Windows 8.1 / Server 2012 R2 Monthly Rollup

192.168.100.4 53
106804 - Security Updates for Internet Explorer (February 2018)

Synopsis

The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.

Description

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by
multiple vulnerabilities :

See Also

http://www.nessus.org/u?ef621048
http://www.nessus.org/u?a005ee97
http://www.nessus.org/u?c58b06f4
http://www.nessus.org/u?81ed62f4

Solution

Microsoft has released the following security updates to address this issue:
-KB4074598
-KB4074736
-KB4074593
-KB4074594

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.2 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.6 (CVSS2#E:H/RL:OF/RC:C)

References

CVE CVE-2018-0840
CVE CVE-2018-0866
MSKB 4074598
MSKB 4074736
MSKB 4074593
MSKB 4074594
XREF MSFT:MS18-4074598
XREF MSFT:MS18-4074736
XREF MSFT:MS18-4074593
XREF MSFT:MS18-4074594

Plugin Information

Published: 2018/02/13, Modified: 2019/04/05

Plugin Output

tcp/445

KB : 4074736
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.18921

Note: The fix for this issue is available in either of the following updates:
- KB4074736 : Cumulative Security Update for Internet Explorer
- KB4074593 : Windows 8.1 / Server 2012 R2 Monthly Rollup
122131 - Security Updates for Internet Explorer (February 2019)

Synopsis

The Internet Explorer installation on the remote host is missing a security update.

Description

The Internet Explorer installation on the remote host is missing a security update. It is, therefore, affected by the
following vulnerabilities :

- A remote code execution vulnerability exists when Internet Explorer accesses objects in memory. The
vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of
the current user. (CVE-2019-0606)

- An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.
To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker
who successfully exploited this vulnerability could obtain information to further compromise the user's system.
(CVE-2019-0663)

Solution

Microsoft has released the following security updates to address this issue:
-KB4487000
-KB4487023
-KB4486563
-KB4486474
-KB4487025

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS Base Score

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
References

CVE CVE-2019-0606
CVE CVE-2019-0654
CVE CVE-2019-0663
CVE CVE-2019-0676
MSKB 4487000
MSKB 4487023
MSKB 4486563
MSKB 4486474
MSKB 4487025
XREF MSFT:MS19-4487000
XREF MSFT:MS19-4487023
XREF MSFT:MS19-4486563
XREF MSFT:MS19-4486474
XREF MSFT:MS19-4487025

Plugin Information

Published: 2019/02/12, Modified: 2019/03/15

Plugin Output

tcp/445

KB : 4486474
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.19262

Note: The fix for this issue is available in either of the following updates:
- KB4486474 : Cumulative Security Update for Internet Explorer
- KB4487000 : Windows 8.1 / Server 2012 R2 Monthly Rollup
105546 - Security Updates for Internet Explorer (January 2018)

Synopsis

The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.

Description

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by
multiple vulnerabilities :

See Also

http://www.nessus.org/u?c95c02b2

Solution

Microsoft has released KB4056568 to address this issue.

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS Base Score

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

References

BID 102365
CVE CVE-2018-0762
CVE CVE-2018-0772
MSKB 4056568
MSKB 4056895
MSKB 4056894
MSKB 4056896
XREF MSFT:MS18-4056568
XREF MSFT:MS18-4056895
XREF MSFT:MS18-4056894
XREF MSFT:MS18-4056896

Plugin Information

Published: 2018/01/04, Modified: 2018/02/15

Plugin Output

tcp/445

KB : 4056568
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.18894

Note: The fix for this issue is available in either of the following updates:
- KB4056568 : Cumulative Security Update for Internet Explorer
- KB4056895 : Windows 8.1 / Server 2012 R2 Monthly Rollup
121023 - Security Updates for Internet Explorer (January 2019)

Synopsis

The Internet Explorer installation on the remote host is missing a security update.

Description

The Internet Explorer installation on the remote host is missing a security update. It is, therefore, affected by the
following vulnerability :

- A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input. An
attacker could execute arbitrary code in the context of the current user. (CVE-2019-0541)

See Also

http://www.nessus.org/u?5fa9f1a3
http://www.nessus.org/u?be3b897d
http://www.nessus.org/u?df36ff32
http://www.nessus.org/u?9c55a9f6
http://www.nessus.org/u?14883957

Solution

Microsoft has released the following security updates to address this issue:
-KB4480963
-KB4480968
-KB4480970
-KB4480965
-KB4480975

Risk Factor

High

CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

8.4 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score

8.1 (CVSS2#E:H/RL:OF/RC:C)

References

CVE CVE-2019-0541
MSKB 4480963
MSKB 4480968
MSKB 4480970
MSKB 4480965
MSKB 4480975
XREF MSFT:MS19-4480963
XREF MSFT:MS19-4480968
XREF MSFT:MS19-4480970
XREF MSFT:MS19-4480965
XREF MSFT:MS19-4480975

Plugin Information

Published: 2019/01/08, Modified: 2019/04/30

Plugin Output

tcp/445

KB : 4480965
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.19236

Note: The fix for this issue is available in either of the following updates:
- KB4480965 : Cumulative Security Update for Internet Explorer
- KB4480963 : Windows 8.1 / Server 2012 R2 Monthly Rollup
104891 - Security Updates for Internet Explorer (July 2017)

Synopsis

The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.

Description

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by
multiple vulnerabilities :

- A security feature bypass vulnerability exists when Microsoft browsers improperly handle redirect requests.
The vulnerability allows Microsoft browsers to bypass CORS redirect restrictions, and to follow redirect requests
that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the
browser to send data that would otherwise be restricted to a destination website of the attacker's choice.
(CVE-2017-8592)

- A spoofing vulnerability exists when an affected Microsoft browser does not properly parse HTTP content.
An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially
crafted website. The specially crafted website could either spoof content or serve as a pivot to chain an attack
with other vulnerabilities in web services. (CVE-2017-8602)

- A remote code execution vulnerability exists in the way that the VBScript engine, when rendered in Internet
Explorer, handles objects in memory. In a web-based attack scenario, an attacker could host a specially crafted
website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view
the website. An attacker could also embed an ActiveX control marked "safe for initialization" in
an application or Microsoft Office document that hosts the Internet Explorer rendering engine. The attacker
could also take advantage of compromised websites and websites that accept or host user-provided content
or advertisements. These websites could contain specially crafted content that could exploit this vulnerability.
An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.
(CVE-2017-8618)

- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory via
the Microsoft Windows Text Services Framework. The vulnerability could corrupt memory in such a way that an
attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited
the vulnerability could gain the same user rights as the current user. (CVE-2017-8594)

See Also

http://www.nessus.org/u?60b27ab9
http://www.nessus.org/u?23066c63
http://www.nessus.org/u?38156f30
http://www.nessus.org/u?e9951911

Solution

192.168.100.4 540
Microsoft has released security updates for the affected versions of Internet Explorer.

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

6.7 (CVSS:3.0/E:P/RL:O/RC:C)

CVSS Base Score

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.0 (CVSS2#E:POC/RL:OF/RC:C)

References

BID 99390
BID 99396
BID 99399
BID 99401
BID 99408
BID 99410
BID 99412
CVE CVE-2017-8592
CVE CVE-2017-8594
CVE CVE-2017-8602
CVE CVE-2017-8606
CVE CVE-2017-8607
CVE CVE-2017-8608
CVE CVE-2017-8618
MSKB 4025336
MSKB 4025331
MSKB 4025341
MSKB 4025252
XREF MSFT:MS17-4025336
XREF MSFT:MS17-4025331
XREF MSFT:MS17-4025341
XREF MSFT:MS17-4025252

192.168.100.4 54
Plugin Information

Published: 2017/11/30, Modified: 2019/05/16

Plugin Output

tcp/445

KB : 4025252
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.18739

Note: The fix for this issue is available in either of the following updates:
- KB4025252 : Cumulative Security Update for Internet Explorer
- KB4025336 : Windows 8.1 / Server 2012 R2 Monthly Rollup
110991 - Security Updates for Internet Explorer (July 2018)

Synopsis

The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.

Description

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by
multiple vulnerabilities :

See Also

http://www.nessus.org/u?156c87ff
http://www.nessus.org/u?e0106ae8
http://www.nessus.org/u?0c32edc0
http://www.nessus.org/u?d021f588

Solution

Microsoft has released the following security updates to address this issue:
-KB4339093
-KB4338815
-KB4338830
-KB4338818

Risk Factor

High
CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.2 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.6 (CVSS2#E:H/RL:OF/RC:C)

References

BID 104620
BID 104622
BID 104634
BID 104636
BID 104637
BID 104638
CVE CVE-2018-0949
CVE CVE-2018-8242
CVE CVE-2018-8287
CVE CVE-2018-8288
CVE CVE-2018-8291
CVE CVE-2018-8296
MSKB 4339093
MSKB 4338815
MSKB 4338830
MSKB 4338818
XREF MSFT:MS18-4339093
XREF MSFT:MS18-4338815
XREF MSFT:MS18-4338830
XREF MSFT:MS18-4338818

Plugin Information

Published: 2018/07/10, Modified: 2019/06/28

Plugin Output

tcp/445
KB : 4339093
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.19061

Note: The fix for this issue is available in either of the following updates:
- KB4339093 : Cumulative Security Update for Internet Explorer
- KB4338815 : Windows 8.1 / Server 2012 R2 Monthly Rollup
126582 - Security Updates for Internet Explorer (July 2019)

Synopsis

The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.

Description

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by
multiple vulnerabilities :

See Also

http://www.nessus.org/u?fedd67fe
http://www.nessus.org/u?94506c02
http://www.nessus.org/u?cbe675e9
http://www.nessus.org/u?d231fad3
http://www.nessus.org/u?01b80f6a

Solution

Microsoft has released the following security updates to address this issue:
-KB4507434
-KB4507448
-KB4507449
-KB4507452
-KB4507462

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS Base Score

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

References

BID 108979
BID 108982
BID 109006
BID 109007
BID 109008
BID 109009
CVE CVE-2019-1001
CVE CVE-2019-1004
CVE CVE-2019-1056
CVE CVE-2019-1059
CVE CVE-2019-1063
CVE CVE-2019-1104
MSKB 4507434
MSKB 4507462
MSKB 4507449
MSKB 4507448
MSKB 4507452
XREF MSFT:MS19-4507434
XREF MSFT:MS19-4507462
XREF MSFT:MS19-4507449
XREF MSFT:MS19-4507448
XREF MSFT:MS19-4507452

Plugin Information

Published: 2019/07/09, Modified: 2019/08/16

Plugin Output

tcp/445
KB : 4507434
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.19400

Note: The fix for this issue is available in either of the following updates:
- KB4507434 : Cumulative Security Update for Internet Explorer
- KB4507448 : Windows 8.1 / Server 2012 R2 Monthly Rollup
104892 - Security Updates for Internet Explorer (June 2017)

Synopsis

The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.

Description

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by
multiple vulnerabilities :

- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the
context of the current user. (CVE-2017-8519, CVE-2017-8547)

See Also

http://www.nessus.org/u?5f83ad76
http://www.nessus.org/u?4a3cabfc
http://www.nessus.org/u?f2d033c7
http://www.nessus.org/u?43db6287
http://www.nessus.org/u?1f6a3c24

Solution

Microsoft has released security updates for the affected versions of Internet Explorer.

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

6.5 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score

5.6 (CVSS2#E:U/RL:OF/RC:C)

References

BID 98895
BID 98899
BID 98926
BID 98930
BID 98932
CVE CVE-2017-8517
CVE CVE-2017-8519
CVE CVE-2017-8522
CVE CVE-2017-8524
CVE CVE-2017-8547
CVE CVE-2017-8529
MSKB 4022726
MSKB 4022724
MSKB 4021558
MSKB 4022719
XREF MSFT:MS17-4022726
XREF MSFT:MS17-4022724
XREF MSFT:MS17-4021558
XREF MSFT:MS17-4022719

Plugin Information

Published: 2017/11/30, Modified: 2018/10/04

Plugin Output

tcp/445

KB : 4021558
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.18698

Note: The fix for this issue is available in either of the following updates:
- KB4021558 : Cumulative Security Update for Internet Explorer
- KB4022726 : Windows 8.1 / Server 2012 R2 Monthly Rollup

192.168.100.4 550
110494 - Security Updates for Internet Explorer (June 2018)

Synopsis

The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.

Description

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by
multiple vulnerabilities :

See Also

http://www.nessus.org/u?e3fa839d
http://www.nessus.org/u?1742ea55
http://www.nessus.org/u?43458adc
http://www.nessus.org/u?a2bb9819

Solution

Microsoft has released the following security updates to address this issue:
-KB4230450
-KB4284826
-KB4284815
-KB4284855

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS Base Score

192.168.100.4 55
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

References

CVE CVE-2018-0978
CVE CVE-2018-8249
CVE CVE-2018-8267
MSKB 4230450
MSKB 4284826
MSKB 4284815
MSKB 4284855
XREF MSFT:MS18-4230450
XREF MSFT:MS18-4284826
XREF MSFT:MS18-4284815
XREF MSFT:MS18-4284855

Plugin Information

Published: 2018/06/12, Modified: 2018/07/13

Plugin Output

tcp/445

KB : 4230450
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.19036

Note: The fix for this issue is available in either of the following updates:
- KB4230450 : Cumulative Security Update for Internet Explorer
- KB4284815 : Windows 8.1 / Server 2012 R2 Monthly Rollup
125828 - Security Updates for Internet Explorer (June 2019)

Synopsis

The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.

Description

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by
multiple vulnerabilities :

See Also

http://www.nessus.org/u?953a7c84
http://www.nessus.org/u?fd8cfdad
http://www.nessus.org/u?2c09dd7d
http://www.nessus.org/u?b6f9d59c
http://www.nessus.org/u?3ebae0e7

Solution

Microsoft has released the following security updates to address this issue:
-KB4503259
-KB4503273
-KB4503276
-KB4503285
-KB4503292
Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS Base Score

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

References

CVE CVE-2019-0920
CVE CVE-2019-0988
CVE CVE-2019-1005
CVE CVE-2019-1038
CVE CVE-2019-1055
CVE CVE-2019-1080
CVE CVE-2019-1081
MSKB 4503259
MSKB 4503273
MSKB 4503276
MSKB 4503285
MSKB 4503292
XREF MSFT:MS19-4503259
XREF MSFT:MS19-4503273
XREF MSFT:MS19-4503276
XREF MSFT:MS19-4503285
XREF MSFT:MS19-4503292

Plugin Information

Published: 2019/06/11, Modified: 2019/07/12

Plugin Output

tcp/445

KB : 4503259
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.19377

Note: The fix for this issue is available in either of the following updates:
- KB4503259 : Cumulative Security Update for Internet Explorer
- KB4503276 : Windows 8.1 / Server 2012 R2 Monthly Rollup
108295 - Security Updates for Internet Explorer (March 2018)

Synopsis

The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.

Description

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by
multiple vulnerabilities :

See Also

http://www.nessus.org/u?2ace7125
http://www.nessus.org/u?ae0443e3
http://www.nessus.org/u?92fb739c
http://www.nessus.org/u?2174c09b

Solution

Microsoft has released the following security updates to address this issue:
-KB4088876
-KB4088877
-KB4088875
-KB4089187

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

6.7 (CVSS:3.0/E:P/RL:O/RC:C)

CVSS Base Score

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.0 (CVSS2#E:POC/RL:OF/RC:C)

References

BID 103295
BID 103298
BID 103299
BID 103307
BID 103309
BID 103310
BID 103312
CVE CVE-2018-0889
CVE CVE-2018-0891
CVE CVE-2018-0927
CVE CVE-2018-0929
CVE CVE-2018-0932
CVE CVE-2018-0935
CVE CVE-2018-0942
CVE CVE-2018-8118
MSKB 4088876
MSKB 4088877
MSKB 4088875
MSKB 4089187
XREF MSFT:MS18-4088876
XREF MSFT:MS18-4088877
XREF MSFT:MS18-4088875
XREF MSFT:MS18-4089187

Plugin Information

Published: 2018/03/13, Modified: 2019/04/05

Plugin Output

tcp/445

KB : 4089187
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.18953

Note: The fix for this issue is available in the following update(s):
- KB4089187 : Cumulative Security Update for Internet Explorer
- KB4088877 : Windows 8.1 / Server 2012 R2 Monthly Rollup
122789 - Security Updates for Internet Explorer (March 2019)

Synopsis

The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.

Description

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by
multiple vulnerabilities :

- A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different
origins. The vulnerability allows Microsoft browsers to bypass Same-Site cookie restrictions, and to allow
requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force
the browser to send data that would otherwise be restricted. (CVE-2019-0762)

http://www.nessus.org/u?b8fed4ae
http://www.nessus.org/u?062263fd
http://www.nessus.org/u?20334951
http://www.nessus.org/u?670e41a6
http://www.nessus.org/u?41a4ff06

Solution

Microsoft has released the following security updates to address this issue:
-KB4489881
-KB4489880
-KB4489873
-KB4489891
-KB4489878

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

6.7 (CVSS:3.0/E:P/RL:O/RC:C)

CVSS Base Score

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.0 (CVSS2#E:POC/RL:OF/RC:C)

References

CVE CVE-2019-0609
CVE CVE-2019-0665
CVE CVE-2019-0666
CVE CVE-2019-0667
CVE CVE-2019-0680
CVE CVE-2019-0746
CVE CVE-2019-0761

192.168.100.4 560
CVE CVE-2019-0762
CVE CVE-2019-0763
CVE CVE-2019-0780
CVE CVE-2019-0783
MSKB 4489881
MSKB 4489880
MSKB 4489873
MSKB 4489891
MSKB 4489878
XREF MSFT:MS19-4489881
XREF MSFT:MS19-4489880
XREF MSFT:MS19-4489873
XREF MSFT:MS19-4489891
XREF MSFT:MS19-4489878

Plugin Information

Published: 2019/03/12, Modified: 2019/04/30

Plugin Output

tcp/445

KB : 4489873
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.19301

Note: The fix for this issue is available in either of the following updates:
- KB4489873 : Cumulative Security Update for Internet Explorer
- KB4489881 : Windows 8.1 / Server 2012 R2 Monthly Rollup

192.168.100.4 56
104893 - Security Updates for Internet Explorer (May 2017)

Synopsis

The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.

Description

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by
multiple vulnerabilities :

- A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The
vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of
the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the
current user. (CVE-2017-0238)

- A spoofing vulnerability exists when Microsoft browsers render SmartScreen Filter. An attacker who
successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website.
The specially crafted website could then either spoof content or serve as a pivot to chain an attack with other
vulnerabilities in web services. (CVE-2017-0231)

- A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mixed Content
warnings. This could allow for the loading of unsecure content (HTTP) from secure locations (HTTPS).
(CVE-2017-0064)

See Also

http://www.nessus.org/u?09cc032f
http://www.nessus.org/u?d3c95ae3
http://www.nessus.org/u?89dd1a9e
http://www.nessus.org/u?5470f743

Solution

Microsoft has released security updates for the affected versions of Internet Explorer.

Risk Factor

High
CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

6.5 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

5.6 (CVSS2#E:U/RL:OF/RC:C)

References

BID 98121
BID 98127
BID 98139
BID 98173
BID 98237
CVE CVE-2017-0064
CVE CVE-2017-0222
CVE CVE-2017-0226
CVE CVE-2017-0231
CVE CVE-2017-0238
MSKB 4019215
MSKB 4019216
MSKB 4019264
MSKB 4018271
XREF MSFT:MS17-4019215
XREF MSFT:MS17-4019216
XREF MSFT:MS17-4019264
XREF MSFT:MS17-4018271

Plugin Information

Published: 2017/11/30, Modified: 2018/08/03

Plugin Output

tcp/445
KB : 4018271
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.18666

Note: The fix for this issue is available in either of the following updates:
- KB4018271 : Cumulative Security Update for Internet Explorer
- KB4019215 : Windows 8.1 / Server 2012 R2 Monthly Rollup
109613 - Security Updates for Internet Explorer (May 2018)

Synopsis

The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.

Description

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by
multiple vulnerabilities :

See Also

http://www.nessus.org/u?a47bd1fd
http://www.nessus.org/u?e92a132a
http://www.nessus.org/u?9cd8d3d4
http://www.nessus.org/u?dba0079e

Solution

Microsoft has released the following security updates to address this issue:
-KB4103730
-KB4103768
-KB4103718
-KB4103725

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

6.7 (CVSS:3.0/E:P/RL:O/RC:C)

CVSS Base Score

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.0 (CVSS2#E:POC/RL:OF/RC:C)

References

CVE CVE-2018-0954
CVE CVE-2018-0955
CVE CVE-2018-1022
CVE CVE-2018-1025
CVE CVE-2018-8114
CVE CVE-2018-8122
CVE CVE-2018-8145
CVE CVE-2018-8178
MSKB 4103730
MSKB 4103768
MSKB 4103718
MSKB 4103725
XREF MSFT:MS18-4103730
XREF MSFT:MS18-4103768
XREF MSFT:MS18-4103718
XREF MSFT:MS18-4103725

Plugin Information

Published: 2018/05/08, Modified: 2019/04/05

Plugin Output
tcp/445

KB : 4103768
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.19002

Note: The fix for this issue is available in either of the following updates:
- KB4103768 : Cumulative Security Update for Internet Explorer
- KB4103725 : Windows 8.1 / Server 2012 R2 Monthly Rollup
125069 - Security Updates for Internet Explorer (May 2019)

Synopsis

The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.

Description

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by
multiple vulnerabilities :

See Also

http://www.nessus.org/u?e0fcb7d5
http://www.nessus.org/u?44345f6d
http://www.nessus.org/u?283578f0
http://www.nessus.org/u?f1eae74c
http://www.nessus.org/u?15faa0a8

Solution

Microsoft has released the following security updates to address this issue:
-KB4498206
-KB4499149
-KB4499151
-KB4499164
-KB4499171
Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

References

CVE CVE-2019-0884
CVE CVE-2019-0911
CVE CVE-2019-0918
CVE CVE-2019-0921
CVE CVE-2019-0930
CVE CVE-2019-0940
MSKB 4498206
MSKB 4499149
MSKB 4499151
MSKB 4499164
MSKB 4499171
XREF MSFT:MS19-4498206
XREF MSFT:MS19-4499149
XREF MSFT:MS19-4499151
XREF MSFT:MS19-4499164
XREF MSFT:MS19-4499171

Plugin Information

Published: 2019/05/14, Modified: 2019/06/13

Plugin Output

tcp/445

KB : 4498206
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.19354

Note: The fix for this issue is available in either of the following updates:
- KB4498206 : Cumulative Security Update for Internet Explorer
- KB4499151 : Windows 8.1 / Server 2012 R2 Monthly Rollup
192.168.100.4 570
104894 - Security Updates for Internet Explorer (November 2017)

Synopsis

The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.

Description

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by
multiple vulnerabilities :

- An information disclosure vulnerability exists when Internet Explorer improperly handles page content, which
could allow an attacker to detect the navigation of the user leaving a maliciously crafted page.
(CVE-2017-11848)

See Also

http://www.nessus.org/u?0ad6eb38
http://www.nessus.org/u?c6afa4db
http://www.nessus.org/u?6b7fa1d0
http://www.nessus.org/u?da0fd90f

Solution

192.168.100.4 57
Microsoft has released security updates for the affected versions of Internet Explorer.

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

6.7 (CVSS:3.0/E:P/RL:O/RC:C)

CVSS Base Score

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.0 (CVSS2#E:POC/RL:OF/RC:C)

References

BID 101703
BID 101709
BID 101715
BID 101716
BID 101722
BID 101725
BID 101737
BID 101740
BID 101741
BID 101742
BID 101751
BID 101753
CVE CVE-2017-11791
CVE CVE-2017-11827
CVE CVE-2017-11834
CVE CVE-2017-11837
CVE CVE-2017-11838
CVE CVE-2017-11843
CVE CVE-2017-11846
CVE CVE-2017-11848
CVE CVE-2017-11855
CVE CVE-2017-11856
CVE CVE-2017-11858
CVE CVE-2017-11869
MSKB 4048957
MSKB 4048959
MSKB 4048958
MSKB 4047206
XREF MSFT:MS17-4048957
XREF MSFT:MS17-4048959
XREF MSFT:MS17-4048958
XREF MSFT:MS17-4047206

Plugin Information

Published: 2017/11/30, Modified: 2018/08/03

Plugin Output

tcp/445

KB : 4047206
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.18838

Note: The fix for this issue is available in either of the following updates:
- KB4047206 : Cumulative Security Update for Internet Explorer
- KB4048958 : Windows 8.1 / Server 2012 R2 Monthly Rollup
118922 - Security Updates for Internet Explorer (November 2018)

Synopsis

The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.

Description

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by
multiple vulnerabilities :

See Also

http://www.nessus.org/u?0bfd8ab2
http://www.nessus.org/u?98f43c31
http://www.nessus.org/u?523c5e08
http://www.nessus.org/u?5f4e6fef
http://www.nessus.org/u?2fed546f

Solution

Microsoft has released the following security updates to address this issue:
-KB4466536
-KB4467697
-KB4467107
-KB4467701
-KB4467706

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score

7.2 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.6 (CVSS2#E:H/RL:OF/RC:C)

References

BID 105783
BID 105786
CVE CVE-2018-8552
CVE CVE-2018-8570
MSKB 4466536
MSKB 4467697
MSKB 4467107
MSKB 4467701
MSKB 4467706
XREF MSFT:MS18-4466536
XREF MSFT:MS18-4467697
XREF MSFT:MS18-4467107
XREF MSFT:MS18-4467701
XREF MSFT:MS18-4467706

Plugin Information

Published: 2018/11/13, Modified: 2019/04/10

Plugin Output

tcp/445

KB : 4466536
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.19180

Note: The fix for this issue is available in either of the following updates:
- 4466536 : Cumulative Security Update for Internet Explorer
- KB4467697 : Windows 8.1 / Server 2012 R2 Monthly Rollup
104895 - Security Updates for Internet Explorer (October 2017)

Synopsis

The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.

Description

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by
multiple vulnerabilities :

See Also

http://www.nessus.org/u?1d1a2595
http://www.nessus.org/u?e258896f
http://www.nessus.org/u?1c3325f2
http://www.nessus.org/u?86f61c93

Solution

Microsoft has released security updates for the affected versions of Internet Explorer.

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.2 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS Base Score

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.6 (CVSS2#E:H/RL:OF/RC:C)

References

BID 101077
BID 101081
BID 101083
BID 101122
BID 101141
CVE CVE-2017-11790
CVE CVE-2017-11793
CVE CVE-2017-11810
CVE CVE-2017-11813
CVE CVE-2017-11822
MSKB 4041681
MSKB 4041690
MSKB 4041693
MSKB 4040685
XREF MSFT:MS17-4041681
XREF MSFT:MS17-4041690
XREF MSFT:MS17-4041693
XREF MSFT:MS17-4040685

Plugin Information

Published: 2017/11/30, Modified: 2018/08/03

Plugin Output

tcp/445

KB : 4040685
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.18817

Note: The fix for this issue is available in either of the following updates:
- KB4040685 : Cumulative Security Update for Internet Explorer
- KB4041693 : Windows 8.1 / Server 2012 R2 Monthly Rollup
118009 - Security Updates for Internet Explorer (October 2018)

Synopsis

The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.

Description

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by
multiple vulnerabilities :

See Also

http://www.nessus.org/u?554e569a
http://www.nessus.org/u?bb999f1f
http://www.nessus.org/u?07e1318e

Solution

Microsoft has released the following security updates to address this issue:
-KB4462926
-KB4462949
-KB4462923

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS Base Score

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

References

CVE CVE-2018-8460
CVE CVE-2018-8491
MSKB 4462926
MSKB 4462949
MSKB 4462923
XREF MSFT:MS18-4462926
XREF MSFT:MS18-4462949
XREF MSFT:MS18-4462923

Plugin Information

Published: 2018/10/09, Modified: 2019/03/22

Plugin Output

tcp/445

KB : 4462949
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.19155

Note: The fix for this issue is available in either of the following updates:
- KB4462949 : Cumulative Security Update for Internet Explorer
- KB4462926 : Windows 8.1 / Server 2012 R2 Monthly Rollup
104896 - Security Updates for Internet Explorer (September 2017)

Synopsis

The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.

Description

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by
multiple vulnerabilities :

- An information disclosure vulnerability exists when affected Microsoft scripting engines do not properly handle
objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer.
(CVE-2017-8529)

See Also

http://www.nessus.org/u?26b484bb
http://www.nessus.org/u?085e4d22
http://www.nessus.org/u?35364720
http://www.nessus.org/u?1dbb18cc

192.168.100.4 580
Solution

Microsoft has released security updates for the affected versions of Internet Explorer.

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.2 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.6 (CVSS2#E:H/RL:OF/RC:C)

References

BID 98953
BID 100737
BID 100743
BID 100764
BID 100765
BID 100766
BID 100770
BID 100771
CVE CVE-2017-8529
CVE CVE-2017-8733
CVE CVE-2017-8736
CVE CVE-2017-8741
CVE CVE-2017-8747
CVE CVE-2017-8748
CVE CVE-2017-8749
CVE CVE-2017-8750
MSKB 4036586
MSKB 4038792
MSKB 4038799
MSKB 4038777

192.168.100.4 58
XREF MSFT:MS17-4036586
XREF MSFT:MS17-4038792
XREF MSFT:MS17-4038799
XREF MSFT:MS17-4038777

Plugin Information

Published: 2017/11/30, Modified: 2018/08/03

Plugin Output

tcp/445

KB : 4036586
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.18792

Note: The fix for this issue is available in either of the following updates:
- KB4036586 : Cumulative Security Update for Internet Explorer
- KB4038792 : Windows 8.1 / Server 2012 R2 Monthly Rollup
117423 - Security Updates for Internet Explorer (September 2018)

Synopsis

The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.

Description

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by
multiple vulnerabilities :

See Also

http://www.nessus.org/u?02ec6b51
http://www.nessus.org/u?38b6caf5
http://www.nessus.org/u?7080d669
http://www.nessus.org/u?955c2a0f
http://www.nessus.org/u?3a9824bb

Solution
Microsoft has released the following security updates to address this issue:
-KB4457135
-KB4457426
-KB4457129
-KB4457144
-KB4458010

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS Base Score

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

References

BID 105207
BID 105251
BID 105252
BID 105257
BID 105267
CVE CVE-2018-8315
CVE CVE-2018-8447
CVE CVE-2018-8452
CVE CVE-2018-8457
CVE CVE-2018-8470
MSKB 4457135
MSKB 4457426
MSKB 4457129
MSKB 4457144
MSKB 4458010
XREF MSFT:MS18-4457135
XREF MSFT:MS18-4457426
XREF MSFT:MS18-4457129
XREF MSFT:MS18-4457144
XREF MSFT:MS18-4458010

Plugin Information

Published: 2018/09/11, Modified: 2019/03/22

Plugin Output

tcp/445

KB : 4457426
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.19130

Note: The fix for this issue is available in either of the following updates:
- KB4457426 : Cumulative Security Update for Internet Explorer
- KB4457129 : Windows 8.1 / Server 2012 R2 Monthly Rollup
99312 - Windows 8.1 and Windows Server 2012 R2 April 2017 Security Updates

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 4015547 or cumulative update 4015550. It is, therefore,
affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in the open-source libjpeg image processing library due to
improper handling of objects in memory. An unauthenticated, remote attacker can exploit this to disclose
sensitive information that can be utilized to bypass ASLR security protections. (CVE-2013-6629)

- Multiple information disclosure vulnerabilities exist in the win32k component due to improper handling of kernel
information. A local attacker can exploit these vulnerabilities, via a specially crafted application, to disclose
sensitive information. (CVE-2017-0058, CVE-2017-0188)

- A privilege escalation vulnerability exists in the Microsoft Graphics Component due to improper handling of
objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code
with elevated privileges. (CVE-2017-0156)

- A flaw exists in the VBScript engine due to improper handling of objects in memory. An unauthenticated,
remote attacker can exploit this, by convincing a user to visit a malicious website or open a specially crafted
document file, to execute arbitrary code.
(CVE-2017-0158)

- A security feature bypass vulnerability exists in ADFS due to incorrectly treating requests from Extranet clients
as Intranet requests. An unauthenticated, remote attacker can exploit this to bypass account lockout protection
mechanisms and more easily gain access to a user's account via a brute-force attack. (CVE-2017-0159)

- Multiple flaws exist in Windows Hyper-V Network Switch due to improper validation of input from the guest
operating system. A local attacker can exploit these, via a specially crafted application on the guest, to execute
arbitrary code on the host system.
(CVE-2017-0162, CVE-2017-0163, CVE-2017-0180)

- A privilege escalation vulnerability exists due to improper sanitization of handles stored in memory. A local
attacker can exploit this to gain elevated privileges. (CVE-2017-0165)

- A flaw exists in LDAP due to buffer request lengths not being properly calculated. An unauthenticated, remote
attacker can exploit this, via specially crafted traffic sent to a Domain Controller, to run processes with elevated
privileges. (CVE-2017-0166)

- A flaw exists in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit
this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0167)

- Multiple information disclosure vulnerabilities exist in Windows Hyper-V Network Switch due to improper
validation of user-supplied input. A guest attacker can exploit these to disclose sensitive information on the host
server. (CVE-2017-0168, CVE-2017-0169)

- Multiple denial of service vulnerabilities exist in Hyper-V due to improper validation of input from a privileged
user on a guest operating system. A local attacker on the guest can exploit these, via a specially crafted
application, to cause the host system to crash.
(CVE-2017-0178, CVE-2017-0179, CVE-2017-0184)
- Multiple denial of service vulnerabilities exist in Windows Hyper-V Network Switch due to improper validation
of input from the guest operating system. A local attacker on the guest can exploit these vulnerabilities, via a
specially crafted application, to crash the host system. (CVE-2017-0182, CVE-2017-0183, CVE-2017-0185,
CVE-2017-0186)

- A flaw exists in Windows due to improper handling of objects in memory that allows an attacker to cause a
denial of service condition. (CVE-2017-0191)

- An information disclosure vulnerability exists in the Adobe Type Manager Font Driver (ATMFD.dll) due to
improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing
a user to open a specially crafted document or visit a malicious web page, to disclose sensitive information.
(CVE-2017-0192)

- A memory corruption issue exists in Internet Explorer due to improper validation of user-supplied input. An
unauthenticated, remote attacker can exploit this, by convincing a user to visit a malicious website, to execute
arbitrary code. (CVE-2017-0202)

- A privilege escalation vulnerability exists in Internet Explorer due to a failure to properly enforce cross-domain
policies. An unauthenticated, remote attacker can exploit this to inject arbitrary content and gain elevated
privileges. (CVE-2017-0210)

- A privilege escalation vulnerability exists in Microsoft Windows OLE due to an unspecified failure in integrity-
level checks. An authenticated, remote attacker can exploit this to run an application with limited privileges at
a medium integrity level. Note that this vulnerability by itself does not allow arbitrary code execution but can be
used in conjunction other vulnerabilities. (CVE-2017-0211)

See Also

http://www.nessus.org/u?d871fd1d

Solution

Apply Security Only update KB4015547 or Cumulative update KB4015550.

Risk Factor

High

CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.9 (CVSS:3.0/E:P/RL:O/RC:C)

CVSS Base Score

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

7.3 (CVSS2#E:POC/RL:OF/RC:C)

STIG Severity

References

BID 63676
BID 97416
BID 97418
BID 97426
BID 97427
BID 97428
BID 97435
BID 97437
BID 97438
BID 97441
BID 97444
BID 97446
BID 97449
BID 97452
BID 97455
BID 97459
BID 97461
BID 97462
BID 97465
BID 97466
BID 97467
BID 97473
BID 97475
BID 97507
BID 97512
BID 97514
CVE CVE-2013-6629
CVE CVE-2017-0058
CVE CVE-2017-0156
CVE CVE-2017-0158
CVE CVE-2017-0159
CVE CVE-2017-0162
CVE CVE-2017-0163
CVE CVE-2017-0165
CVE CVE-2017-0166
CVE CVE-2017-0167
CVE CVE-2017-0168
CVE CVE-2017-0169
CVE CVE-2017-0178
CVE CVE-2017-0179
CVE CVE-2017-0180
CVE CVE-2017-0182
CVE CVE-2017-0183
CVE CVE-2017-0184
CVE CVE-2017-0185
CVE CVE-2017-0186
CVE CVE-2017-0188
CVE CVE-2017-0191
CVE CVE-2017-0192
CVE CVE-2017-0202
CVE CVE-2017-0210
CVE CVE-2017-0211
MSKB 4015547
MSKB 4015550
XREF MSFT:MS17-4015547
XREF IAVA:2017-A-0110
XREF IAVA:2017-A-0111
XREF MSFT:MS17-4015550

Plugin Information

Published: 2017/04/12, Modified: 2019/06/24

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4015547
- 4015550

C:\Windows\System32\win32k.sys has not been patched.

Remote version : 6.3.9600.16650
Should be : 6.3.9600.18623
102270 - Windows 8.1 and Windows Server 2012 R2 August 2017 Security Updates

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 4034672 or cumulative update 4034681. It is, therefore,
affected by multiple vulnerabilities :

- A denial of service vulnerability exists when Microsoft Windows improperly handles NetBIOS packets. An
attacker who successfully exploited this vulnerability could cause a target computer to become completely
unresponsive. A remote unauthenticated attacker could exploit this vulnerability by sending a series of TCP
packets to a target system, resulting in a permanent denial of service condition. The update addresses the
vulnerability by correcting how the Windows network stack handles NetBIOS traffic. (CVE-2017-0174)

- A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code
execution on an affected system. An attacker who successfully exploited this vulnerability could take complete
control of an affected system. An attacker could then install programs; view, change, or delete data; or create
new accounts with full user rights.
(CVE-2017-0250)

- A remote code execution vulnerability exists in Windows Input Method Editor (IME) when IME improperly
handles parameters in a method of a DCOM class. The DCOM server is a Windows component installed
regardless of which languages/IMEs are enabled. An attacker can instantiate the DCOM class and exploit the
system even if IME is not enabled. (CVE-2017-8591)

- A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker
who successfully exploited this vulnerability could take control of the affected system. An attacker could then
install programs; view, change, or delete data; or create new accounts with full user rights.To exploit the
vulnerability, the attacker could send specially crafted messages to the Windows Search service. An attacker
with access to a target computer could exploit this vulnerability to elevate privileges and take control of the
computer. Additionally, in an enterprise scenario, a remote unauthenticated attacker could remotely trigger
the vulnerability through an SMB connection and then take control of a target computer.The security update
addresses the vulnerability by correcting how Windows Search handles objects in memory. (CVE-2017-8620)

- An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver
improperly handles objects in memory. (CLFS) is a high-performance, general-purpose log file subsystem that
dedicated client applications can use and multiple clients can share to optimize log access. (CVE-2017-8624)

- This security update resolves a vulnerability in Windows Error Reporting (WER). The vulnerability could
allow elevation of privilege if successfully exploited by an attacker. An attacker who successfully exploited this
vulnerability could gain greater access to sensitive information and system functionality. This update corrects the
way the WER handles and executes files.

192.168.100.4 590
(CVE-2017-8633)

- A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate
input from an authenticated user on a guest operating system. (CVE-2017-8664)

- An information disclosure vulnerability exists when the Volume Manager Extension Driver component
improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain
information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on
to an affected system and run a specially crafted application.The security update addresses the vulnerability by
correcting how Volume Manager Extension Driver handles objects in memory. (CVE-2017-8668)

- A remote code execution vulnerability exists in the way Microsoft browsers handle objects in memory while
rendering content. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary
code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the
same user rights as the current user. If the current user is logged on with administrative user rights, an attacker
who successfully exploited the vulnerability could take control of an affected system.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user
rights. (CVE-2017-8669)

See Also

http://www.nessus.org/u?1d4d1833
http://www.nessus.org/u?dcc3ea6d

Solution

Apply Security Only update KB4034672 or Cumulative update KB4034681.

Risk Factor

192.168.100.4 59
High

CVSS v3.0 Base Score

8.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.9 (CVSS:3.0/E:P/RL:O/RC:C)

CVSS Base Score

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

5.6 (CVSS2#E:POC/RL:OF/RC:C)

References

BID 98100
BID 99430
BID 100032
BID 100034
BID 100038
BID 100039
BID 100055
BID 100056
BID 100057
BID 100059
BID 100061
BID 100068
BID 100069
BID 100085
BID 100089
BID 100092
CVE CVE-2017-0174
CVE CVE-2017-0250
CVE CVE-2017-0293
CVE CVE-2017-8591
CVE CVE-2017-8593
CVE CVE-2017-8620
CVE CVE-2017-8624
CVE CVE-2017-8633
CVE CVE-2017-8635
CVE CVE-2017-8636
CVE CVE-2017-8641
CVE CVE-2017-8653
CVE CVE-2017-8664
CVE CVE-2017-8666
CVE CVE-2017-8668
CVE CVE-2017-8669
MSKB 4034681
MSKB 4034672
XREF MSFT:MS17-4034681
XREF MSFT:MS17-4034672

Plugin Information

Published: 2017/08/08, Modified: 2018/08/03

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4034681
- 4034672

C:\Windows\System32\win32k.sys has not been patched.

