Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS21_APR_5001347.NASL
HistoryApr 13, 2021 - 12:00 a.m.

KB5001347: Windows 10 version 1607 / Windows Server 2016 Security Update (Apr 2021)

2021-04-1300:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
26
kb5001347
apr 2021
elevation of privilege
information disclosure
remote code execution
denial of service
security bypass
cve-2021-27072
cve-2021-27079
cve-2021-27089
cve-2021-27093
cve-2021-28309
cve-2021-27094
cve-2021-28447
cve-2021-27095
cve-2021-28315
cve-2021-27096
cve-2021-26413
cve-2021-26415
cve-2021-28440
cve-2021-26416
cve-2021-28311
cve-2021-28316
cve-2021-28317
cve-2021-28318
cve-2021-28320
cve-2021-28323
cve-2021-28328
cve-2021-28325
cve-2021-28326
cve-2021-28327
cve-2021-28329
cve-2021-28330
cve-2021-28331
cve-2021-28332
cve-2021-28333
cve-2021-28334
cve-2021-28335
cve-2021-28336
cve-2021-28337
cve-2021-28338
cve-2021-28339
cve-2021-28340
cve-2021-28341
cve-2021-28342
cve-2021-28343
cve-2021-28344
cve-2021-28345
cve-2021-28346
cve-2021-28352
cve-2021-28353
cve-2021-28354
cve-2021-28355
cve-2021-28356
cve-2021-28357
cve-2021-28358
cve-2021-28434
cve-2021-28347
cve-2021-28351
cve-2021-28436
cve-2021-28348
cve-2021-28349
cve-2021-28350
cve-2021-28435
cve-2021-28437
cve-2021-28439
cve-2021-28443
cve-2021-28444
cve-2021-28445
cve-2021-28446

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.015

Percentile

87.1%

JSON

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities:

  • Win32k Elevation of Privilege Vulnerability (CVE-2021-27072)

  • Windows Media Photo Codec Information Disclosure Vulnerability (CVE-2021-27079)

  • Microsoft Internet Messaging API Remote Code Execution Vulnerability (CVE-2021-27089)

  • Windows Kernel Information Disclosure Vulnerability (CVE-2021-27093, CVE-2021-28309)

  • Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability (CVE-2021-27094, CVE-2021-28447)

  • Windows Media Video Decoder Remote Code Execution Vulnerability (CVE-2021-27095, CVE-2021-28315)

  • NTFS Elevation of Privilege Vulnerability (CVE-2021-27096)

  • Windows Installer Spoofing Vulnerability (CVE-2021-26413)

  • Windows Installer Elevation of Privilege Vulnerability (CVE-2021-26415, CVE-2021-28440)

  • Windows Hyper-V Denial of Service Vulnerability (CVE-2021-26416)

  • Windows Application Compatibility Cache Denial of Service Vulnerability (CVE-2021-28311)

  • Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability (CVE-2021-28316)

  • Microsoft Windows Codecs Library Information Disclosure Vulnerability (CVE-2021-28317)

  • Windows GDI+ Information Disclosure Vulnerability (CVE-2021-28318)

  • Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability (CVE-2021-28320)

  • Windows DNS Information Disclosure Vulnerability (CVE-2021-28323, CVE-2021-28328)

  • Windows SMB Information Disclosure Vulnerability (CVE-2021-28325)

  • Windows AppX Deployment Server Denial of Service Vulnerability (CVE-2021-28326)

  • Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434)

  • Windows Speech Runtime Elevation of Privilege Vulnerability (CVE-2021-28347, CVE-2021-28351, CVE-2021-28436)

  • Windows GDI+ Remote Code Execution Vulnerability (CVE-2021-28348, CVE-2021-28349, CVE-2021-28350)

  • Windows Event Tracing Information Disclosure Vulnerability (CVE-2021-28435)

  • Windows Installer Information Disclosure Vulnerability (CVE-2021-28437)

  • Windows TCP/IP Driver Denial of Service Vulnerability (CVE-2021-28439)

  • Windows Console Driver Denial of Service Vulnerability (CVE-2021-28443)

  • Windows Hyper-V Security Feature Bypass Vulnerability (CVE-2021-28444)

