Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS21_MAR_5000809.NASL
HistoryMar 09, 2021 - 12:00 a.m.

KB5000809: Windows 10 Version 1803 March 2021 Security Update

2021-03-0900:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
32

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L

9.2 High

AI Score

Confidence

High

0.284 Low

EPSS

Percentile

96.9%

JSON

The remote Windows host is missing security update 5000809.
It is, therefore, affected by multiple vulnerabilities :

  • An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107, CVE-2021-26869, CVE-2021-26884)

  • An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.
    (CVE-2021-26411)

  • A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26879, CVE-2021-26886)

  • An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
    (CVE-2021-1640, CVE-2021-1729, CVE-2021-24095, CVE-2021-26862, CVE-2021-26863, CVE-2021-26866, CVE-2021-26868, CVE-2021-26870, CVE-2021-26871, CVE-2021-26872, CVE-2021-26873, CVE-2021-26875, CVE-2021-26878, CVE-2021-26880, CVE-2021-26882, CVE-2021-26885, CVE-2021-26889, CVE-2021-26898, CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)

  • A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26876, CVE-2021-26881, CVE-2021-27085)

  • A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.
    (CVE-2021-26892)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
#

include('compat.inc');

if (description)
{
  script_id(147224);
  script_version("1.19");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/17");

  script_cve_id(
    "CVE-2021-1640",
    "CVE-2021-1729",
    "CVE-2021-24095",
    "CVE-2021-24107",
    "CVE-2021-26411",
    "CVE-2021-26861",
    "CVE-2021-26862",
    "CVE-2021-26863",
    "CVE-2021-26866",
    "CVE-2021-26868",
    "CVE-2021-26869",
    "CVE-2021-26870",
    "CVE-2021-26871",
    "CVE-2021-26872",
    "CVE-2021-26873",
    "CVE-2021-26875",
    "CVE-2021-26876",
    "CVE-2021-26878",
    "CVE-2021-26879",
    "CVE-2021-26880",
    "CVE-2021-26881",
    "CVE-2021-26882",
    "CVE-2021-26884",
    "CVE-2021-26885",
    "CVE-2021-26886",
    "CVE-2021-26889",
    "CVE-2021-26892",
    "CVE-2021-26898",
    "CVE-2021-26899",
    "CVE-2021-26901",
    "CVE-2021-27077",
    "CVE-2021-27085"
  );
  script_xref(name:"MSKB", value:"5000809");
  script_xref(name:"MSFT", value:"MS21-5000809");
  script_xref(name:"IAVA", value:"2021-A-0129-S");
  script_xref(name:"IAVA", value:"2021-A-0130-S");
  script_xref(name:"IAVA", value:"2021-A-0134-S");
  script_xref(name:"IAVA", value:"2021-A-0131-S");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2021/11/17");
  script_xref(name:"CEA-ID", value:"CEA-2021-0015");

  script_name(english:"KB5000809: Windows 10 Version 1803 March 2021 Security Update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host is missing security update 5000809.
It is, therefore, affected by multiple vulnerabilities :

  - An information disclosure vulnerability. An attacker can
    exploit this to disclose potentially sensitive
    information. (CVE-2021-24107, CVE-2021-26869,
    CVE-2021-26884)

  - An memory corruption vulnerability exists. An attacker
    can exploit this to corrupt the memory and cause
    unexpected behaviors within the system/application.
    (CVE-2021-26411)

  - A denial of service (DoS) vulnerability. An attacker can
    exploit this issue to cause the affected component to
    deny system or application services. (CVE-2021-26879,
    CVE-2021-26886)

  - An elevation of privilege vulnerability. An attacker can
    exploit this to gain elevated privileges.
    (CVE-2021-1640, CVE-2021-1729, CVE-2021-24095,
    CVE-2021-26862, CVE-2021-26863, CVE-2021-26866,
    CVE-2021-26868, CVE-2021-26870, CVE-2021-26871,
    CVE-2021-26872, CVE-2021-26873, CVE-2021-26875,
    CVE-2021-26878, CVE-2021-26880, CVE-2021-26882,
    CVE-2021-26885, CVE-2021-26889, CVE-2021-26898,
    CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)

  - A remote code execution vulnerability. An attacker can
    exploit this to bypass authentication and execute
    unauthorized arbitrary commands. (CVE-2021-26861,
    CVE-2021-26876, CVE-2021-26881, CVE-2021-27085)

  - A security feature bypass vulnerability exists. An
    attacker can exploit this and bypass the security
    feature and perform unauthorized actions compromising
    the integrity of the system/application.
    (CVE-2021-26892)");
  # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000809-os-build-17134-2087-2601a686-8e12-449d-913c-a63a9b73e2eb
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4ef7d4b2");
  script_set_attribute(attribute:"solution", value:
"Apply Cumulative Update KB5000809.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-27085");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/03/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/03/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/03/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows_10_1803");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include('smb_func.inc');
include('smb_hotfixes.inc');
include('smb_hotfixes_fcheck.inc');
include('smb_reg_query.inc');

get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');

bulletin = 'MS21-03';
kbs = make_list(
  '5000809'
);

if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  smb_check_rollup(os:'10',
                   sp:0,
                   os_build:'17134',
                   rollup_date:'03_2021',
                   bulletin:bulletin,
                   rollup_kb_list:[5000809])
)
{
  replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}
VendorProductVersionCPE
microsoftwindows_10_1803cpe:/o:microsoft:windows_10_1803