Remote version : 6.3.9600.16650
Should be : 6.3.9600.18759
105185 - Windows 8.1 and Windows Server 2012 R2 December 2017 Security Updates

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 4054522 or cumulative update 4054519. It is, therefore,
affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An
attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could
then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2017-11885)

- An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends
traffic to a remote site in order to determine the zone of a provided URL. This could potentially result in the
disclosure of sensitive information to a malicious site.
(CVE-2017-11927)

See Also

http://www.nessus.org/u?1020239a
http://www.nessus.org/u?18bd5547

Solution

Apply Security Only update KB4054522 or Cumulative update KB4054519.

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.2 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.6 (CVSS2#E:H/RL:OF/RC:C)

References

BID 102045
BID 102046
BID 102047
BID 102053
BID 102054
BID 102055
BID 102058
BID 102062
BID 102063
BID 102078
BID 102082
BID 102091
BID 102092
BID 102093
BID 102095
CVE CVE-2017-11885
CVE CVE-2017-11886
CVE CVE-2017-11887
CVE CVE-2017-11890
CVE CVE-2017-11894
CVE CVE-2017-11895
CVE CVE-2017-11901
CVE CVE-2017-11903
CVE CVE-2017-11906
CVE CVE-2017-11907
CVE CVE-2017-11912
CVE CVE-2017-11913
CVE CVE-2017-11919
CVE CVE-2017-11927
CVE CVE-2017-11930
MSKB 4054522
MSKB 4054519
XREF MSFT:MS17-4054522
XREF MSFT:MS17-4054519

Plugin Information

Published: 2017/12/12, Modified: 2018/07/30

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4054522
- 4054519

C:\Windows\system32\iprtrmgr.dll has not been patched.

Remote version : 6.3.9600.16384
Should be : 6.3.9600.18858
104554 - Windows 8.1 and Windows Server 2012 R2 November 2017 Security Updates

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 4048961 or cumulative update 4048958. It is, therefore,
affected by multiple vulnerabilities :

- An information vulnerability exists when Windows Media Player improperly discloses file information.
Successful exploitation of the vulnerability could allow the attacker to test for the presence of files on disk.
(CVE-2017-11768)

- An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.
(CVE-2017-11880)

- A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses
kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to
further compromise the users system. (CVE-2017-11851)

- An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in
memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user
rights. (CVE-2017-11847)
- An information disclosure vulnerability exists when Internet Explorer improperly handles page content, which
could allow an attacker to detect the navigation of the user leaving a maliciously crafted page.
(CVE-2017-11848)

- A denial of service vulnerability exists when Windows Search improperly handles objects in memory. An
attacker who successfully exploited the vulnerability could cause a remote denial of service against a system.
(CVE-2017-11788)

See Also

http://www.nessus.org/u?dd6d4c6a
http://www.nessus.org/u?6b7fa1d0

Solution

Apply Security Only update KB4048961 or Cumulative update KB4048958.

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.2 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.6 (CVSS2#E:H/RL:OF/RC:C)

References

BID 101703
BID 101705
BID 101709
BID 101711
BID 101715
BID 101716
BID 101719
BID 101721
BID 101722
BID 101725
BID 101729
BID 101737
BID 101738
BID 101740
BID 101741
BID 101742
BID 101751
BID 101753
BID 101755
BID 101762
BID 101763
BID 101764
CVE CVE-2017-11768
CVE CVE-2017-11788
CVE CVE-2017-11791
CVE CVE-2017-11827
CVE CVE-2017-11831
CVE CVE-2017-11834
CVE CVE-2017-11837
CVE CVE-2017-11838
CVE CVE-2017-11842
CVE CVE-2017-11843
CVE CVE-2017-11846
CVE CVE-2017-11847
CVE CVE-2017-11848
CVE CVE-2017-11849
CVE CVE-2017-11850
CVE CVE-2017-11851
CVE CVE-2017-11853
CVE CVE-2017-11855
CVE CVE-2017-11856
CVE CVE-2017-11858
CVE CVE-2017-11869
CVE CVE-2017-11880
MSKB 4048961
MSKB 4048958
XREF MSFT:MS17-4048958
XREF MSFT:MS17-4048961

Plugin Information

Published: 2017/11/14, Modified: 2018/08/03

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4048961
- 4048958

C:\Windows\system32\win32k.sys has not been patched.

Remote version : 6.3.9600.16650
Should be : 6.3.9600.18838
103750 - Windows 8.1 and Windows Server 2012 R2 October 2017 Security Updates (KRACK)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 4041687 or cumulative update 4041693. It is, therefore,
affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles
objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated
context. (CVE-2017-11824)

- An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle
objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel
mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8689, CVE-2017-8694)

- A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code
execution on an affected system. An attacker who successfully exploited this vulnerability could take control
of an affected system. An attacker could then install programs; view, change, or delete data; or create
new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the
system could be less impacted than users who operate with administrative user rights. (CVE-2017-8717,
CVE-2017-8718)

- A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted
embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected
system. An attacker could then install programs; view, change, or delete data; or create new accounts with full
user rights. (CVE-2017-11762, CVE-2017-11763)

- An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.
(CVE-2017-11817)

- An Information disclosure vulnerability exists when Windows Search improperly handles objects in memory. An
attacker who successfully exploited the vulnerability could obtain information to further compromise the users
system. (CVE-2017-11772)

- An Security Feature bypass vulnerability exists in Microsoft Windows storage when it fails to validate an
integrity-level check. An attacker who successfully exploited the vulnerability could allow an application with a
certain integrity level to execute code at a different integrity level. The update addresses the vulnerability by
correcting how Microsoft storage validates an integrity-level check. (CVE-2017-11818)

- A spoofing vulnerability exists in the Windows implementation of wireless networking. An attacker who
successfully exploited this vulnerability could potentially replay broadcast and/or multicast traffic to hosts on a
WPA or WPA 2-protected wireless network.
(CVE-2017-13080)

See Also

http://www.nessus.org/u?c1c67d5c
http://www.nessus.org/u?1c3325f2

Solution

Apply Security Only update KB4041687 or Cumulative update KB4041693.

Risk Factor

High

CVSS v3.0 Base Score

8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.7 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.6 (CVSS2#E:H/RL:OF/RC:C)

STIG Severity

References

BID 101077
BID 101081
BID 101083
BID 101093
BID 101094
BID 101095
BID 101099
BID 101100
BID 101101
BID 101108
BID 101109
BID 101110
BID 101111
BID 101114
BID 101116
BID 101122
BID 101128
BID 101136
BID 101140
BID 101141
BID 101142
BID 101144
BID 101147
BID 101149
BID 101161
BID 101162
BID 101166
BID 101274
CVE CVE-2017-11762
CVE CVE-2017-11763
CVE CVE-2017-11765
CVE CVE-2017-11771
CVE CVE-2017-11772
CVE CVE-2017-11779
CVE CVE-2017-11780
CVE CVE-2017-11781
CVE CVE-2017-11783
CVE CVE-2017-11784
CVE CVE-2017-11785
CVE CVE-2017-11790
CVE CVE-2017-11793
CVE CVE-2017-11810
CVE CVE-2017-11813
CVE CVE-2017-11814
CVE CVE-2017-11815
CVE CVE-2017-11816
CVE CVE-2017-11817
CVE CVE-2017-11818
CVE CVE-2017-11822
CVE CVE-2017-11824
CVE CVE-2017-13080
CVE CVE-2017-8689
CVE CVE-2017-8694
CVE CVE-2017-8717
CVE CVE-2017-8718
CVE CVE-2017-8727
MSKB 4041687
MSKB 4041693
XREF IAVA:2017-A-0310
XREF MSFT:MS17-4041687
XREF MSFT:MS17-4041693

Plugin Information

Published: 2017/10/10, Modified: 2018/08/03

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4041687
- 4041693

C:\Windows\system32\ntoskrnl.exe has not been patched.

Remote version : 6.3.9600.16452
Should be : 6.3.9600.18821
99437 - Wireshark 2.0.x < 2.0.12 / 2.2.x < 2.2.6 Multiple DoS

Synopsis

An application installed on the remote Windows host is affected by multiple denial of service vulnerabilities.

Description

The version of Wireshark installed on the remote Windows host is 2.0.x prior to 2.0.12 or 2.2.x prior to 2.2.6. It is,
therefore, affected by multiple denial of service vulnerabilities :

- An infinite loop condition condition exists in the NetScaler file parser within file wiretap/netscaler.c when
handling specially crafted capture files. An unauthenticated, remote attacker can exploit this to cause excessive
consumption of CPU resources, resulting in a denial of service condition. (CVE-2017-7700)

- An infinite loop condition condition exists in the BGP dissector within file epan/dissectors/packet-bgp.c when
handling specially crafted packets or trace files. An unauthenticated, remote attacker can exploit this to cause
excessive consumption of CPU resources, resulting in a denial of service condition. (CVE-2017-7701)

- An infinite loop condition condition exists in the WBXML dissector within file epan/dissectors/packet-wbxml.c
when handling specially crafted packets or trace files.
An unauthenticated, remote attacker can exploit this to cause excessive consumption of CPU resources,
resulting in a denial of service condition. (CVE-2017-7702)

- A denial of service vulnerability exists in the IMAP dissector within file epan/dissectors/packet-imap.c when
handling specially crafted packets or trace files. An unauthenticated, remote attacker can exploit this to crash the
program. (CVE-2017-7703)

- An infinite loop condition condition exists in the DOF dissector within file epan/dissectors/packet-dof.c when
handling specially crafted packets or trace files. An unauthenticated, remote attacker can exploit this to cause
excessive consumption of CPU resources, resulting in a denial of service condition. Note that this issue only
applies to the 2.2.x version. (CVE-2017-7704)

- An infinite loop condition condition exists in the RPC over RDMA dissector within file epan/dissectors/packet-
rpcrdma.c when handling specially crafted packets or trace files. An unauthenticated, remote attacker can
exploit this to cause excessive consumption of CPU resources, resulting in a denial of service condition.
(CVE-2017-7705)

- An infinite loop condition condition exists in the SIGCOMP dissector within file epan/dissectors/packet-
sigcomp.c when handling specially crafted packets or trace files. An unauthenticated, remote attacker can
exploit this to cause excessive consumption of CPU resources, resulting in a denial of service condition.
(CVE-2017-7745)

- An infinite loop condition condition exists in the SLSK dissector in the dissect_slsk_pdu() function within file
epan/dissectors/packet-slsk.c, when handling specially crafted packets or trace files. An unauthenticated, remote
attacker can exploit this to cause excessive consumption of CPU resources, resulting in a denial of service
condition. (CVE-2017-7746)

- An out-of-bounds read error exists in the PacketBB dissector in the dissect_pbb_addressblock() function
within file epan/dissectors/packet-packetbb.c when handling specially crafted packets or trace files. An
unauthenticated, remote attacker can exploit this to crash the program. (CVE-2017-7747)

- An infinite loop condition condition exists in the WSP dissector within file epan/dissectors/packet-wsp.c when
handling specially crafted packets or trace files. An unauthenticated, remote attacker can exploit this to cause
excessive consumption of CPU resources, resulting in a denial of service condition. (CVE-2017-7748)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported
version number.

See Also

https://www.wireshark.org/docs/relnotes/wireshark-2.0.12.html
https://www.wireshark.org/docs/relnotes/wireshark-2.2.6.html
https://www.wireshark.org/security/wnpa-sec-2017-12.html
https://www.wireshark.org/security/wnpa-sec-2017-13.html
https://www.wireshark.org/security/wnpa-sec-2017-14.html
https://www.wireshark.org/security/wnpa-sec-2017-15.html
https://www.wireshark.org/security/wnpa-sec-2017-16.html
https://www.wireshark.org/security/wnpa-sec-2017-17.html
https://www.wireshark.org/security/wnpa-sec-2017-18.html
https://www.wireshark.org/security/wnpa-sec-2017-19.html
https://www.wireshark.org/security/wnpa-sec-2017-20.html
https://www.wireshark.org/security/wnpa-sec-2017-21.html

Solution

Upgrade to Wireshark version 2.0.12 / 2.2.6 or later.

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVSS v3.0 Temporal Score

6.5 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Temporal Score

5.8 (CVSS2#E:U/RL:OF/RC:C)

References

BID 97627
BID 97628
BID 97630
BID 97631
BID 97632
BID 97633
BID 97634
BID 97635
BID 97636
BID 97638
CVE CVE-2017-7700
CVE CVE-2017-7701
CVE CVE-2017-7702
CVE CVE-2017-7703
CVE CVE-2017-7704
CVE CVE-2017-7705
CVE CVE-2017-7745
CVE CVE-2017-7746
CVE CVE-2017-7747
CVE CVE-2017-7748

Plugin Information

Published: 2017/04/18, Modified: 2018/08/07

Plugin Output

tcp/445

Path : C:\Program Files\Wireshark

Installed version : 2.2.5 Fixed version: 2.2.6
100671 - Wireshark 2.0.x < 2.0.13 / 2.2.x < 2.2.7 Multiple DoS

Synopsis

An application installed on the remote Windows host is affected by multiple denial of service vulnerabilities.

Description

The version of Wireshark installed on the remote Windows host is 2.0.x prior to 2.0.13 or 2.2.x prior to 2.2.7. It is,
therefore, affected by multiple denial of service vulnerabilities :

- A NULL pointer dereference flaw exists in the dissect_msnip() function within file epan/dissectors/packet-
msnip.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this,
via a specially crafted packet or packet trace file, to cause a denial of service condition. (CVE-2017-9343)

- A divide-by-zero error exists in the dissect_connparamrequest() function within file epan/dissectors/packet-

btl2cap.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this,
via a specially crafted packet or packet trace file, to cause a denial of service condition. (CVE-2017-9344)

- An infinite loop condition exists in the expand_dns_name() function within file epan/dissectors/packet-dns.c
when handling packets or packet trace files. An unauthenticated, remote attacker can exploit this, via a specially
crafted packet or packet trace file, to consume excessive CPU resources, resulting in a denial of service
condition.
(CVE-2017-9345)

- An infinite loop condition exists in the dissect_slsk_pdu() function within file epan/dissectors/packet-slsk.c
when handling packets or packet trace files. An unauthenticated, remote attacker can exploit this, via a specially
crafted packet or packet trace file, to consume excessive CPU resources, resulting in a denial of service
condition.
(CVE-2017-9346)

- A NULL pointer dereference flaw exists in the ros_try_string() function within file epan/dissectors/asn1/
ros/packet-ros-template.c due to improper validation of user-supplied input passed as an OID string. An
unauthenticated, remote attacker can exploit this, via a specially crafted packet or packet trace file, to cause a
denial of service condition. This issue only affects version 2.2.x. (CVE-2017-9347)

- An out-of-bounds read error exists in the OALMarshal_UncompressValue() function within file epan/dissectors/
packet-dof.c when handling Distributed Object Framework (DOF) packets. An unauthenticated, remote attacker
can exploit this, via a specially crafted packet or packet trace file, to cause a denial of service condition. This
issue only affects version 2.2.x. (CVE-2017-9348)

- An infinite loop condition exists in the dissect_dcm_pdu_data() function within file epan/dissectors/packet-
dcm.c when handling packets or packet trace files. An unauthenticated, remote attacker can exploit this, via
a specially crafted packet or packet trace file, to consume excessive CPU resources, resulting in a denial of
service condition.
(CVE-2017-9349)

- A memory allocation issue exists in the dissect_opensafety_ssdo_message() function within file epan/
dissectors/packet-opensafety.c due to improper validation of user-supplied input. An unauthenticated, remote
attacker can exploit this, via a specially crafted packet or packet trace file, to cause a denial of service condition.
(CVE-2017-9350)

- An out-of-bounds read error exists in the bootp_option() function within file epan/dissectors/packet-bootp.c
when handling vendor class identifier strings in bootp packets due to improper validation of user-supplied input.
An unauthenticated, remote attacker can exploit this, via a specially crafted packet or packet trace file, to cause
a denial of service condition.
(CVE-2017-9351)

- An infinite loop condition exists in the get_bzr_pdu_len() function within file epan/dissectors/packet-bzr.c when
handling packets or packet trace files. An unauthenticated, remote attacker can exploit this, via a specially
crafted packet or packet trace file, to consume excessive CPU resources, resulting in a denial of service
condition.
(CVE-2017-9352)

- A NULL pointer dereference flaw exists in the dissect_routing6_rpl() function within file epan/dissectors/packet-
ipv6.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this,
via a specially crafted packet or packet trace file, to cause a denial of service condition. This issue only affects
version 2.2.x. (CVE-2017-9353)

- A NULL pointer dereference flaw exists in the dissect_rgmp() function within file epan/dissectors/packet-rgmp.c
due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a
specially crafted packet or packet trace file, to cause a denial of service condition. (CVE-2017-9354)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported
version number.

See Also

https://www.wireshark.org/docs/relnotes/wireshark-2.0.13.html
https://www.wireshark.org/docs/relnotes/wireshark-2.2.7.html
https://www.wireshark.org/security/wnpa-sec-2017-33.html
https://www.wireshark.org/security/wnpa-sec-2017-32.html
https://www.wireshark.org/security/wnpa-sec-2017-31.html
https://www.wireshark.org/security/wnpa-sec-2017-30.html
https://www.wireshark.org/security/wnpa-sec-2017-29.html
https://www.wireshark.org/security/wnpa-sec-2017-28.html
https://www.wireshark.org/security/wnpa-sec-2017-27.html
https://www.wireshark.org/security/wnpa-sec-2017-26.html
https://www.wireshark.org/security/wnpa-sec-2017-25.html
https://www.wireshark.org/security/wnpa-sec-2017-24.html
https://www.wireshark.org/security/wnpa-sec-2017-23.html
https://www.wireshark.org/security/wnpa-sec-2017-22.html

Solution

Upgrade to Wireshark version 2.0.13 / 2.2.7 or later.

Risk Factor

High

192.168.100.4 610
CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVSS v3.0 Temporal Score

6.7 (CVSS:3.0/E:P/RL:O/RC:C)

CVSS Base Score

7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Temporal Score

6.1 (CVSS2#E:POC/RL:OF/RC:C)

References

BID 98796
BID 98797
BID 98798
BID 98799
BID 98800
BID 98801
BID 98802
BID 98803
BID 98804
BID 98805
BID 98806
BID 98808
CVE CVE-2017-9343
CVE CVE-2017-9344
CVE CVE-2017-9345
CVE CVE-2017-9346
CVE CVE-2017-9347
CVE CVE-2017-9348
CVE CVE-2017-9349
CVE CVE-2017-9350
CVE CVE-2017-9351
CVE CVE-2017-9352
CVE CVE-2017-9353
CVE CVE-2017-9354

Plugin Information

Published: 2017/06/07, Modified: 2018/08/07

192.168.100.4 61
Plugin Output

tcp/445

Path : C:\Program Files\Wireshark

Installed version : 2.2.5 Fixed version: 2.2.7
101898 - Wireshark 2.0.x < 2.0.14 / 2.2.x < 2.2.8 Multiple DoS

Synopsis

An application installed on the remote Windows host is affected by multiple denial of service vulnerabilities.

Description

The version of Wireshark installed on the remote Windows host is 2.0.x prior to 2.0.14 or 2.2.x prior to 2.2.8. It is,
therefore, affected by multiple denial of service vulnerabilities :

- A denial of service vulnerability exists in the DAAP dissector, specifically in the dissect_daap_one_tag()
function within file epan/dissectors/packet-daap.c. An unauthenticated, remote attacker can exploit this to
exhaust stack resources through uncontrolled recursion.
(CVE-2017-9617)

- An infinite loop condition exists in the DOCSIS dissector, specifically in the dissect_docsis() function within
file plugins/docsis/packet-docsis.c. An unauthenticated, remote attacker can exploit this, via a specially
crafted packet or packet trace, to consume available CPU resources, resulting in a denial of service condition.
(CVE-2017-11406)

- A memory allocation issue exists in the MQ dissector, specifically in the reassemble_mq() function within file
epan/dissectors/packet-mq.c, due to improper validation of fragment lengths before attempting reassembly. An
unauthenticated, remote attacker can exploit this, via a specially crafted packet or packet trace, to cause a denial
of service condition. (CVE-2017-11407)

- A flaw exists in the AMQP dissector, specifically in the get_amqp_1_0_value_formatter() function within file
epan/dissectors/packet-amqp.c, when decoding lists.
An unauthenticated, remote attacker can exploit this, via a specially crafted packet or packet trace, to cause a
stack overflow, resulting in a denial of service condition. (CVE-2017-11408)

- A large loop condition exists in the GPRS LLC dissector, specifically in the llc_gprs_dissect_xid() function
within file epan/dissectors/packet-gprs-llc.c, when handling specially crafted packet or trace files. An
unauthenticated, remote attacker can exploit this to cause a denial of service condition. Note that this issue only
applies to version 2.0.x. (CVE-2017-11409)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported
version number.

See Also

https://www.wireshark.org/docs/relnotes/wireshark-2.0.14.html
https://www.wireshark.org/docs/relnotes/wireshark-2.2.8.html
https://www.wireshark.org/security/wnpa-sec-2017-34.html
https://www.wireshark.org/security/wnpa-sec-2017-35.html
https://www.wireshark.org/security/wnpa-sec-2017-36.html
https://www.wireshark.org/security/wnpa-sec-2017-37.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13799
Solution

Upgrade to Wireshark version 2.0.14 / 2.2.8 or later.

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVSS v3.0 Temporal Score

6.5 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Temporal Score

5.8 (CVSS2#E:U/RL:OF/RC:C)

References

BID 99087
CVE CVE-2017-9617
CVE CVE-2017-11406
CVE CVE-2017-11407
CVE CVE-2017-11408
CVE CVE-2017-11409

Plugin Information

Published: 2017/07/21, Modified: 2018/08/07

Plugin Output

tcp/445

Path : C:\Program Files\Wireshark

Installed version : 2.2.5 Fixed version: 2.2.8
103985 - Wireshark 2.2.x < 2.2.10 Multiple DoS

Synopsis

An application installed on the remote Windows host is affected by multiple denial of service vulnerabilities.

Description

The version of Wireshark installed on the remote Windows host is 2.2.x prior to 2.2.10. It is, therefore, affected
by multiple denial of service vulnerabilities in the DMP, BT ATT and MBIM dissectors. An unauthenticated,
remote attacker can exploit this by injecting a malformed packet onto the wire or by convincing someone to read
a malformed packet trace file.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported
version number.

See Also

https://www.wireshark.org/security/wnpa-sec-2017-42.html
https://www.wireshark.org/security/wnpa-sec-2017-43.html
https://www.wireshark.org/security/wnpa-sec-2017-44.html

Solution

Upgrade to Wireshark version 2.2.10 or later.

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVSS v3.0 Temporal Score

6.5 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Temporal Score

5.8 (CVSS2#E:U/RL:OF/RC:C)

References
BID 101227
BID 101235
BID 101240
CVE CVE-2017-15191
CVE CVE-2017-15192
CVE CVE-2017-15193

Plugin Information

Published: 2017/10/19, Modified: 2018/08/07

Plugin Output

tcp/445

Path : C:\Program Files\Wireshark

Installed version : 2.2.5 Fixed version: 2.2.10
105007 - Wireshark 2.2.x < 2.2.11 / 2.4.x < 2.4.3 DoS Vulnerabilities

Synopsis

An application installed on the remote Windows host is affected by multiple denial of service vulnerabilities.

Description

The version of Wireshark installed on the remote Windows host is 2.2.x prior to 2.2.11 or 2.4.x prior to 2.4.3.
It is, therefore, affected by denial of service vulnerabilities in the IWARP_MPA, NetBIOS, and CIP Safety
dissectors. An unauthenticated, remote attacker can exploit this by injecting a malformed packet onto the wire or
by convincing someone to read a malformed packet trace file.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported
version number.

See Also

https://www.wireshark.org/security/wnpa-sec-2017-47.html
https://www.wireshark.org/security/wnpa-sec-2017-48.html
https://www.wireshark.org/security/wnpa-sec-2017-49.html

Solution

Upgrade to Wireshark version 2.2.11 / 2.4.3 or later.

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVSS v3.0 Temporal Score

6.7 (CVSS:3.0/E:P/RL:O/RC:C)

CVSS Base Score

7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Temporal Score

6.1 (CVSS2#E:POC/RL:OF/RC:C)

References
CVE CVE-2017-17083
CVE CVE-2017-17084
CVE CVE-2017-17085

Plugin Information

Published: 2017/12/01, Modified: 2018/08/07

Plugin Output

tcp/445

Path : C:\Program Files\Wireshark

Installed version : 2.2.5 Fixed version: 2.2.11
106142 - Wireshark 2.2.x < 2.2.12 / 2.4.x < 2.4.4 DoS Vulnerabilities

Synopsis

An application installed on the remote Windows host is affected by multiple denial of service vulnerabilities.

Description

The version of Wireshark installed on the remote Windows host is 2.2.x prior to 2.2.12 or 2.4.x prior to 2.4.4. It is,
therefore, affected by a denial of service vulnerability.

See Also

https://www.wireshark.org/security/wnpa-sec-2018-01.html
https://www.wireshark.org/security/wnpa-sec-2018-03.html
https://www.wireshark.org/security/wnpa-sec-2018-04.html

Solution

Upgrade to Wireshark version 2.2.12 / 2.4.4 or later.

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVSS v3.0 Temporal Score

6.5 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Temporal Score

5.8 (CVSS2#E:U/RL:OF/RC:C)

References

BID 102499
BID 102500
BID 102504
CVE CVE-2017-17997
CVE CVE-2018-5334
CVE CVE-2018-5335
CVE CVE-2018-5336

Plugin Information

Published: 2018/01/18, Modified: 2018/08/07

Plugin Output

tcp/445

Path : C:\Program Files\Wireshark

Installed version : 2.2.5 Fixed version: 2.2.12

192.168.100.4 620
107093 - Wireshark 2.2.x < 2.2.13 / 2.4.x < 2.4.5 Multiple DoS Vulnerabilities

Synopsis

An application installed on the remote Windows host is affected by multiple denial of service vulnerabilities.

Description

The version of Wireshark installed on the remote Windows host is 2.2.x prior to 2.2.13 or 2.4.x prior to 2.4.5. It is,
therefore, affected by multiple denial of service vulnerabilities.

See Also

https://www.wireshark.org/security/wnpa-sec-2018-05.html
https://www.wireshark.org/security/wnpa-sec-2018-06.html
https://www.wireshark.org/security/wnpa-sec-2018-07.html
https://www.wireshark.org/security/wnpa-sec-2018-08.html
https://www.wireshark.org/security/wnpa-sec-2018-09.html
https://www.wireshark.org/security/wnpa-sec-2018-10.html
https://www.wireshark.org/security/wnpa-sec-2018-11.html
https://www.wireshark.org/security/wnpa-sec-2018-12.html
https://www.wireshark.org/security/wnpa-sec-2018-13.html
https://www.wireshark.org/security/wnpa-sec-2018-14.html

Solution

Upgrade to Wireshark version 2.2.13 / 2.4.5 or later.

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVSS Base Score

7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

References

BID 103158
BID 103160
BID 103162

192.168.100.4 62
BID 103164
BID 103165
BID 103166
CVE CVE-2018-7320
CVE CVE-2018-7321
CVE CVE-2018-7322
CVE CVE-2018-7323
CVE CVE-2018-7324
CVE CVE-2018-7325
CVE CVE-2018-7326
CVE CVE-2018-7327
CVE CVE-2018-7328
CVE CVE-2018-7329
CVE CVE-2018-7330
CVE CVE-2018-7331
CVE CVE-2018-7332
CVE CVE-2018-7333
CVE CVE-2018-7334
CVE CVE-2018-7335
CVE CVE-2018-7336
CVE CVE-2018-7337

Plugin Information

Published: 2018/03/01, Modified: 2018/08/15

Plugin Output

tcp/445

Path : C:\Program Files\Wireshark

Installed version : 2.2.5 Fixed version: 2.2.13
108885 - Wireshark 2.2.x < 2.2.14 / 2.4.x < 2.4.6 Multiple Vulnerabilities

Synopsis

An application installed on the remote Windows host is affected by multiple vulnerabilities.

Description

The version of Wireshark installed on the remote Windows host is 2.2.x prior to 2.2.14 or 2.4.x prior to 2.4.6. It is,
therefore, affected by multiple vulnerabilities.

See Also

https://www.wireshark.org/security/wnpa-sec-2018-15.html
https://www.wireshark.org/security/wnpa-sec-2018-16.html
https://www.wireshark.org/security/wnpa-sec-2018-17.html
https://www.wireshark.org/security/wnpa-sec-2018-18.html
https://www.wireshark.org/security/wnpa-sec-2018-19.html
https://www.wireshark.org/security/wnpa-sec-2018-20.html
https://www.wireshark.org/security/wnpa-sec-2018-21.html
https://www.wireshark.org/security/wnpa-sec-2018-22.html
https://www.wireshark.org/security/wnpa-sec-2018-23.html
https://www.wireshark.org/security/wnpa-sec-2018-24.html

Solution

Upgrade to Wireshark version 2.2.14 / 2.4.6 or later.

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVSS v3.0 Temporal Score

6.5 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Temporal Score

5.8 (CVSS2#E:U/RL:OF/RC:C)

References

BID 99085
CVE CVE-2017-9616
CVE CVE-2018-9256
CVE CVE-2018-9257
CVE CVE-2018-9258
CVE CVE-2018-9259
CVE CVE-2018-9260
CVE CVE-2018-9261
CVE CVE-2018-9262
CVE CVE-2018-9263
CVE CVE-2018-9264
CVE CVE-2018-9265
CVE CVE-2018-9266
CVE CVE-2018-9267
CVE CVE-2018-9268
CVE CVE-2018-9269
CVE CVE-2018-9270
CVE CVE-2018-9271
CVE CVE-2018-9272
CVE CVE-2018-9273
CVE CVE-2018-9274

Plugin Information

Published: 2018/04/06, Modified: 2018/08/08

Plugin Output

tcp/445

Path : C:\Program Files\Wireshark

Installed version : 2.2.5 Fixed version: 2.2.14
110269 - Wireshark 2.2.x < 2.2.15 / 2.4.x < 2.4.7 / 2.6.x < 2.6.1 Multiple Vulnerabilities

Synopsis

An application installed on the remote Windows host is affected by multiple vulnerabilities.

Description

The version of Wireshark installed on the remote Windows host is 2.2.x prior to 2.2.15, 2.4.x prior to 2.4.6, or
2.6.x prior to 2.6.1.
It is, therefore, affected by multiple vulnerabilities.

See Also

https://www.wireshark.org/security/wnpa-sec-2018-25.html
https://www.wireshark.org/security/wnpa-sec-2018-26.html
https://www.wireshark.org/security/wnpa-sec-2018-27.html
https://www.wireshark.org/security/wnpa-sec-2018-28.html
https://www.wireshark.org/security/wnpa-sec-2018-29.html
https://www.wireshark.org/security/wnpa-sec-2018-30.html
https://www.wireshark.org/security/wnpa-sec-2018-31.html
https://www.wireshark.org/security/wnpa-sec-2018-32.html
https://www.wireshark.org/security/wnpa-sec-2018-33.html

Solution

Upgrade to Wireshark version 2.2.15 / 2.4.7 / 2.6.1 or later.

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVSS Base Score

7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

References

BID 104308
CVE CVE-2018-11354
CVE CVE-2018-11355
CVE CVE-2018-11356
CVE CVE-2018-11357
CVE CVE-2018-11358
CVE CVE-2018-11359
CVE CVE-2018-11360
CVE CVE-2018-11361
CVE CVE-2018-11362

Plugin Information

Published: 2018/05/31, Modified: 2018/07/27

Plugin Output

tcp/445

Path : C:\Program Files\Wireshark

Installed version : 2.2.5 Fixed version: 2.2.15
111387 - Wireshark 2.2.x < 2.2.16 / 2.4.x < 2.4.8 / 2.6.x < 2.6.2 Multiple Vulnerabilities

Synopsis

An application installed on the remote Windows host is affected by multiple vulnerabilities.

Description

The version of Wireshark installed on the remote Windows host is 2.2.x prior to 2.2.16, 2.4.x prior to 2.4.8, or
2.6.x prior to 2.6.2.
It is, therefore, affected by multiple vulnerabilities.

See Also

https://www.wireshark.org/security/wnpa-sec-2018-34.html
https://www.wireshark.org/security/wnpa-sec-2018-35.html
https://www.wireshark.org/security/wnpa-sec-2018-36.html
https://www.wireshark.org/security/wnpa-sec-2018-37.html
https://www.wireshark.org/security/wnpa-sec-2018-38.html
https://www.wireshark.org/security/wnpa-sec-2018-39.html
https://www.wireshark.org/security/wnpa-sec-2018-40.html
https://www.wireshark.org/security/wnpa-sec-2018-41.html
https://www.wireshark.org/security/wnpa-sec-2018-42.html
https://www.wireshark.org/security/wnpa-sec-2018-43.html

Solution

Upgrade to Wireshark version 2.2.16 / 2.4.8 / 2.6.2 or later.

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVSS Base Score

7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

References

BID 104847
CVE CVE-2018-14339
CVE CVE-2018-14340
CVE CVE-2018-14341
CVE CVE-2018-14342
CVE CVE-2018-14343
CVE CVE-2018-14344
CVE CVE-2018-14367
CVE CVE-2018-14368
CVE CVE-2018-14369
CVE CVE-2018-14370

Plugin Information

Published: 2018/07/27, Modified: 2019/02/26

Plugin Output

tcp/445

Path : C:\Program Files\Wireshark

Installed version : 2.2.5 Fixed version: 2.2.16
102920 - Wireshark 2.2.x < 2.2.9 Multiple DoS

Synopsis

An application installed on the remote Windows host is affected by multiple denial of service vulnerabilities.

Description

The version of Wireshark installed on the remote Windows host is 2.2.x prior to 2.2.9. It is, therefore, affected by
multiple denial of service vulnerabilities in the IrCOMM, Profinet I/O, and MSDP dissectors. An unauthenticated,
remote attacker can exploit this by injecting a malformed packet onto the wire or by convincing someone to read
a malformed packet trace file.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported
version number.

See Also

https://www.wireshark.org/docs/relnotes/wireshark-2.2.9.html
https://www.wireshark.org/security/wnpa-sec-2017-38.html
https://www.wireshark.org/security/wnpa-sec-2017-39.html
https://www.wireshark.org/security/wnpa-sec-2017-41.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13847
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13929
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13933

Solution

Upgrade to Wireshark version 2.2.9 or later.

Risk Factor

High

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVSS v3.0 Temporal Score

6.5 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Temporal Score

5.8 (CVSS2#E:U/RL:OF/RC:C)

References

CVE CVE-2017-13765
CVE CVE-2017-13766
CVE CVE-2017-13767

Plugin Information

Published: 2017/09/01, Modified: 2018/08/07

Plugin Output

tcp/445

Path : C:\Program Files\Wireshark

Installed version : 2.2.5 Fixed version: 2.2.9

192.168.100.4 630
12217 - DNS Server Cache Snooping Remote Information Disclosure

Synopsis

The remote DNS server is vulnerable to cache snooping attacks.

Description

The remote DNS server responds to queries for third-party domains that do not have the recursion bit set.

This may allow a remote attacker to determine which domains have recently been resolved via this name server,
and therefore which hosts have been recently visited.

For instance, if an attacker was interested in whether your company utilizes the online services of a particular
financial institution, they would be able to use this attack to build a statistical model regarding company usage
of that financial institution. Of course, the attack can also be used to find B2B partners, web-surfing patterns,
external mail servers, and more.

Note: If this is an internal DNS server not accessible to outside networks, attacks would be limited to the internal
network. This may include employees, consultants and potentially users on a guest network or WiFi connection if
supported.

See Also

http://cs.unc.edu/~fabian/course_papers/cache_snooping.pdf

Solution

Contact the vendor of the DNS software for a fix.

Risk Factor

Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Plugin Information

Published: 2004/04/27, Modified: 2016/12/06

Plugin Output

udp/53

Nessus sent a non-recursive query for example.com

and received 1 answer :

192.168.100.4 63
93.184.216.34
73992 - MS KB2960358: Update for Disabling RC4 in .NET TLS

Synopsis

The remote host has a deprecated, weak encryption cipher available.

Description

The remote host is missing an update for disabling the weak RC4 cipher suite in .NET TLS.

Note that even though .NET Framework 4.6 itself is not affected, any Framework 4.5, 4.5.1, or 4.5.2 application
that runs on a system that has 4.6 installed is affected.

See Also

http://www.nessus.org/u?bd8cd59b

Solution

Microsoft has released a set of security updates for the .NET Framework on Windows 7, 2008 R2, 8, 2012, 8.1,
2012 R2, and 10.

Risk Factor

Medium

CVSS v3.0 Base Score

4.2 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)

CVSS Base Score

4.0 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N)

References

MSKB 2960358

Plugin Information

Published: 2015/10/13, Modified: 2019/04/19

Plugin Output

tcp/445

- C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.dll has not been patched.

Remote version : 4.0.30319.34003
Should be : 4.0.30319.34111
78446 - MS KB2977292: Update for Microsoft EAP Implementation that Enables the Use of TLS

Synopsis

The remote host is missing an update that allows TLS versions 1.1 and 1.2 to be used with EAP.

Description

The remote host is missing Microsoft KB2977292. This update allows the latest Transport Layer Security
(TLS) versions (1.1 and 1.2) to be used with the Extensible Authentication Protocol (EAP) for more secure
authentication. Enabling this functionality requires a registry edit.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2014/2977292

Solution

Microsoft has released a set of patches for Windows 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

Medium

CVSS Base Score

6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

References

MSKB 2977292

Plugin Information

Published: 2014/10/15, Modified: 2018/11/15

Plugin Output

tcp/445

- C:\Windows\system32\rastls.dll has not been patched.

Remote version : 6.3.9600.16475
Should be : 6.3.9600.17334
78447 - MS KB3009008: Vulnerability in SSL 3.0 Could Allow Information Disclosure (POODLE)

Synopsis

The remote host is affected by a remote information disclosure vulnerability.

Description

The remote host is missing one of the workarounds referenced in the Microsoft Security Advisory 3009008.

If the client registry key workaround has not been applied, any client software installed on the remote host
(including IE) is affected by an information disclosure vulnerability when using SSL 3.0.

If the server registry key workaround has not been applied, any server software installed on the remote host
(including IIS) is affected by an information disclosure vulnerability when using SSL 3.0.

SSL 3.0 uses nondeterministic CBC padding, which allows a man-in-the-middle attacker to decrypt portions of
encrypted traffic using a 'padding oracle' attack. This is also known as the 'POODLE'
issue.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2015/3009008
https://support.microsoft.com/en-us/help/245030/how-to-restrict-the-use-of-certain-cryptographic-algorithms-and-
protoc
http://www.nessus.org/u?f3bc3182
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

Solution

Apply the client registry key workaround and the server registry key workaround suggested by Microsoft in the
advisory.

Risk Factor

Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Temporal Score

3.3 (CVSS2#E:U/RL:TF/RC:C)

References
BID 70574
CVE CVE-2014-3566
MSKB 3009008
XREF CERT:577193

Plugin Information

Published: 2014/10/15, Modified: 2018/11/15

Plugin Output

tcp/445

The workaround to disable SSL 3.0 for all server software installed on
the remote host has not been applied.

The workaround to disable SSL 3.0 for all client software installed on
the remote host has not been applied.

The following users on the remote host have vulnerable IE settings :

S-1-5-21-1586170146-605884322-2766078902-1111 (SSLv3 Enabled)

S-1-5-21-1586170146-605884322-2766078902-1113 (SSLv3 Enabled)
S-1-5-21-1586170146-605884322-2766078902-1114 (SSLv3 Enabled)
S-1-5-21-1586170146-605884322-2766078902-1307 (SSLv3 Enabled)
S-1-5-21-1586170146-605884322-2766078902-1346 (SSLv3 Enabled)
S-1-5-21-1586170146-605884322-2766078902-1359 (SSLv3 Enabled)
S-1-5-21-1586170146-605884322-2766078902-1379 (SSLv3 Enabled)
S-1-5-21-1586170146-605884322-2766078902-1474 (SSLv3 Enabled)
S-1-5-21-1586170146-605884322-2766078902-500 (SSLv3 Enabled)
86149 - MS KB3097966: Inadvertently Disclosed Digital Certificates Could Allow Spoofing

Synopsis

The remote Windows host has an out-of-date SSL certificate blacklist.