  • N/A (CVE-2021-28445, CVE-2021-28446)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
##

include('compat.inc');

if (description)
{
  script_id(148465);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/17");

  script_cve_id(
    "CVE-2021-26413",
    "CVE-2021-26415",
    "CVE-2021-26416",
    "CVE-2021-27072",
    "CVE-2021-27079",
    "CVE-2021-27089",
    "CVE-2021-27093",
    "CVE-2021-27094",
    "CVE-2021-27095",
    "CVE-2021-27096",
    "CVE-2021-28309",
    "CVE-2021-28311",
    "CVE-2021-28315",
    "CVE-2021-28316",
    "CVE-2021-28317",
    "CVE-2021-28318",
    "CVE-2021-28320",
    "CVE-2021-28323",
    "CVE-2021-28325",
    "CVE-2021-28326",
    "CVE-2021-28327",
    "CVE-2021-28328",
    "CVE-2021-28329",
    "CVE-2021-28330",
    "CVE-2021-28331",
    "CVE-2021-28332",
    "CVE-2021-28333",
    "CVE-2021-28334",
    "CVE-2021-28335",
    "CVE-2021-28336",
    "CVE-2021-28337",
    "CVE-2021-28338",
    "CVE-2021-28339",
    "CVE-2021-28340",
    "CVE-2021-28341",
    "CVE-2021-28342",
    "CVE-2021-28343",
    "CVE-2021-28344",
    "CVE-2021-28345",
    "CVE-2021-28346",
    "CVE-2021-28347",
    "CVE-2021-28348",
    "CVE-2021-28349",
    "CVE-2021-28350",
    "CVE-2021-28351",
    "CVE-2021-28352",
    "CVE-2021-28353",
    "CVE-2021-28354",
    "CVE-2021-28355",
    "CVE-2021-28356",
    "CVE-2021-28357",
    "CVE-2021-28358",
    "CVE-2021-28434",
    "CVE-2021-28435",
    "CVE-2021-28436",
    "CVE-2021-28437",
    "CVE-2021-28439",
    "CVE-2021-28440",
    "CVE-2021-28443",
    "CVE-2021-28444",
    "CVE-2021-28445",
    "CVE-2021-28446",
    "CVE-2021-28447"
  );
  script_xref(name:"MSKB", value:"5001347");
  script_xref(name:"MSFT", value:"MS21-5001347");
  script_xref(name:"IAVA", value:"2021-A-0171-S");
  script_xref(name:"IAVA", value:"2021-A-0168-S");
  script_xref(name:"IAVA", value:"2021-A-0431-S");
  script_xref(name:"IAVA", value:"2021-A-0429-S");
  script_xref(name:"CEA-ID", value:"CEA-2021-0021");

  script_name(english:"KB5001347: Windows 10 version 1607 / Windows Server 2016 Security Update (Apr 2021)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities:

  - Win32k Elevation of Privilege Vulnerability (CVE-2021-27072)

  - Windows Media Photo Codec Information Disclosure Vulnerability (CVE-2021-27079)

  - Microsoft Internet Messaging API Remote Code Execution Vulnerability (CVE-2021-27089)

  - Windows Kernel Information Disclosure Vulnerability (CVE-2021-27093, CVE-2021-28309)

  - Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability (CVE-2021-27094,
    CVE-2021-28447)

  - Windows Media Video Decoder Remote Code Execution Vulnerability (CVE-2021-27095, CVE-2021-28315)

  - NTFS Elevation of Privilege Vulnerability (CVE-2021-27096)

  - Windows Installer Spoofing Vulnerability (CVE-2021-26413)

  - Windows Installer Elevation of Privilege Vulnerability (CVE-2021-26415, CVE-2021-28440)

  - Windows Hyper-V Denial of Service Vulnerability (CVE-2021-26416)

  - Windows Application Compatibility Cache Denial of Service Vulnerability (CVE-2021-28311)

  - Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability (CVE-2021-28316)

  - Microsoft Windows Codecs Library Information Disclosure Vulnerability (CVE-2021-28317)

  - Windows GDI+ Information Disclosure Vulnerability (CVE-2021-28318)

  - Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability (CVE-2021-28320)

  - Windows DNS Information Disclosure Vulnerability (CVE-2021-28323, CVE-2021-28328)

  - Windows SMB Information Disclosure Vulnerability (CVE-2021-28325)

  - Windows AppX Deployment Server Denial of Service Vulnerability (CVE-2021-28326)

  - Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2021-28327, CVE-2021-28329,
    CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335,
    CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341,
    CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352,
    CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358,
    CVE-2021-28434)

  - Windows Speech Runtime Elevation of Privilege Vulnerability (CVE-2021-28347, CVE-2021-28351,
    CVE-2021-28436)

  - Windows GDI+ Remote Code Execution Vulnerability (CVE-2021-28348, CVE-2021-28349, CVE-2021-28350)

