Lucene search
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS19_MAR_OOB_MICROCODE.NASLHistoryMar 20, 2019 - 12:00 a.m.
Security Updates for Windows 10 / Windows Server 2016 / Windows Server 2019 (March 2019) (Spectre) (Meltdown) (Foreshadow)
2019-03-2000:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
260
CVSS2
4.7
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
7.8
Confidence
High
EPSS
0.003
Percentile
71.9%
The remote Windows host is missing a security update. It is, therefore, missing microcode updates to address the following vulnerabilities:
-
Spectre Variant 3a (CVE-2018-3640: Rogue System Register Read (RSRE)).
-
Spectre Variant 4 (CVE-2018-3639: Speculative Store Bypass (SSB))
-
L1TF (CVE-2018-3620, CVE-2018-3646: L1 Terminal Fault)
Note that Nessus did not actually test for these flaws nor checked the target processor architecture but instead, has relied on the version of mcupdate_GenuineIntel.dll to be latest for supported Windows release.
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(122975);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/17");
script_cve_id(
"CVE-2018-3620",
"CVE-2018-3639",
"CVE-2018-3640",
"CVE-2018-3646"
);
script_bugtraq_id(104228, 104232, 105080);
script_xref(name:"MSKB", value:"4465065");
script_xref(name:"MSKB", value:"4346084");
script_xref(name:"MSKB", value:"4346085");
script_xref(name:"MSKB", value:"4346086");
script_xref(name:"MSKB", value:"4346087");
script_xref(name:"MSKB", value:"4346088");
script_xref(name:"MSFT", value:"MS19-4465065");
script_xref(name:"MSFT", value:"MS19-4346084");
script_xref(name:"MSFT", value:"MS19-4346085");
script_xref(name:"MSFT", value:"MS19-4346086");
script_xref(name:"MSFT", value:"MS19-4346087");
script_xref(name:"MSFT", value:"MS19-4346088");
script_name(english:"Security Updates for Windows 10 / Windows Server 2016 / Windows Server 2019 (March 2019) (Spectre) (Meltdown) (Foreshadow)");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is missing a microcode update.");
script_set_attribute(attribute:"description", value:
"The remote Windows host is missing a security update. It is,
therefore, missing microcode updates to address the following
vulnerabilities:
- Spectre Variant 3a (CVE-2018-3640: Rogue System Register Read (RSRE)).
- Spectre Variant 4 (CVE-2018-3639: Speculative Store Bypass (SSB))
- L1TF (CVE-2018-3620, CVE-2018-3646: L1 Terminal Fault)
Note that Nessus did not actually test for these flaws nor checked the
target processor architecture but instead, has relied on the version
of mcupdate_GenuineIntel.dll to be latest for supported Windows release.");
# https://support.microsoft.com/en-ie/help/4465065/kb4465065-intel-microcode-updates
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6b54af4a");
# https://support.microsoft.com/en-ie/help/4346084/kb4346084-intel-microcode-updates
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2d0e32dc");
# https://support.microsoft.com/en-us/help/4346085/kb4346085-intel-microcode-updates
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?91f9cc84");
# https://support.microsoft.com/en-ie/help/4346086/kb4346086-intel-microcode-updates
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?236ac8ce");
# https://support.microsoft.com/en-au/help/4346087/kb4346087-intel-microcode-updates
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bcc8c14e");
# https://support.microsoft.com/en-ie/help/4346088/kb4346088-intel-microcode-updates
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?826f213e");
# https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8c467280");
script_set_attribute(attribute:"solution", value:
"Microsoft has released security updates for Windows 10,
Windows Server 2016 and Server 2019.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-3646");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"in_the_news", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/22");