Description

The remote host is missing KB3097966, KB2677070 (automatic updater), or the latest disallowed certificate
update using KB2813430 (manual updater). If KB2677070 has been installed, it has not yet obtained the latest
auto-updates.

Note that this plugin checks that the updaters have actually updated the disallowed CTL list, not that the KBs
listed are installed. This approach was taken since the KB2677070 automatic updater isn't triggered unless
software that relies on SSL in the Microsoft Cryptography API is being actively used on the remote host.

See Also

http://www.nessus.org/u?ef1a29d9
http://www.nessus.org/u?8ae31477
http://www.nessus.org/u?ae2600e6
http://www.nessus.org/u?a2f231b2

Solution

Ensure that the KB3097966 security update has been installed and that the Microsoft automatic updater for
revoked certificates is installed and running.

Risk Factor

Medium

CVSS v3.0 Base Score

6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVSS Base Score

5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)

References

MSKB 3097966

Plugin Information

Published: 2015/09/25, Modified: 2019/04/23

Plugin Output

tcp/445

Nessus has determined the remote host is missing KB3097966.

Certificate trust list : C:\Windows\System32\CodeIntegrity\driver.stl

Effective date : May. 21, 2013 at 23:15:21 GMT
Fixed effective date : Sep. 29, 2015 at 02:01:06 GMT
87875 - MS KB3123479: Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate
Program

Synopsis

The remote Windows host is missing an update that improves cryptography and digital certificate handling.

Description

The remote Windows host is missing Microsoft KB3123479, an update that restricts the use of certificates with
SHA1 hashes, this restriction being limited to certificates issued under roots in the Microsoft root certificate
program. This update increases the difficulty of carrying out some spoofing, phishing, and man-in-the-middle
attacks.

See Also

http://www.nessus.org/u?475a7f5b
http://www.nessus.org/u?22c2e18d
http://www.nessus.org/u?d9a90a63
http://www.nessus.org/u?b7a673f6

Solution

Microsoft has released a set of patches for Windows 7, 2008 R2, 8, 2012, 8.1, 2012 R2, and 10.

Risk Factor

Medium

CVSS v3.0 Base Score

4.8 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVSS Base Score

4.0 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N)

STIG Severity

References

MSKB 3123479
XREF IAVB:2016-B-0018

Plugin Information

192.168.100.4 640
Published: 2016/01/12, Modified: 2019/01/10

Plugin Output

tcp/445

It appears KB3123479 has not been installed since the following

registry key does not exist and/or does not contain any of the following values :

HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType
0\CertDllCreateCertificateChainEngine\Config\default

WeakSha1ThirdPartyFlags
WeakSha1ThirdPartyAfterTime

192.168.100.4 64
91045 - MS KB3155527: Update to Cipher Suites for FalseStart

Synopsis

The remote Windows host is affected by a cipher downgrade vulnerability.

Description

The remote Windows host is affected by a cipher downgrade vulnerability in FalseStart due to allowing TLS
clients to send application data before receiving and verifying the server 'Finished'
message. A man-in-the-middle attacker can exploit this to force a TLS client to encrypt the first flight of
application_data records using an attacker's chosen cipher suite from the client's list.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/3155527

Solution

Microsoft has released a set of patches for Windows 2012, 8.1, 2012 R2, and 10.

Risk Factor

Medium

CVSS Base Score

5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)

References

MSKB 3155527

Plugin Information

Published: 2016/05/11, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3151058
- C:\Windows\system32\schannel.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.18298
74422 - MS14-030: Vulnerability in Remote Desktop Could Allow Tampering (2969259)

Synopsis

The remote Windows host is affected by a tampering vulnerability.

Description

The remote Windows host is affected by a tampering vulnerability due to an encryption weakness in the Remote
Desktop Protocol (RDP). An attacker could exploit this vulnerability to modify the traffic content of an active RDP
session.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-030

Solution

Microsoft has released a set of patches for Windows 7, 8, 2012, 8.1, and 2012 R2.

Risk Factor

Medium

CVSS Base Score

5.8 (CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P)

CVSS Temporal Score

4.3 (CVSS2#E:U/RL:OF/RC:C)

References

BID 67865
CVE CVE-2014-0296
MSKB 2966034
MSKB 2965788
XREF MSFT:MS14-030

Plugin Information

Published: 2014/06/11, Modified: 2018/11/15

Plugin Output

tcp/445
KB : 2966034
- C:\Windows\system32\rdpcorets.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.16663
74423 - MS14-031: Vulnerability in TCP Protocol Could Allow Denial of Service (2962478)

Synopsis

The remote Windows host is affected by a denial of service vulnerability.

Description

The remote Windows host is affected by a denial of service vulnerability due to the Windows TCP/IP stack
improperly handling certain traffic. An attacker could exploit this vulnerability by sending a sequence of specially
crafted TCP packets to cause a target system to stop responding until it is restarted.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-031

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Temporal Score

4.1 (CVSS2#E:F/RL:OF/RC:C)

STIG Severity

References

BID 67888
CVE CVE-2014-1811
MSKB 2957189
MSKB 2961858
XREF MSFT:MS14-031
XREF IAVA:2014-A-0081

Exploitable With

Core Impact (true)

Plugin Information

Published: 2014/06/11, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 2961858
- C:\Windows\system32\drivers\tcpip.sys has not been patched.
Remote version : 6.3.9600.16521
Should be : 6.3.9600.16660
74425 - MS14-033: Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure
(2966061)

Synopsis

The remote host is affected by an information disclosure vulnerability.

Description

The remote host contains a version of Microsoft XML Core Services that is affected by an information disclosure
vulnerability. An attacker could exploit this issue by convincing a user to visit a specially crafted website, allowing
the attacker to read files on the local user's file system or the content of web domains where the user is currently
authenticated.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-033

Solution

Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1 and 2012 R2.

Risk Factor

Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Temporal Score

3.2 (CVSS2#E:U/RL:OF/RC:C)

References

BID 67895
CVE CVE-2014-1816
MSKB 2939576
MSKB 2957482
MSKB 2966631
XREF MSFT:MS14-033

Plugin Information

Published: 2014/06/11, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 2966631
- C:\Windows\system32\Msxml3.dll has not been patched.
Remote version : 8.110.9600.16483
Should be : 8.110.9600.16663
77165 - MS14-047: Vulnerability in LRPC Could Allow Security Feature Bypass (2978668)

Synopsis

The remote Windows host is affected by a security bypass vulnerability.

Description

The remote Windows host is affected by a security feature bypass vulnerability in Microsoft Remote Procedure
Call (LRPC). The vulnerability is due to RPC improperly freeing malformed messages, allowing an attacker to fill
up the address space of a process.
Successful exploitation of the issue allows an attacker to bypass the Address Space Layout Randomization
(ASLR) security feature.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-047

Solution

Microsoft has released a set of patches for Windows 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Temporal Score

3.2 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 69097
CVE CVE-2014-0316
MSKB 2978668
XREF MSFT:MS14-047
XREF IAVA:2014-A-0129

Plugin Information
Published: 2014/08/12, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 2978668
- C:\Windows\system32\Rpcrt4.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.17216

192.168.100.4 650
77573 - MS14-053: Vulnerability in .NET Framework Could Allow Denial of Service (2990931)

Synopsis

The version of the .NET Framework installed on the remote host is affected by a denial of service vulnerability.

Description

The remote Windows host has a version of the Microsoft .NET Framework that is affected by a vulnerability that
allows a remote attacker to cause a denial of service by sending specially crafted requests to an ASP.NET web
application running on the affected system.

Note that ASP.NET is not installed by default and ASP.NET must be registered and enabled for the host to be
affected.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-053

Solution

Microsoft has released a set of patches for .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.0, 4.5,
4.5.1, and 4.5.2.

Risk Factor

Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Temporal Score

3.7 (CVSS2#E:U/RL:OF/RC:C)

References

BID 69603
CVE CVE-2014-4072
MSKB 2972207
MSKB 2972211
MSKB 2972212
MSKB 2972213
MSKB 2972214
MSKB 2972215
MSKB 2972216
MSKB 2973112

192.168.100.4 65
MSKB 2973113
MSKB 2973114
MSKB 2973115
MSKB 2974268
MSKB 2974269
MSKB 2977765
MSKB 2977766
XREF MSFT:MS14-053

Plugin Information

Published: 2014/09/10, Modified: 2018/11/15

Plugin Output

tcp/445

- C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.runtime.serialization.dll has not been

patched.
Remote version : 4.0.30319.33440
Should be : 4.0.30319.34209
79131 - MS14-071: Vulnerability in Windows Audio Service Could Allow Elevation of Privilege
(3005607)

Synopsis

The remote Windows host is affected by a privilege escalation vulnerability.

Description

The remote Windows host is affected by a vulnerability in the Windows Audio service component that allows
privilege escalation. A remote attacker could exploit this vulnerability to elevate privileges but not execute code.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-071

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Temporal Score

3.2 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 70978
CVE CVE-2014-6322
MSKB 3005607
XREF MSFT:MS14-071
XREF IAVA:2014-A-0169

Plugin Information

Published: 2014/11/12, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3005607
- C:\Windows\system32\audiokse.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.17393
79134 - MS14-074: Vulnerability in Remote Desktop Protocol Could Allow Security Feature Bypass
(3003743)

Synopsis

The remote Windows host is affected by a security bypass vulnerability.

Description

The remote Windows host is running Remote Desktop Protocol, which does not properly log failed logon
attempts, thus allowing attackers to bypass the audit logon security feature.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-074

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Temporal Score

3.7 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 70981
CVE CVE-2014-6318
MSKB 3003743
XREF MSFT:MS14-074
XREF IAVB:2014-B-0148

Plugin Information

Published: 2014/11/12, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3003743
- C:\Windows\system32\Adtschema.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.17396
79834 - MS14-085: Vulnerability in Microsoft Graphics Component Could Allow Information
Disclosure (3013126)

Synopsis

The remote Windows host is affected by an information disclosure vulnerability.

Description

The version of the Microsoft Graphics Component installed on the remote host is affected by an information
disclosure vulnerability due to the way JPEG content is decoded. A remote attacker can exploit this vulnerability
by convincing a user to browse to a website containing specially crafted JPEG content, resulting in the
disclosure of information that can aid in further attacks.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-085

Solution

Microsoft has released a set of patches for Windows Server 2003, Vista, Server 2008, 7, Server 2008 R2, 8, 8.1,
Server 2012, and Server 2012 R2.

Risk Factor

Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Temporal Score

3.7 (CVSS2#E:H/RL:OF/RC:C)

References

BID 71502
CVE CVE-2014-6355
MSKB 3013126
XREF MSFT:MS14-085

Plugin Information

Published: 2014/12/09, Modified: 2018/11/15

Plugin Output
tcp/445

KB : 3013126
- C:\Windows\system32\WindowsCodecs.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.17483
80493 - MS15-004: Vulnerability in Windows Components Could Allow Elevation of Privilege
(3025421)

Synopsis

The remote Windows host is affected by an elevation of privilege vulnerability.

Description

The remote Windows host is affected by an elevation of privilege vulnerability in the TS WebProxy Windows
component due to a failure to properly sanitize file paths. An attacker can exploit this to gain the same rights as
the current user.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-004

Solution

Microsoft has released a set of patches for Windows Vista, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

Medium

CVSS Base Score

5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVSS Temporal Score

5.0 (CVSS2#E:H/RL:OF/RC:C)

STIG Severity

References

BID 71965
CVE CVE-2015-0016
MSKB 3023299
MSKB 3019978
MSKB 3020387
MSKB 3020388
XREF EDB-ID:35983
XREF MSFT:MS15-004
XREF IAVA:2015-A-0010

Exploitable With

Metasploit (true)

Plugin Information

Published: 2015/01/13, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3019978
- C:\Windows\system32\TSWbPrxy.exe has not been patched.
Remote version : 6.3.9600.16421
Should be : 6.3.9600.17555

192.168.100.4 660
80494 - MS15-005: Vulnerability in Network Location Awareness Service Could Allow Security
Feature Bypass (3022777)

Synopsis

The remote Windows host is affected by a security bypass vulnerability.

Description

The Network Location Awareness (NLA) service on the remote host is affected by a security bypass vulnerability
due to a failure to validate whether it is connected to a trusted domain or an untrusted network. This could cause
the system to unintentionally configure applications insecurely (e.g. the firewall policy) when connecting to an
untrusted network. An attacker on the same network can exploit this by spoofing responses to DNS or LDAP
requests made by the targeted system.

Note that Microsoft has no plans to release an update for Windows 2003 even though it is affected by this
vulnerability.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-005

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

Medium

CVSS Base Score

5.8 (CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P)

CVSS Temporal Score

4.3 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 71930
CVE CVE-2015-0006
MSKB 3022777
XREF MSFT:MS15-005
XREF IAVB:2015-B-0004

192.168.100.4 66
Plugin Information

Published: 2015/01/13, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3022777
- C:\Windows\system32\Nlasvc.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.17550
80496 - MS15-007: Vulnerability in Network Policy Server RADIUS Implementation Could Cause
Denial of Service (3014029)

Synopsis

The remote Windows host is affected by a denial of service vulnerability.

Description

The remote Windows host is affected by a denial of service vulnerability due to a failure to properly parse
username queries on an Internet Authentication Service (IAS) or a Network Policy Server (NPS). A remote,
unauthenticated attacker, using specially crafted username strings, can exploit this to prevent RADIUS
authentication on the IAS or NPS server.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-007

Solution

Microsoft has released a set of patches for Windows 2003, 2008, 2008 R2, 2012, and 2012 R2.

Risk Factor

Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Temporal Score

3.7 (CVSS2#E:U/RL:OF/RC:C)

References

BID 71933
CVE CVE-2015-0015
MSKB 3014029
XREF MSFT:MS15-007

Plugin Information

Published: 2015/01/13, Modified: 2018/11/15

Plugin Output

tcp/445
KB : 3014029
- C:\Windows\system32\iassam.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.17549
81269 - MS15-016: Vulnerability in Microsoft Graphics Component Could Allow Information
Disclosure (3029944)

Synopsis

The remote Windows host is affected by an information disclosure vulnerability.

Description

The version of Microsoft's Graphics Component installed on the remote host is affected by an information
disclosure vulnerability due to improperly handled uninitialized memory when parsing specially crafted TIFF
image format files. A remote attacker can exploit this vulnerability by convincing a user to browse to a website
containing specially crafted TIFF image content, resulting in the disclosure of information.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-016

Solution

Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Temporal Score

3.2 (CVSS2#E:U/RL:OF/RC:C)

References

BID 72456
CVE CVE-2015-0061
MSKB 3029944
XREF MSFT:MS15-016

Plugin Information

Published: 2015/02/10, Modified: 2018/11/15

Plugin Output

tcp/445
KB : 3029944
- C:\Windows\system32\WindowsCodecs.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.17631
81737 - MS15-023: Vulnerabilities in Kernel-Mode Driver Could Allow Elevation of Privilege (3034344)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The version of Windows running on the remote host is affected by the following vulnerabilities :

- Information disclosure vulnerabilities exist in the kernel-mode driver that can reveal portions of kernel memory.
An attacker can exploit these and gain information about the system, which can then be used to launch further
attacks. (CVE-2015-0077, CVE-2015-0094, CVE-2015-0095)

- A privilege escalation vulnerability exists in the kernel-mode driver due to improper validation of thread tokens.
An authenticated attacker, using a specially crafted application, can exploit this issue to gain administrative
credentials in order to elevate privileges. (CVE-2015-0078)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-023

Solution

Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

Medium

CVSS Base Score

6.9 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

6.0 (CVSS2#E:H/RL:OF/RC:C)

References

BID 72897
BID 72902
BID 72935
BID 72936
CVE CVE-2015-0077
CVE CVE-2015-0078
CVE CVE-2015-0094
CVE CVE-2015-0095
MSKB 3034344
XREF MSFT:MS15-023

Plugin Information

Published: 2015/03/10, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3034344
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.3.9600.16650
Should be : 6.3.9600.17694
81738 - MS15-024: Vulnerability in PNG Processing Could Allow Information Disclosure (3035132)

Synopsis

The remote Windows host is affected by an information disclosure vulnerability.

Description

The remote Windows host is affected by an information disclosure vulnerability due to improperly handled
uninitialized memory when parsing specially crafted PNG image format files. A remote attacker can exploit this
vulnerability by convincing a user to visit a website containing specially crafted PNG image content, resulting in
the disclosure of information.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-024

Solution

Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Temporal Score

3.2 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 72909
CVE CVE-2015-0080
MSKB 3035132
XREF MSFT:MS15-024
XREF IAVB:2015-B-0036

Plugin Information

Published: 2015/03/10, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3035132
- C:\Windows\system32\WindowsCodecs.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.17669

192.168.100.4 670
81743 - MS15-029: Vulnerability in Windows Photo Decoder Component Could Allow Information
Disclosure (3035126)

Synopsis

The remote Windows host is affected by an information disclosure vulnerability.

Description

The version of Microsoft's Photo Decoder Component installed on the remote Windows host is affected by an
information disclosure vulnerability due to improperly handled uninitialized memory when parsing specially
crafted JPEG XR (.JXR) image format files. A remote attacker can exploit this vulnerability by convincing a user
to visit a website containing specially crafted JPEG image content, resulting in the disclosure of information.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-029

Solution

Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Temporal Score

3.7 (CVSS2#E:H/RL:OF/RC:C)

STIG Severity

References

BID 72918
CVE CVE-2015-0076
MSKB 3035126
XREF MSFT:MS15-029
XREF IAVB:2015-B-0034

Plugin Information

192.168.100.4 67
Published: 2015/03/10, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3035126
- C:\Windows\system32\wmphoto.dll has not been patched.
Remote version : 6.3.9600.16388
Should be : 6.3.9600.17668
81744 - MS15-030: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (3039976)

Synopsis

The remote Windows host is affected by a denial of service vulnerability.

Description

The remote Windows host is affected by a vulnerability due to a failure by the Remote Desktop Protocol (RDP)
to properly free objects in memory. A remote, unauthenticated attacker, by creating multiple RDP sessions, can
exploit this to exhaust the system memory and cause a denial of service.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-030

Solution

Microsoft has released a set of patches for Windows 7, 8, 2012, 8.1, and 2012 R2.

Risk Factor

Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Temporal Score

3.7 (CVSS2#E:U/RL:OF/RC:C)

References

BID 72921
CVE CVE-2015-0079
MSKB 3035017
MSKB 3036493
XREF MSFT:MS15-030

Plugin Information

Published: 2015/03/10, Modified: 2018/11/15

Plugin Output

tcp/445
KB : 3035017
- C:\Windows\system32\rdpudd.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.17667
81745 - MS15-031: Vulnerability in Schannel Could Allow Security Feature Bypass (3046049)
(FREAK)

Synopsis

The remote Windows host is affected by a security feature bypass vulnerability.

Description

The remote Windows host is affected by a security feature bypass vulnerability, known as FREAK (Factoring
attack on RSA-EXPORT Keys), due to the support of weak EXPORT_RSA cipher suites with keys less than
or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use
EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept
and decrypt the traffic.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-031
https://www.smacktls.com/#freak

Solution

Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Temporal Score

3.7 (CVSS2#E:U/RL:OF/RC:C)

References

BID 72965
CVE CVE-2015-1637
MSKB 3046049
XREF CERT:243585
XREF MSFT:MS15-031

Plugin Information

Published: 2015/03/10, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3046049
- C:\Windows\system32\schannel.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.17702
82777 - MS15-041: Vulnerability in .NET Framework Could Allow Information Disclosure (3048010)

Synopsis

The version of the Microsoft .NET Framework installed on the remote host is affected by an information disclose
vulnerability.

Description

The remote Windows host has a version of the Microsoft .NET Framework installed that is affected by an
information disclosure vulnerability due to improper handling of requests on web servers that have custom
error messages disabled. A remote, unauthenticated attacker can exploit this issue, via a specially crafted web
request, to elicit an error message containing information that was not intended to be accessible.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-041

Solution

Microsoft has released a set of patches for .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1, and
4.5.2.

Risk Factor

Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Temporal Score

3.7 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 74010
CVE CVE-2015-1648
MSKB 3037572
MSKB 3037573
MSKB 3037574
MSKB 3037575
MSKB 3037576
MSKB 3037577
MSKB 3037578
MSKB 3037579
MSKB 3037580
MSKB 3037581
XREF MSFT:MS15-041
XREF IAVA:2015-A-0089

Plugin Information

Published: 2015/04/14, Modified: 2018/11/15

Plugin Output

tcp/445

- C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.dll has not been patched.

Remote version : 4.0.30319.34009
Should be : 4.0.30319.34248
83361 - MS15-052: Vulnerability in Windows Kernel Could Allow Security Feature Bypass (3050514)

Synopsis

The remote Windows host is affected by a security bypass vulnerability.

Description

The remote Windows host is affected by a security feature bypass vulnerability due to a failure to properly
validate memory addresses by the Windows kernel. A remote attacker can exploit this flaw, via a specially
crafted application, to bypass the Kernel Address Space Layout Randomization (KASLR), resulting in the
disclosure of the base address of the Cryptography Next Generation (CNG) kernel-mode driver (cng.sys).

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-052

Solution

Microsoft has released a set of patches for Windows 8, 2012, 8.1, and 2012 R2.

Risk Factor

Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Temporal Score

3.4 (CVSS2#E:POC/RL:OF/RC:C)

References

BID 74488
CVE CVE-2015-1674
MSKB 3050514
XREF MSFT:MS15-052

Plugin Information

Published: 2015/05/12, Modified: 2018/11/15

Plugin Output

tcp/445
KB : 3050514
- C:\Windows\system32\drivers\cng.sys has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.17785

192.168.100.4 680
83363 - MS15-054: Vulnerability in Microsoft Management Console File Format Could Allow Denial of
Service (3051768)

Synopsis

The remote Windows host is affected by a denial of service vulnerability.

Description

The remote Windows host is affected by a flaw due to a failure to properly validate a destination buffer
when retrieving icon information from a specially crafted Microsoft Management Console (.msc) file. An
unauthenticated, remote attacker, by tricking a victim into opening a malicious .msc file, can exploit this flaw to
cause a denial of service.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-15-191/
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-054

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Temporal Score

3.2 (CVSS2#E:U/RL:OF/RC:C)

References

BID 74486
CVE CVE-2015-1681
MSKB 3051768
XREF MSFT:MS15-054

Plugin Information

Published: 2015/05/12, Modified: 2018/11/15

Plugin Output

192.168.100.4 68
tcp/445

KB : 3051768
None of the versions of 'comctl32.dll' under C:\Windows\WinSxS
have been patched.
Fixed version : 6.10.9600.17784
83360 - MS15-055: Vulnerability in Schannel Could Allow Information Disclosure (3061518)

Synopsis

The remote Windows host is affected by an information disclosure vulnerability.

Description

The remote Windows host is affected by an information disclosure vulnerability due to Secure Channel
(Schannel) allowing the use of a weak Diffie-Hellman ephemeral (DFE) key length of 512 bits in an encrypted
TLS session. Usage of weak keys can result in vulnerable key exchanges that are susceptible to various attacks.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-055

Solution

Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Temporal Score

3.7 (CVSS2#E:U/RL:OF/RC:C)

References

BID 74489
CVE CVE-2015-1716
MSKB 3061518
XREF MSFT:MS15-055

Plugin Information

Published: 2015/05/12, Modified: 2018/11/15

Plugin Output

tcp/445
KB : 3061518
- C:\Windows\system32\schannel.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.17810
84745 - MS15-074: Vulnerability in Windows Installer Service Could Allow Elevation of Privilege
(3072630)

Synopsis

The remote Windows host is affected by a privilege escalation vulnerability.

Description

The version of Windows Installer Service installed on the remote Windows host is missing Cumulative Security
Update 3072630. It is, therefore, affected by an elevation of privilege vulnerability in the Windows Installer
service due to improperly running customized action scripts. A local attacker, using specially crafted code that
gets executed by a vulnerable .msi package, can exploit this vulnerability to gain elevated privileges.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-074

Solution

Microsoft has released a set of patches for 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, 2012 R2, and 10.

Risk Factor

Medium

CVSS Base Score

6.9 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

5.1 (CVSS2#E:U/RL:OF/RC:C)

References

CVE CVE-2015-2371
MSKB 3072630
XREF MSFT:MS15-074

Plugin Information

Published: 2015/07/14, Modified: 2018/11/15

Plugin Output

tcp/445
KB : 3072630
- C:\Windows\system32\msi.dll has not been patched.
Remote version : 5.0.9600.16384
Should be : 5.0.9600.17905
84741 - MS15-075: Vulnerabilities in OLE Could Allow Elevation of Privilege (3072633)

Synopsis

The remote Windows host is affected by multiple elevation of privilege vulnerabilities.

Description

Multiple elevation of privilege vulnerabilities exist in Microsoft Windows OLE due to a failure to properly validate
user input. An attacker can exploit these, in conjunction with other vulnerabilities, to execute arbitrary code on an
affected system with the permissions of the current user.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-075

Solution

Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Temporal Score

3.2 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

CVE CVE-2015-2416
CVE CVE-2015-2417
MSKB 3072633
XREF MSFT:MS15-075
XREF IAVA:2015-A-0169

Plugin Information

Published: 2015/07/14, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3072633
- C:\Windows\system32\ole32.dll has not been patched.
Remote version : 6.3.9600.16408
Should be : 6.3.9600.17905
85332 - MS15-082: Vulnerability in RDP Could Allow Remote Code Execution (3080348)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore affected by the following vulnerabilities :

- A spoofing vulnerability exists due to the Remote Desktop Session Host (RDSH) not properly validating
certificates during authentication. An man-in-the-middle attacker can exploit this to impersonate a client session
by spoofing a TLS/SSL server via a certificate that appears valid. (CVE-2015-2472)

- A code execution vulnerability exists due to the Remote Desktop Protocol client not properly handling the
loading of certain specially crafted DLL files. An attacker, by placing a malicious DLL in the user's current
working directory and convincing the user to open a crafted RDP file, can exploit this issue to execute arbitrary
code in the context of the user.
(CVE-2015-2473)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-082

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 8.1, 2012, 2012 R2, RT, and RT
8.1.

Risk Factor

Medium

CVSS Base Score

6.9 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

5.1 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 76224
BID 76228
CVE CVE-2015-2472
CVE CVE-2015-2473
MSKB 3075220
MSKB 3075221
MSKB 3075222
MSKB 3075226
XREF MSFT:MS15-082
XREF IAVA:2015-A-0190

Plugin Information

Published: 2015/08/11, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3075220
- C:\Windows\system32\mstscax.dll has not been patched.
Remote version : 6.3.9600.16520
Should be : 6.3.9600.17931

192.168.100.4 690
85335 - MS15-084: Vulnerabilities in XML Core Services Could Allow Information Disclosure
(3080129)

Synopsis

The remote host is affected by multiple information disclosure vulnerabilities.

Description

The remote Windows host contains a version of Microsoft XML Core Services (MSXML) that is affected by
multiple information disclosure vulnerabilities :

- An information disclosure vulnerability exists in XML Core Services (MSXML) due to the use of Secure Sockets
Layer (SSL) 2.0. A man-in-the-middle attacker can exploit this vulnerability by forcing an encrypted SSL 2.0
session and then decrypting the resulting network traffic. (CVE-2015-2434, CVE-2015-2471)

- An information disclosure vulnerability exists in XML Core Services (MSXML) due to exposing sensitive
memory addresses. A remote attacker, using a specially crafted website, can exploit this to bypass ASLR and
gain access to private data. (CVE-2015-2440)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-084

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, 2012 R2, RT, RT 8.1,
Office 2007 SP3, and InfoPath 2007 SP3.

Risk Factor

Medium

CVSS Base Score

5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVSS Temporal Score

4.3 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 76229
BID 76232

192.168.100.4 69
BID 76257
CVE CVE-2015-2434
CVE CVE-2015-2440
CVE CVE-2015-2471
MSKB 2825645
MSKB 3076895
XREF MSFT:MS15-084
XREF IAVB:2015-B-0098

Plugin Information

Published: 2015/08/11, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3076895
- C:\Windows\system32\msxml6.dll has not been patched.
Remote version : 6.30.9600.16384
Should be : 6.30.9600.17931
85334 - MS15-088: Unsafe Command Line Parameter Passing Could Allow Information Disclosure
(3082458)

Synopsis

The remote Windows host is affected by an information disclosure vulnerability.

Description

The remote Windows host is affected by an information disclosure vulnerability when files at a medium integrity
level become accessible to Internet Explorer running in Enhanced Protection Mode (EPM). An attacker can
exploit this vulnerability by leveraging another vulnerability to execute code in IE with EPM, and then executing
Excel, Notepad, PowerPoint, Visio, or Word using an unsafe command line parameter.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-088

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2,
and 10.

Risk Factor

Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Temporal Score

3.2 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 76202
CVE CVE-2015-2423
MSKB 3046017
MSKB 3079757
MSKB 3081436
XREF MSFT:MS15-088
XREF IAVA:2015-A-0197
Plugin Information

Published: 2015/08/11, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3046017
- C:\Windows\system32\notepad.exe has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.17930
85322 - MS15-090: Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3060716)

Synopsis

The remote Windows host is affected by multiple elevation of privilege vulnerabilities.

Description

The remote Windows host is affected by multiple elevation of privilege vulnerabilities in Windows Object
Manager :

- A flaw exists in Windows Object Manager due to a failure to properly validate and enforce impersonation levels.
A remote, authenticated attacker can exploit this vulnerability, via a specially crafted application, to bypass
impersonation-level security, resulting in a privilege escalation. (CVE-2015-2428)

- A flaw exists in Windows Object Manager due to a failure to properly restrict certain registry interactions from
within vulnerable sandboxed applications. A remote attacker can exploit this vulnerability by convincing a user
to open specially crafted file that invokes a vulnerable sandboxed application, to interact with the registry and
escape the application sandbox, resulting in a privilege escalation. (CVE-2015-2429)

- A flaw exists in Windows Object Manager due to a failure to properly restrict certain filesystem interactions from
within vulnerable sandboxed applications. A remote attacker can exploit this vulnerability by convincing a user to
open a specially crafted file that invokes a vulnerable sandboxed application, to interact with the filesystem and
escape the application sandbox, resulting in a privilege escalation. (CVE-2015-2430)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-090

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, and
2012 R2.

Risk Factor

Medium

CVSS Base Score

6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Temporal Score

5.0 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

II
References

BID 76227
BID 76231
BID 76233
CVE CVE-2015-2428
CVE CVE-2015-2429
CVE CVE-2015-2430
MSKB 3060716
XREF MSFT:MS15-090
XREF IAVA:2015-A-0193

Plugin Information

Published: 2015/08/11, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3060716
- C:\Windows\system32\ntdll.dll has not been patched.
Remote version : 6.3.9600.16502
Should be : 6.3.9600.17933
85846 - MS15-096: Vulnerability in Active Directory Service Could Allow Denial of Service (3072595)

Synopsis

The remote Windows host is affected by a denial of service vulnerability.

Description

The remote Windows host is affected by a denial of service vulnerability in Active Directory that is triggered
during the handling of a saturation of account creations. An authenticated, remote attacker, with privileges to join
machines to a domain, can exploit this vulnerability by creating multiple machine accounts, resulting in the Active
Directory service becoming non-responsive.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-096

Solution

Microsoft has released a set of patches for Windows 2008, 2008 R2, 2012, and 2012 R2.

Risk Factor

Medium

CVSS Base Score

4.0 (CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVSS Temporal Score

3.0 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 76554
CVE CVE-2015-2535
MSKB 3072595
XREF MSFT:MS15-096
XREF IAVB:2015-B-0110

Plugin Information

Published: 2015/09/08, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3072595
- C:\Windows\system32\samsrv.dll has not been patched.
Remote version : 6.3.9600.16506
Should be : 6.3.9600.18009
86825 - MS15-118: Security Update for .NET Framework to Address Elevation of Privilege (3104507)

Synopsis

The version of the .NET Framework installed on the remote host is affected by multiple vulnerabilities.

Description

The remote Windows host has a version of the Microsoft .NET Framework that is affected by multiple
vulnerabilities :

- An information disclosure vulnerability exists in the .NET Framework due to improper DTD parsing of crafted
XML files. An unauthenticated, remote attacker can exploit this, via a malicious application file, to gain read
access to the local files on the system.
(CVE-2015-6096)

- A cross-site scripting vulnerability exists in ASP.NET due to improper validation of values in HTTP requests.
An unauthenticated, remote attacker can exploit this to inject arbitrary script into the user's browser session.
(CVE-2015-6099)

- A security feature bypass vulnerability exists in the .NET Framework due to improper implementation of the
Address Space Layout Randomization (ASLR) feature. An unauthenticated, remote attacker can exploit this, via
crafted website content, to predict memory offsets in a call stack. (CVE-2015-6115)

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-118

Solution

Microsoft has released a set of patches for .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1, 4.5.2, and 4.6.

Risk Factor

Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Temporal Score

3.2 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References
BID 77474
BID 77479
BID 77482
CVE CVE-2015-6096
CVE CVE-2015-6099
CVE CVE-2015-6115
MSKB 3097988
MSKB 3097989
MSKB 3097991
MSKB 3097992
MSKB 3097994
MSKB 3097995
MSKB 3097996
MSKB 3097997
MSKB 3097999
MSKB 3098000
MSKB 3098001
MSKB 3098778
MSKB 3098779
MSKB 3098780
MSKB 3098781
MSKB 3098784
MSKB 3098785
MSKB 3098786
MSKB 3105213
XREF MSFT:MS15-118
XREF IAVA:2015-A-0271

Plugin Information

Published: 2015/11/10, Modified: 2018/11/15

Plugin Output

tcp/445

- C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.web.dll has not been patched.

Remote version : 4.0.30319.34009
Should be : 4.0.30319.34274

- C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.deployment.dll has not been patched.

Remote version : 4.0.30319.33440
Should be : 4.0.30319.34274
86830 - MS15-120: Security Update for IPSec to Address Denial of Service (3102939)

Synopsis

The remote host is affected by a denial of service vulnerability.

Description

The remote Windows host is affected by a denial of service vulnerability in the Internet Protocol Security (IPSec)
service due to improper handling of encryption negotiation. An authenticated, remote attacker can exploit this,
via a malicious application, to cause the host to become unresponsive.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-120

Solution

Microsoft has released a set of patches for Windows 8, 2012, 8.1, and 2012 R2

Risk Factor

Medium

CVSS Base Score

6.3 (CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:C)

CVSS Temporal Score

4.7 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 77481
CVE CVE-2015-6111
MSKB 3102939
XREF MSFT:MS15-120
XREF IAVB:2015-B-0133

Plugin Information

Published: 2015/11/10, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3102939
- C:\Windows\system32\ikeext.dll has not been patched.
Remote version : 6.3.9600.16427
Should be : 6.3.9600.18086
86827 - MS15-121: Security Update for Schannel to Address Spoofing (3081320)

Synopsis

The remote Windows host is affected by a spoofing vulnerability.

Description

The remote Windows host is affected by a spoofing vulnerability due to a weakness in the Secure Channel
(SChannel) TLS protocol implementation. A man-in-the-middle attacker can exploit this vulnerability to
impersonate a victim on any other server that uses the same credentials as those used between the client and
server where the attack is initiated.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-121

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, and
2012 R2.

Risk Factor

Medium

CVSS Base Score

5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVSS Temporal Score

4.3 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 77484
CVE CVE-2015-6112
MSKB 3081320
XREF MSFT:MS15-121
XREF IAVA:2015-A-0273

Plugin Information
Published: 2015/11/10, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3081320
- C:\Windows\system32\schannel.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.18088
88652 - MS16-020: Security Update for Active Directory Federation Services to Address Denial of
Service (3134222)

Synopsis

The remote Windows host is affected by a denial of service vulnerability.

Description

The remote Windows host is missing a security update. It is, therefore, affected by a denial of service
vulnerability in Active Directory Federation Services (ADFS) due to a failure to properly process certain input
during forms-based authentication. A remote attacker can exploit this, via crafted input, to cause the server to
become unresponsive.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-020

Solution

Microsoft has released a set of patches for Windows Server 2012 R2.

Risk Factor

Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Temporal Score

3.7 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

CVE CVE-2016-0037
MSKB 3134222
XREF MSFT:MS16-020
XREF IAVB:2016-B-0023

Plugin Information

Published: 2016/02/09, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3134222
None of the versions of 'Microsoft.IdentityServer.dll' under C:\Windows\WinSxS
have been patched.
Fixed version : 6.3.9600.18192
88653 - MS16-021: Security Update for NPS RADIUS Server to Address Denial of Service (3133043)

Synopsis

The remote Windows host is affected by a denial of service vulnerability.

Description

The remote Windows host is affected by a denial of service vulnerability in the Network Policy Server (NPS) due
to improper handling of RADIUS authentication requests. An unauthenticated, remote attacker can exploit this,
via specially crafted username strings, to cause a denial of service condition for RADIUS authentication on the
NPS.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-021

Solution

Microsoft has released a set of patches for Windows 2008, 2008 R2, 2012, and 2012 R2.

Risk Factor

Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Temporal Score

3.7 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 82513
CVE CVE-2016-0050
MSKB 3133043
XREF MSFT:MS16-021
XREF IAVA:2016-A-0047

Plugin Information

Published: 2016/02/09, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3133043
- C:\Windows\system32\iassam.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.18191
90440 - MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527) (Badlock)

Synopsis

The remote Windows host is affected by an elevation of privilege vulnerability.

Description

The remote Windows host is affected by an elevation of privilege vulnerability in the Security Account Manager
(SAM) and Local Security Authority (Domain Policy) (LSAD) protocols due to improper authentication level
negotiation over Remote Procedure Call (RPC) channels. A man-in-the-middle attacker able to intercept
communications between a client and a server hosting a SAM database can exploit this to force the
authentication level to downgrade, allowing the attacker to impersonate an authenticated user and access the
SAM database.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-047
http://badlock.org/

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and
10.

Risk Factor

Medium

CVSS Base Score

6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Temporal Score

5.0 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 86002
CVE CVE-2016-0128
MSKB 3148527
MSKB 3149090
MSKB 3147461
MSKB 3147458
XREF MSFT:MS16-047
XREF CERT:813296
XREF IAVA:2016-A-0093

Plugin Information

Published: 2016/04/12, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3149090
- C:\Windows\system32\lsasrv.dll has not been patched.
Remote version : 6.3.9600.16473
Should be : 6.3.9600.18267

192.168.100.4 710
90510 - MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527) (Badlock)
(uncredentialed check)

Synopsis

The remote Windows host is affected by an elevation of privilege vulnerability.

Description

See Also

http://www.nessus.org/u?52ade1e9
http://badlock.org/

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and
10.

Risk Factor

Medium

CVSS v3.0 Base Score

6.8 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N)

CVSS v3.0 Temporal Score

5.9 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVSS Temporal Score

4.3 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

192.168.100.4 71
References

BID 86002
CVE CVE-2016-0128
MSKB 3148527
MSKB 3149090
MSKB 3147461
MSKB 3147458
XREF MSFT:MS16-047
XREF CERT:813296
XREF IAVA:2016-A-0093

Plugin Information

Published: 2016/04/13, Modified: 2019/07/23

Plugin Output

tcp/49155
90510 - MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527) (Badlock)
(uncredentialed check)

Synopsis

The remote Windows host is affected by an elevation of privilege vulnerability.

Description

See Also

http://www.nessus.org/u?52ade1e9
http://badlock.org/

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and
10.

Risk Factor

Medium

CVSS v3.0 Base Score

6.8 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N)

CVSS v3.0 Temporal Score

5.9 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVSS Temporal Score

4.3 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

I
References

BID 86002
CVE CVE-2016-0128
MSKB 3148527
MSKB 3149090
MSKB 3147461
MSKB 3147458
XREF MSFT:MS16-047
XREF CERT:813296
XREF IAVA:2016-A-0093

Plugin Information

Published: 2016/04/13, Modified: 2019/07/23

Plugin Output

tcp/49158
91016 - MS16-067: Security Update for Volume Manager Driver (3155784)

Synopsis

The remote host is affected by an information disclosure vulnerability.

Description

The remote Windows host is missing a security update. It is, therefore, affected by an information disclosure
vulnerability due to a failure to correctly tie the session of the mounting user to the USB disk being mounted.
This issue occurs when the USB disk is mounted over the Remote Desktop Protocol (RDP) via RemoteFX. An
attacker can exploit this to access the file and directory information on the mounted USB disk.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-067

Solution

Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, and 2012 R2.

