8.8 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
77.6%
The remote Windows host is missing security update 5030216 or Azure Hot Patch 5030325. It is, therefore, affected by multiple vulnerabilities
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability (CVE-2023-35355)
DHCP Server Service Denial of Service Vulnerability (CVE-2023-38162)
Windows GDI Elevation of Privilege Vulnerability (CVE-2023-36804, CVE-2023-38161)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
##
include('compat.inc');
if (description)
{
script_id(181305);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/17");
script_cve_id(
"CVE-2023-35355",
"CVE-2023-36801",
"CVE-2023-36802",
"CVE-2023-36803",
"CVE-2023-36804",
"CVE-2023-36805",
"CVE-2023-38139",
"CVE-2023-38140",
"CVE-2023-38141",
"CVE-2023-38142",
"CVE-2023-38143",
"CVE-2023-38144",
"CVE-2023-38147",
"CVE-2023-38148",
"CVE-2023-38149",
"CVE-2023-38152",
"CVE-2023-38160",
"CVE-2023-38161",
"CVE-2023-38162"
);
script_xref(name:"MSKB", value:"5030325");
script_xref(name:"MSKB", value:"5030216");
script_xref(name:"MSFT", value:"MS23-5030325");
script_xref(name:"MSFT", value:"MS23-5030216");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2023/10/03");
script_name(english:"KB5030216: Windows 2022 / Azure Stack HCI 22H2 Security Update (September 2023)");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote Windows host is missing security update 5030216 or Azure Hot Patch 5030325. It is, therefore, affected by multiple vulnerabilities
- Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability (CVE-2023-35355)
- DHCP Server Service Denial of Service Vulnerability (CVE-2023-38162)
- Windows GDI Elevation of Privilege Vulnerability (CVE-2023-36804, CVE-2023-38161)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/help/5030325");
script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/help/5030216");
script_set_attribute(attribute:"solution", value:
"Apply Security Update 5030216 or Azure HotPatch 5030325");
script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-38148");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/09/12");
script_set_attribute(attribute:"patch_publication_date", value:"2023/09/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/09/12");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:azure_stack_hci_22h2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows_server_2022");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, "Host/patch_management_checks");
exit(0);
}
include('smb_func.inc');
include('smb_hotfixes.inc');
include('smb_hotfixes_fcheck.inc');
include('smb_reg_query.inc');
get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');
var bulletin = 'MS23-09';
var kbs = make_list(
'5030325',
'5030216'
);
if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);
if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
if (
smb_check_rollup(os:'10',
os_build:20348,
rollup_date:'09_2023',
bulletin:bulletin,
rollup_kb_list:[5030325, 5030216])
)
{
replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
hotfix_security_hole();
hotfix_check_fversion_end();
exit(0);
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | azure_stack_hci_22h2 | cpe:/o:microsoft:azure_stack_hci_22h2 | |
microsoft | windows_server_2022 | cpe:/o:microsoft:windows_server_2022 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35355
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36801
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36802
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36803
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36804
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36805
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38139
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38140
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38141
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38142
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38143
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38144
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38147
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38148
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38149
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38152
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38160
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38161
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38162
support.microsoft.com/help/5030216
support.microsoft.com/help/5030325
8.8 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
77.6%