Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS21_JUL_5004237.NASL
HistoryJul 13, 2021 - 12:00 a.m.

KB5004237: Windows 10 Version 2004 / Windows 10 Version 20H2 / Windows 10 Version 21H1 Security Update (July 2021)

2021-07-1300:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
31
windows 10
security update
july 2021
cve-2021-31183
cve-2021-31961
cve-2021-31979
cve-2021-33740
cve-2021-33743
cve-2021-33744
cve-2021-33745
cve-2021-33746
cve-2021-33749
cve-2021-33750
cve-2021-33751
cve-2021-33752
cve-2021-33754
cve-2021-33755
cve-2021-33756
cve-2021-33757
cve-2021-33759
cve-2021-33760
cve-2021-33761
cve-2021-33763
cve-2021-33764
cve-2021-33765
cve-2021-33771
cve-2021-33772
cve-2021-33773
cve-2021-33774
cve-2021-33779
cve-2021-33780
cve-2021-33781
cve-2021-33782
cve-2021-33783
cve-2021-33784
cve-2021-33785
cve-2021-33786
cve-2021-33788
cve-2021-34438
cve-2021-34440
cve-2021-34441
cve-2021-34442
cve-2021-34444
cve-2021-34445
cve-2021-34446
cve-2021-34447
cve-2021-34448
cve-2021-34449
cve-2021-34450
cve-2021-34454
cve-2021-34455
cve-2021-34456
cve-2021-34457
cve-2021-34458
cve-2021-34459
cve-2021-34460
cve-2021-34461
cve-2021-34462
cve-2021-34466
cve-2021-34476
cve-2021-34488
cve-2021-34489
cve-2021-34490
cve-2021-34491
cve-2021-34492
cve-2021-34493
cve-2021-34494
cve-2021-34496
cve-2021-34497
cve-2021-34498
cve-2021-34499
cve-2021-34500
cve-2021-34504
cve-2021-34507
cve-2021-34508
cve-2021-34509
cve-2021-34510
cve-2021-34511
cve-2021-34512
cve-2021-34513
cve-2021-34514
cve-2021-34516
cve-2021-34521
cve-2021-34525

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

7.8

Confidence

Low

EPSS

0.957

Percentile

99.5%

JSON

The remote Windows host is missing security update 5004237. It is, therefore, affected by multiple vulnerabilities.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.

#
# The descriptive text and package checks in this plugin were
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(151606);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/17");

  script_cve_id(
    "CVE-2021-31183",
    "CVE-2021-31961",
    "CVE-2021-31979",
    "CVE-2021-33740",
    "CVE-2021-33743",
    "CVE-2021-33744",
    "CVE-2021-33745",
    "CVE-2021-33746",
    "CVE-2021-33749",
    "CVE-2021-33750",
    "CVE-2021-33751",
    "CVE-2021-33752",
    "CVE-2021-33754",
    "CVE-2021-33755",
    "CVE-2021-33756",
    "CVE-2021-33757",
    "CVE-2021-33759",
    "CVE-2021-33760",
    "CVE-2021-33761",
    "CVE-2021-33763",
    "CVE-2021-33764",
    "CVE-2021-33765",
    "CVE-2021-33771",
    "CVE-2021-33772",
    "CVE-2021-33773",
    "CVE-2021-33774",
    "CVE-2021-33779",
    "CVE-2021-33780",
    "CVE-2021-33781",
    "CVE-2021-33782",
    "CVE-2021-33783",
    "CVE-2021-33784",
    "CVE-2021-33785",
    "CVE-2021-33786",
    "CVE-2021-33788",
    "CVE-2021-34438",
    "CVE-2021-34440",
    "CVE-2021-34441",
    "CVE-2021-34442",
    "CVE-2021-34444",
    "CVE-2021-34445",
    "CVE-2021-34446",
    "CVE-2021-34447",
    "CVE-2021-34448",
    "CVE-2021-34449",
    "CVE-2021-34450",
    "CVE-2021-34454",
    "CVE-2021-34455",
    "CVE-2021-34456",
    "CVE-2021-34457",
    "CVE-2021-34458",
    "CVE-2021-34459",
    "CVE-2021-34460",
    "CVE-2021-34461",
    "CVE-2021-34462",
    "CVE-2021-34466",
    "CVE-2021-34476",
    "CVE-2021-34488",
    "CVE-2021-34489",
    "CVE-2021-34490",
    "CVE-2021-34491",
    "CVE-2021-34492",
    "CVE-2021-34493",
    "CVE-2021-34494",
    "CVE-2021-34496",
    "CVE-2021-34497",
    "CVE-2021-34498",
    "CVE-2021-34499",
    "CVE-2021-34500",
    "CVE-2021-34504",
    "CVE-2021-34507",
    "CVE-2021-34508",
    "CVE-2021-34509",
    "CVE-2021-34510",
    "CVE-2021-34511",
    "CVE-2021-34512",
    "CVE-2021-34513",
    "CVE-2021-34514",
    "CVE-2021-34516",
    "CVE-2021-34521",
    "CVE-2021-34525"
  );
  script_xref(name:"MSKB", value:"5004237");
  script_xref(name:"MSFT", value:"MS21-5004237");
  script_xref(name:"IAVA", value:"2021-A-0319-S");
  script_xref(name:"IAVA", value:"2021-A-0318-S");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2021/11/17");