Risk Factor

Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Temporal Score

3.7 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 90075
CVE CVE-2016-0190
MSKB 3155784
XREF MSFT:MS16-067
XREF IAVB:2016-B-0089

Plugin Information

Published: 2016/05/10, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3155784
- C:\Windows\system32\drivers\volmgr.sys has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.18302
91608 - MS16-081: Security Update for Active Directory (3160352)

Synopsis

The remote host is affected by a denial of service vulnerability.

Description

The remote Windows host is missing a security update. It is, therefore, affected by a denial of service
vulnerability in Active Directory. An authenticated, remote attacker can exploit this, via the creation of multiple
machine accounts, to cause the Active Directory service to stop responding.

Note that an attacker must have access to an account that has privileges to join machines to the domain in order
to exploit this vulnerability.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-081

Solution

Microsoft has released a set of patches for Windows 2008 R2, 2012, and 2012 R2.

Risk Factor

Medium

CVSS Base Score

4.0 (CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVSS Temporal Score

3.0 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 91118
CVE CVE-2016-3226
MSKB 3160352
XREF MSFT:MS16-081
XREF IAVB:2016-B-0101
Plugin Information

Published: 2016/06/14, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3160352
- C:\Windows\system32\Ntdsai.dll has not been patched.
Remote version : 6.3.9600.16517
Should be : 6.3.9600.18331
91609 - MS16-082: Security Update for Microsoft Windows Search Component (3165270)

Synopsis

The remote host is affected by a denial of service vulnerability.

Description

The remote Windows host is missing a security update. It is, therefore, affected by a flaw in the Windows Search
component due to improper handling of objects in memory. An authenticated attacker can exploit this to degrade
server performance, resulting in a denial of service condition.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-082

Solution

Microsoft has released a set of patches for Windows 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10

Risk Factor

Medium

CVSS Base Score

4.0 (CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVSS Temporal Score

3.0 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 91113
CVE CVE-2016-3230
MSKB 3161958
MSKB 3163017
MSKB 3163018
XREF MSFT:MS16-082
XREF IAVB:2016-B-0100

Plugin Information
Published: 2016/06/14, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3161958
- C:\Windows\system32\structuredquery.dll has not been patched.
Remote version : 7.0.9600.16384
Should be : 7.0.9600.18334

192.168.100.4 720
93474 - MS16-115: Security Update for Microsoft Windows PDF Library (3188733)

Synopsis

The remote Windows host is affected by an information disclosure vulnerability.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple information
disclosure vulnerabilities in the Windows PDF Library due to improper handling of objects in memory. An
unauthenticated, remote attacker can exploit this vulnerability, by convincing a user to open a specially crafted
PDF file or visit a website containing specially crafted PDF content, to disclose sensitive information from
memory.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-115

Solution

Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, and 10.

Risk Factor

Medium

CVSS v3.0 Base Score

4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)

CVSS v3.0 Temporal Score

4.1 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Temporal Score

3.7 (CVSS2#E:H/RL:OF/RC:C)

STIG Severity

References

BID 92838

192.168.100.4 72
BID 92839
CVE CVE-2016-3370
CVE CVE-2016-3374
MSKB 3184943
MSKB 3185611
MSKB 3185614
MSKB 3189866
XREF MSFT:MS16-115
XREF IAVA:2016-A-0244

Plugin Information

Published: 2016/09/13, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3184943
- C:\Windows\system32\windows.data.pdf.dll has not been patched.
Remote version : 6.3.9600.16408
Should be : 6.3.9600.18454
97741 - MS17-016: Security Update for Windows IIS (4013074)

Synopsis

The remote Windows host is affected by a cross-site scripting vulnerability.

Description

The remote Windows host is missing a security update. It is, therefore, affected by a cross-site scripting (XSS)
vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit
this, via a specially crafted request, to execute arbitrary script code in a user's browser session.

See Also

https://technet.microsoft.com/library/security/MS17-016

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10,
and 2016.

Risk Factor

Medium

CVSS v3.0 Base Score

4.7 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)

CVSS v3.0 Temporal Score

4.1 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Temporal Score

3.2 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 96622
CVE CVE-2017-0055
MSKB 4012373
MSKB 4012212
MSKB 4012215
MSKB 4012213
MSKB 4012216
MSKB 4012214
MSKB 4012217
MSKB 4012606
MSKB 4013198
MSKB 4013429
XREF MSFT:MS17-016
XREF IAVB:2017-B-0033

Plugin Information

Published: 2017/03/15, Modified: 2018/08/03

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4012213
- 4012216

C:\Windows\System32\win32k.sys has not been patched.

Remote version : 6.3.9600.16650
Should be : 6.3.9600.18603
97736 - MS17-021: Security Update for Windows DirectShow (4010318)

Synopsis

The remote Windows host is affected by an information disclosure vulnerability.

Description

The remote Windows host is missing a security update. It is, therefore, affected by an information disclosure
vulnerability in Windows DirectShow due to improper handling of objects in memory. An unauthenticated, remote
attacker can exploit this, by convincing a user to visit a website containing specially crafted media content, to
disclose sensitive information.

See Also

https://technet.microsoft.com/library/security/ms17-021

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10,
and 2016.

Note that the Microsoft Bulletin contains contradictory information regarding the Windows 2012 Security Only
Update and the Windows 2012 Monthly Rollup Update. These updates may not resolve the vulnerability. Please
contact Microsoft for clarification if you are running Windows 2012.

Risk Factor

Medium

CVSS v3.0 Base Score

4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)

CVSS v3.0 Temporal Score

3.8 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Temporal Score

3.2 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

II
References

BID 96098
CVE CVE-2017-0042
MSKB 3214051
MSKB 4012212
MSKB 4012215
MSKB 4012213
MSKB 4012216
MSKB 4015548
MSKB 4015551
MSKB 4012606
MSKB 4013198
MSKB 4013429
XREF MSFT:MS17-021
XREF IAVB:2017-B-0031

Plugin Information

Published: 2017/03/15, Modified: 2018/09/10

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4012213
- 4012216

C:\Windows\System32\win32k.sys has not been patched.

Remote version : 6.3.9600.16650
Should be : 6.3.9600.18603
97742 - MS17-022: Security Update for Microsoft XML Core Services (4010321)

Synopsis

The remote host is affected by an information disclosure vulnerability.

Description

The remote Windows host is affected by an information disclosure vulnerability in Microsoft XML Core Services
(MSXML) due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this
vulnerability, by convincing a user to visit a specially crafted website, to test for the presence of files on disk.

See Also

https://technet.microsoft.com/library/security/MS17-022

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10,
and 2016.

Risk Factor

Medium

CVSS v3.0 Base Score

4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)

CVSS v3.0 Temporal Score

3.8 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Temporal Score

3.2 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 96069
CVE CVE-2017-0022
MSKB 3216916
MSKB 4012212
MSKB 4012213
MSKB 4012214
MSKB 4012215
MSKB 4012216
MSKB 4012217
MSKB 4012606
MSKB 4013198
MSKB 4013429
XREF MSFT:MS17-022
XREF IAVA:2017-A-0067

Plugin Information

Published: 2017/03/15, Modified: 2018/09/10

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 4012213
- 4012216

C:\Windows\System32\win32k.sys has not been patched.

Remote version : 6.3.9600.16650
Should be : 6.3.9600.18603
63155 - Microsoft Windows Unquoted Service Path Enumeration

Synopsis

The remote Windows host has at least one service installed that uses an unquoted service path.

Description

The remote Windows host has at least one service installed that uses an unquoted service path, which contains
at least one whitespace. A local attacker can gain elevated privileges by inserting an executable file in the path
of the affected service.

Note that this is a generic test that will flag any application affected by the described vulnerability.

See Also

http://www.nessus.org/u?84a4cc1c
http://cwe.mitre.org/data/definitions/428.html
https://www.commonexploits.com/unquoted-service-paths/
http://www.nessus.org/u?4aa6acbc

Solution

Ensure that any services that contain a space in the path enclose the path in quotes.

Risk Factor

Medium

CVSS v3.0 Base Score

7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.0 (CVSS:3.0/E:P/RL:O/RC:C)

CVSS Base Score

6.9 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

5.4 (CVSS2#E:POC/RL:OF/RC:C)

References

BID 58591
BID 58617
BID 65873
BID 68520
CVE CVE-2013-1609
CVE CVE-2014-0759
CVE CVE-2014-5455
XREF ICSA:14-058-01
XREF EDB-ID:34037

Exploitable With

Metasploit (true)

Plugin Information

Published: 2012/12/05, Modified: 2018/07/27

Plugin Output

tcp/445

Nessus found the following service with an untrusted path :

Service KMSELDI : C:\Program Files\KMSpico\Service_KMS.exe

192.168.100.4 730
111163 - Oracle Java SE Multiple Vulnerabilities (July 2018 CPU)

Synopsis

The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.

Description

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 10
Update 2, 8 Update 181, 7 Update 191, or 6 Update 201. It is, therefore, affected by multiple vulnerabilities
related to the following components :

- Concurrency. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via
multiple protocols to compromise Java SE (CVE-2018-2952)

- Deployment. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via
multiple protocols to compromise Java SE (CVE-2018-2964)

- JSSE. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple
protocols to compromise Java SE (CVE-2018-2973)

- Java DB. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple
protocols to compromise Java SE. (CVE-2018-2938)

- JavaFX. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple
protocols to compromise Java SE. (CVE-2018-2941)

- Libraries. An easily exploitable vulnerability allows an unauthenticated attacker with network access via multiple
protocols to compromise Java SE. (CVE-2018-2940)

- Security. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple
protocols to compromise Java SE (CVE-2018-2972)

- Windows DLL. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via
multiple protocols to compromise Java SE (CVE-2018-2942)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported
version number.

See Also

http://www.nessus.org/u?dbb3b1db
http://www.nessus.org/u?8a11ccea
http://www.nessus.org/u?6c975c0b
http://www.nessus.org/u?2fbcacca
http://www.nessus.org/u?726f7054

Solution

Upgrade to Oracle JDK / JRE 10 Update 2, 8 Update 181 / 7 Update 191 / 6 Update 201 or later. If necessary,
remove any affected versions.

192.168.100.4 73
Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.

Risk Factor

Medium

CVSS v3.0 Base Score

9.0 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

CVSS Base Score

6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

References

BID 104765
BID 104768
BID 104773
BID 104774
BID 104775
BID 104780
BID 104781
BID 104782
CVE CVE-2018-2938
CVE CVE-2018-2940
CVE CVE-2018-2941
CVE CVE-2018-2942
CVE CVE-2018-2952
CVE CVE-2018-2964
CVE CVE-2018-2972
CVE CVE-2018-2973

Plugin Information

Published: 2018/07/20, Modified: 2018/12/21

Plugin Output

tcp/445

The following vulnerable instance of Java is installed on the remote host :

Path : C:\Program Files (x86)\Java\jre6

Installed version : 1.6.0_45
Fixed version : 1.6.0_201 / 1.7.0_191 / 1.8.0_181 / 1.10.0_2
118228 - Oracle Java SE Multiple Vulnerabilities (October 2018 CPU)

Synopsis

The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.

Description

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 11
Update 1, 8 Update 191, 7 Update 201, or 6 Update 211. It is, therefore, affected by multiple vulnerabilities
related to the following components :

- An unspecified vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE in the
Deployment (libpng) subcomponent could allow an unauthenticated, remote attacker with network access via
HTTP to compromise Java SE, Java SE Embedded. (CVE-2018-13785)

- An unspecified vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE in the Hotspot
subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to
compromise Java SE, Java SE Embedded. (CVE-2018-3169)

- An unspecified vulnerability in the Java SE component of Oracle Java SE in the JavaFX subcomponent could
allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE.
(CVE-2018-3209)

- An unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE in the
JNDI subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols
to compromise Java SE, Java SE Embedded, JRockit.
(CVE-2018-3149)
- An unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE in
the JSSE subcomponent could allow an unauthenticated, remote attacker with network access via SSL/TLS to
compromise Java SE, Java SE Embedded, JRockit.
(CVE-2018-3180)

- An unspecified vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE in the
Networking subcomponent could allow an unauthenticated, remote attacker with network access via multiple
protocols to compromise Java SE, Java SE Embedded.
(CVE-2018-3139)

- An unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE in
the Scripting subcomponent could allow an unauthenticated, remote attacker with network access via multiple
protocols to compromise Java SE, Java SE Embedded, JRockit. (CVE-2018-3183)

- An unspecified vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE in the Security
subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to
compromise Java SE, Java SE Embedded. (CVE-2018-3136)

- An unspecified vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE in the
Serviceability subcomponent could allow a low privileged attacker with logon to the infrastructure where Java
SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. (CVE-2018-3211)

- An unspecified vulnerability in the Java SE component of Oracle Java SE in the Sound subcomponent could
allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE.
(CVE-2018-3157)
- An unspecified vulnerability in the Java SE component of Oracle Java SE in the Utility subcomponent could
allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE.
(CVE-2018-3150)

Please consult the CVRF details for the applicable CVEs for additional information.

Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.

See Also

http://www.nessus.org/u?705136d8
http://www.nessus.org/u?278f2590
http://www.nessus.org/u?adc8ef52
http://www.nessus.org/u?2fbcacca
http://www.nessus.org/u?de812f33

Solution

Upgrade to Oracle JDK / JRE 11 Update 1, 8 Update 191 / 7 Update 201 / 6 Update 211 or later. If necessary,
remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.

Risk Factor

Medium

CVSS v3.0 Base Score

5.6 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVSS Base Score

6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

References

BID 105587
BID 105590
BID 105591
BID 105595
BID 105597
BID 105599
BID 105601
BID 105602
BID 105608
BID 105615
BID 105617
BID 105622
CVE CVE-2018-3136
CVE CVE-2018-3139
CVE CVE-2018-3149
CVE CVE-2018-3150
CVE CVE-2018-3157
CVE CVE-2018-3169
CVE CVE-2018-3180
CVE CVE-2018-3183
CVE CVE-2018-3209
CVE CVE-2018-3211
CVE CVE-2018-3214
CVE CVE-2018-13785

Plugin Information

Published: 2018/10/19, Modified: 2019/01/18

Plugin Output

tcp/445

The following vulnerable instance of Java is installed on the remote host :

Path : C:\Program Files (x86)\Java\jre6

Installed version : 1.6.0_45
Fixed version : 1.6.0_211 / 1.7.0_201 / 1.8.0_191 / 1.11.0_1
99200 - Oracle VM VirtualBox 5.0.x < 5.0.34 / 5.1.x < 5.1.16 Shared Folder Implementation Information
Disclosure

Synopsis

An application installed on the remote host is affected by an information disclosure vulnerability.

Description

The version of Oracle VM VirtualBox installed on the remote host is 5.0.x prior to 5.0.34 or 5.1.x prior to 5.1.16.
It is, therefore, affected by an information disclosure vulnerability within the shared folder implementation,
specifically in the vbsfPathCheckRootEscape() function, that permits cooperating guests that have write access
to the same shared folder to gain access to the file system of the Linux host. An authenticated attacker within a
guest VM can exploit this to read arbitrary files on the host. However, exploitation requires that the shared folder
is not more than nine levels away from the file system root.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported
version number.

See Also

http://www.nessus.org/u?a61fdb8e
https://www.virtualbox.org/wiki/Changelog

Solution

Upgrade to Oracle VM VirtualBox version 5.0.34 / 5.1.16 or later

Risk Factor

Medium

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N)

CVSS v3.0 Temporal Score

6.5 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

6.3 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:N)

CVSS Temporal Score

4.7 (CVSS2#E:U/RL:OF/RC:C)
References

CVE CVE-2017-3538

Plugin Information

Published: 2017/04/05, Modified: 2019/02/26

Plugin Output

tcp/445

Path : C:\Program Files\Oracle\VirtualBox\

Installed version : 5.0.4.102546 Fixed version: 5.0.34
86568 - Oracle VM VirtualBox < 4.0.34 / 4.1.42 / 4.2.34 / 4.3.32 / 5.0.8 Multiple Core DoS (October 2015
CPU)

Synopsis

An application installed on the remote host is affected by multiple unspecified denial of service vulnerabilities.

Description

The Oracle VM VirtualBox application installed on the remote host is a version prior to 4.0.34, 4.1.42, 4.2.34,
4.3.32, or 5.0.8. It is, therefore, affected by multiple unspecified flaws in the Core subcomponent. A local attacker
can exploit these to cause a denial of service.

See Also

http://www.nessus.org/u?75a4a4fb
https://www.virtualbox.org/wiki/Changelog

Solution

Upgrade to Oracle VM VirtualBox version 4.0.34 / 4.1.42 / 4.2.34 / 4.3.32 / 5.0.8 or later as referenced in the
October 2015 Oracle Critical Patch Update advisory.

Risk Factor

Medium

CVSS v3.0 Base Score

5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVSS v3.0 Temporal Score

4.6 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Temporal Score

3.7 (CVSS2#E:U/RL:OF/RC:C)

References

CVE CVE-2015-4813
CVE CVE-2015-4896
Plugin Information

Published: 2015/10/23, Modified: 2019/03/27

Plugin Output

tcp/445

Path : C:\Program Files\Oracle\VirtualBox\

Installed version : 5.0.4.102546 Fixed version: 5.0.8

192.168.100.4 740
88052 - Oracle VM VirtualBox < 4.3.36 / 5.0.14 Multiple Vulnerabilities (January 2016 CPU)

Synopsis

An application installed on the remote host is affected by multiple vulnerabilities.

Description

The Oracle VM VirtualBox application installed on the remote host is a version prior to 4.3.36 or 5.0.14. It is,
therefore, affected by the following vulnerabilities :

- An unspecified vulnerability exists in the Core subcomponent that allows a remote attacker to affect the
availability of the system. No other details are available. (CVE-2016-0495)

- An unspecified vulnerability exists in the Core subcomponent that allows a local attacker to affect the
availability of the system. No other details are available. (CVE-2016-0592)

- An unspecified vulnerability exists in the Windows Installer subcomponent that allows a local attacker to gain
elevated privileges. No other details are available. (CVE-2016-0602)

See Also

http://www.nessus.org/u?ab4ebec1
https://www.virtualbox.org/wiki/Changelog

Solution

Upgrade to Oracle VM VirtualBox version 4.3.36 / 5.0.14 or later as referenced in the January 2016 Oracle
Critical Patch Update advisory.

Risk Factor

Medium

CVSS Base Score

6.2 (CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

4.6 (CVSS2#E:U/RL:OF/RC:C)

References

CVE CVE-2016-0495
CVE CVE-2016-0592
CVE CVE-2016-0602

192.168.100.4 74
Plugin Information

Published: 2016/01/21, Modified: 2018/11/15

Plugin Output

tcp/445

Path : C:\Program Files\Oracle\VirtualBox\

Installed version : 5.0.4.102546 Fixed version: 5.0.14
90680 - Oracle VM VirtualBox < 4.3.36 / 5.0.18 Multiple Vulnerabilities (April 2016 CPU)

Synopsis

An application installed on the remote host is affected by multiple vulnerabilities.

Description

The Oracle VM VirtualBox application installed on the remote host is a version prior to 4.3.36 or 5.0.18. It is,
therefore, affected by an unspecified flaw in the Core subcomponent that allows a local attacker to gain elevated
privileges. Additionally, multiple vulnerabilities exist in the bundled version of OpenSSL :

- A flaw exists in the ssl3_get_key_exchange() function in file s3_clnt.c when handling a ServerKeyExchange
message for an anonymous DH ciphersuite with the value of 'p' set to 0. A attacker can exploit this, by causing a
segmentation fault, to crash an application linked against the library, resulting in a denial of service.
(CVE-2015-1794)

- A carry propagating flaw exists in the x86_64 Montgomery squaring implementation that may cause the
BN_mod_exp() function to produce incorrect results. An attacker can exploit this to obtain sensitive information
regarding private keys. (CVE-2015-3193)

- A NULL pointer dereference flaw exists in file rsa_ameth.c due to improper handling of ASN.1 signatures that
are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to
crash, resulting in a denial of service condition. (CVE-2015-3194)

- A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed
X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a
decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195)

- A race condition exists in s3_clnt.c that is triggered when PSK identity hints are incorrectly updated in the
parent SSL_CTX structure when they are received by a multi-threaded client. A remote attacker can exploit
this, via a crafted ServerKeyExchange message, to cause a double-free memory error, resulting in a denial of
service. (CVE-2015-3196)

- A cipher algorithm downgrade vulnerability exists due to a flaw that is triggered when handling cipher
negotiation. A remote attacker can exploit this to negotiate SSLv2 ciphers and complete SSLv2 handshakes
even if all SSLv2 ciphers have been disabled on the server. Note that this vulnerability only exists if the
SSL_OP_NO_SSLv2 option has not been disabled.
(CVE-2015-3197)

See Also

http://www.nessus.org/u?ffb7b96f
https://www.virtualbox.org/wiki/Changelog

Solution

Upgrade to Oracle VM VirtualBox version 4.3.36 / 5.0.18 or later as referenced in the April 2016 Oracle Critical
Patch Update advisory.

Risk Factor
Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Temporal Score

3.7 (CVSS2#E:U/RL:OF/RC:C)

References

BID 78622
BID 78623
BID 78626
BID 82237
CVE CVE-2015-1794
CVE CVE-2015-3193
CVE CVE-2015-3194
CVE CVE-2015-3195
CVE CVE-2015-3196
CVE CVE-2015-3197
CVE CVE-2016-0678
XREF CERT:257823

Plugin Information

Published: 2016/04/22, Modified: 2018/11/15

Plugin Output

tcp/445

Path : C:\Program Files\Oracle\VirtualBox\

Installed version : 5.0.4.102546 Fixed version: 5.0.18
92459 - Oracle VM VirtualBox < 5.0.26 Core Subcomponent DoS (July 2016 CPU)

Synopsis

An application installed on the remote host is affected by a denial of service vulnerability.

Description

The Oracle VM VirtualBox application installed on the remote host is a version prior to 5.0.26. It is, therefore,
affected by an unspecified flaw in the Core subcomponent that allows a local attacker to cause a denial of
service condition.

See Also

http://www.nessus.org/u?453b5f8c
https://www.virtualbox.org/wiki/Changelog

Solution

Upgrade to Oracle VM VirtualBox version 5.0.26 or later as referenced in the July 2016 Oracle Critical Patch
Update advisory.

Risk Factor

Medium

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVSS Base Score

4.9 (CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)

References

CVE CVE-2016-3597

Plugin Information

Published: 2016/07/20, Modified: 2019/02/26

Plugin Output

tcp/445

Path : C:\Program Files\Oracle\VirtualBox\

Installed version : 5.0.4.102546
Fixed version : 5.0.26
118204 - Oracle VM VirtualBox < 5.2.20 Multiple Vulnerabilities (Oct 2018 CPU)

Synopsis

An application installed on the remote host is affected by multiple vulnerabilities.

Description

The version of Oracle VM VirtualBox running on the remote host is 5.2.x prior to 5.2.20. It is, therefore, affected
by multiple vulnerabilities as noted in the October 2018 Critical Patch Update advisory :

- An unspecified vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization in the Core
subcomponent could allow an unauthenticated, remote attacker with logon to the infrastructure where Oracle VM
VirtualBox executes to compromise Oracle VM VirtualBox. (CVE-2018-2909, CVE-2018-3287, CVE-2018-3288,
CVE-2018-3289, CVE-2018-3290, CVE-2018-3291, CVE-2018-3292, CVE-2018-3293, CVE-2018-3294,
CVE-2018-3295, CVE-2018-3296, CVE-2018-3297, CVE-2018-3298)

- An unspecified vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization in the OpenSSL
subcomponent could allow an unauthenticated, remote attacker with network access via TLS to compromise
Oracle VM VirtualBox. (CVE-2018-0732)

Please consult the CVRF details for the applicable CVEs for additional information.

Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.

See Also

http://www.nessus.org/u?aca0e0f6
https://www.virtualbox.org/wiki/Changelog

Solution

Upgrade to Oracle VM VirtualBox version 5.2.20 or later as referenced in the October 2018 Oracle Critical Patch
Update advisory.

Risk Factor

Medium

CVSS v3.0 Base Score

9.0 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)

CVSS Base Score

6.0 (CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)

References
BID 104442
CVE CVE-2018-0732
CVE CVE-2018-2909
CVE CVE-2018-3287
CVE CVE-2018-3288
CVE CVE-2018-3289
CVE CVE-2018-3290
CVE CVE-2018-3291
CVE CVE-2018-3292
CVE CVE-2018-3293
CVE CVE-2018-3294
CVE CVE-2018-3295
CVE CVE-2018-3296
CVE CVE-2018-3297
CVE CVE-2018-3298

Plugin Information

Published: 2018/10/18, Modified: 2019/01/18

Plugin Output

tcp/445

Path : C:\Program Files\Oracle\VirtualBox\

Installed version : 5.0.4.102546 Fixed version: 5.2.20
122448 - RARLAB WinRAR < 5.70 Beta 1 Multiple Vulnerabilities

Synopsis

An application installed on the remote Windows host is affected by multiple vulnerabilities.

Description

The version of RARLAB WinRAR installed on the remote Windows host is prior to 5.70 Beta 1. It is, therefore,
affected by the following vulnerabilities :

- An error exists in the file 'unacev2.dll' related to the 'filename' field, that allows a specially crafted ACE archive
to overwrite files outside the destination folder. Such files could be in the system startup locations, and thus, lead
to arbitrary code execution on next boot. (CVE-2018-20250)

- An input-validation error exists in the file 'unacev2.dll' related to handling ACE archives and filenames that
allows path traversal pattern checking to be bypassed. (CVE-2018-2051)

- An out-of-bounds write error exists related to handling ACE and RAR file parsing that allows arbitrary code
execution. (CVE-2018-20252)

- An out-of-bounds write error exists related to handling LHA and LZH file parsing that allows arbitrary code
execution. (CVE-2018-20253)

See Also

https://research.checkpoint.com/extracting-code-execution-from-winrar/
https://github.com/Ridter/acefile

Solution

Upgrade to WinRAR version 5.70 Beta 1 or later.

Risk Factor

Medium

CVSS v3.0 Base Score

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVSS v3.0 Temporal Score

7.5 (CVSS:3.0/E:H/RL:O/RC:C)

CVSS Base Score

6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score

5.9 (CVSS2#E:H/RL:OF/RC:C)

References

BID 106948
CVE CVE-2018-20250
CVE CVE-2018-20251
CVE CVE-2018-20252
CVE CVE-2018-20253

Exploitable With

Core Impact (true) Metasploit (true)

Plugin Information

Published: 2019/02/27, Modified: 2019/08/23

Plugin Output

tcp/445

Path : C:\Program Files\WinRAR\WinRAR.exe

Installed version : 5.11.0.0 Fixed version: 5.70 Beta 1

192.168.100.4 750
51192 - SSL Certificate Cannot Be Trusted

Synopsis

The SSL certificate for this service cannot be trusted.

Description

The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the
chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate
authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when
intermediate certificates are missing that would connect the top of the certificate chain to a known public
certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur
either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's
'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could
not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its
issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that
Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify
the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks
against the remote host.

See Also

https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509

Solution

Purchase or generate a proper certificate for this service.

Risk Factor

Medium

CVSS v3.0 Base Score

6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVSS Base Score

6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

192.168.100.4 75
Plugin Information

Published: 2010/12/15, Modified: 2018/11/15

Plugin Output

tcp/636

The following certificate was at the top of the certificate

chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject :
|-Issuer : DC=CL/DC=CLINICAISV/CN=CLINICAISV-SERVIDORDOMINIO-CA-1
51192 - SSL Certificate Cannot Be Trusted

Synopsis

The SSL certificate for this service cannot be trusted.

Description

The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the
chain of trust can be broken, as stated below :

See Also

https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509

Solution

Purchase or generate a proper certificate for this service.

Risk Factor

Medium

CVSS v3.0 Base Score

6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVSS Base Score

6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information

Published: 2010/12/15, Modified: 2018/11/15

Plugin Output

tcp/3269

The following certificate was at the top of the certificate

chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject :
|-Issuer : DC=CL/DC=CLINICAISV/CN=CLINICAISV-SERVIDORDOMINIO-CA-1
51192 - SSL Certificate Cannot Be Trusted

Synopsis

The SSL certificate for this service cannot be trusted.

Description

The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the
chain of trust can be broken, as stated below :

See Also

https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509

Solution

Purchase or generate a proper certificate for this service.

Risk Factor

Medium

CVSS v3.0 Base Score

6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVSS Base Score

6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information

Published: 2010/12/15, Modified: 2018/11/15

Plugin Output

tcp/3389

The following certificate was at the top of the certificate

chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=ServidorDominio.CLINICAISV.CL
|-Issuer : CN=ServidorDominio.CLINICAISV.CL
35291 - SSL Certificate Signed Using Weak Hashing Algorithm

Synopsis

An SSL certificate in the certificate chain has been signed using a weak hash algorithm.

Description

The remote service uses an SSL certificate chain that has been signed using a cryptographically weak hashing
algorithm (e.g. MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision
attacks. An attacker can exploit this to generate another certificate with the same digital signature, allowing an
attacker to masquerade as the affected service.

Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as
vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.

Note that certificates in the chain that are contained in the Nessus CA database (known_CA.inc) have been
ignored.

See Also

https://tools.ietf.org/html/rfc3279
http://www.nessus.org/u?9bb87bf2
http://www.nessus.org/u?e120eea1
http://www.nessus.org/u?5d894816
http://www.nessus.org/u?51db68aa
http://www.nessus.org/u?9dc7bfba

Solution

Contact the Certificate Authority to have the certificate reissued.

Risk Factor

Medium

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVSS v3.0 Temporal Score

6.7 (CVSS:3.0/E:P/RL:O/RC:C)

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score

3.9 (CVSS2#E:POC/RL:OF/RC:C)

References

BID 11849
BID 33065
CVE CVE-2004-2761
XREF CERT:836068
XREF CWE:310

Plugin Information

Published: 2009/01/05, Modified: 2019/03/27

Plugin Output

tcp/3389

icates were part of the certificate chain sent by the remote host, but contain hashes that are considered to be weak.

|-Subject : CN=ServidorDominio.CLINICAISV.CL
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From: Apr 11 21:29:06 2019 GMT
|-Valid To: Oct 11 21:29:06 2019 GMT
42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)

Synopsis

The remote service supports the use of medium strength SSL ciphers.

Description

The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards
medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses
the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same
physical network.

See Also

https://www.openssl.org/blog/blog/2016/08/24/sweet32/
https://sweet32.info

Solution

Reconfigure the affected application if possible to avoid use of medium strength ciphers.

Risk Factor

Medium

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

References

CVE CVE-2016-2183

Plugin Information

Published: 2009/11/23, Modified: 2019/02/28

Plugin Output

tcp/636
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername} Kx={key exchange} Au={authentication}

Enc={symmetric encryption method} Mac={message authentication code}
{export flag}

192.168.100.4 760
42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)

Synopsis

The remote service supports the use of medium strength SSL ciphers.

Description

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same
physical network.

See Also

https://www.openssl.org/blog/blog/2016/08/24/sweet32/
https://sweet32.info

Solution

Reconfigure the affected application if possible to avoid use of medium strength ciphers.

Risk Factor

Medium

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

References

CVE CVE-2016-2183

Plugin Information

Published: 2009/11/23, Modified: 2019/02/28

Plugin Output

tcp/3269

192.168.100.4 76
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername} Kx={key exchange} Au={authentication}

Enc={symmetric encryption method} Mac={message authentication code}
{export flag}
42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)

Synopsis

The remote service supports the use of medium strength SSL ciphers.

Description

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same
physical network.

See Also

https://www.openssl.org/blog/blog/2016/08/24/sweet32/
https://sweet32.info

Solution

Reconfigure the affected application if possible to avoid use of medium strength ciphers.

Risk Factor

Medium

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

References

CVE CVE-2016-2183

Plugin Information

Published: 2009/11/23, Modified: 2019/02/28

Plugin Output

tcp/3389
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername} Kx={key exchange} Au={authentication}

Enc={symmetric encryption method} Mac={message authentication code}
{export flag}
57582 - SSL Self-Signed Certificate

Synopsis

The SSL certificate chain for this service ends in an unrecognized self-signed certificate.

Description

The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host
is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack
against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is
signed by an unrecognized certificate authority.

Solution

Purchase or generate a proper certificate for this service.

Risk Factor

Medium

CVSS Base Score

6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Plugin Information

Published: 2012/01/17, Modified: 2016/12/14

Plugin Output

tcp/3389

The following certificate was found at the top of the certificate

chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : CN=ServidorDominio.CLINICAISV.CL
78479 - SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE)

Synopsis

It is possible to obtain sensitive information from the remote host with SSL/TLS-enabled services.

Description

The remote host is affected by a man-in-the-middle (MitM) information disclosure vulnerability known as
POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages
encrypted using block ciphers in cipher block chaining (CBC) mode.
MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim
application to repeatedly send the same data over newly created SSL 3.0 connections.

As long as a client and service both support SSLv3, a connection can be 'rolled back' to SSLv3, even if TLSv1 or
newer is supported by the client and service.

The TLS Fallback SCSV mechanism prevents 'version rollback' attacks without impacting legacy clients;
however, it can only protect connections when the client and service support the mechanism. Sites that cannot
disable SSLv3 immediately should enable this mechanism.

This is a vulnerability in the SSLv3 specification, not in any particular SSL implementation. Disabling SSLv3 is
the only way to completely mitigate the vulnerability.

See Also

https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

Solution

Disable SSLv3.

Services that must support SSLv3 should enable the TLS Fallback SCSV mechanism until SSLv3 can be
disabled.

Risk Factor

Medium

CVSS v3.0 Base Score

6.8 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score

3.2 (CVSS2#E:U/RL:OF/RC:C)

References

BID 70574
CVE CVE-2014-3566
XREF CERT:577193

Plugin Information

Published: 2014/10/15, Modified: 2019/07/22

Plugin Output

tcp/636

Nessus determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.

It appears that TLSv1 or newer is supported on the server. However, the

Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.
78479 - SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE)

Synopsis

It is possible to obtain sensitive information from the remote host with SSL/TLS-enabled services.

Description

As long as a client and service both support SSLv3, a connection can be 'rolled back' to SSLv3, even if TLSv1 or
newer is supported by the client and service.

This is a vulnerability in the SSLv3 specification, not in any particular SSL implementation. Disabling SSLv3 is
the only way to completely mitigate the vulnerability.

See Also

https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

Solution

Disable SSLv3.

Services that must support SSLv3 should enable the TLS Fallback SCSV mechanism until SSLv3 can be
disabled.

Risk Factor

Medium

CVSS v3.0 Base Score

6.8 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score

3.2 (CVSS2#E:U/RL:OF/RC:C)

References

BID 70574
CVE CVE-2014-3566
XREF CERT:577193

Plugin Information

Published: 2014/10/15, Modified: 2019/07/22

Plugin Output

tcp/3269

Nessus determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.

It appears that TLSv1 or newer is supported on the server. However, the

Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.
127852 - Security Updates for Internet Explorer (August 2019)

Synopsis

The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.

Description

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by
multiple vulnerabilities :

See Also

http://www.nessus.org/u?b7972a29
http://www.nessus.org/u?5235a5d1
http://www.nessus.org/u?127b7a44
http://www.nessus.org/u?79b786e1
http://www.nessus.org/u?1fc7ed0c

Solution

Microsoft has released the following security updates to address this issue:
-KB4512506
-KB4512518
-KB4512476
-KB4511872
-KB4512488

Risk Factor

Medium

192.168.100.4 770
CVSS v3.0 Base Score

5.0 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)

CVSS Base Score

5.1 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)

STIG Severity

References

CVE CVE-2019-1133
CVE CVE-2019-1192
CVE CVE-2019-1193
CVE CVE-2019-1194
MSKB 4512506
MSKB 4512518
MSKB 4512476
MSKB 4511872
MSKB 4512488
XREF MSFT:MS19-4512506
XREF MSFT:MS19-4512518
XREF MSFT:MS19-4512476
XREF MSFT:MS19-4511872
XREF MSFT:MS19-4512488
XREF IAVA:2019-A-0288

Plugin Information

Published: 2019/08/13, Modified: 2019/08/16

Plugin Output

tcp/445

KB : 4511872
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.16438
Should be : 11.0.9600.19431

Note: The fix for this issue is available in either of the following updates:
- KB4511872 : Cumulative Security Update for Internet Explorer
- KB4512488 : Windows 8.1 / Server 2012 R2 Monthly Rollup

192.168.100.4 77
126263 - SolarWinds Dameware Mini Remote Control Client Public Key Buffer Over-read

Synopsis

The remote host is running a remote control application that is affected by a buffer over-read vulnerability.

Description

The SolarWinds Dameware Mini Remote Control Client Agent running on the remote host is affected by a buffer
over-read vulnerability due to improper validation of user-supplied data. An unauthenticated, remote attacker can
exploit this, via a series of requests, to cause a denial of service condition.

Note that the software is reportedly affected by additional vulnerabilities; however, this plugin has not tested for
these.

See Also

http://www.nessus.org/u?1220acd8

Solution

Upgrade to SolarWinds Dameware Mini Remote Control v12.1 Hotfix 2 or later.

Risk Factor

Medium

CVSS v3.0 Base Score

7.4 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H)

CVSS Base Score

5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P)

References

CVE CVE-2019-3956
XREF TRA:TRA-2019-26

Plugin Information

Published: 2019/06/27, Modified: 2019/06/27

Plugin Output

tcp/6129
117339 - Wireshark 2.2.x < 2.2.17 / 2.4.x < 2.4.9 / 2.6.x < 2.6.3 Multiple Vulnerabilities

Synopsis

An application installed on the remote Windows host is affected by multiple vulnerabilities.

Description

The version of Wireshark installed on the remote Windows host is 2.2.x prior to 2.2.17, 2.4.x prior to 2.4.9, or
2.6.x prior to 2.6.3.
It is, therefore, affected by multiple vulnerabilities.

See Also

https://www.wireshark.org/security/wnpa-sec-2018-44.html
https://www.wireshark.org/security/wnpa-sec-2018-45.html
https://www.wireshark.org/security/wnpa-sec-2018-46.html

Solution

Upgrade to Wireshark version 2.2.17 / 2.4.9 / 2.6.3 or later.

Risk Factor

Medium

CVSS v3.0 Base Score

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

References

BID 105174
CVE CVE-2018-16056
CVE CVE-2018-16057
CVE CVE-2018-16058

Plugin Information

Published: 2018/09/07, Modified: 2018/12/21

Plugin Output
tcp/445

Path : C:\Program Files\Wireshark

Installed version : 2.2.5 Fixed version: 2.2.17
80495 - MS15-006: Vulnerability in Windows Error Reporting Could Allow Security Feature Bypass
(3004365)

Synopsis

The remote Windows host is affected by a security feature bypass vulnerability.

Description

The remote Windows host is affected by a vulnerability in the Windows Error Reporting service component that
allows bypassing the 'Protected Process Light' security feature. A remote attacker can exploit this vulnerability to
gain access to the memory of a running process.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-006

Solution

Microsoft has released a set of patches for Windows 8, 2012, 8.1, and 2012 R2.

Risk Factor

Low

CVSS Base Score

1.9 (CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N)

CVSS Temporal Score

1.4 (CVSS2#E:U/RL:OF/RC:C)

References

BID 71927
CVE CVE-2015-0001
MSKB 3004365
XREF MSFT:MS15-006

Plugin Information

Published: 2015/01/13, Modified: 2018/11/15

Plugin Output

tcp/445
KB : 3004365
- C:\Windows\system32\wer.dll has not been patched.
Remote version : 6.3.9600.16408
Should be : 6.3.9600.17550
81267 - MS15-014: Vulnerability in Group Policy Could Allow Security Feature Bypass (3004361)

Synopsis

The remote Windows host is affected by a security downgrade vulnerability.

Description

The version of Windows running on the remote host is affected by a security downgrade vulnerability that affects
workstations and servers configured to use Group Policy. A man-in-the-middle attacker, via modified domain
controller responses sent to targeted systems, can cause the policy file to become corrupted and unreadable,
resulting in the Group Policy settings reverting to their default, potentially less secure, state.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-014

Solution

Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

Low

CVSS Base Score

2.6 (CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N)

CVSS Temporal Score

1.9 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 72476
CVE CVE-2015-0009
MSKB 3004361
XREF CERT:787252
XREF MSFT:MS15-014
XREF IAVB:2015-B-0017

Plugin Information
Published: 2015/02/10, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3004361
- C:\Windows\system32\scesrv.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.17552
81741 - MS15-027: Vulnerability in NETLOGON Could Allow Spoofing (3002657)

Synopsis

The remote Windows host is affected by a spoofing vulnerability.

