CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
91.6%
The remote Windows host is missing security update 5010395. It is, therefore, affected by multiple vulnerabilities
An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2022-21998)
A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2022-22002)
A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-21993)
An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2022-21989, CVE-2022-21997, CVE-2022-21999, CVE-2022-22000, CVE-2022-22001)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(157431);
script_version("1.15");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/17");
script_cve_id(
"CVE-2022-21981",
"CVE-2022-21985",
"CVE-2022-21989",
"CVE-2022-21993",
"CVE-2022-21997",
"CVE-2022-21998",
"CVE-2022-21999",
"CVE-2022-22000",
"CVE-2022-22001",
"CVE-2022-22002",
"CVE-2022-22710",
"CVE-2022-22717",
"CVE-2022-22718"
);
script_xref(name:"MSKB", value:"5010395");
script_xref(name:"MSKB", value:"5010419");
script_xref(name:"MSFT", value:"MS22-5010395");
script_xref(name:"MSFT", value:"MS22-5010419");
script_xref(name:"IAVA", value:"2022-A-0068-S");
script_xref(name:"IAVA", value:"2022-A-0074-S");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/04/15");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/10");
script_name(english:"KB5010395: Windows 8.1 and Windows Server 2012 R2 Security Update (February 2022)");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote Windows host is missing security update 5010395. It is, therefore, affected by multiple vulnerabilities
- An information disclosure vulnerability. An attacker can
exploit this to disclose potentially sensitive
information. (CVE-2022-21998)
- A denial of service (DoS) vulnerability. An attacker can
exploit this issue to cause the affected component to
deny system or application services. (CVE-2022-22002)
- A remote code execution vulnerability. An attacker can
exploit this to bypass authentication and execute
unauthorized arbitrary commands. (CVE-2022-21993)
- An elevation of privilege vulnerability. An attacker can
exploit this to gain elevated privileges.
(CVE-2022-21989, CVE-2022-21997, CVE-2022-21999,
CVE-2022-22000, CVE-2022-22001)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/5010419");
script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/5010395");
script_set_attribute(attribute:"solution", value:
"Apply Cumulative Update 5010419 or Security Update 5010395");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-21993");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-22718");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'CVE-2022-21999 SpoolFool Privesc');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/02/08");
script_set_attribute(attribute:"patch_publication_date", value:"2022/02/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/08");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows_8");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows_server_2012:r2");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, "Host/patch_management_checks");
exit(0);
}
include('smb_func.inc');
include('smb_hotfixes.inc');
include('smb_hotfixes_fcheck.inc');
include('smb_reg_query.inc');
get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');
bulletin = 'MS22-02';
kbs = make_list(
'5010419',
'5010395'
);
if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);
if (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
if (
smb_check_rollup(os:'6.3',
sp:0,
rollup_date:'02_2022',
bulletin:bulletin,
rollup_kb_list:[5010419, 5010395])
)
{
replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
hotfix_security_hole();
hotfix_check_fversion_end();
exit(0);
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21981
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21985
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21989
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21993
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21997
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21998
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21999
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22000
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22001
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22002
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22710
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22717
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22718
support.microsoft.com/en-us/help/5010395
support.microsoft.com/en-us/help/5010419
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
91.6%