  script_name(english:"KB5004237: Windows 10 Version 2004 / Windows 10 Version 20H2 / Windows 10 Version 21H1 Security Update (July 2021)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host is missing security update 5004237. It is, therefore, affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"solution", value:
"Apply Cumulative Update 5004237");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-34448");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2021-34458");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/07/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/07/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/07/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows_10_2004");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include('smb_func.inc');
include('smb_hotfixes.inc');
include('smb_hotfixes_fcheck.inc');
include('smb_reg_query.inc');

get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');

bulletin = 'MS21-07';
kbs = make_list(
  '5004237'
);

if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  smb_check_rollup(os:'10', 
                   os_build:19041,
                   rollup_date:'07_2021',
                   bulletin:bulletin,
                   rollup_kb_list:[5004237])
||
smb_check_rollup(os:'10', 
                  os_build:19042,
                  rollup_date:'07_2021',
                  bulletin:bulletin,
                  rollup_kb_list:[5004237])
||
smb_check_rollup(os:'10', 
                  os_build:19043,
                  rollup_date:'07_2021',
                  bulletin:bulletin,
                  rollup_kb_list:[5004237])

)
{
  replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}

References

Related

nessus 10
openvas 8
mskb 14
kaspersky 2
rapid7blog 1
avleonov 1
thn 2
malwarebytes 1
krebs 1
mmpc 2
schneier 1
threatpost 4
qualysblog 1
attackerkb 2
mssecure 2
prion 25
cnvd 17
cvelist 23
nvd 24
cve 24
mscve 29
zdi 3
checkpoint_advisories 2
nessus
nessus
KB5004244: Windows 10 version 1809 / Windows Server 2019 Security Update (July 2021)
2021-07-13 00:00:00
KB5004245: Windows 10 1909 Security Update (July 2021)
2021-07-13 00:00:00
KB5004305: Windows Server 2008 Security Update (July 2021)
2021-07-13 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5004245)
2021-07-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5004244)
2021-07-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5004237)
2021-07-14 00:00:00
mskb
mskb
July 13, 2021—KB5004237 (OS Builds 19041.1110, 19042.1110, and 19043.1110)
2021-07-13 07:00:00
July 13, 2021—KB5004285 (Security-only update)
2021-07-13 07:00:00
July 13, 2021—KB5004245 (OS Build 18363.1679)
2021-07-13 07:00:00
kaspersky
kaspersky
KLA12226 Multiple vulnerabilities in Microsoft Products (ESU)
2021-07-13 00:00:00
KLA12221 Multiple vulnerabillities in Microsoft Windows
2021-07-13 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - July 2021
2021-07-13 20:56:26
avleonov
avleonov
Vulristics Microsoft Patch Tuesday July 2021: Zero-days EoP in Kernel and RCE in Scripting Engine, RCEs in Kernel, DNS Server, Exchange and Hyper-V
2021-07-14 21:00:27
thn
thn
Update Your Windows PCs to Patch 117 New Flaws, Including 9 Zero-Days
2021-07-14 05:03:00
Israeli Firm Helped Governments Target Journalists, Activists with 0-Days and Spyware