Description

The remote Windows host is affected by a spoofing vulnerability due to the Netlogon service improperly
establishing a secure communications channel to a different machine with a spoofed computer name. A remote
attacker, on a domain-joined system with the ability to observe network traffic, can exploit this vulnerability to
obtain session-related data of the spoofed computer. This information can be used to mount further attacks.

Note that this vulnerability only affects a server if it is configured as a domain controller.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-027

Solution

Microsoft has released a set of patches for Windows 2003, 2008, 2008 R2, 2012, 2012 R2.

Risk Factor

Low

CVSS Base Score

2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVSS Temporal Score

2.3 (CVSS2#E:H/RL:OF/RC:C)

References

BID 72933
CVE CVE-2015-0005
MSKB 3002657
XREF MSFT:MS15-027

Plugin Information

Published: 2015/03/10, Modified: 2018/11/15

Plugin Output
tcp/445

KB : 3002657
- C:\Windows\system32\netlogon.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.17678

192.168.100.4 780
84735 - MS15-071: Vulnerability in NETLOGON Could Allow Elevation of Privilege (3068457)

Synopsis

The remote Windows host is affected by a privilege escalation vulnerability.

Description

The remote Windows host is affected by a privilege escalation vulnerability due to the Netlogon service
improperly establishing a communications channel to a primary domain controller (PDC). An attacker, with
access to the PDC, can exploit this by using a crafted application to create a secure channel to the PDC as a
backup domain controller (BDC), possibly allowing access to sensitive credential information.

Note that this vulnerability only affects a server if it is configured as a domain controller.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-071

Solution

Microsoft has released a set of patches for Windows 2003, 2008, 2008 R2, 2012, and 2012 R2.

Risk Factor

Low

CVSS Base Score

2.1 (CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Temporal Score

1.6 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 75633
CVE CVE-2015-2374
MSKB 3068457
XREF MSFT:MS15-071
XREF IAVA:2015-A-0173

192.168.100.4 78
Plugin Information

Published: 2015/07/14, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3068457
- C:\Windows\system32\netlogon.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.17901
92023 - MS16-092: Security Update for Windows Kernel (3171910)

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- A security feature bypass vulnerability exists in the Windows kernel due to improper validation of how a
low integrity application can use certain object manager features. An attacker can exploit this issue to take
advantage of time-of-check time-of-use (TOCTOU) issues in file path-based checks from a low integrity
application, allowing the attacker to modify files outside of a low integrity level application.
(CVE-2016-3258)

- An information disclosure vulnerability exists in the Windows kernel due to a failure to properly handle
certain page fault system calls. A local attacker can exploit this, via a specially crafted application, to disclose
information from one process to another.
(CVE-2016-3272)

See Also

http://www.nessus.org/u?aa343793

Solution

Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, and 10.

Risk Factor

Low

CVSS v3.0 Base Score

2.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)

CVSS v3.0 Temporal Score

2.5 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

2.1 (CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Temporal Score

1.6 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity

References

BID 91603
BID 91606
CVE CVE-2016-3258
CVE CVE-2016-3272
MSKB 3170377
MSKB 3169704
MSKB 3163912
MSKB 3172985
XREF MSFT:MS16-092
XREF IAVA:2016-A-0178

Plugin Information

Published: 2016/07/12, Modified: 2019/03/27

Plugin Output

tcp/445

The registry does not contain the update to

DisablePageCombining

KB : 3170377
- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.3.9600.16452
Should be : 6.3.9600.18378
94013 - MS16-124: Security Update for Windows Registry (3193227)

Synopsis

The remote host is affected by multiple information disclosure vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple information
disclosure vulnerabilities in the kernel API that allow a local attacker, via a specially crafted application, to
disclose sensitive registry information.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-124

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and
10.

Risk Factor

Low

CVSS v3.0 Base Score

3.3 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

CVSS v3.0 Temporal Score

3.0 (CVSS:3.0/E:P/RL:O/RC:C)

CVSS Base Score

2.1 (CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Temporal Score

1.6 (CVSS2#E:POC/RL:OF/RC:C)

STIG Severity

References

BID 93354
BID 93355
BID 93356
BID 93357
CVE CVE-2016-0070
CVE CVE-2016-0073
CVE CVE-2016-0075
CVE CVE-2016-0079
MSKB 3185330
MSKB 3185331
MSKB 3185332
MSKB 3191256
MSKB 3192391
MSKB 3192392
MSKB 3192393
MSKB 3192440
MSKB 3192441
MSKB 3194798
XREF MSFT:MS16-124
XREF IAVA:2016-A-0282

Plugin Information

Published: 2016/10/12, Modified: 2018/11/15

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 3185331
- 3192392

C:\Windows\System32\Gdiplus.dll has not been patched.

Remote version : 6.3.9600.16384
Should be : 6.3.9600.18468
95770 - MS16-153: Security Update for Common Log File System Driver (3207328)

Synopsis

The remote host is affected by an information disclosure vulnerability.

Description

The remote Windows host is missing a security update. It is, therefore, affected by an information disclosure
vulnerability in the Windows Common Log File System (CLFS) due to improper handling of objects in memory.
A local attacker can exploit this vulnerability, via a specially crafted application, to bypass security measures and
disclose sensitive information.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-153

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10,
and 2016.

Risk Factor

Low

CVSS v3.0 Base Score

5.5 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVSS v3.0 Temporal Score

4.8 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score

2.1 (CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Temporal Score

1.6 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity

References

BID 94787
CVE CVE-2016-7295
MSKB 3203838
MSKB 3205400
MSKB 3205401
MSKB 3205408
MSKB 3205409
MSKB 3205394
MSKB 3207752
MSKB 3205383
MSKB 3206632
MSKB 3205386
XREF MSFT:MS16-153
XREF IAVA:2016-A-0351

Plugin Information

Published: 2016/12/13, Modified: 2018/11/15

Plugin Output

tcp/445

The remote host is missing one of the following rollup KBs :

- 3205400
- 3205401

C:\Windows\System32\win32k.sys has not been patched.

Remote version : 6.3.9600.16650
Should be : 6.3.9600.18533
65821 - SSL RC4 Cipher Suites Supported (Bar Mitzvah)

Synopsis

The remote service supports the use of the RC4 cipher.

Description

The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small
biases are introduced into the stream, decreasing its randomness.

If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of
millions) ciphertexts, the attacker may be able to derive the plaintext.

See Also

http://www.nessus.org/u?ac7327a0
http://cr.yp.to/talks/2013.03.12/slides.pdf
http://www.isg.rhul.ac.uk/tls/
https://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf

Solution

Reconfigure the affected application, if possible, to avoid use of RC4 ciphers. Consider using TLS 1.2 with AES-
GCM suites subject to browser and web server support.

Risk Factor

Low

CVSS v3.0 Base Score

5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVSS v3.0 Temporal Score

5.4 (CVSS:3.0/E:U/RL:X/RC:C)

CVSS Base Score

2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVSS Temporal Score

2.2 (CVSS2#E:U/RL:ND/RC:C)
References

BID 58796
BID 73684
CVE CVE-2013-2566
CVE CVE-2015-2808

Plugin Information

Published: 2013/04/05, Modified: 2019/07/23

Plugin Output

tcp/636

List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

e fields above are :

penSSL ciphername} Kx={key exchange} Au={authentication}

c={symmetric encryption method} Mac={message authentication code}
xport flag}

192.168.100.4 790
65821 - SSL RC4 Cipher Suites Supported (Bar Mitzvah)

Synopsis

The remote service supports the use of the RC4 cipher.

Description

If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of
millions) ciphertexts, the attacker may be able to derive the plaintext.

See Also

http://www.nessus.org/u?ac7327a0
http://cr.yp.to/talks/2013.03.12/slides.pdf
http://www.isg.rhul.ac.uk/tls/
https://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf

Solution

Reconfigure the affected application, if possible, to avoid use of RC4 ciphers. Consider using TLS 1.2 with AES-
GCM suites subject to browser and web server support.

Risk Factor

Low

CVSS v3.0 Base Score

5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVSS v3.0 Temporal Score

5.4 (CVSS:3.0/E:U/RL:X/RC:C)

CVSS Base Score

2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVSS Temporal Score

2.2 (CVSS2#E:U/RL:ND/RC:C)

192.168.100.4 79
References

BID 58796
BID 73684
CVE CVE-2013-2566
CVE CVE-2015-2808

Plugin Information

Published: 2013/04/05, Modified: 2019/07/23

Plugin Output

tcp/3269

List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

e fields above are :

penSSL ciphername} Kx={key exchange} Au={authentication}

c={symmetric encryption method} Mac={message authentication code}
xport flag}
65821 - SSL RC4 Cipher Suites Supported (Bar Mitzvah)

Synopsis

The remote service supports the use of the RC4 cipher.

Description

If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of
millions) ciphertexts, the attacker may be able to derive the plaintext.

See Also

http://www.nessus.org/u?ac7327a0
http://cr.yp.to/talks/2013.03.12/slides.pdf
http://www.isg.rhul.ac.uk/tls/
https://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf

Solution

Reconfigure the affected application, if possible, to avoid use of RC4 ciphers. Consider using TLS 1.2 with AES-
GCM suites subject to browser and web server support.

Risk Factor

Low

CVSS v3.0 Base Score

5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVSS v3.0 Temporal Score

5.4 (CVSS:3.0/E:U/RL:X/RC:C)

CVSS Base Score

2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVSS Temporal Score

2.2 (CVSS2#E:U/RL:ND/RC:C)
References

BID 58796
BID 73684
CVE CVE-2013-2566
CVE CVE-2015-2808

Plugin Information

Published: 2013/04/05, Modified: 2019/07/23

Plugin Output

tcp/3389

List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

e fields above are :

penSSL ciphername} Kx={key exchange} Au={authentication}

c={symmetric encryption method} Mac={message authentication code}
xport flag}
92415 - Application Compatibility Cache

Synopsis

Nessus was able to gather application compatibility settings on the remote host.

Description

Nessus was able to generate a report on the application compatibility cache on the remote Windows host.

See Also

https://dl.mandiant.com/EE/library/Whitepaper_ShimCacheParser.pdf
http://www.nessus.org/u?4a076105

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2016/07/19, Modified: 2018/05/23

Plugin Output

tcp/0

Application compatibility cache report attached.

110095 - Authentication Success

Synopsis

Nessus was able to log in to the remote host using the provided credentials. No issues were reported with
access, privilege, or intermittent failure.

Description

Nessus was able to execute credentialed checks because it was possible to log in to the remote host using
provided credentials, no access or privilege issues were reported, and no subsequent failures were reported for
the successful credentials.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2018/05/24, Modified: 2018/10/02

Plugin Output

tcp/445

s able to log in to the following host as Administrador with no privilege or access problems reported:

Protocol Port : SMB

: 445
34096 - BIOS Info (WMI)

Synopsis

The BIOS info could be read.

Description

It is possible to get information about the BIOS via the host's WMI interface.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/05, Modified: 2019/08/20

Plugin Output

tcp/0

Vendor Version : HP
: J01
Release date : 20110421000000.000000+000
UUID: 32393436-3535-4D32-3232-313830315533
Secure boot : disabled
10761 - COM+ Internet Services (CIS) Server Detection

Synopsis

A COM+ Internet Services (CIS) server is listening on this port.

Description

COM+ Internet Services are RPC over HTTP tunneling and require IIS to operate. CIS ports shouldn't be visible
on internet but only behind a firewall.

See Also

http://www.nessus.org/u?d02f7e6e
https://support.microsoft.com/en-us/support/kb/articles/q282/2/61.asp

Solution

If you do not use this service, disable it with DCOMCNFG.

Otherwise, limit access to this port.

Risk Factor

None

Plugin Information

Published: 2001/09/14, Modified: 2018/11/15

Plugin Output

tcp/49157

Server banner :

ncacn_http/1.0
96533 - Chrome Browser Extension Enumeration

Synopsis

One or more Chrome browser extensions are installed on the remote host.

Description

Nessus was able to enumerate Chrome browser extensions installed on the remote host.

See Also

https://chrome.google.com/webstore/category/extensions

Solution

Make sure that the use and configuration of these extensions comply with your organization's acceptable use
and security policies.

Risk Factor

None

Plugin Information

Published: 2017/01/16, Modified: 2019/08/20

Plugin Output

tcp/445

User : Administrador
|- Browser : Chrome
|- Add-on information :

Name : Slides
Description : Create and edit presentations Version: 0.10
Update Date : Dec. 27, 2017 at 13:59:35 GMT

Path : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions

\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0

Name : Docs
Description : Create and edit documents Version: 0.10
Update Date : Dec. 27, 2017 at 13:59:37 GMT

Path : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions

\aohghmighlieiainnegkcijnfilokake\0.10_0

Name : Google Drive

Description : Google Drive: create, share and keep all your stuff in one place. Version: 14.1
Update Date : Oct. 31, 2015 at 21:03:54 GMT
Path : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions
\apdfllckaahabafndbhieahigkjlhalf\14.1_0

Name Version : YouTube

: 4.2.8
Update Date : Sep. 25, 2015 at 20:25:16 GMT
Path : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions
\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0

Name : Google Search

Description : The fastest way to search the web. Version: 0.0.0.60
Update Date : Oct. 31, 2015 at 21:03:55 GMT
Path: C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions
\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0

Name : Sheets
Description : Create and edit spreadsheets Version: 1.2
Update Date : Dec. 27, 2017 at 13:59:37 GMT

Path : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions

\felcaaldnbdncclmgdcncolpebgiejap\1.2_0

Name : Google Docs Offline

Description : Get things done offline with the Google Docs family of products. Version: 1.7
Update Date : Nov. 19, 2018 at 13:48:43 GMT
Path: C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\De [...]
45590 - Common Platform Enumeration (CPE)

Synopsis

It was possible to enumerate CPE names that matched on the remote system.

Description

By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration)
matches for various hardware and software products found on a host.

Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on
the information available from the scan.

See Also

http://cpe.mitre.org/
https://nvd.nist.gov/products/cpe

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2010/04/21

Plugin Output

tcp/0

The remote operating system matched the following CPE :

cpe:/o:microsoft:windows_server_2012:r2:gold

Following application CPE's matched on the remote system :

cpe:/a:google:chrome:76.0.3809.132
cpe:/a:microsoft:.net_framework:4.5.1 -> Microsoft .NET Framework 4.5.1
cpe:/a:microsoft:ie:11.0.9600.16438
cpe:/a:microsoft:iis:8.5
cpe:/a:microsoft:remote_desktop_connection:6.3.9600.16384
cpe:/a:oracle:jre:1.6.0:update45
cpe:/a:oracle:jre:1.6.0_45
cpe:/a:oracle:vm_virtualbox:5.0.4.102546
cpe:/a:rarlab:winrar:5.11.0.0
cpe:/a:simon_tatham:putty:0.70
cpe:/a:teamviewer:teamviewer:14.5.5819
cpe:/a:wireshark:wireshark:2.2.5 -> Wireshark 2.2.5
x-cpe:/a:microsoft:dhcp_server:6.3.9600.16384
24270 - Computer Manufacturer Information (WMI)

Synopsis

It is possible to obtain the name of the remote computer manufacturer.

Description

By making certain WMI queries, it is possible to obtain the model of the remote computer as well as the name of
its manufacturer and its serial number.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2007/02/02, Modified: 2019/08/20

Plugin Output

tcp/0

Computer Manufacturer : HP
Computer Model : ProLiant ML110 G7
Computer SerialNumber : 2M221801U3
Computer Type : Tower

Computer Physical CPU's : 1

Computer Logical CPU's : 4
CPU0
Architecture : x64
Physical Cores: 4
Logical Cores : 4

Computer Memory : 4061 MB

Form Factor: DIMM

Type : Unknown
Capacity : 2048 MB

Form Factor: DIMM

Type : Unknown
Capacity : 2048 MB
10736 - DCE Services Enumeration

Synopsis

A DCE/RPC service is running on the remote host.

Description

By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is
possible to connect and bind to each service by sending an RPC request to the remote port/pipe.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2001/08/26, Modified: 2019/05/31

Plugin Output

tcp/135

The following DCERPC services are available locally :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91

UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91

UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc078200

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000

UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000

UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc078200

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : dabrpc

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-935cfdd782c6d02669

Object UUID : 3bdb59a0-d736-4d44-9074-c1ee00000004

UUID : b2507c30-b126-494a-92ac-ee32b6eeb039, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e48486e92f8a04e8f7

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000004

UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc01FA7D2644

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000002

UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc09670E6B2

Object UUID : 52ef130c-08fd-4388-86b3-6edf00000002

UUID : 12e65dd8-887f-41ef-91bf-8d816c42c2e7, version 1.0
Description : Unknown RPC service
Annotation : Secure Desktop LRPC interface
Type : Local RPC service
[...]
10736 - DCE Services Enumeration

Synopsis

A DCE/RPC service is running on the remote host.

Description

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2001/08/26, Modified: 2019/05/31

Plugin Output

tcp/445

The following DCERPC services are available remotely :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91

UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\InitShutdown
Netbios name : \\SERVIDORDOMINIO

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000

UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\InitShutdown
Netbios name : \\SERVIDORDOMINIO

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\LSM_API_service
Netbios name : \\SERVIDORDOMINIO

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 91ae6020-9e3c-11cf-8d7c-00aa00c091be, version 0.0
Description : Certificate Service
Windows process : unknown
Type : Remote RPC service
Named pipe : \pipe\cert
Netbios name : \\SERVIDORDOMINIO

Object UUID : 7364746e-0000-0000-0000-000000000000

UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\SERVIDORDOMINIO

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0
Description : Active Directory Replication Interface
Windows process : unknown
Annotation : MS NT Directory DRS Interface
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\SERVIDORDOMINIO

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0
Description : Local Securit [...]
10736 - DCE Services Enumeration

Synopsis

A DCE/RPC service is running on the remote host.

Description

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2001/08/26, Modified: 2019/05/31

Plugin Output

tcp/49152

The following DCERPC services are available on TCP port 49152 :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91

UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49152
IP : 192.168.100.4
10736 - DCE Services Enumeration

Synopsis

A DCE/RPC service is running on the remote host.

Description

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2001/08/26, Modified: 2019/05/31

Plugin Output

tcp/49153

The following DCERPC services are available on TCP port 49153 :

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Remote RPC service
TCP Port : 49153
IP : 192.168.100.4

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Remote RPC service
TCP Port : 49153
IP : 192.168.100.4

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Remote RPC service
TCP Port : 49153
IP : 192.168.100.4

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0
Description : Unknown RPC service
Annotation : Wcm Service
Type : Remote RPC service
TCP Port : 49153
IP : 192.168.100.4

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Remote RPC service
TCP Port : 49153
IP : 192.168.100.4

192.168.100.4 810
10736 - DCE Services Enumeration

Synopsis

A DCE/RPC service is running on the remote host.

Description

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2001/08/26, Modified: 2019/05/31

Plugin Output

tcp/49154

The following DCERPC services are available on TCP port 49154 :

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49154
IP : 192.168.100.4

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49154
IP : 192.168.100.4

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Remote RPC service
TCP Port : 49154
IP : 192.168.100.4

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0
Description : Unknown RPC service
Annotation : IdSegSrv service

192.168.100.4 81
Type : Remote RPC service
TCP Port : 49154
IP : 192.168.100.4

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Remote RPC service
TCP Port : 49154
IP : 192.168.100.4

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Remote RPC service
TCP Port : 49154
IP : 192.168.100.4

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Remote RPC service
TCP Port : 49154
IP : 192.168.100.4

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Remote RPC service
TCP Port : 49154
IP : 192.168.100.4

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RP [...]
10736 - DCE Services Enumeration

Synopsis

A DCE/RPC service is running on the remote host.

Description

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2001/08/26, Modified: 2019/05/31

Plugin Output

tcp/49155

The following DCERPC services are available on TCP port 49155 :

Object UUID : 7364746e-0000-0000-0000-000000000000

UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Remote RPC service
TCP Port : 49155
IP : 192.168.100.4

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0
Description : Local Security Authority
Windows process : lsass.exe
Type : Remote RPC service
TCP Port : 49155
IP : 192.168.100.4

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
TCP Port : 49155
IP : 192.168.100.4

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b

UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Remote RPC service
TCP Port : 49155
IP : 192.168.100.4

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da

UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Remote RPC service
TCP Port : 49155
IP : 192.168.100.4

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0
Description : Network Logon Service
Windows process : lsass.exe
Type : Remote RPC service
TCP Port : 49155
IP : 192.168.100.4

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Remote RPC service
TCP Port : 49155
IP : 192.168.100.4
10736 - DCE Services Enumeration

Synopsis

A DCE/RPC service is running on the remote host.

Description

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2001/08/26, Modified: 2019/05/31

Plugin Output

tcp/49158

The following DCERPC services are available on TCP port 49158 :

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
TCP Port : 49158
IP : 192.168.100.4

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b

UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Remote RPC service
TCP Port : 49158
IP : 192.168.100.4

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da

UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Remote RPC service
TCP Port : 49158
IP : 192.168.100.4

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0
Description : Network Logon Service
Windows process : lsass.exe
Type : Remote RPC service
TCP Port : 49158
IP : 192.168.100.4

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Remote RPC service
TCP Port : 49158
IP : 192.168.100.4
10736 - DCE Services Enumeration

Synopsis

A DCE/RPC service is running on the remote host.

Description

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2001/08/26, Modified: 2019/05/31

Plugin Output

tcp/49159

The following DCERPC services are available on TCP port 49159 :

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0
Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe
Type : Remote RPC service
TCP Port : 49159
IP : 192.168.100.4

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49159
IP : 192.168.100.4

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49159
IP : 192.168.100.4

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49159
IP : 192.168.100.4

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49159
IP : 192.168.100.4
10736 - DCE Services Enumeration

Synopsis

A DCE/RPC service is running on the remote host.

Description

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2001/08/26, Modified: 2019/05/31

Plugin Output

tcp/49192

The following DCERPC services are available on TCP port 49192 :

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 50abc2a4-574d-40b3-9d66-ee4fd5fba076, version 5.0
Description : DNS Server
Windows process : dns.exe
Type : Remote RPC service
TCP Port : 49192
IP : 192.168.100.4
10736 - DCE Services Enumeration

Synopsis

A DCE/RPC service is running on the remote host.

Description

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2001/08/26, Modified: 2019/05/31

Plugin Output

tcp/55289

The following DCERPC services are available on TCP port 55289 :

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1.0
Description : Unknown RPC service
Annotation : Remote Fw APIs
Type : Remote RPC service
TCP Port : 55289
IP : 192.168.100.4

192.168.100.4 820
10736 - DCE Services Enumeration

Synopsis

A DCE/RPC service is running on the remote host.

Description

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2001/08/26, Modified: 2019/05/31

Plugin Output

tcp/55292

The following DCERPC services are available on TCP port 55292 :

The following DCERPC services are available on TCP port 64933 :

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 6bffd098-a112-3610-9833-46c3f874532d, version 1.0
Description : DHCP Server Service
Windows process : unknown
Type : Remote RPC service
TCP Port : 64933
IP : 192.168.100.4

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 5b821720-f63b-11d0-aad2-00c04fc324db, version 1.0
Description : DHCP Server Service
Windows process : unknown
Type : Remote RPC service
TCP Port : 64933
IP : 192.168.100.4
121509 - DHCP Server Detection (Windows)

Synopsis

A DHCP server is installed on the remote Windows host.

Description

A DHCP server is installed on the remote Windows host.

See Also

http://www.nessus.org/u?5a5ed447

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2019/01/31, Modified: 2019/08/20

Plugin Output

tcp/445

Path Version : C:\Windows\System32\

: 6.3.9600.16384
File Version : Windows DHCP Server (6.3.9600.16384)
11002 - DNS Server Detection

Synopsis

A DNS server is listening on the remote host.

Description

The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames
and IP addresses.

See Also

https://en.wikipedia.org/wiki/Domain_Name_System

Solution

Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.

Risk Factor

None

Plugin Information

Published: 2003/02/13, Modified: 2017/05/16

Plugin Output

tcp/53
11002 - DNS Server Detection

Synopsis

A DNS server is listening on the remote host.

Description

The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames
and IP addresses.

See Also

https://en.wikipedia.org/wiki/Domain_Name_System

Solution

Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.

Risk Factor

None

Plugin Information

Published: 2003/02/13, Modified: 2017/05/16

Plugin Output

udp/53
55472 - Device Hostname

Synopsis

It was possible to determine the remote system hostname.

Description

This plugin reports a device's hostname collected via SSH or WMI.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2011/06/30, Modified: 2019/08/20

Plugin Output

tcp/0

Hostname : SERVIDORDOMINIO
SERVIDORDOMINIO (WMI)
54615 - Device Type

Synopsis

It is possible to guess the remote device type.

Description

Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer,
router, general-purpose computer, etc).

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2011/05/23, Modified: 2011/05/23

Plugin Output

tcp/0

Remote device type : general-purpose

Confidence level : 100
71246 - Enumerate Local Group Memberships

Synopsis

Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members.

Description

Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2013/12/06, Modified: 2019/08/20

Plugin Output

tcp/0

Group Name : Administradores

Host Name : SERVIDORDOMINIO
Group SID : S-1-5-32-544
Members :
Name : Administrador
Domain : CLINICAISV
Class : Win32_UserAccount
SID : S-1-5-21-1586170146-605884322-2766078902-500
Name : Administradores de empresas
Domain : CLINICAISV
Class : Win32_Group
SID : S-1-5-21-1586170146-605884322-2766078902-519
Name : Admins. del dominio
Domain : CLINICAISV
Class : Win32_Group
SID : S-1-5-21-1586170146-605884322-2766078902-512
Name : presentaciones
Domain : CLINICAISV
Class : Win32_UserAccount
SID : S-1-5-21-1586170146-605884322-2766078902-1286

Group Name : Usuarios

Host Name : SERVIDORDOMINIO
Group SID : S-1-5-32-545
Members :
Name : INTERACTIVE
Domain : SERVIDORDOMINIO
Class : Win32_SystemAccount
SID : S-1-5-4
Name : Usuarios autentificados
Domain : SERVIDORDOMINIO
Class : Win32_SystemAccount

192.168.100.4 830
SID : S-1-5-11
Name : Usuarios del dominio
Domain : CLINICAISV
Class : Win32_Group
SID : S-1-5-21-1586170146-605884322-2766078902-513

Group Name : Invitados

Host Name : SERVIDORDOMINIO
Group SID : S-1-5-32-546
Members :
Name : Invitado
Domain : CLINICAISV
Class : Win32_UserAccount
SID : S-1-5-21-1586170146-605884322-2766078902-501
Name : Invitados del dominio
Domain : CLINICAISV
Class : Win32_Group
SID : S-1-5-21-1586170146-605884322-2766078902-514

Group Name : Opers. de impresi.n

Host Name : SERVIDORDOMINIO
Group SID : S-1-5-32-550
Members :

Group Name : Operadores de copia de seguridad

Host Name : SERVIDORDOMINIO
Group SID : S-1-5-32-551
Members :

Group Name : Duplicadores

Host Name : SERVIDORDOMINIO
Group SID : S-1-5-32-552
Members :

Group Name : Usuarios de escritorio remoto

Host Name : SERVIDORDOMINIO
Group SID : S-1-5-32-555
Members :
Name : Administrador
Domain : CLINICAISV
Class : Win32_UserAccount
SID : S-1-5-21-1586170146-605884322-2766078902-500

Group Name : Operado [...]

192.168.100.4 83
35716 - Ethernet Card Manufacturer Detection

Synopsis

The manufacturer can be identified from the Ethernet OUI.

Description

Each ethernet MAC address starts with a 24-bit Organizationally Unique Identifier (OUI). These OUIs are
registered by IEEE.

See Also

https://standards.ieee.org/faqs/regauth.html
http://www.nessus.org/u?794673b4

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2009/02/19, Modified: 2018/11/15

Plugin Output

tcp/0

The following card manufacturers were identified :

E8:39:35:E9:A7:5C : Hewlett Packard

E8:39:35:E9:A7:5D : Hewlett Packard
86420 - Ethernet MAC Addresses

Synopsis

This plugin gathers MAC addresses from various sources and consolidates them into a list.

Description

This plugin gathers MAC addresses discovered from both remote probing of the host (e.g. SNMP and Netbios)
and from running local checks (e.g. ifconfig). It then consolidates the MAC addresses into a single, unique, and
uniform list.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2015/10/16, Modified: 2018/08/13

Plugin Output

tcp/0

The following is a consolidated list of detected MAC addresses:

- E8:39:35:E9:A7:5C
- E8:39:35:E9:A7:5D
92439 - Explorer Search History

Synopsis

Nessus was able to gather a list of items searched for in the Windows UI.

Description

Nessus was able to gather evidence of cached search results from Windows Explorer searches.

See Also

https://www.4n6k.com/2015/05/forensics-quickie-ntuserdat-analysis.html

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2016/07/19, Modified: 2018/11/15

Plugin Output

tcp/0

Explorer search history report attached.

34196 - Google Chrome Detection (Windows)

Synopsis

The remote Windows host contains a web browser.

Description

Google Chrome, a web browser from Google, is installed on the remote Windows host.

See Also

https://www.google.com/chrome/

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/12, Modified: 2018/11/15

Plugin Output

tcp/445

Path : C:\Program Files (x86)\Google\Chrome\Application

Version : 76.0.3809.132

Note that Nessus only looked in the registry for evidence of Google
Chrome. If there are multiple users on this host + you may wish to
enable the 'Perform thorough tests' setting and re-scan. This will
cause Nessus to scan each local user's directory for installs.
43111 - HTTP Methods Allowed (per directory)

Synopsis

This plugin determines which HTTP methods are allowed on various CGI directories.

Description

By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.

The following HTTP methods are considered insecure:

PUT, DELETE, CONNECT, TRACE, HEAD

Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the response.
If a security constraint was set on 'GET' requests such that only 'authenticatedUsers' could access GET requests
for a particular servlet or resource, it would be bypassed for the 'HEAD' version. This allowed unauthorized blind
submission of any privileged GET request.

As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications
tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it
receives a response code of 400, 403, 405, or 501.

Note that the plugin output is only informational and does not necessarily indicate the presence of any security
vulnerabilities.

See Also

http://www.nessus.org/u?d9c03a9a
http://www.nessus.org/u?b019cbdb
https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2009/12/10, Modified: 2019/03/19

Plugin Output

tcp/80

Based on the response to an OPTIONS request :

The remote web server type is :

Microsoft-HTTPAPI/2.0

192.168.100.4 840
24260 - HyperText Transfer Protocol (HTTP) Information

Synopsis

Some information about the remote HTTP configuration can be extracted.

Description

This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive
and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2007/01/30, Modified: 2017/11/13

Plugin Output

tcp/80

Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1

SSL : no
Keep-Alive : no
Options allowed : OPTIONS, TRACE, GET, HEAD, POST
Headers :

Content-Type: text/html
Last-Modified: Tue, 13 Oct 2015 21:39:57 GMT
Accept-Ranges: bytes
ETag: "a7cb5cb4ff5d11:0"
Server: Microsoft-IIS/8.5
Date: Mon, 09 Sep 2019 14:54:25 GMT
Content-Length: 701

Response Body :

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-

strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>IIS Windows Server</title>
<style type="text/css">
<!--
body {

192.168.100.4 84
color:#000000;
background-color:#0072C6;
margin:0;
}
#container
{ margin-
left:auto; margin-
right:auto; text-
align:center;
}
a img
{ border:non
e;
}
-->
</style>
</head>
<body>
<div id="container">
<a href="http://go.microsoft.com/fwlink/?linkid=66138&clcid=0x409"><img src="iis-85.png"
alt="IIS" width="960" height="600" /></a>
</div>
</body>
</html>
24260 - HyperText Transfer Protocol (HTTP) Information

Synopsis

Some information about the remote HTTP configuration can be extracted.

Description

This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive
and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2007/01/30, Modified: 2017/11/13

Plugin Output

tcp/5985

Response Code : HTTP/1.1 404 Not Found

Protocol version : HTTP/1.1

SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Type: text/html; charset=us-ascii

Server: Microsoft-HTTPAPI/2.0
Date: Mon, 09 Sep 2019 14:54:25 GMT
Connection: close
Content-Length: 315

Response Body :
24260 - HyperText Transfer Protocol (HTTP) Information

Synopsis

Some information about the remote HTTP configuration can be extracted.

Description

This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive
and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2007/01/30, Modified: 2017/11/13

Plugin Output

tcp/47001

Response Code : HTTP/1.1 404 Not Found

Protocol version : HTTP/1.1

SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Type: text/html; charset=us-ascii

Server: Microsoft-HTTPAPI/2.0
Date: Mon, 09 Sep 2019 14:54:25 GMT
Connection: close
Content-Length: 315

Response Body :
10114 - ICMP Timestamp Request Remote Date Disclosure

Synopsis

It is possible to determine the exact time set on the remote host.

Description

The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is
set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based
authentication protocols.

Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, but
usually within 1000 seconds of the actual system time.

Solution

Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).

Risk Factor

None

References

CVE CVE-1999-0524
XREF CWE:200

Plugin Information

Published: 1999/08/01, Modified: 2019/03/06

Plugin Output

icmp/0

This host returns non-standard timestamps (high bit is set)

The ICMP timestamps might be in little endian format (not in network format)
The remote clock is synchronized with the local clock.
92421 - Internet Explorer Typed URLs

Synopsis

Nessus was able to enumerate URLs that were manually typed into the Internet Explorer address bar.

Description

Nessus was able to generate a list URLs that were manually typed into the Internet Explorer address bar.

See Also

https://crucialsecurityblog.harris.com/2011/03/14/typedurls-part-1/

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2016/07/19, Modified: 2018/05/16

Plugin Output

tcp/0

http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
https://192.168.1.1/
http://192.168.1.11/tools_firmw.html
http://192.168.1.11/
http://192.168.1.213/
http://google.com/
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://192.168.1.11/st_log.html
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141

Internet Explorer typed URL report attached.

43829 - Kerberos Information Disclosure

Synopsis

The remote Kerberos server is leaking information.

Description

Nessus was able to retrieve the realm name and/or server time of the remote Kerberos server.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2010/01/08, Modified: 2015/09/24

Plugin Output

tcp/88

Nessus gathered the following information :

Server time : 2019-09-09 14:53:28 UTC

Realm : CLINICAISV.CL
25701 - LDAP Crafted Search Request Server Information Disclosure

Synopsis

It is possible to discover information about the remote LDAP server.

Description

By sending a search request with a filter set to 'objectClass=*', it is possible to extract information about the
remote LDAP server.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2007/07/12, Modified: 2012/02/20

Plugin Output

tcp/389

[+]-namingContexts:
| DC=CLINICAISV,DC=CL
| CN=Configuration,DC=CLINICAISV,DC=CL
| CN=Schema,CN=Configuration,DC=CLINICAISV,DC=CL
| DC=DomainDnsZones,DC=CLINICAISV,DC=CL
| DC=ForestDnsZones,DC=CLINICAISV,DC=CL
[+]-currentTime:
| 20190909145459.0Z
[+]-subschemaSubentry:
| CN=Aggregate,CN=Schema,CN=Configuration,DC=CLINICAISV,DC=CL
[+]-dsServiceName:
| CN=NTDS Settings,CN=SERVIDORDOMINIO,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=CLINICAISV,DC=CL
[+]-namingContexts:
| DC=CLINICAISV,DC=CL
| CN=Configuration,DC=CLINICAISV,DC=CL
| CN=Schema,CN=Configuration,DC=CLINICAISV,DC=CL
| DC=DomainDnsZones,DC=CLINICAISV,DC=CL
| DC=ForestDnsZones,DC=CLINICAISV,DC=CL
[+]-defaultNamingContext:
| DC=CLINICAISV,DC=CL
[+]-schemaNamingContext:
| CN=Schema,CN=Configuration,DC=CLINICAISV,DC=CL
[+]-configurationNamingContext:
| CN=Configuration,DC=CLINICAISV,DC=CL
[+]-rootDomainNamingContext:
| DC=CLINICAISV,DC=CL
[+]-supportedControl:
| 1.2.840.113556.1.4.319
| 1.2.840.113556.1.4.801
| 1.2.840.113556.1.4.473
| 1.2.840.113556.1.4.528
| 1.2.840.113556.1.4.417
| 1.2.840.113556.1.4.619
| 1.2.840.113556.1.4.841
| 1.2.840.113556.1.4.529
| 1.2.840.113556.1.4.805
| 1.2.840.113556.1.4.521
| 1.2.840.113556.1.4.970
| 1.2.840.113556.1.4.1338
| 1.2.840.113556.1.4.474
| 1.2.840.113556.1.4.1339
| 1.2.840.113556.1.4.1340
| 1.2.840.113556.1.4.1413
| 2.16.840.1.113730.3.4.9
| 2.16.840.1.113730.3.4.10
| 1.2.840.113556.1.4.1504
| 1.2.840.113556.1.4.1852
| 1.2.840.113556.1.4.802
| 1.2.840.113556.1.4.1907
| 1.2.840.113556.1.4.1948
| 1.2.840.113556.1.4.1974
| 1.2.840.113556.1.4.1341
| 1.2.840.113556.1.4.2026
| 1.2.840.113556.1.4.2064
| 1.2.840.113556.1.4.2065
| 1.2.840.113556.1.4.2066
| 1.2.840.113556.1.4.2090
| 1.2.840.113556.1.4.2205
| 1.2.840.113556.1.4.2204
| 1.2.840.113556.1.4.2206
| 1.2.840.113556.1.4.2211
| 1.2.840.113556.1.4 [...]
25701 - LDAP Crafted Search Request Server Information Disclosure

Synopsis

It is possible to discover information about the remote LDAP server.

Description

By sending a search request with a filter set to 'objectClass=*', it is possible to extract information about the
remote LDAP server.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2007/07/12, Modified: 2012/02/20

Plugin Output

tcp/636

192.168.100.4 850
| 1.2.840.113556.1.4.473
| 1.2.840.113556.1.4.528
| 1.2.840.113556.1.4.417
| 1.2.840.113556.1.4.619
| 1.2.840.113556.1.4.841
| 1.2.840.113556.1.4.529
| 1.2.840.113556.1.4.805
| 1.2.840.113556.1.4.521
| 1.2.840.113556.1.4.970
| 1.2.840.113556.1.4.1338
| 1.2.840.113556.1.4.474
| 1.2.840.113556.1.4.1339
| 1.2.840.113556.1.4.1340
| 1.2.840.113556.1.4.1413
| 2.16.840.1.113730.3.4.9
| 2.16.840.1.113730.3.4.10
| 1.2.840.113556.1.4.1504
| 1.2.840.113556.1.4.1852
| 1.2.840.113556.1.4.802
| 1.2.840.113556.1.4.1907
| 1.2.840.113556.1.4.1948
| 1.2.840.113556.1.4.1974
| 1.2.840.113556.1.4.1341
| 1.2.840.113556.1.4.2026
| 1.2.840.113556.1.4.2064
| 1.2.840.113556.1.4.2065
| 1.2.840.113556.1.4.2066
| 1.2.840.113556.1.4.2090
| 1.2.840.113556.1.4.2205
| 1.2.840.113556.1.4.2204
| 1.2.840.113556.1.4.2206
| 1.2.840.113556.1.4.2211
| 1.2.840.113556.1.4 [...]

192.168.100.4 85
25701 - LDAP Crafted Search Request Server Information Disclosure

Synopsis

It is possible to discover information about the remote LDAP server.

Description

By sending a search request with a filter set to 'objectClass=*', it is possible to extract information about the
remote LDAP server.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2007/07/12, Modified: 2012/02/20

Plugin Output

tcp/3268

Synopsis

It is possible to discover information about the remote LDAP server.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2018/10/02, Modified: 2018/10/02

Plugin Output

tcp/445

Local checks have been enabled.

Account : CLINICAISV.CL\Administrador
Protocol : SMB

192.168.100.4 860
73990 - MS KB2871997: Update to Improve Credentials Protection and Management

Synopsis

The remote Windows host is missing an update to improve credentials protection and management.

Description

The remote host is missing one or more of the following Microsoft updates: KB2871997, KB2973351,
KB2975625, KB2982378, KB2984972, KB2984976, KB2984981, KB2973501, or KB3126593. These updates
are needed to improve the protection against possible credential theft.

- For Windows 7 / 2008 R2 :

KB2984972, KB2871997, KB2982378, and KB2973351 are required; also, KB2984976 (if KB2592687 is
installed) or KB2984981 (if KB2830477 is installed).

- For Windows 8 / 2012 :

KB2973501, KB2871997, and KB2973351 are required.

- For Windows 8.1 / 2012 R2 :

KB2973351 (if Update 1 is installed) or KB2975625 (if Update 1 isn't installed).