References

Related

openvas 3
mskb 15
nessus 10
kaspersky 3
attackerkb 4
cvelist 29
prion 26
nvd 27
rapid7blog 1
cve 26
githubexploit 2
cisa_kev 2
mscve 27
krebs 1
checkpoint_advisories 3
zdi 16
malwarebytes 1
thn 3
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5000807)
2021-03-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5000847)
2021-03-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5000802)
2021-03-10 00:00:00
mskb
mskb
March 9, 2021—KB5000807 (OS Build 10240.18874)
2021-03-09 08:00:00
March 9, 2021—KB5000809 (OS Build 17134.2087)
2021-03-09 08:00:00
March 9, 2021—KB5000822 (OS Build 17763.1817)
2021-03-09 08:00:00
nessus
nessus
KB5000807: Windows 10 March 2021 Security Update
2021-03-09 00:00:00
KB5000802: Windows Security Update (March 2021)
2021-03-09 00:00:00
KB5000808: Windows 10 Version 1909 March 2021 Security Update
2021-03-09 00:00:00
kaspersky
kaspersky
KLA12112 Multiple vulnerabilities in Microsoft Products (ESU)
2021-03-09 00:00:00
KLA12111 Multiple vulnerabilities in Microsoft Windows
2021-03-09 00:00:00
KLA12108 Multiple vulnerabilities in Microsoft Browser
2021-03-09 00:00:00
attackerkb
attackerkb
CVE-2021-27077
2021-03-11 00:00:00
CVE-2021-27085
2021-03-11 00:00:00
CVE-2021-26899
2021-03-11 00:00:00
cvelist
cvelist
CVE-2021-27085 Internet Explorer Remote Code Execution Vulnerability
2021-03-11 15:46:59
CVE-2021-24095 DirectX Elevation of Privilege Vulnerability
2021-03-11 15:02:03
CVE-2021-26886 User Profile Service Denial of Service Vulnerability
2021-03-11 15:42:07
prion
prion
Remote code execution
2021-03-11 16:15:00
Privilege escalation
2021-03-11 16:15:00
Privilege escalation
2021-03-11 16:15:00
nvd
nvd
CVE-2021-27085
2021-03-11 16:15:18
CVE-2021-26866
2021-03-11 16:15:14
CVE-2021-24107
2021-03-11 16:15:13
rapid7blog
rapid7blog
Patch Tuesday - March 2021
2021-03-09 22:13:03
cve
cve
CVE-2021-24095
2021-03-11 16:15:13
CVE-2021-27085
2021-03-11 16:15:18
CVE-2021-26873
2021-03-11 16:15:14
githubexploit
githubexploit
Exploit for Vulnerability in Microsoft
2021-03-25 02:38:08
Exploit for Vulnerability in Microsoft
2021-03-11 21:13:51
cisa_kev
cisa_kev
Microsoft Internet Explorer Remote Code Execution Vulnerability
2021-11-03 00:00:00
Microsoft Internet Explorer Memory Corruption Vulnerability
2021-11-03 00:00:00
mscve
mscve
DirectX Elevation of Privilege Vulnerability
2021-03-09 08:00:00
Windows Event Tracing Information Disclosure Vulnerability
2021-03-09 08:00:00
Internet Explorer Remote Code Execution Vulnerability
2021-03-09 08:00:00
krebs
krebs
Microsoft Patch Tuesday, March 2021 Edition
2021-03-10 01:42:39
checkpoint_advisories
checkpoint_advisories
Microsoft Internet Explorer Memory Corruption (CVE-2021-26411)
2021-03-09 00:00:00
Microsoft Windows Graphics Component Elevation of Privilege (CVE-2021-26868)
2021-03-09 00:00:00
Microsoft Win32k Elevation of Privilege (CVE-2021-26863)
2021-03-09 00:00:00
zdi
zdi
Microsoft Windows User Profile Service Directory Junction Privilege Escalation Vulnerability
2021-03-15 00:00:00
Microsoft Windows win32kfull MulLineTo Untrusted Pointer Dereference Privilege Escalation Vulnerability
2021-04-29 00:00:00
Microsoft Windows win32kfull MulStrokePath Untrusted Pointer Dereference Privilege Escalation Vulnerability
2021-04-28 00:00:00
malwarebytes
malwarebytes
Crimea “manifesto” deploys VBA Rat using double attack vectors
2021-07-29 15:00:00
thn
thn
New RIG Exploit Kit Campaign Infecting Victims' PCs with RedLine Stealer
2022-04-28 08:20:00
Sophisticated MATA Framework Strikes Eastern European Oil and Gas Companies
2023-10-19 13:47:00
Hackers Exploit Microsoft Browser Bug to Deploy VBA Malware on Targeted PCs
2021-07-29 15:18:00

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L

9.2 High

AI Score

Confidence

High

0.284 Low

EPSS

Percentile

96.9%

JSON
Related for SMB_NT_MS21_MAR_5000809.NASL
openvas3mskb15nessus10kaspersky3attackerkb4cvelist29prion26nvd27rapid7blog1cve26githubexploit2cisa_kev2mscve27krebs1checkpoint_advisories3zdi16malwarebytes1thn3