script_set_attribute(attribute:"patch_publication_date", value:"2019/03/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/20");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows_server_2019");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows_server_2016");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl", "enumerate_ms_azure_vm_win.nbin");
script_require_keys("SMB/MS_Bulletin_Checks/Possible", "Settings/ParanoidReport");
script_require_ports(139, 445, "Host/patch_management_checks");
exit(0);
}
include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");
include("smb_reg_query.inc");
if (report_paranoia < 2) audit(AUDIT_PARANOID);
if (!empty_or_null(get_kb_list("Host/Azure/azure-*")))
audit(AUDIT_HOST_NOT, "affected");
bulletin = 'MS19-03';
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
get_kb_item_or_exit("SMB/Registry/Enumerated");
ver = get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
# No update for other Windows OS versions, skip testing
if (hotfix_check_sp_range(win10:'0') <= 0)
exit(0, "Windows version " + ver + " is not tested.");
# No update for version 1511, skip testing
os_build = get_kb_item("SMB/WindowsVersionBuild");
if(os_build == "10586")
exit(0, "Windows version " + ver + ", build " + os_build + " is not tested.");
share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
if (
# RTM
hotfix_is_vulnerable(os:"10", sp:0, os_build:"10240", file:"mcupdate_genuineintel.dll", version:"10.0.10240.18151", min_version:"10.0.10240.16000", dir:"\system32", bulletin:bulletin, kb:"4346088") ||
# 1607
hotfix_is_vulnerable(os:"10", sp:0, os_build:"14393", file:"mcupdate_genuineintel.dll", version:"10.0.14393.2842", min_version:"10.0.14393.0", dir:"\system32", bulletin:bulletin, kb:"4346087") ||
# 1703
hotfix_is_vulnerable(os:"10", sp:0, os_build:"15063", file:"mcupdate_genuineintel.dll", version:"10.0.15063.1681", min_version:"10.0.15063.0", dir:"\system32", bulletin:bulletin, kb:"4346086") ||
# 1709
hotfix_is_vulnerable(os:"10", sp:0, os_build:"16299", file:"mcupdate_genuineintel.dll", version:"10.0.16299.1022", min_version:"10.0.16299.0", dir:"\system32", bulletin:bulletin, kb:"4346085") ||
# 1803
hotfix_is_vulnerable(os:"10", sp:0, os_build:"17134", file:"mcupdate_genuineintel.dll", version:"10.0.17134.641", min_version:"10.0.17134.0", dir:"\system32", bulletin:bulletin, kb:"4346084") ||
# 1809
hotfix_is_vulnerable(os:"10", sp:0, os_build:"17763", file:"mcupdate_genuineintel.dll", version:"10.0.17763.370", min_version:"10.0.17763.0", dir:"\system32", bulletin:bulletin, kb:"4465065")
)
{
replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
hotfix_security_warning();
exit(0);
}
else
{
audit(AUDIT_HOST_NOT, 'affected');
}
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3640
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646
www.nessus.org/u?236ac8ce
www.nessus.org/u?2d0e32dc
www.nessus.org/u?6b54af4a
www.nessus.org/u?826f213e
www.nessus.org/u?8c467280
www.nessus.org/u?91f9cc84
www.nessus.org/u?bcc8c14e
Related
nessus
nessus
Security Updates for Windows 10 / Windows Server 2019 (February 2019) (Spectre) (Meltdown) (Foreshadow)
2019-03-20 00:00:00
Security Updates for Windows 10 / Windows Server 2016 (August 2018) (Spectre) (Meltdown) (Foreshadow)
2018-08-24 00:00:00
RHEL 6 : MRG (RHSA-2018:2396) (Foreshadow) (Spectre)
2018-08-16 00:00:00
ibm
ibm
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2018:2331-2)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:2331-1)
2021-04-19 00:00:00
openSUSE: Security Advisory for Security (openSUSE-SU-2018:2399-1)
2018-08-18 00:00:00
redhat
redhat
(RHSA-2018:2396) Important: kernel-rt security and bug fix update
2018-08-14 19:27:26
(RHSA-2018:2387) Important: kernel security and bug fix update
2018-08-14 18:50:34
(RHSA-2018:2394) Important: kernel security update
2018-08-14 19:27:17
cloudfoundry
cloudfoundry
USN-3756-1: Intel Microcode vulnerabilities | Cloud Foundry
2018-09-11 00:00:00