These updates provide additional protection for the Local Security Authority (LSA), add a restricted
administrative mode for Credential Security Support Provider (CredSSP), introduce support for the protected
account-restricted domain user category, enforce stricter authentication policies, add additional protection for
users'
credentials, and add a restricted administrative mode for Remote Desktop Connection and Remote Desktop
Protocol.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/2871997

Solution

Microsoft has released a set of patches for Windows 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Risk Factor

None

STIG Severity

References

MSKB 2871997
XREF IAVA:2016-A-0327

192.168.100.4 86
Plugin Information

Published: 2014/05/14, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 2975625
- C:\Windows\system32\lsasrv.dll has not been patched.
Remote version : 6.3.9600.16473
Should be : 6.3.9600.16670

KB : 3126593
- C:\Windows\system32\ntdll.dll has not been patched.
Remote version : 6.3.9600.16502
Should be : 6.3.9600.18202

KB : 3126593
- C:\Windows\system32\ntdll.dll has not been patched.
Remote version : 6.3.9600.16502
Should be : 6.3.9600.18194

KB : 3126593
- C:\Windows\system32\kernelbase.dll has not been patched.
Remote version : 6.3.9600.16656
Should be : 6.3.9600.18264

Missing KBs :
2975625
83359 - MS KB3042058: Update to Default Cipher Suite Priority Order

Synopsis

The remote Windows host is missing an update to the cipher suite.

Description

The remote Windows host is missing an update to the cryptographic cipher suite prioritization. The update adds
additional cipher suites and improves cipher suite priority ordering.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2015/3042058

Solution

Microsoft has released a set of patches for Windows 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Note that Microsoft has only made this update available via the Microsoft Download Center. It will be available
via Microsoft Update and WSUS in Q4 of 2015.

Risk Factor

None

References

MSKB 3042058

Plugin Information

Published: 2015/05/12, Modified: 2018/11/15

Plugin Output

tcp/445

- C:\Windows\system32\Schannel.dll has not been patched.

Remote version : 6.3.9600.16384
Should be : 6.3.9600.17728
82779 - MS KB3045755: Update to Improve PKU2U Authentication

Synopsis

The remote Windows host is missing a security update.

Description

The remote Windows host is missing a security update that improves the authentication used by the Public Key
Cryptography User-to-User (PKU2U) security support provider (SSP).

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2015/3045755

Solution

Microsoft has released a set of updates for Windows 8.1, RT 8.1, and 2012 R2.

Risk Factor

None

References

MSKB 3045755

Plugin Information

Published: 2015/04/14, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3045755
- C:\Windows\system32\Pku2u.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.17728
85880 - MS KB3083992: Update to Improve AppLocker Publisher Rule Enforcement

Synopsis

The remote Windows host is missing a security update that prevents a potential rules bypass.

Description

The remote Windows host is missing KB3083992, a defense-in-depth update that improves the enforcement of
publisher rules by Windows AppLocker. Specifically, the update corrects how AppLocker handles certificates to
prevent bypassing publisher rules.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2015/3083992
https://support.microsoft.com/en-us/help/3083992/microsoft-security-advisory-update-to-improve-applocker-
certificate-ha

Solution

Install Microsoft KB3083992.

Risk Factor

None

STIG Severity

References

MSKB 3083992
XREF IAVA:2015-A-0217

Plugin Information

Published: 2015/09/09, Modified: 2018/11/15

Plugin Output

tcp/445

KB : 3083992
- C:\Windows\system32\Appidsvc.dll has not been patched.
Remote version : 6.3.9600.16384
Should be : 6.3.9600.18002
87876 - MS KB3109853: Update to Improve TLS Session Resumption Interoperability

Synopsis

The remote Windows host is missing an update to the TLS implementation in SChannel.

Description

The remote Windows host is missing an update to the Transport Layer Security (TLS) protocol implementation
in SChannel. The update improves the interoperability between Schannel-based TLS clients and 3rd-party
TLS servers that enable RFC5077-based resumption and that send the NewSessionTicket message in the
abbreviated TLS handshake.
This update also addresses an issue in schannel.dll that could cause an RFC5077 session ticket-based
resumption to fail, subsequently causing WinInet-based clients to perform a fallback to a lower TLS protocol
version than what would have been otherwise negotiated.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/3109853

Solution

Microsoft has released a set of patches for Windows 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.

Risk Factor

None

References

MSKB 3109853

Plugin Information

Published: 2016/01/12, Modified: 2018/11/15

Plugin Output

tcp/445

- C:\Windows\system32\Schannel.dll has not been patched.

Remote version : 6.3.9600.16384
Should be : 6.3.9600.18154
92424 - MUICache Program Execution History

Synopsis

Nessus was able to enumerate recently executed programs on the remote host.

Description

Nessus was able to query the MUIcache registry key to find evidence of program execution.

See Also

https://forensicartifacts.com/2010/08/registry-muicache/
http://windowsir.blogspot.com/2005/12/mystery-of-muicachesolved.html
http://www.nirsoft.net/utils/muicache_view.html

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2016/07/19, Modified: 2018/05/16

Plugin Output

tcp/0

@%systemroot%\system32\winhttp.dll,-100 : Servicio de detecci.n autom.tica de proxy web WinHTTP

@%systemroot%\system32\themeservice.dll,-8192 : Temas @%systemroot
%\system32\ieetwcollectorres.dll,-1000 : Servicio Recopilador de eventos ETW para
Internet Explorer
@%systemroot%\system32\rascfg.dll,-32008 : Le permite conectarse con seguridad a una red privada a
trav.s de Internet.
@%systemroot%\system32\wudfsvc.dll,-1000 : Windows Driver Foundation - User-mode Driver Framework
@%systemroot%\system32\msimsg.dll,-27 : Windows Installer @%systemroot
%\system32\drivers\winnat.sys,-10001 : Controlador de Windows NAT @%systemroot
%\system32\drivers\afd.sys,-1000 : Controlador de funci.n suplementaria de Winsock
@%systemroot%\system32\drivers\pacer.sys,-100 : Programador de paquetes de Calidad de servicio. Este
componente proporciona control del tr.fico de red, incluidos los servicios de .ndice de flujo y
prioritarizaci.n.
@%systemroot%\system32\ntdsmsg.dll,-1 : Servicios de dominio de Active Directory @
%systemroot%\system32\vmicres.dll,-801 : Interfaz de servicio invitado de Hyper-V
@%systemroot%\system32\rascfg.dll,-32002 : Controlador WAN NDIS de acceso remoto
@regsvc.dll,-1 : Registro remoto
@%systemroot%\system32\das.dll,-100 : Servicio de asociaci.n de dispositivos
@%systemroot%\system32\snmptrap.exe,-3 : Captura SNMP @%systemroot
%\system32\vssvc.exe,-102 : Instant.neas de volumen
@%systemroot%\system32\wephostsvc.dll,-100 : Servicio host de proveedor de cifrado de Windows
@%systemroot%\system32\appinfo.dll,-100 : Informaci.n de la aplicaci.n
@c:\windows\system32\dhcpsnap.dll,-1 : DHCP
@%systemroot%\system32\locator.exe,-2 : Ubicador de llamada a procedimiento remoto (RPC)
@%systemroot%\system32\dnsapi.dll,-101 : Cliente DNS
@%systemroot%\system32\vmicres.dll,-401 : Servicio de sincronizaci.n de hora de Hyper-V
@c:\windows\system32\taskmgr.exe,-32420 : Administrador de tareas
@dfsrress.dll,-101 : Replicaci.n DFS
@%systemroot%\system32\drivers\wfplwfs.sys,-6002 : Filtro ligero de WFP para filtrado de MAC 802.3
@%systemr [...]
51351 - Microsoft .NET Framework Detection

Synopsis

A software framework is installed on the remote host.

Description

Microsoft .NET Framework, a software framework for Microsoft Windows operating systems, is installed on the
remote host.

See Also

https://www.microsoft.com/net
http://www.nessus.org/u?15ae6806

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2010/12/20, Modified: 2019/05/01

Plugin Output

tcp/445

Nessus detected 2 installs of Microsoft .NET Framework:

Path Version : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\

: 4.5.1
Full Version : 4.5.51641 Install Type : Full

Path Version : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\

: 4.5.1
Full Version : 4.5.51641 Install Type : Client

192.168.100.4 870
72879 - Microsoft Internet Explorer Enhanced Security Configuration Detection

Synopsis

The remote host supports IE Enhanced Security Configuration.

Description

Nessus detects if the remote Windows host supports IE Enhanced Security Configuration (ESC) and if IE ESC
features are enabled or disabled.

See Also

http://www.nessus.org/u?a9c4c131

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2014/03/07, Modified: 2019/08/20

Plugin Output

tcp/445

Type : Admin Groups

Is Enabled : True

Type : User Groups

Is Enabled : True

192.168.100.4 87
72367 - Microsoft Internet Explorer Version Detection

Synopsis

Internet Explorer is installed on the remote host.

Description

The remote Windows host contains Internet Explorer, a web browser created by Microsoft.

See Also

https://support.microsoft.com/en-us/help/17621/internet-explorer-downloads

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2014/02/06, Modified: 2018/11/15

Plugin Output

tcp/445

Version : 11.0.9600.16438
66424 - Microsoft Malicious Software Removal Tool Installed

Synopsis

An antimalware application is installed on the remote Windows host.

Description

The Microsoft Malicious Software Removal Tool is installed on the remote host. This tool is an application that
attempts to detect and remove known malware from Windows systems.

See Also

https://www.microsoft.com/en-us/security/pc-security/malware-removal.aspx
https://support.microsoft.com/en-us/help/891716/deploy-windows-malicious-software-removal-tool-in-an-
enterprise-enviro

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2013/05/15, Modified: 2018/11/15

Plugin Output

tcp/445

File Version : C:\Windows\system32\MRT.exe

: 5.67.15525.1
Release at last run : unknown
Report infection information to Microsoft : Yes
92427 - Microsoft Paint Recent File History

Synopsis

Nessus was able to enumerate files opened in Microsoft Paint on the remote host.

Description

Nessus was able to generate a list of files opened using the Microsoft Paint program.

See Also

https://en.wikipedia.org/wiki/Microsoft_Paint
http://www.nessus.org/u?0887d2d5

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2016/07/19, Modified: 2018/05/23

Plugin Output

tcp/0

S-1-5-21-1586170146-605884322-2766078902-1114
- C:\Fondos Escritorio\Wallpaper ClinicaISV.jpg
CLINICAISV.CL\Administrador
- C:\Users\Administrador\Pictures\Suspencion de Equipos.png
- C:\Users\Administrador\Pictures\Usuario Comun.png
- D:\Wallpaper\Oregon.jpg
- C:\Fondo Escritorio\WallpaperISV.jpg
- C:\Users\Administrador\Pictures\Usuario Admin.png
- C:\Windows\Web\Wallpaper\Windows\img0.jpg
- C:\inetpub\wwwroot\iis-85.png
- D:\Wallpaper\Fondo.jpg
- D:\Wallpaper\ISV.jpg
CLINICAISV.CL\rmedina
- D:\Wallpaper\Fondo.jpg
- D:\Wallpaper\ISV.jpg
57033 - Microsoft Patch Bulletin Feasibility Check

Synopsis

Nessus is able to check for Microsoft patch bulletins.

Description

Using credentials supplied in the scan policy, Nessus is able to collect information about the software and
patches installed on the remote Windows host and will use that information to check for missing Microsoft
security updates.

Note that this plugin is purely informational.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2011/12/06, Modified: 2018/11/01

Plugin Output

tcp/445

Nessus is able to test for missing patches using :

Nessus
125835 - Microsoft Remote Desktop Connection Installed

Synopsis

A graphical interface connection utility is installed on the remote Windows host

Description

Microsoft Remote Desktop Connection (also known as Remote Desktop Protocol or Terminal Services Client) is
installed on the remote Windows host.

See Also

http://www.nessus.org/u?1c33f0e7

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2019/06/12, Modified: 2019/06/12

Plugin Output

tcp/0

Path : C:\Windows\\System32\\mstsc.exe
Version : 6.3.9600.16384
10902 - Microsoft Windows 'Administrators' Group User List

Synopsis

There is at least one user in the 'Administrators' group.

Description

Using the supplied credentials, it is possible to extract the member list of the 'Administrators' group. Members of
this group have complete access to the remote system.

Solution

Verify that each member of the group should have this type of access.

Risk Factor

None

Plugin Information

Published: 2002/03/15, Modified: 2018/05/16

Plugin Output

tcp/445

The following users are members of the 'Administrators' group :

- CLINICAISV\Administrador (User)
- CLINICAISV\Administradores de empresas (Group)
- CLINICAISV\Admins. del dominio (Group)
- CLINICAISV\presentaciones (User)
92371 - Microsoft Windows DNS Cache

Synopsis

Nessus was able to collect and report DNS cache information from the remote host.

Description

Nessus was able to collect details of the DNS cache from the remote Windows host and generate a report as a
CSV attachment.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2016/07/19, Modified: 2019/08/20

Plugin Output

tcp/0

3855458e-b67a-417c-bea5-5cad1ae3463f._msdcs.clinicaisv.cl
62de932f-994f-4df5-9c58-2c199e7caaa3._msdcs.clinicaisv.cl
nas

DNS cache information attached.

92364 - Microsoft Windows Environment Variables

Synopsis

Nessus was able to collect and report environment variables from the remote host.

Description

Nessus was able to collect system and active account environment variables on the remote Windows host and
generate a report as a CSV attachment.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2016/07/19, Modified: 2018/05/16

Plugin Output

tcp/0

Environment variable information attached.

92365 - Microsoft Windows Hosts File

Synopsis

Nessus was able to collect the hosts file from the remote host.

Description

Nessus was able to collect the hosts file from the remote Windows host and report it as attachment.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2016/07/19, Modified: 2018/08/28

Plugin Output

tcp/0

Windows hosts file attached.

MD5: 3688374325b992def12793500307566d
SHA-1: 4bed0823746a2a8577ab08ac8711b79770e48274

192.168.100.4 880
20811 - Microsoft Windows Installed Software Enumeration (credentialed check)

Synopsis

It is possible to enumerate installed software.

Description

This plugin lists software potentially installed on the remote host by crawling the registry entries in :

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall HKLM\SOFTWARE\Microsoft\Updates

Note that these entries do not necessarily mean the applications are actually installed on the remote host - they
may have been left behind by uninstallers, or the associated files may have been manually removed.

Solution

Remove any applications that are not compliant with your organization's acceptable use and security policies.

Risk Factor

None

Plugin Information

Published: 2006/01/26, Modified: 2013/07/25

Plugin Output

tcp/445

The following software are installed on the remote host :

Google Chrome [version 76.0.3809.132] [installed on 2019/08/27]

KMSpico v9.1.2.20131210 (RC) [version 9.1.2.20131209] [installed on 2015/07/22]
TAP-Windows 9.9.2 [version 9.9.2]
TeamViewer 14 [version 14.5.5819]
WinPcap 4.1.3 [version 4.1.0.2980]
WinRAR 5.11 (64-bit) [version 5.11.0]
Wireshark 2.2.5 (64-bit) [version 2.2.5]
System Center Core Monitoring Agent Management for SCOM 2012R2 [version 1.0.0.0] [installed on
2017/12/27]
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40649 [version 12.0.40649] [installed on
2017/03/28]
Java(TM) 6 Update 45 [version 6.0.450] [installed on 2019/04/08]
PuTTY release 0.70 (64-bit) [version 0.70.0.0] [installed on 2018/11/19]
Java Auto Updater [version 2.0.7.2] [installed on 2019/04/08]
Microsoft Web Platform Installer 5.0 [version 5.0.50430.0] [installed on 2015/10/27]
System Center Management Pack-Windows Server OS (ESN) [version 1.0.0.0] [installed on 2017/12/27]
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 [version 12.0.40649.5]
Google Update Helper [version 1.3.34.11] [installed on 2019/05/14]
Cisco ASDM-IDM Launcher [version 1.5.50] [installed on 2019/06/25]
Classic Shell [version 4.1.0] [installed on 2015/07/22]
HP Smart Storage Administrator [version 2.20.11.0] [installed on 2015/07/23]
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40649 [version 12.0.40649] [installed on
2017/03/28]

192.168.100.4 88
Microsoft ODBC Driver 11 for SQL Server [version 11.0.2270.0] [installed on 2015/10/27]
M.dulo URL Rewrite 2 de IIS [version 7.2.2] [installed on 2015/10/27]
Oracle VM VirtualBox 5.0.4 [version 5.0.4] [installed on 2015/09/17]
92366 - Microsoft Windows Last Boot Time

Description

The remote host listens on tcp port 445 and replies to SMB requests.

By sending an NTLMSSP authentication request it is possible to obtain the name of the remote system and the
name of its domain.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2009/11/06, Modified: 2011/03/27

Plugin Output

tcp/445

The following 2 NetBIOS names have been gathered :

SERVIDORDOMINIO = Computer name

CLINICAISV = Workgroup / Domain name
92372 - Microsoft Windows NetBIOS over TCP/IP Info

Synopsis

Nessus was able to collect and report NBT information from the remote host.

Description

Nessus was able to collect details for NetBIOS over TCP/IP from the remote Windows host and generate a
report as a CSV attachment.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2016/07/19, Modified: 2019/08/20

Plugin Output

tcp/0

NBT information attached.

103871 - Microsoft Windows Network Adapters

Synopsis

Identifies the network adapters installed on the remote host.

Description

Using the supplied credentials, this plugin enumerates and reports the installed network adapters on the remote
Windows host.

Solution

Make sure that all of the installed network adapters agrees with your organization's acceptable use and security
policies.

Risk Factor

None

Plugin Information

Published: 2017/10/17, Modified: 2018/08/15

Plugin Output

tcp/445

Network Adapter Driver Description : Conexi.n de red Gigabit Intel(R) 82574L

Network Adapter Driver Version : 12.6.47.1

Network Adapter Driver Description : Conexi.n de red Gigabit Intel(R) 82574L

Network Adapter Driver Version : 12.6.47.1
92367 - Microsoft Windows PowerShell Execution Policy

Synopsis

Nessus was able to collect and report the PowerShell execution policy for the remote host.

Description

Nessus was able to collect and report the PowerShell execution policy for the remote Windows host.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2016/07/19, Modified: 2018/10/25

Plugin Output

tcp/0

HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy : RemoteSigned
HKLM\SOFTWARE\Wow6432Node\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy :
RemoteSigned
70329 - Microsoft Windows Process Information

Synopsis

Use WMI to obtain running process information.

Description

Report details on the running processes on the machine.

This plugin is informative only and could be used for forensic investigation, malware detection, and to confirm
that your system processes conform to your system policies.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2013/10/08, Modified: 2019/08/20

Plugin Output

tcp/0

Process Overview :
SID: Process (PID)
0 : System Idle Process (0)
2 : explorer.exe (1420)
2 : |- ClassicStartMenu.exe (4036)
1 : explorer.exe (2564)
1 : |- ClassicStartMenu.exe (2144)
1 : |- mmc.exe (4616)
1 : |- powershell.exe (4888)
1 : |- conhost.exe (1296)
1 : |- ServerManager.exe (6352)
1 : |- dsac.exe (6668)
0 : csrss.exe (368)
1 : jusched.exe (3844)
1 : |- jucheck.exe (3876)
0 : System (4)
2 : jusched.exe (4004)
2 : |- jucheck.exe (5836)
4 : csrss.exe (4152)
2 : ServerManager.exe (4268)
2 : |- mmc.exe (2560)
1 : csrss.exe (432)
0 : wininit.exe (440)
0 : |- services.exe (536)
0 : |- svchost.exe (1000)
0 : |- svchost.exe (1008)
0 : |- dfssvc.exe (1168)
0 : |- spoolsv.exe (1364)

192.168.100.4 89
70331 - Microsoft Windows Process Module Information

Synopsis

Use WMI to obtain running process module information.

It is possible to obtain the names of processes listening on the remote UDP and TCP ports.

Description

This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/23, Modified: 2019/08/20

Plugin Output

tcp/80

The Win32 process 'System' is listening on this port (pid 4).

This process 'System' (pid 4) is hosting the following Windows services :

N/D
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)

Synopsis

It is possible to obtain the names of processes listening on the remote UDP and TCP ports.

Description

This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/23, Modified: 2019/08/20

Plugin Output

tcp/88

The Win32 process 'lsass.exe' is listening on this port (pid 544).

This process 'lsass.exe' (pid 544) is hosting the following Windows services :
Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1)
KeyIso (@keyiso.dll,-100)
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)

Synopsis

It is possible to obtain the names of processes listening on the remote UDP and TCP ports.

Description

This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/23, Modified: 2019/08/20

Plugin Output

udp/88

This process 'System' (pid 4) is hosting the following Windows services :

N/D
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)

This process 'svchost.exe' (pid 888) is hosting the following Windows services :
Appinfo (@%systemroot%\system32\appinfo.dll,-100)
BITS (@%SystemRoot%\system32\qmgr.dll,-1000)
CertPropSvc (@%SystemRoot%\System32\certprop.dll,-11)
gpsvc (@gpapi.dll,-112)
IAS (@%SystemRoot%\system32\ias.dll,-1000)
IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501)
iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500)
LanmanServer (@%systemroot%\system32\srvsvc.dll,-100)
ProfSvc (@%systemroot%\system32\profsvc.dll,-300)
Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
SENS (@%SystemRoot%\system32\Sens.dll,-200)
SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026)
ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288)
Themes (@%SystemRoot%\System32\themeservice.dll,-8192)
Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205)
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)

192.168.100.4 910
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)

Synopsis

It is possible to obtain the names of processes listening on the remote UDP and TCP ports.

Description

This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/23, Modified: 2019/08/20

Plugin Output

udp/1646

The Win32 process 'svchost.exe' is listening on this port (pid 888).

192.168.100.4 91
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)

This process 'svchost.exe' (pid 1552) is hosting the following Windows services :
DHCPServer (@%SystemRoot%\system32\dhcpssvc.dll,-200)
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)

This process 'svchost.exe' (pid 3304) is hosting the following Windows services :
TermService (@%SystemRoot%\System32\termsrv.dll,-268)
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)

Synopsis

It is possible to obtain the names of processes listening on the remote UDP and TCP ports.

Description

This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/23, Modified: 2019/08/20

Plugin Output

udp/3389

The Win32 process 'svchost.exe' is listening on this port (pid 3304).

This process 'svchost.exe' (pid 3304) is hosting the following Windows services :
TermService (@%SystemRoot%\System32\termsrv.dll,-268)
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)

Synopsis

It is possible to obtain the names of processes listening on the remote UDP and TCP ports.

Description

This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/23, Modified: 2019/08/20

Plugin Output

udp/4500

The Win32 process 'svchost.exe' is listening on this port (pid 888).

Synopsis

It is possible to obtain the names of processes listening on the remote UDP and TCP ports.

Description

This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/23, Modified: 2019/08/20

Plugin Output

udp/5353

The Win32 process 'TeamViewer_Service.exe' is listening on this port (pid 6368).

This process 'TeamViewer_Service.exe' (pid 6368) is hosting the following Windows services :
TeamViewer (TeamViewer 14)

192.168.100.4 920
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)

Synopsis

It is possible to obtain the names of processes listening on the remote UDP and TCP ports.

Description

This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/23, Modified: 2019/08/20

Plugin Output

udp/5355

The Win32 process 'svchost.exe' is listening on this port (pid 1008).

This process 'svchost.exe' (pid 1008) is hosting the following Windows services :
CryptSvc (@%SystemRoot%\system32\cryptsvc.dll,-1001)
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)
LanmanWorkstation (@%systemroot%\system32\wkssvc.dll,-100)
NlaSvc (@%SystemRoot%\System32\nlasvc.dll,-1)
WinRM (@%Systemroot%\system32\wsmsvc.dll,-101)

192.168.100.4 92
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)

Synopsis

It is possible to obtain the names of processes listening on the remote UDP and TCP ports.

Description

This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/23, Modified: 2019/08/20

Plugin Output

Plugin Output

tcp/9389

The Win32 process 'Microsoft.ActiveDirectory.WebServices.exe' is listening on this port (pid 1388).

This process 'Microsoft.ActiveDirectory.WebServices.exe' (pid 1388) is hosting the following Windows

services :
ADWS (@%SystemRoot%\ADWS\adwsres.dll,-1)
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)

Synopsis

It is possible to obtain the names of processes listening on the remote UDP and TCP ports.

Description

This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/23, Modified: 2019/08/20

Plugin Output

Plugin Output

tcp/49154

This process 'javaw.exe' (pid 6484) is hosting the following Windows services :
N/D

192.168.100.4 940
126527 - Microsoft Windows SAM user enumeration

Synopsis

Nessus was able to enumerate domain users from the local SAM.

Description

Using the domain security identifier (SID), Nessus was able to enumerate the domain users on the remote
Windows system using the Security Accounts Manager.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2019/07/08, Modified: 2019/07/24

Plugin Output

tcp/0

- acarre.o (id 1394, Andrea Carre.o)

- adiaz.isv (id 1196, Andres Diaz)
- Administrador (id 500, Cuenta integrada para la administraci.n del equipo o dominio,
Administrator account)
- agallardo (id 1547, Alvaro Gallardo)
- ageneral (id 1524, Admision General)
- asilva (id 1249, Andres Silva)
- atrincado.isv (id 1238, Arturo Trincado)
- bsalgado (id 1166, Bernarda Salgado)
- bsancristobal (id 1330, B.rbara San Cristobal)
- calamos (id 1348, Carla Alamos)
- ccarmona (id 1147, Camila Carmona)
- cchalmers (id 1555, Cinthia Chalmers)
- ccientifico (id 1318, Comite Cientifico)
- cdiaz (id 1177, Catherine Diaz)
- central (id 1384, Operadora Central)
- cfernandez.isv (id 1342, Claudio Fern.ndez)
- cfigueroa (id 1178, Carolina Figueroa)
- cgonzalez (id 1481, Carla Gonzalez)
- cmillar.isv (id 1226, Claudio Millar)
- cminoletti.isv (id 1227, Carlos Minoletti)
- consulta1 (id 1484, consulta1)
- consulta2 (id 1485, consulta2)
- consulta3 (id 1478, consulta3)
- consulta4 (id 1483, consulta4)
- consulta5 (id 1496, consulta5)
- consulta6 (id 1470, Consulta6)
- consulta7 (id 1486, consulta7)
- consulta8 (id 1556, Consulta 8)
- cquiroz (id 1125, Carol Quiroz)

192.168.100.4 94
- cramos (id 1165, Carrie Ramos)
- crivas (id 1512, Cynthia Rivas)
- crobles (id 1189, Cynthia Robles)
- cromero (id 1120, Claudio Romero)
- csoto (id 1518, Carlos Soto)
- cumana (id 1122, Claudia Umana)
- cvenezian.isv (id 1240, Claudia Venezian)
- daros (id 1532, Daniela Aros)
- dbarrera (id 1146, Dayan Barrera)
- despinoza (id 1140, Danilo Espinoza)
- dleighton (id 1323, Daniela Leighton Contreras)
- ealvarez.isv (id 1206, Eugenio Alvarez)
- ehettich.isv (id 1219, Eliana Hettich)
- ekeller.isv (id 1222, Eva Keller)
- esterilizacion (id 1276, Esterilizacion ClinicaISV)
- fborja.isv (id 1208, Fernando Borja)
- fcofre (id 1118, Fernando Cofre)
- fflores (id 1126, Francisco Flores)
- fguerra (id 1451, Fernanda S. Guerra Elgueta)
- fortega (id 1128, Alvaro Orellana)
- freyes (id 1 [...]
17651 - Microsoft Windows SMB : Obtains the Password Policy

Synopsis

It is possible to retrieve the remote host's password policy using the supplied credentials.

Description

Using the supplied credentials it was possible to extract the password policy for the remote Windows host. The
password policy must conform to the Informational System Policy.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2005/03/30, Modified: 2015/01/12

Plugin Output

tcp/445

The following password policy is defined on the remote host:

Minimum password len: 0

Password history len: 5
Maximum password age (d): 60
Password must meet complexity requirements: Disabled
Minimum password age (d): 30
Forced logoff time (s): Not set
Locked account time (s): 900
Time between failed logon (s): 900
Number of invalid logon before locked out (s): 0
38689 - Microsoft Windows SMB Last Logged On User Disclosure

Synopsis

Nessus was able to identify the last logged on user on the remote host.

Description

By connecting to the remote host with the supplied credentials, Nessus was able to identify the username
associated with the last successful logon.

Microsoft documentation notes that interactive console logons change the DefaultUserName registry entry to be
the last logged-on user.

See Also

http://www.nessus.org/u?a29751b5

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2009/05/05, Modified: 2019/09/02

Plugin Output

tcp/445

Last Successful logon : CLINICAISV.CL\Administrador

10394 - Microsoft Windows SMB Log In Possible

Synopsis

It was possible to log into the remote host.

Description

The remote host is running a Microsoft Windows operating system or Samba, a CIFS/SMB server for Unix. It
was possible to log into it using one of the following accounts :

- NULL session
- Guest account
- Supplied credentials

See Also

https://support.microsoft.com/en-us/help/143474/restricting-information-available-to-anonymous-logon-users
https://support.microsoft.com/en-us/help/246261

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2000/05/09, Modified: 2018/11/15

Plugin Output

tcp/445

- NULL sessions are enabled on the remote host.

- The SMB tests will be done as CLINICAISV.CL\Administrador/******
10859 - Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration

Synopsis

It is possible to obtain the host SID for the remote host.

Description

By emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the host SID (Security Identifier).

The host SID can then be used to get the list of local users.

See Also

http://technet.microsoft.com/en-us/library/bb418944.aspx

Solution

You can prevent anonymous lookups of the host SID by setting the 'RestrictAnonymous' registry setting to an
appropriate value.

Refer to the 'See also' section for guidance.

Risk Factor

None

References

BID 959
CVE CVE-2000-1200

Plugin Information

Published: 2002/02/13, Modified: 2018/08/13

Plugin Output

tcp/445

The remote host SID value is :

1-5-21-1586170146-605884322-2766078902

The value of 'RestrictAnonymous' setting is : 0

10785 - Microsoft Windows SMB NativeLanManager Remote System Information Disclosure

Synopsis

It was possible to obtain information about the remote operating system.

Description

Nessus was able to obtain the remote operating system name and version (Windows and/or Samba) by sending
an authentication request to port 139 or 445. Note that this plugin requires SMB1 to be enabled on the host.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2001/10/17, Modified: 2017/11/30

Plugin Output

tcp/445

The remote Operating System is : Windows Server 2012 R2 Standard 9600

The remote native LAN manager is : Windows Server 2012 R2 Standard 6.3
The remote SMB Domain Name is : CLINICAISV
48942 - Microsoft Windows SMB Registry : OS Version and Processor Architecture

Synopsis

It was possible to determine the processor architecture, build lab strings, and Windows OS version installed on
the remote system.

Description

Nessus was able to determine the processor architecture, build lab strings, and the Windows OS version
installed on the remote system by connecting to the remote registry with the supplied credentials.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2010/08/31, Modified: 2018/03/09

Plugin Output

tcp/445

Operating system version = 6.3.9600

Architecture = x64
Build lab extended = 9600.16452.amd64fre.winblue_gdr.131030-1505
10413 - Microsoft Windows SMB Registry : Remote PDC/BDC Detection

Synopsis

The remote system is a Domain Controller.

Description

The remote host seems to be a Primary Domain Controller or a Backup Domain Controller.

This can be verified by the value of the registry key 'ProductType'

under 'HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions'.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2000/05/20, Modified: 2015/01/12

Plugin Output

tcp/445
11457 - Microsoft Windows SMB Registry : Winlogon Cached Password Weakness

Synopsis

User credentials are stored in memory.

Description

The registry key 'HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ Winlogon\CachedLogonsCount' is not

0. Using a value greater than 0 for the CachedLogonsCount key indicates that the remote Windows host locally
caches the passwords of the users when they login, in order to continue to allow the users to login in the case of
the failure of the primary domain controller (PDC).

Cached logon credentials could be accessed by an attacker and subjected to brute force attacks.

See Also

http://www.nessus.org/u?184d3eab
http://www.nessus.org/u?fe16cea8
https://technet.microsoft.com/en-us/library/cc957390.aspx

Solution

Consult Microsoft documentation and best practices.

Risk Factor

None

Plugin Information

Published: 2003/03/24, Modified: 2018/06/05

Plugin Output

tcp/445

Max cached logons : 10

192.168.100.4 950
10400 - Microsoft Windows SMB Registry Remotely Accessible

Synopsis

Access the remote Windows Registry.

Description

It was possible to access the remote Windows Registry using the login / password combination used for the
Windows local checks (SMB tests).

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2000/05/09, Modified: 2018/10/02

Plugin Output

tcp/445

192.168.100.4 95
44401 - Microsoft Windows SMB Service Config Enumeration

Synopsis

It was possible to enumerate configuration parameters of remote services.

Description

Nessus was able to obtain, via the SMB protocol, the launch parameters of each active service on the remote
host (executable path, logon type, etc.).

Solution

Ensure that each service is configured properly.

Risk Factor

None

Plugin Information

Published: 2010/02/05, Modified: 2018/10/22

Plugin Output

tcp/445

The following services are set to start automatically :

ADWS startup parameters :

Display name : Servicios web de Active Directory
Service name : ADWS
Log on as : LocalSystem
Executable path : C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe

AppHostSvc startup parameters :

Display name : Servicio auxiliar de host para aplicaciones
Service name : AppHostSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k apphost

BFE startup parameters :

Display name : Motor de filtrado de base
Service name : BFE
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Dependencies : RpcSs/WfpLwfs/

BrokerInfrastructure startup parameters :

Display name : Servicio de infraestructura de tareas en segundo plano
Service name : BrokerInfrastructure
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch
Dependencies : RpcEptMapper/DcomLaunch/RpcSs/

CertSvc startup parameters :

Display name : Servicios de certificados de Active Directory
Service name : CertSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\certsrv.exe

CryptSvc startup parameters :

Display name : Servicios de cifrado
Service name : CryptSvc
Log on as : NT Authority\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkService
Dependencies : RpcSs/

DFSR startup parameters :

Display name : Replicaci.n DFS
Service name : DFSR
Log on as : LocalSystem
Executable path : C:\Windows\system32\DFSRs.exe
Dependencies : RpcSs/EventSystem/NTDS/

DHCPServer startup parameters :

Display name : Servidor DHCP
Service name : DHCPServer
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k DHCPServer
Dependencies : RpcSs/Tcpip/SamSs/EventLog/EventSystem/

DNS startup parameters :

Display name : Servidor DNS
Service [...]
11011 - Microsoft Windows SMB Service Detection

Synopsis

A file / print sharing service is listening on the remote host.

Description

The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB)
protocol, used to provide shared access to files, printers, etc between nodes on a network.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2002/06/05, Modified: 2015/06/02

Plugin Output

tcp/445

A CIFS server is running on this port.

10456 - Microsoft Windows SMB Service Enumeration

Synopsis

It is possible to enumerate remote services.

Description

This plugin implements the SvcOpenSCManager() and SvcEnumServices() calls to obtain, using the SMB
protocol, the list of active and inactive services of the remote host.

An attacker may use this feature to gain better knowledge of the remote host.

Solution

To prevent the listing of the services from being obtained, you should either have tight login restrictions, so that
only trusted users can access your host, and/or you should filter incoming traffic to this port.

Risk Factor

None

Plugin Information

Published: 2000/07/03, Modified: 2015/01/12

Plugin Output

tcp/445

Active Services :

Servicios web de Active Directory [ ADWS ]

Servicio auxiliar de host para aplicaciones [ AppHostSvc ]
Informaci.n de la aplicaci.n [ Appinfo ]
Motor de filtrado de base [ BFE ]
Servicio de transferencia inteligente en segundo plano (BITS) [ BITS ]
Servicio de infraestructura de tareas en segundo plano [ BrokerInfrastructure ]
Propagaci.n de certificados [ CertPropSvc ]
Servicios de certificados de Active Directory [ CertSvc ]
Servicios de cifrado [ CryptSvc ]
Iniciador de procesos de servidor DCOM [ DcomLaunch ]
Espacio de nombres DFS [ Dfs ]
Replicaci.n DFS [ DFSR ]
Cliente DHCP [ Dhcp ]
Servidor DHCP [ DHCPServer ]
Servidor DNS [ DNS ]
Cliente DNS [ Dnscache ]
Servicio de directivas de diagn.stico [ DPS ]
DameWare Mini Remote Control [ dwmrcs ]
Registro de eventos de Windows [ EventLog ]
Sistema de eventos COM+ [ EventSystem ]
Servicio de cach. de fuentes de Windows [ FontCache ]
Cliente de directiva de grupo [ gpsvc ]
Servidor de directivas de redes [ IAS ]
M.dulos de creaci.n de claves de IPsec para IKE y AuthIP [ IKEEXT ]
Aplicaci.n auxiliar IP [ iphlpsvc ]
Mensajer.a entre sitios [ IsmServ ]
Centro de distribuci.n de claves Kerberos [ Kdc ]
Aislamiento de claves CNG [ KeyIso ]
Servidor [ LanmanServer ]
Estaci.n de trabajo [ LanmanWorkstation ]
Aplicaci.n auxiliar de NetBIOS sobre TCP/IP [ lmhosts ]
Administrador de sesi.n local [ LSM ]
Firewall de Windows [ MpsSvc ]
Coordinador de transacciones distribuidas [ MSDTC ]
Net Logon [ Netlogon ]
Conexiones de red [ Netman ]
Servicio de lista de redes [ netprofm ]
Reconoc. ubicaci.n de red [ NlaSvc ]
Servicio Interfaz de almacenamiento en red [ nsi ]
Servicios de dominio de Active Directory [ NTDS ]
Registros y alertas de rendimiento [ pla ]
Plug and Play [ PlugPlay ]
Agente de directiva IPsec [ PolicyAgent ]
Energ.a [ Power ]
Servicio de perfil de usuario [ ProfSvc ]
Registro remoto [ RemoteRegistry ]
Asignador de extremos de RPC [ RpcEptMapper ]
Llamada a procedimiento remoto (RPC) [ RpcSs ]
Admi [...]
92373 - Microsoft Windows SMB Sessions

Synopsis

Nessus was able to collect and report SMB session information from the remote host.

Description

Nessus was able to collect details of SMB sessions from the remote Windows host and generate a report as a
CSV attachment.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2016/07/19, Modified: 2019/08/20

Plugin Output

tcp/0

OPERADORA4$
CONSULTA5$
medicosisv
rperez
acarre.o
mrodriguez
PC-MCUBILLOS$

Extended SMB session information attached.

60119 - Microsoft Windows SMB Share Permissions Enumeration

Synopsis

It was possible to enumerate the permissions of remote network shares.

Description

By using the supplied credentials, Nessus was able to enumerate the permissions of network shares. User
permissions are enumerated for each network share that has a list of access control entries (ACEs).

See Also

https://technet.microsoft.com/en-us/library/bb456988.aspx
https://technet.microsoft.com/en-us/library/cc783530.aspx

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2012/07/25, Modified: 2019/07/16

Plugin Output

tcp/445

Share path : \\SERVIDORDOMINIO\NETLOGON

Local path : C:\Windows\SYSVOL\sysvol\CLINICAISV.CL\SCRIPTS
Comment : Recurso compartido del servidor de inicio de sesi.n
[*] Allow ACE for Todos: 0x001200a9
FILE_GENERIC_READ: YES
FILE_GENERIC_WRITE: NO
FILE_GENERIC_EXECUTE: YES
[*] Allow ACE for BUILTIN\Administradores: 0x001f01ff
FILE_GENERIC_READ: YES
FILE_GENERIC_WRITE: YES
FILE_GENERIC_EXECUTE: YES

Share path : \\SERVIDORDOMINIO\respaldo-elastix

Local path : F:\respaldo-elastix
[*] Allow ACE for BUILTIN\Administradores: 0x001f01ff
FILE_GENERIC_READ: YES
FILE_GENERIC_WRITE: YES
FILE_GENERIC_EXECUTE: YES
[*] Allow ACE for Todos: 0x001f01ff
FILE_GENERIC_READ: YES
FILE_GENERIC_WRITE: YES
FILE_GENERIC_EXECUTE: YES

Share path : \\SERVIDORDOMINIO\SYSVOL Local path : C:\Windows\SYSVOL\sysvol

Comment : Recurso compartido del servidor de inicio de sesi.n [*] Allow ACE for Todos: 0x001200a9
FILE_GENERIC_READ:YES
FILE_GENERIC_WRITE:NO FILE_GENERIC_EXECUTE:YES
[*] Allow ACE for BUILTIN\Administradores: 0x001f01ff FILE_GENERIC_READ:YES
FILE_GENERIC_WRITE:YES FILE_GENERIC_EXECUTE:YES
[*] Allow ACE for NT AUTHORITY\Usuarios autentificados: 0x001f01ff FILE_GENERIC_READ:YES
FILE_GENERIC_WRITE:YES FILE_GENERIC_EXECUTE:YES

Share path : \\SERVIDORDOMINIO\Wallpaper Local path : D:\Wallpaper

[*] Allow ACE for BUILTIN\Administradores: 0x001f01ff FILE_GENERIC_READ:YES
FILE_GENERIC_WRITE:YES FILE_GENERIC_EXECUTE:YES
[*] Allow ACE for Todos: 0x001f01ff FILE_GENERIC_READ:YES
FILE_GENERIC_WRITE:YES FILE_GENERIC_EXECUTE:YES
10396 - Microsoft Windows SMB Shares Access

Synopsis

It is possible to access a network share.