2021-07-16 11:13:00
malwarebytes
malwarebytes
Four in-the-wild exploits, 13 critical patches headline bumper Patch Tuesday
2021-07-14 11:56:06
krebs
krebs
Microsoft Patch Tuesday, July 2021 Edition
2021-07-13 21:41:47
mmpc
mmpc
Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware
2021-07-15 15:21:02
Microsoft Digital Defense Report shares new insights on nation-state attacks
2021-10-25 16:00:17
schneier
schneier
Candiru: Another Cyberweapons Arms Manufacturer
2021-07-19 15:54:58
threatpost
threatpost
Microsoft Crushes 116 Bugs, Three Actively Exploited
2021-07-13 21:26:27
Windows 0-Days Used Against Dissidents in Israeli Broker’s Spyware
2021-07-16 15:55:57
‘CatalanGate’ Spyware Infections Tied to NSO Group
2022-04-19 16:04:33
qualysblog
qualysblog
Microsoft and Adobe Patch Tuesday (July 2021) – Microsoft 117 Vulnerabilities with 13 Critical, Adobe 26 Vulnerabilities
2021-07-13 19:49:37
attackerkb
attackerkb
CVE-2021-33771
2021-07-14 00:00:00
CVE-2021-31979
2021-07-14 00:00:00
mssecure
mssecure
Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware
2021-07-15 15:21:02
Microsoft Digital Defense Report shares new insights on nation-state attacks
2021-10-25 16:00:17
prion
prion
Privilege escalation
2021-07-14 18:15:00
Privilege escalation
2021-07-14 18:15:00
Privilege escalation
2021-07-14 18:15:00
cnvd
cnvd
Microsoft Windows/Windows Server Denial of Service Vulnerability (CNVD-2021-66061)
2021-07-15 00:00:00
Microsoft Windows Server Security Feature Bypass Vulnerability (CNVD-2021-54417)
2021-07-16 00:00:00
Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63285)
2021-07-16 00:00:00
cvelist
cvelist
CVE-2021-33779 Windows AD FS Security Feature Bypass Vulnerability
2021-07-14 17:53:51
CVE-2021-34513 Storage Spaces Controller Elevation of Privilege Vulnerability
2021-07-14 17:54:29
CVE-2021-34510 Storage Spaces Controller Elevation of Privilege Vulnerability
2021-07-14 17:54:26
nvd
nvd
CVE-2021-34493
2021-07-14 18:15:11
CVE-2021-34512
2021-07-14 18:15:12
CVE-2021-33760
2021-07-14 18:15:10
cve
cve
CVE-2021-33774
2021-07-14 18:15:10
CVE-2021-34510
2021-07-14 18:15:11
CVE-2021-33759
2021-07-14 18:15:10
mscve
mscve
Windows Event Tracing Elevation of Privilege Vulnerability
2021-07-13 07:00:00
Windows DNS Server Remote Code Execution Vulnerability
2021-07-13 07:00:00
DirectWrite Remote Code Execution Vulnerability
2021-07-13 07:00:00
zdi
zdi
(Pwn2Own) Microsoft Windows spaceport Out-Of-Bounds Write Privilege Escalation Vulnerability
2021-07-19 00:00:00
(Pwn2Own) Microsoft Windows storport Integer Overflow Privilege Escalation Vulnerability
2021-08-18 00:00:00
(Pwn2Own) Microsoft Windows storport Integer Overflow Privilege Escalation Vulnerability
2021-07-19 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Kernel Elevation of Privilege (CVE-2021-33771)
2021-07-13 00:00:00
Microsoft Win32k Elevation of Privilege (CVE-2021-34449)
2021-07-13 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

7.8

Confidence

Low

EPSS

0.957

Percentile

99.5%

JSON
Related for SMB_NT_MS21_JUL_5004237.NASL
nessus10openvas8mskb14kaspersky2rapid7blog1avleonov1thn2malwarebytes1krebs1mmpc2schneier1threatpost4qualysblog1attackerkb2mssecure2prion25cnvd17cvelist23nvd24cve24mscve29zdi3checkpoint_advisories2