Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2017 Greenbone AGOPENVAS:1361412562310811173
HistoryJun 14, 2017 - 12:00 a.m.

Microsoft Windows Multiple Vulnerabilities (KB4022719)

2017-06-1400:00:00
Copyright (C) 2017 Greenbone AG
plugins.openvas.org
113

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

7

Confidence

Low

EPSS

0.974

Percentile

100.0%

JSON

This host is missing a critical security
update according to Microsoft KB4022719

# SPDX-FileCopyrightText: 2017 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.811173");
  script_version("2023-07-25T05:05:58+0000");
  script_xref(name:"CISA", value:"Known Exploited Vulnerability (KEV) catalog");
  script_xref(name:"URL", value:"https://www.cisa.gov/known-exploited-vulnerabilities-catalog");
  script_cve_id("CVE-2017-0193", "CVE-2017-8472", "CVE-2017-8473", "CVE-2017-8475",
                "CVE-2017-8527", "CVE-2017-8528", "CVE-2017-0260", "CVE-2017-0282",
                "CVE-2017-8476", "CVE-2017-8477", "CVE-2017-8529", "CVE-2017-8531",
                "CVE-2017-0283", "CVE-2017-0284", "CVE-2017-8478", "CVE-2017-8479",
                "CVE-2017-8532", "CVE-2017-8533", "CVE-2017-0285", "CVE-2017-0286",
                "CVE-2017-0287", "CVE-2017-8480", "CVE-2017-8481", "CVE-2017-8534",
                "CVE-2017-8543", "CVE-2017-8544", "CVE-2017-0288", "CVE-2017-0289",
                "CVE-2017-8482", "CVE-2017-8483", "CVE-2017-8547", "CVE-2017-8484",
                "CVE-2017-8485", "CVE-2017-8553", "CVE-2017-0294", "CVE-2017-0296",
                "CVE-2017-8488", "CVE-2017-8489", "CVE-2017-8490", "CVE-2017-0297",
                "CVE-2017-0298", "CVE-2017-0299", "CVE-2017-8491", "CVE-2017-8492",
                "CVE-2017-0300", "CVE-2017-8462", "CVE-2017-8464", "CVE-2017-8469",
                "CVE-2017-8470", "CVE-2017-8471", "CVE-2017-8524", "CVE-2017-8519",
                "CVE-2017-8554");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2023-07-25 05:05:58 +0000 (Tue, 25 Jul 2023)");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2019-10-03 00:03:00 +0000 (Thu, 03 Oct 2019)");
  script_tag(name:"creation_date", value:"2017-06-14 16:22:36 +0530 (Wed, 14 Jun 2017)");
  script_name("Microsoft Windows Multiple Vulnerabilities (KB4022719)");

  script_tag(name:"summary", value:"This host is missing a critical security
  update according to Microsoft KB4022719");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Multiple flaws exist due to:

  - The metafiles (EMF) or documents containing bitmaps rendered out of bounds
    using the BitMapSection(DIBSection) function.

  - An issue with updates are not correctly installing all components and
    would prevent them from booting.

  - An unsupported hardware notification is shown and Windows Updates not
    scanning, for systems using the AMD Carrizo DDR4 processor.

  - An error in Windows kernel, Microsoft Graphics Component, Microsoft
    Uniscribe, Windows kernel-mode drivers, the Windows OS, Windows COM,
    Internet Explorer and Windows Shell.");

  script_tag(name:"impact", value:"Successful exploitation will allow attackers
  to gain the same user rights as the current user and take control of an affected
  system.");

  script_tag(name:"affected", value:"- Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1