Description

The remote has one or more Windows shares that can be accessed through the network with the given
credentials.

Depending on the share rights, it may allow an attacker to read / write confidential data.

Solution

To restrict access under Windows, open Explorer, do a right click on each share, go to the 'sharing' tab, and click
on 'permissions'.

Risk Factor

None

References

CVE CVE-1999-0519
CVE CVE-1999-0520

Plugin Information

Published: 2000/05/09, Modified: 2019/07/16

Plugin Output

tcp/445

The following shares can be accessed as Administrador :

- ADMIN$ - (readable,writable)
+ Content of this share :
..
ADFS
ADWS
AppCompat
apppatch
AppReadiness
assembly
bfsvc.exe
Boot
bootstat.dat
Branding
CbsTemp
certenroll.log
certocm.log

192.168.100.4 960
Cursors
debug
DesktopTileResources
diagnostics
DigitalLocker
Downloaded Program Files
drivers
DtcInstall.log
dwrcs
ELAMBKUP
en-US
es-ES
explorer.exe
Fonts
Globalization
Help
HelpPane.exe
hh.exe
iis.log
IME
ImmersiveControlPanel
Inf
InputMethod
Installer
L2Schemas
LiveKernelReports
Logs
media
mib.bin
Microsoft.NET
ModemLogs
NTDS
Offline Web Pages
Panther
PFRO.log
PLA
PolicyDefinitions
Provisioning
regedit.exe
Registration
RemotePackages
rescache
Resources
SchCache
schemas
security
ServerStandard.xml
ServerWeb.xml
ServiceProfiles
servicing
Setup
setupact.log
setuperr.log
SoftwareDistribution
Speech
splwow64.exe
System
system.ini
System32
SystemResources
SYSVOL
SysWOW64
TAPI
Tasks
Temp
ToastData
tracing
vmgcoinstall.log
Vss
Web

192.168.100.4 96
win.ini
WindowsShell.Manifest
WindowsUpdate.log
winhlp32.exe
WinSxS
wlansvc
write.exe

- C$ - (readable,writable)
+ Content of this share :
Archivos de programa
bootmgr
BOOTNXT
cpqsystem
Documents and Settings
inetpub
pagefile.sys
PerfLogs
Program Files
Program Files (x86)
ProgramData
System Volume Information
Users
Windows

- D$ - (readable,writable)
+ Content of this share :
Wallpaper

- F$ - (readable,writable)
+ Content of this share :
respaldo-elastix

- Wallpaper - (readable,writable)
+ Content of this share :
..
Icono agenda web.ico
ISV.jpg
ISV2.jpg
ISV3.jpg
ISV4.jpg
Oregon.jpg
Thumbs.db

- SYSVOL - (readable,writable)
+ Content of this share :
..
CLINICAISV.CL

- respaldo-elastix - (readable,writable)
+ Content of this share :
..
01-09-2015
02-09-2015
17-09-2015
28-08-2015
31-08-2015

- NETLOGON - (readable,writable)
+ Content of this share :
..
10395 - Microsoft Windows SMB Shares Enumeration

Synopsis

It is possible to enumerate remote network shares.

Description

By connecting to the remote host, Nessus was able to enumerate the network share names.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2000/05/09, Modified: 2018/05/16

Plugin Output

tcp/445

Here are the SMB shares available on the remote host when logged in as Administrador:

- ADMIN$
- C$
- D$
- F$
- IPC$
- NETLOGON
- respaldo-elastix
- SYSVOL
- Wallpaper
100871 - Microsoft Windows SMB Versions Supported (remote check)

Synopsis

It was possible to obtain information about the version of SMB running on the remote host.

Description

Nessus was able to obtain the version of SMB running on the remote host by sending an authentication request
to port 139 or 445.

Note that this plugin is a remote check and does not work on agents.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2017/06/19, Modified: 2017/06/19

Plugin Output

tcp/445

The remote host supports the following versions of SMB :

SMBv1
SMBv2
106716 - Microsoft Windows SMB2 Dialects Supported (remote check)

Synopsis

It was possible to obtain information about the dialects of SMB2 available on the remote host.

Description

Nessus was able to obtain the set of SMB2 dialects running on the remote host by sending an authentication
request to port 139 or 445.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2018/02/09, Modified: 2018/09/12

Plugin Output

tcp/445

The remote host supports the following SMB dialects :

_version_ _introduced in windows version_
2.0.2 Windows 2008
2.1 Windows 7
3.0 Windows 8
3.0.2 Windows 8.1

The remote host does NOT support the following SMB dialects :
_version_ _introduced in windows version_
2.2.2 Windows 8 Beta
2.2.4 Windows 8 Beta
3.1 Windows 10
3.1.1 Windows 10
92368 - Microsoft Windows Scripting Host Settings

Synopsis

Nessus was able to collect and report the Windows scripting host settings from the remote host.

Description

Nessus was able to collect system and user level Windows scripting host settings from the remote Windows host
and generate a report as a CSV attachment.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2016/07/19, Modified: 2018/05/23

Plugin Output

tcp/0

HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\displaylogo : 1

HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\usewinsafer : 1
HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\silentterminate : 0
HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\activedebugging : 1
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\displaylogo : 1
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\usewinsafer : 1
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\silentterminate : 0
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\activedebugging : 1

Windows scripting host configuration attached.

58452 - Microsoft Windows Startup Software Enumeration

Synopsis

It is possible to enumerate startup software.

Description

This plugin lists software that is configured to run on system startup by crawling the registry entries in :

- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersi on\Run

Solution

Review the list of applications and remove any that are not compliant with your organization's acceptable use
and security policies.

Risk Factor

None

Plugin Information

Published: 2012/03/23, Modified: 2015/01/12

Plugin Output

tcp/445

The following startup item was found :

Classic Start Menu - C:\Program Files\Classic Shell\ClassicStartMenu.exe

SunJavaUpdateSched - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
38153 - Microsoft Windows Summary of Missing Patches

Synopsis

The remote host is missing several Microsoft security patches.

Description

This plugin summarizes updates for Microsoft Security Bulletins or Knowledge Base (KB) security updates that
have not been installed on the remote Windows host based on the results of either a credentialed check using
the supplied credentials or a check done using a supported third-party patch management tool.

Note the results of missing patches also include superseded patches.

Review the summary and apply any missing updates in order to be up to date.

Solution

Run Windows Update on the remote host or use a patch management solution.

Risk Factor

None

Plugin Information

Published: 2009/04/24, Modified: 2019/06/13

Plugin Output

tcp/445

The patches for the following bulletins or KBs are missing on the remote host :

- MS13-097 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-097 )
- MS14-010 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-010 )
- MS14-011 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-011 )
- MS14-012 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-012 )
- MS14-018 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-018 )
- MS14-021 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-021 )
- MS14-029 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-029 )
- MS14-030 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-030 )
- MS14-031 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-031 )
- MS14-033 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-033 )
- MS14-035 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-035 )
- MS14-036 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-036 )
- MS14-037 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-037 )
- MS14-039 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-039 )
- MS14-040 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-040 )
- MS14-047 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-047 )
- MS14-049 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-049 )
- MS14-053 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-053 )
- MS14-054 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-054 )
- MS14-057 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-057 )
- MS14-058 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-058 )
- MS14-060 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-060 )
- MS14-064 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-064 )
- MS14-066 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-066 )
- MS14-068 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-068 )
- MS14-071 ( http [...]
92369 - Microsoft Windows Time Zone Information

Synopsis

Nessus was able to collect and report time zone information from the remote host.

Description

Nesssus was able to collect time zone information from the remote Windows host and generate a report as a
CSV attachment.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2016/07/19, Modified: 2018/05/23

Plugin Output

tcp/0

HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\TimeZoneKeyName : Pacific SA Standard Time

HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardName : @tzres.dll,-92
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightName : @tzres.dll,-92
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DynamicDaylightTimeDisabled : 0x00000001
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardBias : 0x00000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightBias : 0x00000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\Bias : 0x000000F0
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\ActiveTimeBias : 0x000000F0
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightStart :
00000000000000000000000000000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardStart :
00000000000000000000000000000000

192.168.100.4 970
19506 - Nessus Scan Information

Synopsis

This plugin displays information about the Nessus scan.

Description

This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.

- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- Whether credentialed or third-party patch management checks are possible.
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2005/08/26, Modified: 2019/03/06

Plugin Output

tcp/0

Information about this scan :

Nessus version : 8.6.0

Plugin feed version : 201909070030
Scanner edition used : Nessus Home
Scan type : Normal
Scan policy used : Advanced Scan
Scanner IP : 192.168.30.36
Port scanner(s) : wmi_netstat
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1

192.168.100.4 97
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : yes, as 'CLINICAISV.CL\Administrador' via SMB
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 30
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2019/9/9 11:53 -03
Scan duration : 1280 sec
58651 - Netstat Active Connections

Synopsis

Active connections are enumerated via the 'netstat' command.

Description

This plugin runs 'netstat' on the remote machine to enumerate all active 'ESTABLISHED' or 'LISTENING' tcp/udp
connections.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2012/04/10, Modified: 2018/06/19

Plugin Output

tcp/0

Netstat output :

Conexiones activas

Proto Direcci.n local Direcci.n remota Estado PID

TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:88 0.0.0.0:0 LISTENING 544
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 740
TCP 0.0.0.0:389 0.0.0.0:0 LISTENING 544
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:464 0.0.0.0:0 LISTENING 544
TCP 0.0.0.0:593 0.0.0.0:0 LISTENING 740
TCP 0.0.0.0:636 0.0.0.0:0 LISTENING 544
TCP 0.0.0.0:3268 0.0.0.0:0 LISTENING 544
TCP 0.0.0.0:3269 0.0.0.0:0 LISTENING 544
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 3304
TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:6129 0.0.0.0:0 LISTENING 1588
TCP 0.0.0.0:9389 0.0.0.0:0 LISTENING 1388
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING 440
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING 864
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING 888
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING 544
TCP 0.0.0.0:49157 0.0.0.0:0 LISTENING 544
TCP 0.0.0.0:49158 0.0.0.0:0 LISTENING 544
TCP 0.0.0.0:49159 0.0.0.0:0 LISTENING 1364
TCP 0.0.0.0:49192 0.0.0.0:0 LISTENING 1568
TCP 0.0.0.0:55289 0.0.0.0:0 LISTENING 3344
TCP 0.0.0.0:55292 0.0.0.0:0 LISTENING 1440
TCP 0.0.0.0:55304 0.0.0.0:0 LI [...]
64582 - Netstat Connection Information

Synopsis

Nessus was able to parse the results of the 'netstat' command on the remote host.

Description

The remote host has listening ports or established connections that Nessus was able to extract from the results
of the 'netstat' command.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2013/02/13, Modified: 2018/05/16

Plugin Output

tcp/0

tcp4 (listen)
src: [host=0.0.0.0, port=80]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=88]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=135]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=389]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=445]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=464]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=593]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=636]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=3268]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=3269]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=3389]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=5985]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=6129]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=9389]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=47001]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49152]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49153]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49154]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49155]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49157]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49158]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49159]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49192]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=55289]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=55292]
dst: [host=0.0.0.0, port=0]
tcp4 (listen)
src: [host=0.0.0.0, port=55304]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src [...]
34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

tcp/0

Note that 2503 UDP ports belonging to DNS.exe have been ignored.
34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

tcp/53

Port 53/tcp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

udp/53

Port 53/udp was found to be open

192.168.100.4 980
34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

udp/67

Port 67/udp was found to be open

192.168.100.4 98
34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

udp/68

Port 68/udp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

tcp/80

Port 80/tcp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

tcp/88

Port 88/tcp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

udp/88

Port 88/udp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

udp/123

Port 123/udp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

tcp/135

Port 135/tcp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

tcp/389

Port 389/tcp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

udp/389

Port 389/udp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

tcp/445

Port 445/tcp was found to be open

192.168.100.4 990
34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

tcp/464

Port 464/tcp was found to be open

192.168.100.4 991
34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

udp/464

Port 464/udp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

udp/500

Port 500/udp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

tcp/593

Port 593/tcp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

tcp/636

Port 636/tcp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

udp/1645

Port 1645/udp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

udp/1646

Port 1646/udp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

udp/1812

Port 1812/udp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

udp/1813

Port 1813/udp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

udp/2535

Port 2535/udp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

tcp/3268

Port 3268/tcp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

tcp/3269

Port 3269/tcp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

tcp/3389

Port 3389/tcp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

udp/3389

Port 3389/udp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

udp/4500

Port 4500/udp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

udp/5353

Port 5353/udp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

udp/5355

Port 5355/udp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

tcp/5985

Port 5985/tcp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

tcp/6129

Port 6129/tcp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

udp/6129

Port 6129/udp was found to be open

192.168.100.4 1010
34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

tcp/9389

Port 9389/tcp was found to be open

192.168.100.4 101
34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

tcp/47001

Port 47001/tcp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

tcp/49152

Port 49152/tcp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

tcp/49153

Port 49153/tcp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

tcp/49154

Port 49154/tcp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

tcp/49155

Port 49155/tcp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

tcp/49157

Port 49157/tcp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

tcp/49158

Port 49158/tcp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

tcp/49159

Port 49159/tcp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

tcp/55289

Port 55289/tcp was found to be open

192.168.100.4 1020
34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

tcp/55292

Port 55292/tcp was found to be open

192.168.100.4 102
34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

tcp/55304

Port 55304/tcp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

tcp/55402

Port 55402/tcp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

udp/60595

Port 60595/udp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

tcp/64933

Port 64933/tcp was found to be open

34220 - Netstat Portscanner (WMI)

Synopsis

Remote open ports can be enumerated via WMI.

Description

Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See Also

https://en.wikipedia.org/wiki/Netstat

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/16, Modified: 2019/08/20

Plugin Output

tcp/65291

Port 65291/tcp was found to be open

24272 - Network Interfaces Enumeration (WMI)

Synopsis

Nessus was able to obtain the list of network interfaces on the remote host.

Description

Nessus was able, via WMI queries, to extract a list of network interfaces on the remote host and the IP
addresses attached to them.
Note that this plugin only enumerates IPv6 addresses for systems running Windows Vista or later.

See Also

http://www.nessus.org/u?b362cab2

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2007/02/03, Modified: 2019/08/20

Plugin Output

tcp/0

+ Network Interface Information :

- Network Interface = [00000010] Conexi.n de red Gigabit Intel(R) 82574L

- MAC Address = E8:39:35:E9:A7:5D
- IPAddress/IPSubnet = 192.168.100.4/255.255.255.0
- IPAddress/IPSubnet = 10.0.0.100/255.0.0.0
- IPAddress/IPSubnet = fe80::89c6:ccea:dc16:24f7/64

+ Network Interface Information :

- Network Interface = [00000013] VirtualBox Host-Only Ethernet Adapter

- MAC Address = 0A:00:27:00:00:00
- IPAddress/IPSubnet = 192.168.56.1/255.255.255.0
- IPAddress/IPSubnet = fe80::b948:320c:b089:32e4/64

+ Network Interface Information :

- Network Interface = [00000016] TAP-Windows Adapter V9

- MAC Address = 00:FF:75:9C:F1:29
- IPAddress/IPSubnet = 10.127.127.1/255.255.255.0
- IPAddress/IPSubnet = fe80::4151:9a06:6d6d:124b/64
+ Network Interface Information :

Network Interface = [00000011] Conexi.n de red Gigabit Intel(R) 82574L

MAC Address = E8:39:35:E9:A7:5C

+ Routing Information :
Destination Netmask Gateway
----------- ------- -------
0.0.0.0 0.0.0.0 192.168.100.1
10.0.0.0 255.0.0.0 0.0.0.0
10.0.0.100 255.255.255.255 0.0.0.0
10.127.127.0 255.255.255.0 0.0.0.0
10.127.127.1 255.255.255.255 0.0.0.0
10.127.127.255 255.255.255.255 0.0.0.0
10.255.255.255 255.255.255.255 0.0.0.0
127.0.0.0 255.0.0.0 0.0.0.0
127.0.0.1 255.255.255.255 0.0.0.0
127.255.255.255 255.255.255.255 0.0.0.0
192.168.56.0 255.255.255.0 0.0.0.0
192.168.56.1 255.255.255.255 0.0.0.0
192.168.56.255 255.255.255.255 0.0.0.0
192.168.100.0 255.255.255.0 0.0.0.0
192.168.100.4 255.255.255.255 0.0.0.0
192.168.100.255 255.255.255.255 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0. [...]
10884 - Network Time Protocol (NTP) Server Detection

Synopsis

An NTP server is listening on the remote host.

Description

An NTP server is listening on port 123. If not securely configured, it may provide information about its version,
current date, current time, and possibly system information.

See Also

http://www.ntp.org

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2015/03/20, Modified: 2018/05/07

Plugin Output

udp/123

An NTP service has been discovered, listening on port 123.

No sensitive information has been disclosed.

Version : unknown
11936 - OS Identification

Synopsis

It is possible to guess the remote operating system.

Description

Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the
name of the remote operating system in use. It is also possible sometimes to guess the version of the operating
system.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2003/12/09, Modified: 2019/09/04

Plugin Output

tcp/0

Remote operating system : Microsoft Windows Server 2012 R2 Standard

Confidence level : 100
Method : SMB_OS

Not all fingerprints could give a match. If you think some or all of
the following could be used to identify the host's operating system,
please email them to os-signatures@nessus.org. Be sure to include a
brief description of the host itself, such as the actual operating
system or product / model names.

NTP:!:unknown
HTTP:Server: Microsoft-IIS/8.5

SSLcert:!:i/CN:CLINICAISV-SERVIDORDOMINIO-CA-1
fddab2cffcaf5e1a55c3f9c3d9f9e4c4a9fef36d
i/CN:CLINICAISV-SERVIDORDOMINIO-CA-1
fddab2cffcaf5e1a55c3f9c3d9f9e4c4a9fef36d
i/CN:ServidorDominio.CLINICAISV.CLs/CN:ServidorDominio.CLINICAISV.CL
1f9e12c013519cf90ba9c6f42736cae078ed902b

The remote host is running Microsoft Windows Server 2012 R2 Standard

192.168.100.4 1030
92426 - OpenSaveMRU History

Synopsis

Nessus was able to enumerate opened and saved files on the remote host.

Description

Nessus was able to generate a report on files that were opened using the shell dialog box or saved using the
shell dialog box. This is the box that appears when you attempt to save a document or open a document in
Windows Explorer.

See Also

http://www.nessus.org/u?ac4dd3fb

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2016/07/19, Modified: 2018/05/23

Plugin Output

tcp/0

Open / Save report attached.

192.168.100.4 103
65743 - Oracle Java JRE Enabled (Internet Explorer)

Synopsis

The remote host has Oracle Java JRE enabled for Internet Explorer.

Description

Oracle Java JRE is enabled in Internet Explorer.

See Also

https://support.microsoft.com/en-us/help/2751647/how-to-disable-the-java-web-plug-in-in-internet-explorer

Solution

Apply Microsoft 'Fix it' 50994 unless Java is needed.

Risk Factor

None

Plugin Information

Published: 2013/03/29, Modified: 2018/11/15

Plugin Output

tcp/445

Java is enabled for the following ActiveX controls and SIDs :

ActiveX CLSIDs :
{8AD9C840-044E-11D1-B3E9-00805F499D93}
{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-0017-0001-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-0017-0002-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-0017-0003-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-0017-0004-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-0017-0005-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-0017-0006-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Note that this check may be incomplete as Nessus can only check the
SIDs of logged on users.
71462 - Oracle Java JRE Premier Support and Extended Support Version Detection

Synopsis

The remote host contains one or more versions of the Oracle Java JRE that require long-term support.

Description

According to its version, there is at least one install of Oracle (formerly Sun) Java JRE that is potentially under
either Premier Support or Extended Support.

Note that both support programs require vendor contracts. Premier Support provides upgrades and security fixes
for five years after the general availability (GA) date. Extended Support provides upgrades and security fixes for
three years after Premier Support ends.

See Also

http://www.oracle.com/technetwork/java/eol-135779.html
http://www.oracle.com/us/support/lifetime-support-068561.html
https://www.oracle.com/support/lifetime-support/

Solution

To continue receiving updates and security fixes, contact the vendor regarding Premier Support or Extended
Support contracts.

Risk Factor

None

Plugin Information

Published: 2013/12/16, Modified: 2018/11/15

Plugin Output

tcp/445

The following Java JRE installs are in Premier Support status :

Path Version : C:\Program Files (x86)\Java\jre6

: 1.6.0_45
port dates : 2013-02-01 (end of regular support) / 2015-12-01 (end of Premier Support) / 2018-12-01 (end of Extended Support)
65739 - Oracle Java JRE Universally Enabled

Synopsis

Oracle Java JRE has not been universally disabled on the remote host.

Description

Oracle Java JRE has not been universally disabled on the remote host via the Java control panel. Note that
while Java can be individually disabled for each browser, universally disabling Java prevents it from running for
all users and browsers.

See Also

https://www.java.com/en/download/help/disable_browser.xml

Solution

Disable Java universally unless it is needed.

Risk Factor

None

Plugin Information

Published: 2013/03/29, Modified: 2018/11/15

Plugin Output

tcp/445
33545 - Oracle Java Runtime Environment (JRE) Detection

Synopsis

There is a Java runtime environment installed on the remote Windows host.

Description

One or more instances of Oracle's (formerly Sun's) Java Runtime Environment (JRE) is installed on the remote
host. This may include private JREs bundled with the Java Development Kit (JDK).

- Additional instances of Java may be discovered if thorough tests are enabled.

See Also

https://www.oracle.com/technetwork/java/index.html

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/07/18, Modified: 2019/07/29

Plugin Output

tcp/445

Path : C:\Program Files (x86)\Java\jre6

Version : 1.6.0_45
40548 - Oracle VM VirtualBox Detection

Synopsis

A virtualization application is installed on the remote Windows host.

Description

Oracle VM VirtualBox, formerly Sun xVM VirtualBox, a free virtualization application, is installed on the remote
host.

See Also

https://www.virtualbox.org/

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2009/08/11, Modified: 2018/11/15

Plugin Output

tcp/0

Path : C:\Program Files\Oracle\VirtualBox\

Version : 5.0.4.102546
66334 - Patch Report

Synopsis

The remote host is missing several patches.

Description

The remote host is missing one or more security patches. This plugin lists the newest version of each patch to
install to make sure the remote host is up-to-date.

Solution

Install the patches listed below.

Risk Factor

None

Plugin Information

Published: 2013/07/08, Modified: 2019/08/30

Plugin Output

tcp/0

. You need to take the following 84 actions :

+ Install the following Microsoft patches :

- KB4512489
- KB4512488 (106 vulnerabilities)
- KB4511872 (32 vulnerabilities)
- KB3185911 (8 vulnerabilities)
- KB3184943 (1 vulnerabilities)
- KB3178539
- KB3177108 (2 vulnerabilities)
- KB3172729
- KB3172727
- KB3169704
- KB3164294
- KB3162343
- KB3161958
- KB3161951 (1 vulnerabilities)
- KB3161949
- KB3161561
- KB3159398
- KB3157569 (2 vulnerabilities)
- KB3156059
- KB3156019 (3 vulnerabilities)
- KB3155784
- KB3153704 (1 vulnerabilities)
- KB3149090 (2 vulnerabilities)
- KB3146723
- KB3139940 (3 vulnerabilities)
- KB3139914
- KB3139398
- KB3134222 (1 vulnerabilities)
- KB3133043 (1 vulnerabilities)
- KB3126593 (1 vulnerabilities)
- KB3126587 (1 vulnerabilities)
- KB3126446 (2 vulnerabilities)
- KB3126434
- KB3126041
- KB3125869
- KB3109103
- KB3109094 (4 vulnerabilities)
- KB3108347
- KB3102939
- KB3098779
- KB3097997 (1 vulnerabilities)
- KB3087039
- KB3084135 (1 vulnerabilities)
- KB3078601 (4 vulnerabilities)
- KB3076895 (1 vulnerabilities)
- KB3075516
- KB3075220 (1 vulnerabilities)
- KB3074548
- KB3074228
- KB3071756 (12 vulnerabilities)
- KB3061512
- KB3060716
- KB3059317 (1 vulnerabilities)
- KB3055642
- KB3046359
- KB3046017
- KB3045171 (4 vulnerabilities)
- KB3042553
- KB3037579 (1 vulnerabilities)
- KB3035126
- KB3030377
- KB3023222
- KB3022777
- KB3021674
- KB3019978
- KB3010788 (2 vulnerabilities)
- KB3004365 (1 vulnerabilities)
- KB3004361
- KB3000483 (2 vulnerabilities)
- KB2979577
- KB2977765
- KB2973906 (1 vulnerabilities)
- KB2966631
- KB2966034
- KB2965161
- KB2961858
- KB2898850

[ Oracle Java SE Multiple Vulnerabilities (October 2018 CPU) (118228) ]

+ Action to take : Upgrade to Oracle JDK / JRE 11 Update 1, 8 Update 191 / 7 Update 201 / 6 Update
211 or later. If necessary, remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or
later.

+Impact : Taking this action will resolve 456 different vulnerabilities (CVEs).

[ Oracle [...]
57364 - PuTTY Detection

Synopsis

A Telnet / SSH client is installed on the remote host.

Description

The remote host has an installation of PuTTY, which is a suite of tools for remote console access and file
transfer.

See Also

https://www.chiark.greenend.org.uk/~sgtatham/putty/

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2011/12/21, Modified: 2018/11/23

Plugin Output

tcp/0

Path : C:\Program Files\PuTTY

Version : 0.70
122422 - RARLAB WinRAR Installed (Windows)

Synopsis

An archive manager is installed on the remote Windows host.

Description

RARLAB WinRaR, an archive manager, is installed on the remote Windows host.

See Also

https://www.rarlab.com/

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2019/02/26, Modified: 2019/08/20

Plugin Output

tcp/445

Path : C:\Program Files\WinRAR\WinRAR.exe

Version : 5.11.0.0

192.168.100.4 1040
92428 - Recent File History

Synopsis

Nessus was able to enumerate recently opened files on the remote host.

Description

Nessus was able to gather evidence of files opened by file type from the remote host.

See Also

https://www.4n6k.com/2014/02/forensics-quickie-pinpointing-recent.html

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2016/07/19, Modified: 2018/11/15

Plugin Output

tcp/0

C:\\Users\rtapia.CLINICAISV\AppData\Roaming\Microsoft\Windows\Recent\R@1n.lnk

Recent files found in registry and appdata attached.

192.168.100.4 104
92429 - Recycle Bin Files

Synopsis

Nessus was able to enumerate files in the recycle bin on the remote host.

Description

Nessus was able to generate a list of all files found in $Recycle.Bin subdirectories.

See Also

http://www.nessus.org/u?0c1a03df
http://www.nessus.org/u?61293b38

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2016/07/19, Modified: 2018/11/15

Plugin Output

tcp/0

C:\\$Recycle.Bin\\. C:\\
$Recycle.Bin\\.. C:\\
$Recycle.Bin\\S-1-5-18
C:\\$Recycle.Bin\\S-1-5-21-1586170146-605884322-2766078902-1111
C:\\$Recycle.Bin\\S-1-5-21-1586170146-605884322-2766078902-1113
C:\\$Recycle.Bin\\S-1-5-21-1586170146-605884322-2766078902-1114
C:\\$Recycle.Bin\\S-1-5-21-1586170146-605884322-2766078902-1307
C:\\$Recycle.Bin\\S-1-5-21-1586170146-605884322-2766078902-1346
C:\\$Recycle.Bin\\S-1-5-21-1586170146-605884322-2766078902-1359
C:\\$Recycle.Bin\\S-1-5-21-1586170146-605884322-2766078902-1379
C:\\$Recycle.Bin\\S-1-5-21-1586170146-605884322-2766078902-1474
C:\\$Recycle.Bin\\S-1-5-21-1586170146-605884322-2766078902-500
C:\\$Recycle.Bin\\S-1-5-18\. C:\\
$Recycle.Bin\\S-1-5-18\.. C:\\
$Recycle.Bin\\S-1-5-18\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-1586170146-605884322-2766078902-1111\.
C:\\$Recycle.Bin\\S-1-5-21-1586170146-605884322-2766078902-1111\..
C:\\$Recycle.Bin\\S-1-5-21-1586170146-605884322-2766078902-1111\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-1586170146-605884322-2766078902-1113\.
C:\\$Recycle.Bin\\S-1-5-21-1586170146-605884322-2766078902-1113\..
C:\\$Recycle.Bin\\S-1-5-21-1586170146-605884322-2766078902-1113\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-1586170146-605884322-2766078902-1114\.
C:\\$Recycle.Bin\\S-1-5-21-1586170146-605884322-2766078902-1114\..
C:\\$Recycle.Bin\\S-1-5-21-1586170146-605884322-2766078902-1114\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-1586170146-605884322-2766078902-1307\.
C:\\$Recycle.Bin\\S-1-5-21-1586170146-605884322-2766078902-1307\..
C:\\$Recycle.Bin\\S-1-5-21-1586170146-605884322-2766078902-1307\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-1586170146-605884322-2766078902-1346\.
C:\\$Recycle.Bin\\S-1-5-21-1586170146-605884322-2766078902-1346\..
C:\\$Recycle.Bin\\S-1-5-21-1586170146-605884322-2766078902-1346\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-1586170146-605884322-2766078902-1359\.
C:\\$Recycle.Bin\\S-1-5-21-1586170146-605884322-2766078902-1359\.. C:\\
$Recycle.Bin\\S-1-5-21-1586170146-605884322-2766078902-1359\$IDGX0ZW.lnk
C:\\$Recycle.Bin\\S-1-5-21-1586170146-605884322-27660 [...]
62042 - SMB QuickFixEngineering (QFE) Enumeration

Synopsis

The remote host has quick-fix engineering updates installed.

Description

By connecting to the host with the supplied credentials, this plugin enumerates quick-fix engineering updates
installed on the remote host via the registry.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2012/09/11, Modified: 2019/08/29

Plugin Output

tcp/0

Plugin Output

tcp/3389

This port supports TLSv1.0/TLSv1.1/TLSv1.2.

83298 - SSL Certificate Chain Contains Certificates Expiring Soon

Synopsis

The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.

Description

The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon.
Failure to renew these certificates before the expiration date may result in denial of service for users.

Solution

Renew any soon to expire SSL certificates.

Risk Factor

None

Plugin Information

Published: 2015/05/08, Modified: 2015/05/08

Plugin Output

tcp/3389

The following soon to expire certificate was part of the certificate

chain sent by the remote host :

|-Subject : CN=ServidorDominio.CLINICAISV.CL
|-Not After : Oct 11 21:29:06 2019 GMT
42981 - SSL Certificate Expiry - Future Expiry

Synopsis

The SSL certificate associated with the remote service will expire soon.

Description

The SSL certificate associated with the remote service will expire soon.

Solution

Purchase or generate a new SSL certificate in the near future to replace the existing one.

Risk Factor

None

Plugin Information

Published: 2009/12/02, Modified: 2012/04/02

Plugin Output

tcp/3389

The SSL certificate will expire within 60 days, at Oct 11 21:29:06 2019 GMT :

Subject Issuer : CN=ServidorDominio.CLINICAISV.CL

: CN=ServidorDominio.CLINICAISV.CL
Not valid before : 5cafb1a2
Not valid after : Oct 11 21:29:06 2019 GMT

192.168.100.4 1050
10863 - SSL Certificate Information

Synopsis

This plugin displays the SSL certificate.

Description

This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/05/19, Modified: 2019/07/18

Plugin Output

tcp/636

Subject Name:

Issuer Name:

Domain Component: CL
Domain Component: CLINICAISV
Common Name: CLINICAISV-SERVIDORDOMINIO-CA-1

Serial Number: 2E 00 00 D8 57 04 58 89 3A BA 75 5B 49 00 00 00 00 D8 57

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Feb 05 09:29:09 2019 GMT

Not Valid After: Feb 05 09:29:09 2020 GMT

Public Key Info:

Algorithm: RSA Encryption

Key Length: 2048 bits
Public Key: 00 D1 8E D8 AF 58 8A A3 A7 B4 C2 3B FC DF 04 53 A1 EF 86 BB
50 0C D2 DE 70 3C 12 B7 B3 FE E0 94 F3 46 10 A6 5C 10 6E 6C
4C C6 E1 65 0C 26 C8 68 36 C0 29 CD 0F 96 63 CC FD 9F 4B F4
82 47 9E 38 F4 27 92 67 85 62 BC E1 3F 09 43 85 4B 39 37 16
5A 34 1E 20 A1 FD B1 B0 41 E5 F9 9C C0 20 8A DF 77 EB 94 A2
5A 7E 80 CF C2 67 9A 5F 3F 45 40 4A B2 60 BC 4A 5A A3 81 02
6A CC 13 21 00 EF 14 B3 CD 42 8E 3D C9 05 07 BF B2 87 19 14
B2 60 58 8D 3C 7B 45 8E 06 05 98 89 56 51 64 ED ED EF 35 16
5A 1A 99 B3 E4 FD 23 3C 1D 71 E8 D2 55 97 52 60 A8 53 5C DC
F0 5F B6 BC C5 05 7E C6 30 3F 66 B9 00 C1 4E F6 FF 41 6C D5

192.168.100.4 105
E5 41 58 58 B5 55 5D B1 E5 55 26 76 C9 30 E9 FC B2 F0 85 E5
4E FE 47 64 02 96 7E E8 52 7E DB E9 61 76 0C 21 E1 8A 40 23
B1 F6 68 B4 67 5A 7B BB 6B 6A D2 C1 F7 50 35 33 5F
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits

Signature: 00 B3 5A 1F A3 7F 59 00 40 E6 D1 DD 03 BA A4 04 31 AB F6 6C
FE 1E F9 C8 57 B9 F6 75 64 71 A9 AD 52 2E D4 B6 96 1E 0F DC
90 94 22 53 66 7B 13 F2 2E 7E 14 1C 21 87 28 8E 72 D2 22 18
5E 22 AC 3D EB D1 A7 C2 F5 B3 BE FA CC 4E B5 4E 44 E5 D7 8D
CB 36 36 51 C1 70 72 C6 E2 99 C3 86 80 13 6B 5C 37 E0 46 08
81 EC BF B3 AE 6A 39 F0 4C 1D D2 D2 26 13 21 86 82 2A 08 4F
AF EC 83 D5 0F 66 2D 5A 2C 9F 0E 02 D2 75 06 5B B3 FA 69 56
1F DC 0B 0B 59 52 38 42 4C 5C C0 44 84 95 5B 3A 7C 58 A6 56
02 1E F6 F7 EC 72 E3 F1 73 46 CB 12 C4 B7 7C 8 [...]
10863 - SSL Certificate Information

Synopsis

This plugin displays the SSL certificate.

Description

This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/05/19, Modified: 2019/07/18

Plugin Output

tcp/3269

Subject Name:

Issuer Name:

Domain Component: CL
Domain Component: CLINICAISV
Common Name: CLINICAISV-SERVIDORDOMINIO-CA-1

Serial Number: 2E 00 00 D8 57 04 58 89 3A BA 75 5B 49 00 00 00 00 D8 57

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Feb 05 09:29:09 2019 GMT

Not Valid After: Feb 05 09:29:09 2020 GMT

Public Key Info:

Algorithm: RSA Encryption

Signature Length: 256 bytes / 2048 bits

Synopsis

This plugin displays the SSL certificate.

Description

This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/05/19, Modified: 2019/07/18

Plugin Output

tcp/3389

Subject Name:

Common Name: ServidorDominio.CLINICAISV.CL

Issuer Name:

Common Name: ServidorDominio.CLINICAISV.CL

Serial Number: 4C 3F 56 C5 87 BF AB 9B 48 C5 68 F8 5C CA CF 6A

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Apr 11 21:29:06 2019 GMT

Not Valid After: Oct 11 21:29:06 2019 GMT

Public Key Info:

Algorithm: RSA Encryption

Key Length: 2048 bits
Public Key: 00 A0 DC 99 89 91 B1 C1 14 C9 73 9E AA 37 56 9D 94 E5 BF 31
2B AE B6 54 FC 10 16 18 DC 80 45 96 9E C7 BE 66 79 C5 7A 8B
A2 71 6D F1 1A 7E 5E 2F 05 A1 CA 0A 06 1C 19 8B 70 90 66 99
CE E1 6F 02 F4 26 0E 78 89 1D 99 31 24 7D EC D1 AA 5C 55 B2
71 2E EA 86 59 19 4D 33 99 B5 8D 33 5D D7 9B 8F 13 A8 34 3B
CC 7E 69 3B 7B 91 8A DE 67 B7 98 5B C8 41 B5 4C 1B 31 82 B5
73 B8 1F F1 44 75 11 00 54 28 30 D9 15 23 B4 52 5A 2D A1 27
3E B5 A9 58 65 15 84 B0 7E C4 EF 3E 42 C0 A5 28 93 B2 B5 07
74 CD A3 2F E2 8C 6F 17 22 01 C6 54 D3 08 3A 6B F9 A8 56 4B
2C 15 14 EB 5E 13 D1 18 44 ED 13 BB D4 DE D4 00 3E BB 06 9A
22 A9 79 29 B5 B2 1E 4C A5 A9 17 08 B2 B1 2C E8 47 DE 63 E2
40 B8 95 4B 9F FD E7 10 C2 F4 73 F8 3D 14 3D 15 9D 42 CE B9
2D 32 1D 92 45 63 90 F0 BD C3 B5 2A 0F 5E 26 20 91
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits

Signature: 00 33 EF C0 31 0F 8F 31 E7 D5 49 C6 C6 A3 61 F8 67 ED 80 C9
3F 67 2F 88 02 E0 EF C0 4A 0B 10 29 D9 6E 6F A7 FB 55 BA C2
3C 5A 30 A7 D9 B3 2F 53 B2 D3 8F 87 D4 81 3A BA 60 4E 84 E0
7E 0C F2 F9 A4 68 DD E5 04 5C 94 BF 85 AD 77 80 59 90 3D AF
CF 30 05 B7 93 2E BC 3A 7B C1 EE 96 64 A6 87 9F 62 16 03 42
0D 0E 2F 2C 30 99 9A 97 DF 4E D7 A1 FB 78 63 B4 2C F4 4D 8F
EA 3E DF D5 A9 3E 2B A6 9C 7F BB 47 D7 7C EB D8 62 6F D4 8F
51 4A 34 94 49 D4 AF 83 42 8F BB DA 26 2C DC 76 71 CC C3 D0
94 16 09 C5 E9 BB E3 0A 9E 38 7C 10 83 43 F0 15 D0 E0 AF 3A
[...]
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)

Synopsis

A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.

Description

The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a
cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are
known to be vulnerable to collision attacks. An attacker can exploit this to generate another certificate with the
same digital signature, allowing the attacker to masquerade as the affected service.

See Also

https://tools.ietf.org/html/rfc3279
https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2008/961509

Solution

Contact the Certificate Authority to have the certificate reissued.

Risk Factor

None

References

BID 11849
BID 33065
CVE CVE-2004-2761
XREF CERT:836068
XREF CWE:310

Plugin Information

Published: 2016/12/08, Modified: 2019/05/07

Plugin Output

tcp/636

The following known CA certificates were part of the certificate

chain sent by the remote host, but contain hashes that are considered
to be weak.
|-Subject :
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From: Feb 05 09:29:09 2019 GMT
|-Valid To: Feb 05 09:29:09 2020 GMT
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)

Synopsis

A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.

Description

See Also

https://tools.ietf.org/html/rfc3279
https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2008/961509

Solution

Contact the Certificate Authority to have the certificate reissued.

Risk Factor

None

References

BID 11849
BID 33065
CVE CVE-2004-2761
XREF CERT:836068
XREF CWE:310

Plugin Information

Published: 2016/12/08, Modified: 2019/05/07

Plugin Output

tcp/3269

The following known CA certificates were part of the certificate

192.168.100.4 1060
70544 - SSL Cipher Block Chaining Cipher Suites Supported

Synopsis

The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with
subsequent ones.

Description

The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These
cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak
information if used improperly.

