Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS20_NOV_4586817.NASL
HistoryNov 10, 2020 - 12:00 a.m.

KB4586817: Windows Server 2008 November 2020 Security Update

2020-11-1000:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
119

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.365 Low

EPSS

Percentile

97.2%

JSON

The Windows installation on the remote host is missing security update 4586781. It is, therefore, affected by multiple vulnerabilities. Please review the vendor advisory for more details.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
#

include('compat.inc');

if (description)
{
  script_id(142679);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/17");

  script_cve_id(
    "CVE-2020-1599",
    "CVE-2020-17001",
    "CVE-2020-17004",
    "CVE-2020-17011",
    "CVE-2020-17014",
    "CVE-2020-17036",
    "CVE-2020-17042",
    "CVE-2020-17043",
    "CVE-2020-17045",
    "CVE-2020-17051",
    "CVE-2020-17068",
    "CVE-2020-17069",
    "CVE-2020-17087",
    "CVE-2020-17088"
  );
  script_xref(name:"MSKB", value:"4586817");
  script_xref(name:"MSKB", value:"4586807");
  script_xref(name:"MSFT", value:"MS20-4586817");
  script_xref(name:"MSFT", value:"MS20-4586807");
  script_xref(name:"IAVA", value:"2020-A-0513-S");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/03");
  script_xref(name:"CEA-ID", value:"CEA-2020-0135");
  script_xref(name:"CEA-ID", value:"CEA-2020-0124");

  script_name(english:"KB4586817: Windows Server 2008 November 2020 Security Update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The Windows installation on the remote host is missing security update 4586781. It is, therefore,
 affected by multiple vulnerabilities. Please review the vendor advisory for more details.");
  # https://support.microsoft.com/en-us/help/4586817/windows-server-2008-update
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?49b35330");
  # https://support.microsoft.com/en-us/help/4586807/windows-server-2008-update
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a85048a0");
  script_set_attribute(attribute:"solution", value:
"Apply Security Only update KB4586817 or Cumulative Update KB4586807.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-17051");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/11/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/11/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/11/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows_server_2008");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = "MS20-11";
kbs = make_list('4586817', '4586807');

if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  smb_check_rollup(os:"6.0",
                   sp:2,
                   rollup_date:"11_2020",
                   bulletin:bulletin,
                   rollup_kb_list:[4586817, 4586807])
)
{
  replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}
VendorProductVersionCPE
microsoftwindows_server_2008cpe:/o:microsoft:windows_server_2008

