This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS23_AUG_5029308.NASLKB5029308: Windows Server 2012 Security Update (August 2023)
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
94.0%
The remote Windows host is missing security update 5029308. It is, therefore, affected by multiple vulnerabilities
-
Microsoft Message Queuing Remote Code Execution Vulnerability (CVE-2023-35385, CVE-2023-36910, CVE-2023-36911)
-
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36882)
-
Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability (CVE-2023-35387)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(179488);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/17");
script_cve_id(
"CVE-2023-20569",
"CVE-2023-35359",
"CVE-2023-35376",
"CVE-2023-35377",
"CVE-2023-35380",
"CVE-2023-35381",
"CVE-2023-35383",
"CVE-2023-35385",
"CVE-2023-35387",
"CVE-2023-36882",
"CVE-2023-36884",
"CVE-2023-36889",
"CVE-2023-36900",
"CVE-2023-36903",
"CVE-2023-36906",
"CVE-2023-36907",
"CVE-2023-36908",
"CVE-2023-36909",
"CVE-2023-36910",
"CVE-2023-36911",
"CVE-2023-36912",
"CVE-2023-36913",
"CVE-2023-38172",
"CVE-2023-38184",
"CVE-2023-38254"
);
script_xref(name:"MSKB", value:"5029295");
script_xref(name:"MSKB", value:"5029308");
script_xref(name:"MSFT", value:"MS23-5029295");
script_xref(name:"MSFT", value:"MS23-5029308");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2023/08/07");
script_xref(name:"IAVA", value:"2023-A-0409-S");
script_xref(name:"IAVA", value:"2023-A-0402-S");
script_name(english:"KB5029308: Windows Server 2012 Security Update (August 2023)");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote Windows host is missing security update 5029308. It is, therefore, affected by multiple vulnerabilities
- Microsoft Message Queuing Remote Code Execution Vulnerability (CVE-2023-35385, CVE-2023-36910,
CVE-2023-36911)
- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36882)
- Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability (CVE-2023-35387)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/help/5029295");
script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/help/5029308");
script_set_attribute(attribute:"solution", value:
"Apply Security Update 5029308 or Cumulative Update 5029295");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-36911");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/08/08");
script_set_attribute(attribute:"patch_publication_date", value:"2023/08/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/08/08");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows_server_2012");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, "Host/patch_management_checks");
exit(0);
}
include('smb_func.inc');
include('smb_hotfixes.inc');
include('smb_hotfixes_fcheck.inc');
include('smb_reg_query.inc');
get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');
bulletin = 'MS23-08';
kbs = make_list(
'5029308',
'5029295'
);
if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);
if (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
if (
smb_check_rollup(os:'6.2',
sp:0,
rollup_date:'08_2023',
bulletin:bulletin,
rollup_kb_list:[5029308, 5029295])
)
{
replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
hotfix_security_hole();
hotfix_check_fversion_end();
exit(0);
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20569
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35359
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35376
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35377
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35380
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35381
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35383
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35385
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35387
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36882
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36884
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36889
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36900
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36903
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36906
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36907
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36908
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36909
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36910
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36911
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36912
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36913
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38172
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38184
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38254
support.microsoft.com/help/5029295
support.microsoft.com/help/5029308
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
94.0%