See Also

https://www.openssl.org/docs/manmaster/man1/ciphers.html
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2013/10/22, Modified: 2018/11/15

Plugin Output

tcp/636

Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1

ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256

The fields above are :

192.168.100.4 106
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
70544 - SSL Cipher Block Chaining Cipher Suites Supported

Synopsis

The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with
subsequent ones.

Description

See Also

https://www.openssl.org/docs/manmaster/man1/ciphers.html
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2013/10/22, Modified: 2018/11/15

Plugin Output

tcp/3269

Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
70544 - SSL Cipher Block Chaining Cipher Suites Supported

Synopsis

The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with
subsequent ones.

Description

See Also

https://www.openssl.org/docs/manmaster/man1/ciphers.html
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2013/10/22, Modified: 2018/11/15

Plugin Output

tcp/3389

Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported

Synopsis

The remote service encrypts communications using SSL.

Description

This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.

See Also

https://www.openssl.org/docs/man1.1.0/apps/ciphers.html
http://www.nessus.org/u?3a040ada

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2006/06/05, Modified: 2019/05/10

Plugin Output

tcp/636

s the list of SSL ciphers supported by the remote server : Each group is reported per SSL Version.

rsion : TLSv12
Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1

SSL Version : TLSv11

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1

SSL Version : TLSv1 Medium [...]

21643 - SSL Cipher Suites Supported

Synopsis

The remote service encrypts communications using SSL.

Description

This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.

See Also

https://www.openssl.org/docs/man1.1.0/apps/ciphers.html
http://www.nessus.org/u?3a040ada

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2006/06/05, Modified: 2019/05/10

Plugin Output

tcp/3269

s the list of SSL ciphers supported by the remote server : Each group is reported per SSL Version.

rsion : TLSv12
Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1

SSL Version : TLSv11

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1

SSL Version : TLSv1 Medium [...]

192.168.100.4 1070
21643 - SSL Cipher Suites Supported

Synopsis

The remote service encrypts communications using SSL.

Description

This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.

See Also

https://www.openssl.org/docs/man1.1.0/apps/ciphers.html
http://www.nessus.org/u?3a040ada

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2006/06/05, Modified: 2019/05/10

Plugin Output

tcp/3389

s the list of SSL ciphers supported by the remote server : Each group is reported per SSL Version.

rsion : TLSv12
Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1

SSL Version : TLSv11

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

192.168.100.4 107
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1

SSL Version : TLSv1 Medium [...]

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported

Synopsis

The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.

Description

The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.

See Also

https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2011/12/07, Modified: 2018/11/15

Plugin Output

tcp/636

Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256

e fields above are :

penSSL ciphername} Kx={key exchange} Au={authentication}

c={symmetric encryption method} Mac={message authentication code}
xport flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported

Synopsis

The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.

Description

See Also

https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2011/12/07, Modified: 2018/11/15

Plugin Output

tcp/3269

Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256

e fields above are :

penSSL ciphername} Kx={key exchange} Au={authentication}

c={symmetric encryption method} Mac={message authentication code}
xport flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported

Synopsis

The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.

Description

See Also

https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2011/12/07, Modified: 2018/11/15

The remote Windows host supports the SMBv1 protocol.

Description

The remote Windows host supports Server Message Block Protocol version 1 (SMBv1). Microsoft recommends
that users discontinue the use of SMBv1 due to the lack of security features that were included in later SMB
versions. Additionally, the Shadow Brokers group reportedly has an exploit that affects SMB; however, it is
unknown if the exploit affects SMBv1 or another version. In response to this, US-CERT recommends that users
disable SMBv1 per SMB best practices to mitigate these potential issues.

See Also

https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/
https://support.microsoft.com/en-us/help/2696547/how-to-detect-enable-and-disable-smbv1-smbv2-and-smbv3-
in-windows-and
http://www.nessus.org/u?8dcab5e4
http://www.nessus.org/u?234f8ef8
http://www.nessus.org/u?4c7e0cf3

Solution

Disable SMBv1 according to the vendor instructions in Microsoft KB2696547. Additionally, block SMB directly by
blocking TCP port 445 on all network boundary devices. For SMB over the NetBIOS API, block TCP ports 137 /
139 and UDP ports 137 / 138 on all network boundary devices.

Risk Factor

None

Plugin Information

Published: 2017/02/09, Modified: 2018/11/15

Plugin Output

tcp/445

SMBv1 server is enabled :

- HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 : NULL or missing
SMB1protocol feature is enabled based on the following key :
- HKLM\SYSTEM\CurrentControlSet\Services\srv
SMBv1 client is enabled :
- HKLM\SYSTEM\CurrentControlSet\Services\mrxsmb10\Start : 2
96982 - Server Message Block (SMB) Protocol Version 1 Enabled (uncredentialed check)

Synopsis

Description

The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the
uptime of the remote host can sometimes be computed.

See Also

http://www.ietf.org/rfc/rfc1323.txt

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2007/05/16, Modified: 2019/03/06

Plugin Output

tcp/0
104743 - TLS Version 1.0 Protocol Detection

Synopsis

The remote service encrypts traffic using an older version of TLS.

Synopsis

The remote service encrypts traffic using an older version of TLS.

Description

The remote service accepts connections encrypted using TLS 1.1.

TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM
cannot be used with TLS 1.1

PCI DSS v3.2 still allows TLS 1.1 as of June 30, 2018, but strongly recommends the use of TLS 1.2. A proposal
is currently before the IETF to fully deprecate TLS 1.1 and many vendors have already proactively done this.

See Also

https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-00
http://www.nessus.org/u?c8ae820d

Solution

Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.

Risk Factor

None

Plugin Information

Published: 2019/01/08, Modified: 2019/01/08

Plugin Output

tcp/636

TLSv1.1 is enabled and the server supports at least one cipher.

121010 - TLS Version 1.1 Protocol Detection

Synopsis

The remote service encrypts traffic using an older version of TLS.

Description

The remote service accepts connections encrypted using TLS 1.1.

TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM
cannot be used with TLS 1.1

See Also

https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-00
http://www.nessus.org/u?c8ae820d

Solution

Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.

Risk Factor

None

Plugin Information

Published: 2019/01/08, Modified: 2019/01/08

Plugin Output

tcp/3269

TLSv1.1 is enabled and the server supports at least one cipher.

192.168.100.4 1100
121010 - TLS Version 1.1 Protocol Detection

Synopsis

The remote service encrypts traffic using an older version of TLS.

Description

The remote service accepts connections encrypted using TLS 1.1.

TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM
cannot be used with TLS 1.1

See Also

https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-00
http://www.nessus.org/u?c8ae820d

Solution

Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.

Risk Factor

None

Plugin Information

Published: 2019/01/08, Modified: 2019/01/08

Plugin Output

tcp/3389

TLSv1.1 is enabled and the server supports at least one cipher.

192.168.100.4 110
52715 - TeamViewer Version Detection

Synopsis

A remote control service is installed on the remote Windows host.

Description

TeamViewer, a remote control service, is installed on the remote Windows host.

See Also

https://www.teamviewer.com/en/

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2011/03/18, Modified: 2018/06/07

Plugin Output

tcp/0

Path : C:\Program Files (x86)\TeamViewer

Version : 14.5.5819
92433 - Terminal Services History

Synopsis

Nessus was able to gather terminal service connection information.

Description

Nessus was able to generate a report on terminal service connections on the target system.

See Also

http://www.nessus.org/u?15f94efb

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2016/07/19, Modified: 2018/11/15

Plugin Output

tcp/0

Terminal Services Client

- CLINICAISV.CL\Administrador
- CLINICAISV.CL\Administrador
- CLINICAISV.CL\Administrador
- S-1-5-21-1586170146-605884322-2766078902-1307
- CLINICAISV.CL\rmedina
- CLINICAISV.CL\rmedina

Terminal Services Server

- S-1-5-21-1586170146-605884322-2766078902-1111_Classes
- S-1-5-21-1586170146-605884322-2766078902-1111_Classes
- S-1-5-21-1586170146-605884322-2766078902-1111_Classes
- S-1-5-21-1586170146-605884322-2766078902-1111_Classes
- S-1-5-21-1586170146-605884322-2766078902-1307
- S-1-5-21-1586170146-605884322-2766078902-1307
- S-1-5-21-1586170146-605884322-2766078902-1307
- S-1-5-21-1586170146-605884322-2766078902-1307
- S-1-5-21-1586170146-605884322-2766078902-1307
- S-1-5-21-1586170146-605884322-2766078902-1359
- S-1-5-21-1586170146-605884322-2766078902-1359
- S-1-5-21-1586170146-605884322-2766078902-1359
- S-1-5-21-1586170146-605884322-2766078902-1359
- S-1-5-21-1586170146-605884322-2766078902-1359
- S-1-5-21-1586170146-605884322-2766078902-1346
- S-1-5-21-1586170146-605884322-2766078902-1346
- S-1-5-21-1586170146-605884322-2766078902-1346
- S-1-5-21-1586170146-605884322-2766078902-1346
- S-1-5-21-1586170146-605884322-2766078902-1346
- S-1-5-21-1586170146-605884322-2766078902-1114
- S-1-5-21-1586170146-605884322-2766078902-1114
- S-1-5-21-1586170146-605884322-2766078902-1114
- S-1-5-21-1586170146-605884322-2766078902-1114
- CLINICAISV.CL\Administrador
- CLINICAISV.CL\Administrador
- CLINICAISV.CL\Administrador
- CLINICAISV.CL\Administrador
- CLINICAISV.CL\Administrador
- CLINICAISV.CL\Administrador
- CLINICAISV.CL\Administrador
- CLINICAISV.CL\Administrador
- CLINICAISV.CL\Administrador
- CLINICAISV.CL\Administrador
- CLINICAISV.CL\Administrador
- CLINICAISV.CL\Administrador
- S-1-5-21-1586170146-605884322-2766078902-500_Classes
- S-1-5-21-1586170146-605884322-2766078902-500_Classes
- S-1-5-21-1586170146-605884322-2766078902-500_Classes
- S-1-5-21-1586170146-605884322-2766078902-500_Classes
- [...]
64814 - Terminal Services Use SSL/TLS

Synopsis

The remote Terminal Services use SSL/TLS.

Description

The remote Terminal Services is configured to use SSL/TLS.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2013/02/22, Modified: 2018/03/29

Plugin Output

tcp/3389

Subject Name:

Common Name: ServidorDominio.CLINICAISV.CL

Issuer Name:

Common Name: ServidorDominio.CLINICAISV.CL

Serial Number: 4C 3F 56 C5 87 BF AB 9B 48 C5 68 F8 5C CA CF 6A

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Apr 11 21:29:06 2019 GMT

Not Valid After: Oct 11 21:29:06 2019 GMT

Public Key Info:

Algorithm: RSA Encryption

Signature Length: 256 bytes / 2048 bits

Synopsis

The system has been started.

Description

Using the supplied credentials, Nessus was able to determine when the host was last started.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2011/10/12, Modified: 2018/06/19

Plugin Output

tcp/0

20190706192041.491176-240
10287 - Traceroute Information

Synopsis

It was possible to obtain traceroute information.

Description

Makes a traceroute to the remote host.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 1999/11/27, Modified: 2019/03/06

Description

Nessus was able to gather evidence from the UserAssist registry key that has a list of programs that have been
executed.

See Also

https://www.4n6k.com/2013/05/userassist-forensics-timelines.html

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2016/07/19, Modified: 2018/11/15

Plugin Output

tcp/0

{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\active directory users and computers.lnk

{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\teamviewer\teamviewer.exe
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\active directory administrative center.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\active directory administrative
center.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\system information.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\msinfo32.exe
microsoft.windows.administrativetools
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\remote desktop connection.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\notepad.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\scw.exe
ueme_ctlsession
microsoft.autogenerated.{4386ce31-01c0-9b9b-c6ed-93f874a6adb1}
c:\users\administrador\desktop\group policy management.lnk
microsoft.autogenerated.{55ba6492-9b6c-a112-387b-9a6df904e7f2}
windows.ui.search
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\nsp7ebd.tmp\tvupdateinfo.exe
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\google chrome.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\cmd.exe
microsoft.windows.controlpanel
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\health registration authority.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\netplwiz.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\security configuration wizard.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mspaint.exe
ueme_ctlcuacount:ctor
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\inetsrv\inetmgr.exe
c:\users\rmedina\desktop\remote desktop connection.lnk
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\accessories\notepad.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\servermanager.exe
microsoft.windows.shell.rundialog
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\administrative tools.lnk
set_3410273868_es-es
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\shutdown.exe
{d65231b0-b2f1-4857-a4ce-a8e7c6ea7d27}\msdt.exe
microsoft.windows.remotedesktop
chrome
txt_1580054221_es-es
txt_2447045702_es-es
microsoft.windows.controlpanel.taskbar
{013 [...]
52001 - WMI QuickFixEngineering (QFE) Enumeration

Synopsis

The remote Windows host has quick-fix engineering updates installed.

Description

By connecting to the remote host with the supplied credentials, this plugin enumerates quick-fix engineering
updates installed on the remote host via WMI.

See Also

http://www.nessus.org/u?0c4ec249

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2011/02/16, Modified: 2019/08/20

Plugin Output

tcp/0

Here is a list of quick-fix engineering updates installed on the

remote system :

+ KB2862152
- Description : Security Update
- InstalledOn : 11/14/2013

+ KB2868626
- Description : Security Update
- InstalledOn : 11/14/2013

+ KB2876331
- Description : Security Update
- InstalledOn : 11/14/2013

+ KB2883200
- Description : Update
- InstalledOn : 11/14/2013

+ KB2884101
- Description : Update
- InstalledOn : 11/14/2013
+ KB2884846
- Description : Update
- InstalledOn : 11/14/2013

+ KB2887595
- Description : Update
- InstalledOn : 11/14/2013

+ KB2888505
- Description : Security Update
- InstalledOn : 11/14/2013

+ KB2892074
- Description : Security Update
- InstalledOn : 8/22/2016

+ KB2893294
- Description : Security Update
- InstalledOn : 8/24/2016

+ KB2894029
- Description : Update
- InstalledOn : 11/14/2013

+ KB2894179
- Description : Update
- InstalledOn : 11/14/2013

+ KB2898514
- Description : Update
- InstalledOn : 11/14/2013

+ KB2898871
- Description : Security Update
- InstalledOn : 8/24/2016

+ KB2900986
- Description : Security Update
- InstalledOn : 11/14/2013

+ KB2901101
- Description : Update
- InstalledOn : 11/14/2013

+ KB2901128
- Description : Security Update
- InstalledOn : 8/22/2016

+ KB2903939
- Description : Update
- InstalledOn : 8/24/2016

+ KB2904266
- Description : Update
- InstalledOn : 8/22/2016

+ KB2906956
- Description : Update
- InstalledOn : 11/14/2013

+ KB2908174
- Description : Update
- InstalledOn : 11/14/2013

+ KB2911106
- Description : Update
- InstalledOn : 8/24/2016

+ KB2912390
- Description : Security Update
- InstalledOn : 8/24/2016

+ KB2913270
- Description : Update
- InstalledOn : 8/22/2016

+ KB2913760
- Description : Update
- InstalledOn : 8/24/2016

+ KB2914218
- Description : Update
- InstalledOn : 8/22/2016

+ KB2916036
- Description : Security Update
- InstalledOn : 8/24/2016

+ KB2919394
- Description : Update
- InstalledOn : 8/24/2016

+ KB [...]
44871 - WMI Windows Feature Enumeration

Synopsis

It is possible to enumerate Windows features using WMI.

Description

Nessus was able to enumerate the server features of the remote host by querying the 'Win32_ServerFeature'
class of the '\Root\cimv2' WMI namespace for Windows Server versions or the 'Win32_OptionalFeature' class of
the '\Root\cimv2' WMI namespace for Windows Desktop versions.

Note that Features can only be enumerated for Windows 7 and later for desktop versions.

See Also

https://msdn.microsoft.com/en-us/library/cc280268
https://docs.microsoft.com/en-us/windows/desktop/WmiSdk/querying-the-status-of-optional-features

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2010/02/24, Modified: 2019/08/20

Plugin Output

tcp/0

Nessus enumerated the following Windows features :

- .NET Framework 4.5

- API de configuraci.n
- Administraci.n de directivas de grupo
- CGI
- Caracter.sticas HTTP comunes
- Caracter.sticas de .NET Framework 4.5
- Centro de administraci.n de Active Directory
- Compatibilidad con WoW64
- Compatibilidad con el protocolo para compartir archivos SMB 1.0/CIFS
- Compatibilidad con la administraci.n de IIS 6
- Complementos y herramientas de l.nea de comandos de AD DS
- Compresi.n de contenido est.tico
- Consola de administraci.n de IIS
- Contenido est.tico
- Desarrollo de aplicaciones
- Documento predeterminado
- Entidad de certificaci.n
- Errores HTTP
- Estado y diagn.stico
- Examen de directorios
- Filtrado de solicitudes
- Herramientas de AD DS
- Herramientas de AD DS y AD LDS
- Herramientas de Servicios de acceso y directivas de redes
- Herramientas de Servicios de certificados de Active Directory
- Herramientas de administraci.n
- Herramientas de administraci.n de entidades de certificaci.n
- Herramientas de administraci.n de roles
- Herramientas de administraci.n remota del servidor
- Herramientas de registro
- Herramientas del servidor DHCP
- Herramientas del servidor DNS
- Infraestructura e interfaces de usuario
- Infraestructura y herramientas de administraci.n de gr.ficos
- Modelo de proceso
- Monitor de solicitudes
- M.dulo de Active Directory para Windows PowerShell
- Registro HTTP
- Rendimiento
- Seguridad
- Servicio WAS (Windows Process Activation Service)
- Servicios WCF
- Servicios de acceso y directivas de redes
- Servicios de almacenamiento
- Servicios de archivos y almacenamiento
- Servicios de certificados de Active Directory
- Servicios de dominio de Active Directory
- Servicios de iSCSI y archivo
- Servidor DHCP
- Servidor DNS
- Servidor FTP
- Servidor de archivos
- Servidor de directivas de redes
- Servidor web
- Servidor web (IIS)
- Shell gr.fico de servidor
- Uso compartido de puert [...]
11422 - Web Server Unconfigured - Default Install Page Present

Synopsis

The remote web server is not configured or is improperly configured.

Description

The remote web server uses its default welcome page. Therefore, it's probable that this server is not used at all
or is serving content that is meant to be hidden.

Solution

Disable this service if you do not use it.

Risk Factor

None

Plugin Information

Published: 2003/03/20, Modified: 2018/08/15

Plugin Output

tcp/80

The default welcome page is from IIS.

192.168.100.4 1120
92436 - WinRAR History

Synopsis

Nessus was able to enumerate files opened with WinRAR on the remote host.

Description

Nessus was able to gather evidence of compressed files that were opened by WinRAR. Note that only
compressed files that were opened and not extracted through the explorer shortcut or command line interface
were reported.

See Also

https://www.rarlab.com/

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2016/07/19, Modified: 2018/11/15

Plugin Output

tcp/0

C:\Users\Administrador\Desktop\KMSpico.v9.1.2.20131210-heldigard.rar
C:\Users\Administrador\Downloads\aida64extreme580.zip

WinRAR report attached.

192.168.100.4 112
119150 - Windows 8.1 and Server 2012 R2 KB4345424 Update

Synopsis

The remote Windows host is missing 4345424 update

Description

The remote Windows host is missing update 4345424. This update includes quality improvements. No new
operating system features are being introduced in this update. Key changes include:

- Addressed issue in which some devices may experience stop error 0xD1 when you run network monitoring
workloads.

- Addresses an issue that may cause the restart of the SQL Server service to fail with the error, 'Tcp port is
already in use'.

- Addresses an issue that occurs when an administrator tries to stop the World Wide Web Publishing Service
(W3SVC). The W3SVC remains in a 'stopping' state, but cannot fully stop or it cannot be restarted.

See Also

https://support.microsoft.com/en-us/help/4345424/title

Solution

Apply Update KB4345424

Risk Factor

None

References

MSKB 4345424

Plugin Information

Published: 2018/11/27, Modified: 2018/11/27

Plugin Output

tcp/445

KB : 4345424
- C:\Windows\system32\hal.dll has not been patched.
Remote version : 6.3.9600.16500
Should be : 6.3.9600.18969
48337 - Windows ComputerSystemProduct Enumeration (WMI)

Synopsis

It is possible to obtain product information from the remote host using WMI.

Description

By querying the WMI class 'Win32_ComputerSystemProduct', it is possible to extract product information about
the computer system such as UUID, IdentifyingNumber, vendor, etc.

See Also

http://www.nessus.org/u?a21ce849

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2010/08/16, Modified: 2019/08/20

Plugin Output

tcp/0

+ Producto de sistema inform.tico

- IdentifyingNumber : 2M221801U3
- Description : Producto de sistema inform.tico
- Vendor : HP
- Name : ProLiant ML110 G7
- UUID : 32393436-3535-4D32-3232-313830315533
58181 - Windows DNS Server Enumeration

Synopsis

Nessus enumerated the DNS servers being used by the remote Windows host.

Description

Nessus was able to enumerate the DNS servers configured on the remote Windows host by looking in the
registry.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2012/03/01, Modified: 2018/05/16

Plugin Output

tcp/445

Nessus enumerated DNS servers for the following interfaces :

Interface: {22872CDF-41D5-4F87-9D81-2CCDD2F31C7D}
Network Connection : Ethernet
NameServer: 192.168.100.4,8.8.4.4,127.0.0.1
72482 - Windows Display Driver Enumeration

Synopsis

Nessus was able to enumerate one or more of the display drivers on the remote host.

Description

Nessus was able to enumerate one or more of the display drivers on the remote host via WMI.

See Also

http://www.nessus.org/u?b6e87533

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2014/02/06, Modified: 2019/08/20

Plugin Output

tcp/0

Device Name : @oem5.inf,%dwmirrordrv% 64-bit;DameWare Development Mirror Driver 64-bit

Driver File Version : 1.1.0.0 Driver Date: 03/14/2008

Device Name : Adaptador de pantalla b.sico de Microsoft

Driver File Version : 6.3.9600.16384 Driver Date: 06/21/2006
Video Processor: Matrox Graphics Inc.
92423 - Windows Explorer Recently Executed Programs

Synopsis

Nessus was able to enumerate recently executed programs on the remote host.

Description

Nessus was able to find evidence of program execution using Windows Explorer registry logs and settings.

See Also

http://www.forensicswiki.org/wiki/LastVisitedMRU
http://www.nessus.org/u?7e00b191
http://www.nessus.org/u?ac4dd3fb
http://www.nessus.org/u?c409cb41

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2016/07/19, Modified: 2019/08/15

Plugin Output

tcp/0

mmc.exePO :i+00/D:\\1VGiWallpaperDUGeVGi.(uWallpaper
certreq.exe
VirtualBox.exe
mspaint.exePO :i+00.S:2L
iexplore.exeX\r,!PCsg<;-1SPSsC\nCOi3n51SPS0%G`\nnas-1SPS:7CD)3\\nas\PublicMicrosoft NetworkPublic
Share
NOTEPAD.EXE
config\1
cba
cmd\1
ipconfig /flushdns\1
gpedit.msc\1
ba
cmd\1
ping 192.168.1.5\1
control\1
services.msc\1
dsa.msc\1
gpedit.msc\1
DNSMGMT.msc\1
ping 192.168.1.239\1
ping 192.168.1.230\1
gpmc.msc\1
ping 192.168.1.254\1
\\192.168.1.15\1
c:\Windows\PolicyDefinitions\1
cmd\1
aqfpognmlkjidhecb
\\nas\1
\\nas\\1
dxdiag\1
calc\1
cmd\1
ba
gpmc.msc\1
cmd\1
ba
\\nas\1
mmc.exe_m\nM
certreq.exe
IEXPLORE.EXE\rX2hwW
VirtualBox.exeh;heH
mmc.exe`i%
NOTEPAD.EXENNJ[Va
mspaint.exeX\mM
X\r,!PCsg<
x@_dP/N

MRU programs details in attached report.

92418 - Windows Explorer Typed Paths

Synopsis

Nessus was able to enumerate the directory paths that users visited by typing the full directory path into
Windows Explorer.

Description

Nessus was able to enumerate the directory paths that users visited by manually typing the full directory path
into Windows Explorer. The generated folder list report contains folders local to the system, folders from past
mounted network drives, and folders from mounted devices.

See Also

http://www.nessus.org/u?f92f6e9f

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2016/07/19, Modified: 2018/11/15

Plugin Output

tcp/0

\\servidordominio
\\nas
\\nas\
\\NAS
\\192.168.1.245
\\nas
\\192.168.1.38
\\192.168.1.38
\\192.168.100.21

Extended explorer typed paths report attached.

24269 - Windows Management Instrumentation (WMI) Available

Synopsis

WMI queries can be made against the remote host.

Description

The supplied credentials can be used to make WMI (Windows Management Instrumentation) requests against
the remote host over DCOM.

These requests can be used to gather information about the remote host, such as its current state, network
interface configuration, etc.

See Also

http://msdn.microsoft.com/en-us/library/aa394582(v=vs.85).aspx

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2007/02/03, Modified: 2019/08/20

Plugin Output

tcp/0

192.168.100.4 1130
10150 - Windows NetBIOS / SMB Remote Host Information Disclosure

Synopsis

It was possible to obtain the network name of the remote host.

Description

The remote host is listening on UDP port 137 or TCP port 445, and replies to NetBIOS nbtscan or SMB
requests.

Note that this plugin gathers information to be used in other plugins, but does not itself generate a report.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 1999/10/12, Modified: 2019/05/31

Plugin Output

tcp/445

The following 2 NetBIOS names have been gathered :

SERVIDORDOMINIO = Computer name

CLINICAISV = Workgroup / Domain name

192.168.100.4 113
63620 - Windows Product Key Retrieval

Synopsis

This plugin retrieves the Windows Product key of the remote Windows host.

Description

Using the supplied credentials, Nessus was able to obtain the retrieve the Windows host's partial product key'.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2013/01/18, Modified: 2013/01/18

Plugin Output

tcp/445

Product key : XXXXX-XXXXX-XXXXX-XXXXX-MDVJX

Note that all but the final portion of the key has been obfuscated.
10940 - Windows Terminal Services Enabled

Synopsis

The remote Windows host has Terminal Services enabled.

Description

Terminal Services allows a Windows user to remotely obtain a graphical login (and therefore act as a local user
on the remote host).

If an attacker gains a valid login and password, this service could be used to gain further access on the remote
host. An attacker may also use this service to mount a dictionary attack against the remote host to try to log in
remotely.

Note that RDP (the Remote Desktop Protocol) is vulnerable to Man-in-the-middle attacks, making it easy for
attackers to steal the credentials of legitimate users by impersonating the Windows server.

Solution

Disable Terminal Services if you do not use it, and do not allow this service to run across the Internet.

Risk Factor

None

Plugin Information

Published: 2002/04/20, Modified: 2017/08/07

Plugin Output

tcp/3389
34112 - Wireshark / Ethereal Detection (Windows)

Synopsis

A network protocol analyzer is installed on the remote host.

Description

Wireshark (formerly known as Ethereal) is installed on the remote Windows host.

Wireshark is a popular open source network protocol analyzer (sniffer) typically used for network troubleshooting
and protocol analysis.

See Also

https://www.wireshark.org/about.html
https://www.wireshark.org/news/20060607.html

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2008/09/09, Modified: 2018/11/15

Plugin Output

tcp/445

Application : Wireshark
Path : C:\Program Files\Wireshark
Version : 2.2.5
Remediations
Suggested Remediations

Taking the following actions across 1 hosts would resolve 34% of the vulnerabilities on the network.

ACTION TO TAKE VULNS HOSTS

Oracle Java SE Multiple Vulnerabilities (October 2018 CPU): Upgrade to Oracle JDK / JRE 456 1
11 Update 1, 8 Update 191 / 7 Update 201 / 6 Update 211 or later. If necessary, remove any
affected versions. Note that an Extended Support contract with Oracle is needed to obtain
JDK / JRE 6 Update 95 or later.

Install KB4512488 106 1

Wireshark 2.2.x < 2.2.17 / 2.4.x < 2.4.9 / 2.6.x < 2.6.3 Multiple Vulnerabilities: Upgrade to 97 1
Wireshark version 2.2.17 / 2.4.9 / 2.6.3 or later.

Oracle VM VirtualBox < 5.2.20 Multiple Vulnerabilities (Oct 2018 CPU): Upgrade to Oracle 57 1
VM VirtualBox version 5.2.20 or later as referenced in the October 2018 Oracle Critical
Patch Update advisory.

Install KB4511872 32 1

Install KB3071756 12 1

Install KB3185911 8 1

PuTTY < 0.71 Multiple Vulnerabilities: Upgrade to PuTTY version 0.71 or later. 5 1

Install KB3109094 4 1

Install KB3078601 4 1

Install KB3045171 4 1

RARLAB WinRAR < 5.70 Beta 1 Multiple Vulnerabilities: Upgrade to WinRAR version 5.70 4 1
Beta 1 or later.

Install KB3156019 3 1

Install KB3139940 3 1

Install KB3177108 2 1

Install KB3157569 2 1

Install KB3149090 2 1

Install KB3126446 2 1
Install KB3010788 2 1

Suggested Remediations 113

Install KB3000483 2 1

Install KB3184943 1 1

Install KB3161951 1 1

Install KB3153704 1 1

Install KB3134222 1 1

Install KB3133043 1 1

Install KB3126593 1 1

Install KB3126587 1 1

Install KB3097997 1 1

Install KB3084135 1 1

Install KB3076895 1 1

Install KB3075220 1 1

Install KB3059317 1 1

Install KB3037579 1 1

Install KB3004365 1 1

Install KB2973906 1 1

SolarWinds Dameware Mini Remote Control Client Public Key Buffer Over-read: Upgrade to 1 1
SolarWinds Dameware Mini Remote Control v12.1 Hotfix 2 or later.

Suggested Remediations 113

Malware-Analysis With HBgary Respender Profesional
No ratings yet
Malware-Analysis With HBgary Respender Profesional
273 pages
Install Active Directory Domain Services PDF
100% (1)
Install Active Directory Domain Services PDF
82 pages
Deep Discovery Inspector: Trend Micro
No ratings yet
Deep Discovery Inspector: Trend Micro
98 pages
IMSVA 8.5 Administration Guide
No ratings yet
IMSVA 8.5 Administration Guide
641 pages
10775A ENU Companion
No ratings yet
10775A ENU Companion
247 pages
Harden AD 2022 en
No ratings yet
Harden AD 2022 en
85 pages
DD - CertProf - Ebook - 3.0 Edition 3 - FINAL - AUG2020
No ratings yet
DD - CertProf - Ebook - 3.0 Edition 3 - FINAL - AUG2020
665 pages
Interscan Messaging Security Virtual Appliance: Installation Guide
No ratings yet
Interscan Messaging Security Virtual Appliance: Installation Guide
152 pages
User BR CyberArk PAS 032516 Web
No ratings yet
User BR CyberArk PAS 032516 Web
12 pages
Microsoft Official Course: Implementing Failover Clustering
100% (1)
Microsoft Official Course: Implementing Failover Clustering
50 pages
Log4shell Help Overview
No ratings yet
Log4shell Help Overview
47 pages
Deep Security 20 Administration Guide
No ratings yet
Deep Security 20 Administration Guide
1,749 pages
AD Connect Health Lab
No ratings yet
AD Connect Health Lab
33 pages
Windows Hello For Business
No ratings yet
Windows Hello For Business
321 pages
Student Guides Veeam 2021
No ratings yet
Student Guides Veeam 2021
314 pages
SEC201.2 Linux Fundamentals
No ratings yet
SEC201.2 Linux Fundamentals
213 pages
Security Operations2
No ratings yet
Security Operations2
238 pages
Forescout Installation Guide v8.1.x 10-14-2021
No ratings yet
Forescout Installation Guide v8.1.x 10-14-2021
88 pages
Windows Server 2016
No ratings yet
Windows Server 2016
35 pages
Adversary Tactics - PowerShell PDF
No ratings yet
Adversary Tactics - PowerShell PDF
385 pages
Cyber-Ark Vault Installation Guide
100% (1)
Cyber-Ark Vault Installation Guide
35 pages
Module 6: Configuring User Environments Using Group Policy
No ratings yet
Module 6: Configuring User Environments Using Group Policy
36 pages
10953A HTML5 Programming Companion Content
100% (1)
10953A HTML5 Programming Companion Content
91 pages
Azure管理 AZ 103官方教材
No ratings yet
Azure管理 AZ 103官方教材
387 pages
00WS PAS Install Course Agenda
No ratings yet
00WS PAS Install Course Agenda
5 pages
70-741 Slide
100% (1)
70-741 Slide
81 pages
Documentation Audit S2D
No ratings yet
Documentation Audit S2D
9 pages
Wireshark Lab Exercise1
100% (1)
Wireshark Lab Exercise1
3 pages
20462C ENU TrainerHandbook
100% (5)
20462C ENU TrainerHandbook
430 pages
Whats New in Storage in Windows Server PDF
No ratings yet
Whats New in Storage in Windows Server PDF
767 pages
Understanding Group Policy
No ratings yet
Understanding Group Policy
80 pages
McAfee Solidcore Reviewers Guide
No ratings yet
McAfee Solidcore Reviewers Guide
70 pages
Admin 2
No ratings yet
Admin 2
336 pages
SWG Admin 2303 b1 SG
No ratings yet
SWG Admin 2303 b1 SG
715 pages
BeyondTrust - Password Safe - Linux Tools Use Case - V1.0
No ratings yet
BeyondTrust - Password Safe - Linux Tools Use Case - V1.0
13 pages
Performance Tuning Guidelines Windows Server 2012
No ratings yet
Performance Tuning Guidelines Windows Server 2012
182 pages
(McAfee) McAfee Epolicy Orchestrator 5.10.0 Product Guide 5-3-2020
No ratings yet
(McAfee) McAfee Epolicy Orchestrator 5.10.0 Product Guide 5-3-2020
271 pages
Hardening Document Sample1
No ratings yet
Hardening Document Sample1
28 pages
Active Directory Basics Guide
No ratings yet
Active Directory Basics Guide
64 pages
Security-Windows Server Hardening Checklist
No ratings yet
Security-Windows Server Hardening Checklist
3 pages
Sophos XG Firewall v16.05 Update
No ratings yet
Sophos XG Firewall v16.05 Update
10 pages
Microsoft Official Course: Implementing Distributed Active Directory® Domain Services Deployments
No ratings yet
Microsoft Official Course: Implementing Distributed Active Directory® Domain Services Deployments
28 pages
1.identity With Windows Server 2016
No ratings yet
1.identity With Windows Server 2016
86 pages
11 Active DIrectory
No ratings yet
11 Active DIrectory
95 pages
Syslog NG Windows Agent v4.0 Guide Admin en
No ratings yet
Syslog NG Windows Agent v4.0 Guide Admin en
85 pages
Windows 11 24H2 Security Baseline Release Notes
No ratings yet
Windows 11 24H2 Security Baseline Release Notes
4 pages
Microsoft Official Course: Implementing Active Directory Domain Services Sites and Replication
No ratings yet
Microsoft Official Course: Implementing Active Directory Domain Services Sites and Replication
24 pages
01-PAM-ADMIN Introduction To CyberArk PAM
No ratings yet
01-PAM-ADMIN Introduction To CyberArk PAM
43 pages
UCS Gracefull Shutdown
No ratings yet
UCS Gracefull Shutdown
3 pages
20345-1 Administering Microsoft Exchange Server 2016: Length Days: 5
No ratings yet
20345-1 Administering Microsoft Exchange Server 2016: Length Days: 5
4 pages
Analyze HTTP & DNS Logs for Threats
100% (2)
Analyze HTTP & DNS Logs for Threats
9 pages
End User Guide - WEBSENSE PDF
No ratings yet
End User Guide - WEBSENSE PDF
24 pages
Microsoft Active Directory Best Prectise
No ratings yet
Microsoft Active Directory Best Prectise
24 pages
Security Bulletin Summary For May 2020 Updates
No ratings yet
Security Bulletin Summary For May 2020 Updates
208 pages
Research p1
No ratings yet
Research p1
11 pages
Known Bugs and Vulnerabilities
No ratings yet
Known Bugs and Vulnerabilities
3 pages
Windows Security Vulnerabilities Guide
No ratings yet
Windows Security Vulnerabilities Guide
5 pages
30-Nov-2020 - Microsoft Patches - Pro-Watch
No ratings yet
30-Nov-2020 - Microsoft Patches - Pro-Watch
64 pages
Microsoft June 2024 Patch Tuesday CVEs
No ratings yet
Microsoft June 2024 Patch Tuesday CVEs
7 pages
CVE Mitigations3
No ratings yet
CVE Mitigations3
17 pages
A Comprehensive Guide To Direct, Global Customer Support For Arbor Products
No ratings yet
A Comprehensive Guide To Direct, Global Customer Support For Arbor Products
19 pages
Analisis WEB PABELLON
No ratings yet
Analisis WEB PABELLON
93 pages
Analisis WEB
No ratings yet
Analisis WEB
88 pages
Analisis VIRTUALIZACION
No ratings yet
Analisis VIRTUALIZACION
74 pages
Report Generated by Nessus™ Mon, 09 Sep 2019 12:21:40 - 03
No ratings yet
Report Generated by Nessus™ Mon, 09 Sep 2019 12:21:40 - 03
79 pages
Ccnpv7 Switch Lab5-2 Dhcp46 Student
0% (1)
Ccnpv7 Switch Lab5-2 Dhcp46 Student
8 pages
PrimeOS Changelog: Versions 0.1.6-0.3.6
No ratings yet
PrimeOS Changelog: Versions 0.1.6-0.3.6
3 pages
OSY Kit
0% (1)
OSY Kit
110 pages
Linux Practical File
50% (2)
Linux Practical File
41 pages
Linux Magazine USA - Issue 287 October 2024
No ratings yet
Linux Magazine USA - Issue 287 October 2024
100 pages
Linux+ Guide To Linux Certification, Third Edition
No ratings yet
Linux+ Guide To Linux Certification, Third Edition
49 pages
Computer Security Exercises
No ratings yet
Computer Security Exercises
2 pages
UNIX System Calls PDF
No ratings yet
UNIX System Calls PDF
57 pages
Operating System Interview Questions With Answers
No ratings yet
Operating System Interview Questions With Answers
12 pages
Co Operative Linux
No ratings yet
Co Operative Linux
19 pages
Intro to Operating Systems
No ratings yet
Intro to Operating Systems
83 pages
OS Lecture Notes 1-2
No ratings yet
OS Lecture Notes 1-2
32 pages
Real Time Systems Ques & Ans
No ratings yet
Real Time Systems Ques & Ans
8 pages
Intro-to-OS NAMASTE
No ratings yet
Intro-to-OS NAMASTE
60 pages
centos6.5升级至centos stream 9-v2
No ratings yet
centos6.5升级至centos stream 9-v2
11 pages
HPUX11iv2 v3 Security
No ratings yet
HPUX11iv2 v3 Security
26 pages
State of Port 20160906
No ratings yet
State of Port 20160906
14 pages
Microsoft Windows Apple iOS Purpose: 10 Examples of Operating Systems
No ratings yet
Microsoft Windows Apple iOS Purpose: 10 Examples of Operating Systems
6 pages
08 Cimio
50% (2)
08 Cimio
86 pages
OS - 2 Marks With Answers
No ratings yet
OS - 2 Marks With Answers
28 pages
Operating Systems Lab 1
No ratings yet
Operating Systems Lab 1
6 pages
General RTOS Concepts-Presentation
No ratings yet
General RTOS Concepts-Presentation
17 pages
Programming Distributed Systems P310-Feldman
No ratings yet
Programming Distributed Systems P310-Feldman
7 pages
Sriov Vs DPDK
No ratings yet
Sriov Vs DPDK
28 pages
Chapter 2: Operating-System Structures: Silberschatz, Galvin and Gagne ©2018 Operating System Concepts - 10 Edition
No ratings yet
Chapter 2: Operating-System Structures: Silberschatz, Galvin and Gagne ©2018 Operating System Concepts - 10 Edition
55 pages
Operating System Lab 2: Linux Overview and Shell Commands
No ratings yet
Operating System Lab 2: Linux Overview and Shell Commands
34 pages
Oracle Linux 001
100% (1)
Oracle Linux 001
17 pages
Vxworks Installing 6.9
0% (1)
Vxworks Installing 6.9
16 pages
04.dca1201 - Operating System
No ratings yet
04.dca1201 - Operating System
13 pages
Understanding SGX
No ratings yet
Understanding SGX
118 pages
Vsphere Esxi Vcenter Server 551 Security Guide
0% (1)
Vsphere Esxi Vcenter Server 551 Security Guide
182 pages