References

Related

mskb 16
nessus 10
kaspersky 2
openvas 9
krebs 1
cve 14
cvelist 14
prion 14
nvd 14
mscve 14
cnvd 9
checkpoint_advisories 3
zdi 1
cisa_kev 2
attackerkb 3
githubexploit 1
threatpost 2
qualysblog 3
rapid7blog 2
zdt 1
packetstorm 1
thn 4
mmpc 1
mssecure 1
avleonov 1
googleprojectzero 1
mskb
mskb
November 10, 2020—KB4586817 (Security-only update)
2020-11-10 08:00:00
November 10, 2020—KB4586807 (Monthly Rollup)
2020-11-10 08:00:00
November 10, 2020—KB4586805 (Security-only update)
2020-11-10 08:00:00
nessus
nessus
KB4586805: Windows 7 and Windows Server 2008 R2 November 2020 Security Update
2020-11-10 00:00:00
KB4586808: Windows Server 2012 November 2020 Security Update
2020-11-10 00:00:00
KB4586823: Windows 8.1 and Windows Server 2012 R2 November 2020 Security Update
2020-11-10 00:00:00
kaspersky
kaspersky
KLA12003 Multiple vulnerabilities in Microsoft Products (ESU)
2020-11-10 00:00:00
KLA12004 Multiple vulnerabilities in Microsoft Windows
2020-11-10 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4586827)
2020-11-11 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4586834)
2020-11-11 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4586845)
2020-11-11 00:00:00
krebs
krebs
Patch Tuesday, November 2020 Edition
2020-11-11 01:56:41
cve
cve
CVE-2020-17051
2020-11-11 07:15:16
CVE-2020-17043
2020-11-11 07:15:16
CVE-2020-17004
2020-11-11 07:15:13
cvelist
cvelist
CVE-2020-17088 Windows Common Log File System Driver Elevation of Privilege Vulnerability
2020-11-11 06:48:34
CVE-2020-17043 Windows Remote Access Elevation of Privilege Vulnerability
2020-11-11 06:48:15
CVE-2020-17036 Windows Function Discovery SSDP Provider Information Disclosure Vulnerability
2020-11-11 06:48:12
prion
prion
Information disclosure
2020-11-11 07:15:00
Privilege escalation
2020-11-11 07:15:00
Remote code execution
2020-11-11 07:15:00
nvd
nvd
CVE-2020-17036
2020-11-11 07:15:15
CVE-2020-17001
2020-11-11 07:15:13
CVE-2020-17051
2020-11-11 07:15:16
mscve
mscve
Windows GDI+ Remote Code Execution Vulnerability
2020-11-10 08:00:00
Windows Function Discovery SSDP Provider Information Disclosure Vulnerability
2020-11-10 08:00:00
Windows Network File System Remote Code Execution Vulnerability
2020-11-10 08:00:00
cnvd
cnvd
Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63305)
2020-11-13 00:00:00
Microsoft Windows/Windows Server Information Disclosure Vulnerability
2020-11-13 00:00:00
Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-90796)
2020-11-12 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2020-17088)
2020-11-10 00:00:00
Microsoft Windows Network File System Remote Code Execution (CVE-2020-17051)
2020-11-10 00:00:00
Microsoft Windows Kernel Local Elevation of Privilege (CVE-2020-17087)
2020-11-04 00:00:00
zdi
zdi
Microsoft Windows Print Spooler Directory Junction Denial-of-Service Vulnerability
2020-11-11 00:00:00
cisa_kev
cisa_kev
Microsoft Windows Kernel Privilege Escalation Vulnerability
2021-11-03 00:00:00
Google Chrome FreeType Heap Buffer Overflow Vulnerability
2021-11-03 00:00:00
attackerkb
attackerkb
CVE-2020-1599
2020-11-11 00:00:00
CVE-2020-17087 Windows Kernel local privilege escalation 0day
2020-11-11 00:00:00
CVE-2020-15999 Chrome Freetype 0day
2020-11-03 00:00:00
githubexploit
githubexploit
Exploit for Incorrect Conversion between Numeric Types in Microsoft
2021-07-02 16:03:16
threatpost
threatpost
Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
2020-11-10 21:12:21
Unpatched Windows Zero-Day Exploited in the Wild for Sandbox Escape
2020-11-02 14:57:02
qualysblog
qualysblog
November 2020 Patch Tuesday – 112 Vulnerabilities, 17 Critical, Windows Codecs, Network File System, Workstation, Adobe
2020-11-10 20:52:34
January 2021 Patch Tuesday – 83 Vulnerabilities, 10 Critical, One Zero Day, Adobe
2021-01-12 20:01:43
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00
rapid7blog
rapid7blog
Patch Tuesday - November 2020
2020-11-11 01:03:15
Popular Attack Surfaces, August 2021: What You Need to Know
2021-08-12 17:13:25
zdt
zdt
Microsoft Windows Local Spooler Bypass Vulnerability
2020-11-12 00:00:00
packetstorm
packetstorm
Microsoft Windows Local Spooler Bypass
2020-11-11 00:00:00
thn
thn
WARNING: Google Discloses Windows Zero-Day Bug Exploited in the Wild
2020-11-02 09:43:00
Microsoft Releases Windows Security Updates For Critical Flaws
2020-11-11 10:09:00
New Chrome Zero-Day Under Active Attacks – Update Your Browser
2020-11-03 09:33:00
mmpc
mmpc
Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware
2022-04-13 16:00:00
mssecure
mssecure
Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware
2022-04-13 16:00:00
avleonov
avleonov
Vulristics Vulnerability Score, Automated Data Collection and Microsoft Patch Tuesdays Q4 2020
2021-01-11 01:50:44
googleprojectzero
googleprojectzero
In-the-Wild Series: October 2020 0-day discovery
2021-03-18 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.365 Low

EPSS

Percentile

97.2%

JSON
Related for SMB_NT_MS20_NOV_4586817.NASL
mskb16nessus10kaspersky2openvas9krebs1cve14cvelist14prion14nvd14mscve14cnvd9checkpoint_advisories3zdi1cisa_kev2attackerkb3githubexploit1threatpost2qualysblog3rapid7blog2zdt1packetstorm1thn4mmpc1mssecure1avleonov1googleprojectzero1