8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
44.6%
The remote Windows host is missing security update 5035857 or Azure HotPatch 5035959. It is, therefore, affected by multiple vulnerabilities
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2024-21441, CVE-2024-21444, CVE-2024-21450, CVE-2024-26161, CVE-2024-26166)
Windows USB Hub Driver Remote Code Execution Vulnerability (CVE-2024-21429)
Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability (CVE-2024-21430)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
##
include('compat.inc');
if (description)
{
script_id(191947);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/17");
script_cve_id(
"CVE-2023-28746",
"CVE-2024-21407",
"CVE-2024-21408",
"CVE-2024-21427",
"CVE-2024-21429",
"CVE-2024-21430",
"CVE-2024-21431",
"CVE-2024-21432",
"CVE-2024-21433",
"CVE-2024-21434",
"CVE-2024-21436",
"CVE-2024-21437",
"CVE-2024-21438",
"CVE-2024-21439",
"CVE-2024-21440",
"CVE-2024-21441",
"CVE-2024-21442",
"CVE-2024-21443",
"CVE-2024-21444",
"CVE-2024-21445",
"CVE-2024-21446",
"CVE-2024-21450",
"CVE-2024-21451",
"CVE-2024-26159",
"CVE-2024-26161",
"CVE-2024-26162",
"CVE-2024-26166",
"CVE-2024-26169",
"CVE-2024-26170",
"CVE-2024-26173",
"CVE-2024-26174",
"CVE-2024-26176",
"CVE-2024-26177",
"CVE-2024-26178",
"CVE-2024-26181",
"CVE-2024-26190",
"CVE-2024-26197"
);
script_xref(name:"MSKB", value:"5035857");
script_xref(name:"MSKB", value:"5035959");
script_xref(name:"MSFT", value:"MS24-5035857");
script_xref(name:"MSFT", value:"MS24-5035959");
script_xref(name:"IAVA", value:"2024-A-0149-S");
script_xref(name:"IAVA", value:"2024-A-0148-S");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2024/07/04");
script_name(english:"KB5035857: Windows 2022 / Azure Stack HCI 22H2 Security Update (March 2024)");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote Windows host is missing security update 5035857 or Azure HotPatch 5035959. It is, therefore, affected by multiple vulnerabilities
- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2024-21441,
CVE-2024-21444, CVE-2024-21450, CVE-2024-26161, CVE-2024-26166)
- Windows USB Hub Driver Remote Code Execution Vulnerability (CVE-2024-21429)
- Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability (CVE-2024-21430)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/help/5035857");
script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/help/5035959");
script_set_attribute(attribute:"solution", value:
"Apply Security Update 5035857 or Azure HotPatch 5035959");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-26166");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/03/12");
script_set_attribute(attribute:"patch_publication_date", value:"2024/03/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/12");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:azure_stack_hci_22h2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows_server_2022");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, "Host/patch_management_checks");
exit(0);
}
include('smb_func.inc');
include('smb_hotfixes.inc');
include('smb_hotfixes_fcheck.inc');
include('smb_reg_query.inc');
get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');
bulletin = 'MS24-03';
kbs = make_list(
'5035857',
'5035959'
);
if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);
if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
if (
smb_check_rollup(os:'10',
os_build:20348,
rollup_date:'03_2024',
bulletin:bulletin,
rollup_kb_list:[5035857,5035959])
)
{
replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
hotfix_security_hole();
hotfix_check_fversion_end();
exit(0);
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | azure_stack_hci_22h2 | cpe:/o:microsoft:azure_stack_hci_22h2 | |
microsoft | windows_server_2022 | cpe:/o:microsoft:windows_server_2022 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21407
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21408
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21427
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21429
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21430
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21431
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21432
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21433
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21434
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21436
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21437
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21438
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21439
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21440
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21441
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21442
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21443
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21444
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21445
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21446
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21450
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21451
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26159
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26161
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26162
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26166
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26169
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26170
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26173
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26174
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26176
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26177
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26178
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26181
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26190
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26197
support.microsoft.com/help/5035857
support.microsoft.com/help/5035959
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
44.6%