9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.9 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
8.6 High
AI Score
Confidence
High
0.279 Low
EPSS
Percentile
96.9%
The remote Windows host is missing security update 5010359. It is, therefore, affected by multiple vulnerabilities
An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2022-21993, CVE-2022-21998)
A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2022-22002)
A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-21995)
An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2022-21989, CVE-2022-21997, CVE-2022-21999, CVE-2022-22000, CVE-2022-22001)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(157436);
script_version("1.14");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/17");
script_cve_id(
"CVE-2022-21974",
"CVE-2022-21981",
"CVE-2022-21985",
"CVE-2022-21989",
"CVE-2022-21992",
"CVE-2022-21993",
"CVE-2022-21995",
"CVE-2022-21997",
"CVE-2022-21998",
"CVE-2022-21999",
"CVE-2022-22000",
"CVE-2022-22001",
"CVE-2022-22002",
"CVE-2022-22710",
"CVE-2022-22717",
"CVE-2022-22718"
);
script_xref(name:"MSKB", value:"5010359");
script_xref(name:"MSFT", value:"MS22-5010359");
script_xref(name:"IAVA", value:"2022-A-0074-S");
script_xref(name:"IAVA", value:"2022-A-0068-S");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/04/15");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/10");
script_name(english:"KB5010359: Windows 10 Version 1607 and Windows Server 2016 Security Update (February 2022)");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote Windows host is missing security update 5010359. It is, therefore, affected by multiple vulnerabilities
- An information disclosure vulnerability. An attacker can
exploit this to disclose potentially sensitive
information. (CVE-2022-21993, CVE-2022-21998)
- A denial of service (DoS) vulnerability. An attacker can
exploit this issue to cause the affected component to
deny system or application services. (CVE-2022-22002)
- A remote code execution vulnerability. An attacker can
exploit this to bypass authentication and execute
unauthorized arbitrary commands. (CVE-2022-21995)
- An elevation of privilege vulnerability. An attacker can
exploit this to gain elevated privileges.
(CVE-2022-21989, CVE-2022-21997, CVE-2022-21999,
CVE-2022-22000, CVE-2022-22001)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/5010359");
script_set_attribute(attribute:"solution", value:
"Apply Security Update 5010359");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-21992");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-21995");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'CVE-2022-21999 SpoolFool Privesc');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/02/08");
script_set_attribute(attribute:"patch_publication_date", value:"2022/02/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/08");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows_server_2016");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows_10_1607");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, "Host/patch_management_checks");
exit(0);
}
include('smb_func.inc');
include('smb_hotfixes.inc');
include('smb_hotfixes_fcheck.inc');
include('smb_reg_query.inc');
get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');
bulletin = 'MS22-02';
kbs = make_list(
'5010359'
);
if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);
if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
if (
smb_check_rollup(os:'10',
os_build:14393,
rollup_date:'02_2022',
bulletin:bulletin,
rollup_kb_list:[5010359])
)
{
replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
hotfix_security_hole();
hotfix_check_fversion_end();
exit(0);
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | windows_10_1607 | cpe:/o:microsoft:windows_10_1607 | |
microsoft | windows_server_2016 | cpe:/o:microsoft:windows_server_2016 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21974
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21981
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21985
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21989
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21992
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21993
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21995
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21997
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21998
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21999
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22000
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22001
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22002
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22710
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22717
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22718
support.microsoft.com/en-us/help/5010359
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.9 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
8.6 High
AI Score
Confidence
High
0.279 Low
EPSS
Percentile
96.9%