This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS22_OCT_5018410.NASLKB5018410: Windows 10 Version 20H2 / 21H1 / 21H2 Security Update (October 2022)
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
Low
0.017 Low
EPSS
Percentile
87.8%
The remote Windows host is missing security update 5018410. It is, therefore, affected by multiple vulnerabilities
-
Server Service Remote Protocol Elevation of Privilege Vulnerability (CVE-2022-38045)
-
Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2022-38040)
-
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2022-37982, CVE-2022-38031)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
##
include('compat.inc');
if (description)
{
script_id(166034);
script_version("1.13");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/17");
script_cve_id(
"CVE-2022-22035",
"CVE-2022-24504",
"CVE-2022-30198",
"CVE-2022-33634",
"CVE-2022-33635",
"CVE-2022-33645",
"CVE-2022-35770",
"CVE-2022-37965",
"CVE-2022-37970",
"CVE-2022-37973",
"CVE-2022-37974",
"CVE-2022-37975",
"CVE-2022-37977",
"CVE-2022-37978",
"CVE-2022-37979",
"CVE-2022-37980",
"CVE-2022-37981",
"CVE-2022-37982",
"CVE-2022-37983",
"CVE-2022-37984",
"CVE-2022-37985",
"CVE-2022-37986",
"CVE-2022-37987",
"CVE-2022-37988",
"CVE-2022-37989",
"CVE-2022-37990",
"CVE-2022-37991",
"CVE-2022-37993",
"CVE-2022-37994",
"CVE-2022-37995",
"CVE-2022-37996",
"CVE-2022-37997",
"CVE-2022-37998",
"CVE-2022-37999",
"CVE-2022-38000",
"CVE-2022-38003",
"CVE-2022-38016",
"CVE-2022-38021",
"CVE-2022-38022",
"CVE-2022-38026",
"CVE-2022-38027",
"CVE-2022-38028",
"CVE-2022-38029",
"CVE-2022-38030",
"CVE-2022-38031",
"CVE-2022-38032",
"CVE-2022-38033",
"CVE-2022-38034",
"CVE-2022-38037",
"CVE-2022-38038",
"CVE-2022-38039",
"CVE-2022-38040",
"CVE-2022-38041",
"CVE-2022-38042",
"CVE-2022-38043",
"CVE-2022-38044",
"CVE-2022-38045",
"CVE-2022-38046",
"CVE-2022-38047",
"CVE-2022-38050",
"CVE-2022-38051",
"CVE-2022-41033",
"CVE-2022-41081"
);
script_xref(name:"MSKB", value:"5018410");
script_xref(name:"MSFT", value:"MS22-5018410");
script_xref(name:"IAVA", value:"2022-A-0408-S");
script_xref(name:"IAVA", value:"2022-A-0409-S");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2024/05/14");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/11/01");
script_name(english:"KB5018410: Windows 10 Version 20H2 / 21H1 / 21H2 Security Update (October 2022)");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote Windows host is missing security update 5018410. It is, therefore, affected by multiple vulnerabilities
- Server Service Remote Protocol Elevation of Privilege Vulnerability (CVE-2022-38045)
- Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2022-38040)
- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2022-37982,
CVE-2022-38031)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/help/5018410");
script_set_attribute(attribute:"solution", value:
"Apply Security Update 5018410");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-38040");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-38045");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/10/11");
script_set_attribute(attribute:"patch_publication_date", value:"2022/10/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/10/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows_10_20h2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows_10_21h1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows_10_21h2");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, "Host/patch_management_checks");
exit(0);
}
include('smb_func.inc');
include('smb_hotfixes.inc');
include('smb_hotfixes_fcheck.inc');
include('smb_reg_query.inc');
get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');
bulletin = 'MS22-10';
kbs = make_list(
'5018410'
);
if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);
if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
var os_name = get_kb_item("SMB/ProductName");
if ( ( ("enterprise" >< tolower(os_name) || "education" >< tolower(os_name))
&&
smb_check_rollup(os:'10',
os_build:19042,
rollup_date:'10_2022',
bulletin:bulletin,
rollup_kb_list:[5018410])
)
||
smb_check_rollup(os:'10',
os_build:19043,
rollup_date:'10_2022',
bulletin:bulletin,
rollup_kb_list:[5018410])
||
smb_check_rollup(os:'10',
os_build:19044,
rollup_date:'10_2022',
bulletin:bulletin,
rollup_kb_list:[5018410])
)
{
replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
hotfix_security_hole();
hotfix_check_fversion_end();
exit(0);
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | windows_10_21h1 | cpe:/o:microsoft:windows_10_21h1 | |
| microsoft | windows_10_20h2 | cpe:/o:microsoft:windows_10_20h2 | |
| microsoft | windows_10_21h2 | cpe:/o:microsoft:windows_10_21h2 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22035
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24504
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30198
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33634
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33635
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33645
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35770
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37965
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37970
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37973
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37974
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37975
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37977
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37978
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37979
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37980
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37981
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37982
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37983
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37984
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37985
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37986
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37987
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37988
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37989
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37990
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37991
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37993
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37994
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37995
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37996
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37997
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37998
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37999
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38000
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38003
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38016
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38021
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38022
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38026
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38027
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38028
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38029
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38030
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38031
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38032
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38033
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38034
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38037
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38038
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38039
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38040
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38041
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38042
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38043
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38044
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38045
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38046
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38047
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38050
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38051
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41033
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41081
support.microsoft.com/help/5018410
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
Low
0.017 Low
EPSS
Percentile
87.8%