  - Microsoft Windows 7 for 32-bit/x64 Systems Service Pack 1");

  script_tag(name:"solution", value:"The vendor has released updates. Please see the references for more information.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"executable_version");
  script_xref(name:"URL", value:"https://support.microsoft.com/en-us/help/4022719");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98878");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98851");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98852");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98853");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98933");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98949");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98810");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98885");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98903");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98854");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98953");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98819");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98920");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98918");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98845");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98856");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98820");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98821");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98914");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98891");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98922");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98857");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98862");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98822");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98824");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98826");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98923");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98929");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98858");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98859");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98932");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98847");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98860");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98940");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98837");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98839");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98864");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98865");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98867");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98840");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98884");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98869");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98870");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98901");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98900");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98818");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98842");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98848");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98849");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98930");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98899");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2017 Greenbone AG");
  script_family("Windows : Microsoft Bulletins");
  script_dependencies("smb_reg_service_pack.nasl");
  script_require_ports(139, 445);
  script_mandatory_keys("SMB/WindowsVersion");
  exit(0);
}

include("smb_nt.inc");
include("secpod_reg.inc");
include("version_func.inc");
include("secpod_smb_func.inc");

if(hotfix_check_sp(win2008r2:2, win7:2, win7x64:2) <= 0){
  exit(0);
}

sysPath = smb_get_system32root();
if(!sysPath ){
  exit(0);
}

fileVer = fetch_file_version(sysPath:sysPath, file_name:"Searchindexer.exe");
if(!fileVer){
  exit(0);
}

if(version_is_less(version:fileVer, test_version:"7.0.7601.23834"))
{
  report = 'File checked:     ' + sysPath + "\Searchindexer.exe" + '\n' +
           'File version:     ' + fileVer  + '\n' +
           'Vulnerable range:  Less than 7.0.7601.23834\n' ;
  security_message(data:report);
  exit(0);
}
exit(0);

References

Related

nessus 9
openvas 16
mskb 17
kaspersky 6
prion 37
cvelist 37
nvd 37
cve 37
talosblog 1
rapid7community 1
trendmicroblog 1
nessus
nessus
Windows 7 and Windows Server 2008 R2 June 2017 Security Updates
2017-06-13 00:00:00
Windows 2008 June 2017 Multiple Security Updates
2017-06-14 00:00:00
Windows Server 2012 June 2017 Security Updates
2017-06-13 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4022722)
2017-06-14 00:00:00
Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4022724)
2017-06-14 00:00:00
Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4022718)
2017-06-14 00:00:00
mskb
mskb
June 13, 2017—KB4022719 (Monthly Rollup)
2017-06-28 07:00:00
June 13, 2017—KB4022722 (Security-only update)
2017-06-28 07:00:00
June 13, 2017—KB4022718 (Security-only update)
2017-06-28 07:00:00
kaspersky
kaspersky
KLA11842 Multiple vulnerabilities in Microsoft Products (ESU)
2017-06-13 00:00:00
KLA11039 Multiple vulnerabilities in Microsoft Windows
2019-06-13 00:00:00
KLA11048 Multiple vulnerabilities in Windows Kernel
2017-06-13 00:00:00
prion
prion
Information disclosure
2017-06-15 01:29:00
Information disclosure
2017-06-15 01:29:00
Information disclosure
2017-06-15 01:29:00
cvelist
cvelist
CVE-2017-8476
2017-06-15 01:00:00
CVE-2017-8479
2017-06-15 01:00:00
CVE-2017-8482
2017-06-15 01:00:00
nvd
nvd
CVE-2017-8474
2017-06-15 01:29:02
CVE-2017-8478
2017-06-15 01:29:03
CVE-2017-0299
2017-06-15 01:29:02
cve
cve
CVE-2017-8481
2017-06-15 01:29:03
CVE-2017-8483
2017-06-15 01:29:03
CVE-2017-8485
2017-06-15 01:29:03
talosblog
talosblog
Microsoft Patch Tuesday - June 2017
2017-06-13 13:48:00
rapid7community
rapid7community
Patch Tuesday - June 2017
2017-06-14 12:04:23
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 12, 2017
2017-06-16 12:00:40

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

7

Confidence

Low

EPSS

0.974

Percentile

100.0%

JSON
Related for OPENVAS:1361412562310811173
nessus9openvas16mskb17kaspersky6prion37cvelist37nvd37cve37talosblog1rapid7community1trendmicroblog1