Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS22_OCT_WIN_DEFENDER.NASL
HistoryNov 01, 2022 - 12:00 a.m.

Security Updates for Windows Defender (October 2022)

2022-11-0100:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
104
privilege escalation vulnerability
microsoft
windows defender
cve-2022-37971
patch
exploits.

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

0.0004 Low

EPSS

Percentile

9.6%

JSON

The Malware Protection Engine version of Microsoft Windows Defender installed on the remote Windows host is prior to 1.1.19700.3. It is, therefore, affected by a privilege escalation vulnerability. An authenticated attacker can exploit this to gain elevated privileges.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(166769);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/06");

  script_cve_id("CVE-2022-37971");
  script_xref(name:"MSKB", value:"4052623");
  script_xref(name:"MSFT", value:"MS22-4052623");

  script_name(english:"Security Updates for Windows Defender (October 2022)");

  script_set_attribute(attribute:"synopsis", value:
"An antimalware application installed on the remote host is affected by a privilege escalation vulnerability.");
  script_set_attribute(attribute:"description", value:
"The Malware Protection Engine version of Microsoft Windows Defender installed on the remote Windows host is prior to
1.1.19700.3. It is, therefore, affected by a privilege escalation vulnerability. An authenticated attacker can exploit
this to gain elevated privileges.");
  # https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-worldwide
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3bed4ba6");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released KB4052623 to address this issue.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-37971");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/10/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/10/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/11/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:windows_defender");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("microsoft_windows_defender_win_installed.nbin");
  script_require_keys("installed_sw/Windows Defender");

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

var app = 'Windows Defender';

var app_info = vcf::get_app_info(app:app, win_local:TRUE);

# Check if disabled
if (!isnull(app_info['Disabled']))
  exit(0,'Windows Defender is disabled.');

# Check if we got the Malware Engine Version
if (isnull(app_info['Engine Version']))
  exit(0,'Unable to get the Malware Engine Version.');

var constraints = [
{'fixed_version':'1.1.19700.3'}
];

vcf::av_checks::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, check:'Engine Version');
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows
microsoftwindows_defendercpe:/a:microsoft:windows_defender

Related

cvelist 1
kaspersky 1
mscve 1
prion 1
cve 1
nvd 1
thn 1
ics 1
rapid7blog 1
cvelist
cvelist
CVE-2022-37971 Microsoft Windows Defender Elevation of Privilege Vulnerability
2022-10-11 00:00:00
kaspersky
kaspersky
KLA20003 PE vulnerability in Microsoft System Center
2022-10-11 00:00:00
mscve
mscve
Microsoft Windows Defender Elevation of Privilege Vulnerability
2022-10-11 07:00:00
prion
prion
Privilege escalation
2022-10-11 19:15:00
cve
cve
CVE-2022-37971
2022-10-11 19:15:12
nvd
nvd
CVE-2022-37971
2022-10-11 19:15:12
thn
thn
Researchers Demonstrate How EDR and Antivirus Can Be Weaponized Against Users
2022-12-12 17:28:00
ics
ics
Siemens RUGGEDCOM CROSSBOW
2023-08-10 12:00:00
rapid7blog
rapid7blog
Patch Tuesday - October 2022
2022-10-11 18:35:28

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

0.0004 Low

EPSS

Percentile

9.6%

JSON
Related for SMB_NT_MS22_OCT_WIN_DEFENDER.NASL
cvelist1kaspersky1mscve1prion1cve1nvd1thn1ics1rapid7blog1