USN-3740-2: Linux kernel (HWE) vulnerabilities | Cloud Foundry
2018-09-11 00:00:00
USN-3741-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
2018-08-17 00:00:00
ubuntu
ubuntu
Intel Microcode vulnerabilities
2018-08-27 00:00:00
Linux kernel vulnerabilities
2018-11-15 00:00:00
Linux kernel (HWE) vulnerabilities
2018-08-14 00:00:00
suse
suse
Security update to ucode-intel (important)
2018-08-17 12:10:34
Security update for ucode-intel (important)
2018-07-06 21:08:25
debian
debian
[SECURITY] [DLA 1506-1] intel-microcode security update
2018-09-16 21:04:52
[SECURITY] [DSA 4279-1] linux security update
2018-08-20 11:44:32
[SECURITY] [DSA 4273-2] intel-microcode security update
2018-09-16 20:43:40
redhatcve
redhatcve
CVE-2018-3620
2021-03-20 21:41:50
CVE-2018-3646
2021-01-24 22:39:20
osv
osv
linux-4.9 - security update
2018-08-28 00:00:00
linux - security update
2018-08-20 00:00:00
intel-microcode - security update
2018-09-16 00:00:00
freebsd
freebsd
FreeBSD -- L1 Terminal Fault (L1TF) Kernel Information Disclosure
2018-08-14 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: kernel-headers-4.17.14-3.fc28
2018-08-16 08:08:45
[SECURITY] Fedora 27 Update: kernel-headers-4.17.14-3.fc27
2018-08-16 07:24:56
xen
xen
L1 Terminal Fault speculative side channel
2018-08-14 17:15:00
huawei
huawei
Security Advisory - Side-Channel Vulnerability Variants 3a and 4
2018-06-15 00:00:00
Security Advisory - CPU Side Channel Vulnerability "L1TF"
2018-08-15 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-18:09.l1tf
2018-08-14 00:00:00
mageia
mageia
Updated microcode packages fix security vulnerability
2018-07-25 11:24:17
Updated kernel-tmb packages fix security vulnerabilities
2018-08-19 14:24:54
Updated kernel packages fix security vulnerabilities
2018-08-19 14:24:54
intel
intel
Q2 2018 Speculative Execution Side Channel Update
2021-05-11 00:00:00
Q3 2018 Speculative Execution Side Channel Update
2021-05-11 00:00:00
mscve
mscve
Microsoft Guidance for Rogue System Register Read
2018-05-21 07:00:00
Microsoft Guidance for Speculative Store Bypass
2018-05-21 07:00:00
Microsoft Guidance to mitigate L1TF variant
2018-08-14 07:00:00
hp
hp
HPSBHF03584 rev. 8 - Derivative Side-Channel Analysis Method
2018-05-04 00:00:00
vmware
vmware
qualysblog
qualysblog
All Hands Memo to Owners of Home / Small Office Routers: Reboot Them!
2018-05-30 14:33:42
threatpost
threatpost
Intel Responds to Spectre-Like Flaw In CPUs
2018-05-22 14:03:08
New Ninth-Gen Intel CPUs Shield Against Some Spectre, Meltdown Variants
2018-10-09 19:37:35
Intel CPUs Undermined By Fresh Speculative Execution Flaws
2018-08-14 19:24:34
cisco
cisco
CPU Side-Channel Information Disclosure Vulnerabilities: May 2018
2018-05-22 01:00:00
CPU Side-Channel Information Disclosure Vulnerabilities: August 2018
2018-08-14 17:00:00
msrc
msrc
Analysis and mitigation of L1 Terminal Fault (L1TF)
2018-08-13 07:00:00
Analysis and mitigation of L1 Terminal Fault (L1TF)
2018-08-13 07:00:00
cert
cert
lenovo
lenovo
L1 Terminal Fault Side Channel Vulnerabilities - Lenovo Support NL
2018-08-16 14:27:00
L1 Terminal Fault Side Channel Vulnerabilities - US
2018-08-16 14:27:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2018-09-06 00:00:00
Unbreakable Enterprise kernel security update
2018-08-14 00:00:00
kernel security update
2018-10-01 00:00:00
f5
f5
K58304450 : Multiple Intel Processor vulnerabilities: Spectre-NG
2018-05-30 00:00:00
K70675920 : August 2018 Intel security vulnerability announcement
2018-08-15 00:00:00
thn
thn
Foreshadow Attacks — 3 New Intel CPU Side-Channel Flaws Discovered
2018-08-15 07:40:00
amazon
amazon
Critical: kernel
2018-08-10 20:26:00
Critical: kernel
2018-08-10 22:53:00
mskb
mskb
prion
prion
Information disclosure
2018-08-14 19:29:00
cve
cve
CVE-2018-3620
2018-08-14 19:29:00
CVSS2
4.7
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
7.8
Confidence
High
EPSS
0.003
Percentile
71.9%
Related for SMB_NT_MS19_MAR_OOB_MICROCODE.NASL