  - Windows Event Tracing Information Disclosure Vulnerability (CVE-2021-28435)

  - Windows Installer Information Disclosure Vulnerability (CVE-2021-28437)

  - Windows TCP/IP Driver Denial of Service Vulnerability (CVE-2021-28439)

  - Windows Console Driver Denial of Service Vulnerability (CVE-2021-28443)

  - Windows Hyper-V Security Feature Bypass Vulnerability (CVE-2021-28444)

  - N/A (CVE-2021-28445, CVE-2021-28446)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/5001347");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released KB5001347 to address this issue.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-27095");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2021-28434");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/03/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/04/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/04/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows_10_1607");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows_server_2016");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include('smb_func.inc');
include('smb_hotfixes.inc');
include('smb_hotfixes_fcheck.inc');
include('smb_reg_query.inc');

get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');

bulletin = 'MS21-04';
kbs = make_list(
  '5001347'
);

if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);

get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  smb_check_rollup(os:'10',
                   sp:0,
                   os_build:'14393',
                   rollup_date:'04_2021',
                   bulletin:bulletin,
                   rollup_kb_list:[5001347])
)
{
  replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_warning();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}

References

Related

nessus 9
mskb 14
openvas 8
kaspersky 2
rapid7blog 1
cnvd 16
cvelist 26
cve 30
prion 30
mscve 32
nvd 29
zdi 1
checkpoint_advisories 1
nessus
nessus
KB5001340: Windows 10 version 1507 LTS Security Update (Apr 2021)
2021-04-13 00:00:00
KB5001389: Windows Server 2008 Security Update (Apr 2021)
2021-04-13 00:00:00
KB5001387: Windows Server 2012 Security Update (Apr 2021)
2021-04-13 00:00:00
mskb
mskb
April 13, 2021—KB5001387 (Monthly Rollup)
2021-04-13 07:00:00
April 13, 2021—KB5001393 (Security-only update)
2021-04-13 07:00:00
April 13, 2021—KB5001383 (Security-only update)
2021-04-13 07:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5001382)
2021-04-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5001340)
2021-04-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5001347)
2021-04-14 00:00:00
kaspersky
kaspersky
KLA12142 Multiple vulnerabilities in Microsoft Products (ESU)
2021-04-13 00:00:00
KLA12139 Multiple vulnerabilities in Microsoft Windows
2021-04-13 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - April 2021
2021-04-13 17:37:00
cnvd
cnvd
Microsoft Windows and Windows Server Elevation of Privilege Vulnerability (CNVD-2021-73127)
2021-04-14 00:00:00
Microsoft Windows and Windows Server Remote Code Execution Vulnerability (CNVD-2021-58239)
2021-04-14 00:00:00
Microsoft Windows and Windows Server Remote Code Execution Vulnerability (CNVD-2021-71409)
2021-04-14 00:00:00
cvelist
cvelist
CVE-2021-28326 Windows AppX Deployment Server Denial of Service Vulnerability
2021-04-13 19:32:59
CVE-2021-28436 Windows Speech Runtime Elevation of Privilege Vulnerability
2021-04-13 19:33:23
CVE-2021-28341 Remote Procedure Call Runtime Remote Code Execution Vulnerability
2021-04-13 19:33:10
cve
cve
CVE-2021-28326
2021-04-13 20:15:17
CVE-2021-28436
2021-04-13 20:15:19
CVE-2021-28350
2021-04-13 20:15:18
prion
prion
Remote code execution
2021-04-13 20:15:00
Information disclosure
2021-04-13 20:15:00
Information disclosure
2021-04-13 20:15:00
mscve
mscve
Windows Hyper-V Security Feature Bypass Vulnerability
2021-04-13 07:00:00
Win32k Elevation of Privilege Vulnerability
2021-04-13 07:00:00
Remote Procedure Call Runtime Remote Code Execution Vulnerability
2021-04-13 07:00:00
nvd
nvd
CVE-2021-28353
2021-04-13 20:15:18
CVE-2021-28309
2021-04-13 20:15:16
CVE-2021-28444
2021-04-13 20:15:19
zdi
zdi
Microsoft Windows AppX Deployment Service Directory Junction Denial-of-Service Vulnerability
2021-04-21 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows SMB Information Disclosure (CVE-2021-28325)
2021-04-13 00:00:00

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.015

Percentile

87.1%

JSON
Related for SMB_NT_MS21_APR_5001347.NASL
nessus9mskb14openvas8kaspersky2rapid7blog1cnvd16cvelist26cve30prion30mscve32nvd29zdi1checkpoint_advisories1