The remote Windows host is missing security update 5012591.
It is, therefore, affected by multiple vulnerabilities:

  - An elevation of privilege vulnerability. An attacker can     exploit this to gain elevated privileges.
    (CVE-2022-26827, CVE-2022-24549, CVE-2022-26810,      CVE-2022-26803, CVE-2022-26808, CVE-2022-26807,      CVE-2022-26792, CVE-2022-26801, CVE-2022-26802,      CVE-2022-26794, CVE-2022-26790, CVE-2022-26797,      CVE-2022-26787, CVE-2022-26798, CVE-2022-26796,      CVE-2022-26786, CVE-2022-26904, CVE-2022-26788,      CVE-2022-24496, CVE-2022-24544, CVE-2022-24540,      CVE-2022-24489, CVE-2022-24486, CVE-2022-24481,      CVE-2022-24479, CVE-2022-24527, CVE-2022-24474,      CVE-2022-24521, CVE-2022-24547, CVE-2022-24550,      CVE-2022-24499, CVE-2022-24494, CVE-2022-24542,      CVE-2022-24530)

  - A denial of service (DoS) vulnerability. An attacker can     exploit this issue to cause the affected component to     deny system or application services. (CVE-2022-26831,     CVE-2022-26915, CVE-2022-24538, CVE-2022-24484,     CVE-2022-26784)

  - A remote code execution vulnerability. An attacker can     exploit this to bypass authentication and execute     unauthorized arbitrary commands. (CVE-2022-26823,     CVE-2022-26812, CVE-2022-26919, CVE-2022-26811,     CVE-2022-26809, CVE-2022-26918, CVE-2022-26917,     CVE-2022-26813, CVE-2022-26826, CVE-2022-26824,     CVE-2022-26815, CVE-2022-26814, CVE-2022-26916,     CVE-2022-26822, CVE-2022-26829, CVE-2022-26820,     CVE-2022-26819, CVE-2022-26818, CVE-2022-26825,     CVE-2022-26817, CVE-2022-26821, CVE-2022-24545,     CVE-2022-24541, CVE-2022-24492, CVE-2022-24491,     CVE-2022-24537, CVE-2022-24536, CVE-2022-24487,     CVE-2022-24534, CVE-2022-24485, CVE-2022-24533,     CVE-2022-26903, CVE-2022-24495, CVE-2022-24528,     CVE-2022-21983, CVE-2022-22008, CVE-2022-24500)

  - An information disclosure vulnerability. An attacker can     exploit this to disclose potentially sensitive     information. (CVE-2022-26816, CVE-2022-24493,     CVE-2022-24539, CVE-2022-24490, CVE-2022-26783,     CVE-2022-26785, CVE-2022-24498, CVE-2022-24483)

Detections

Analytics

KB5012596: Windows 10 version 1607 / Windows Server 2016 Security Update (April 2022)

critical Nessus Plugin ID 159677

Version 1.13

Version 1.12

Version 1.11

Version 1.10

Version 1.9

Version 1.13 Nov 28, 2024, 6:57 AM CVSS metrics ("CVSSv3 score" set to 9.8) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") CVSSv3 score source (changed from "CVE-2022-26810" to none) Plugin Feed: 202411280657
Version 1.12 Nov 27, 2024, 12:25 PM CVSS metrics ("CVSSv3 score" set to 7.8) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H") CVSSv3 score source (set to "CVE-2022-26810") Plugin Feed: 202411271225
Version 1.11 Jun 17, 2024, 3:35 PM Plugin metadata (add more granular CPEs to Windows OS plugins) Plugin Feed: 202406171535
Version 1.10 Feb 3, 2023, 4:05 PM Exploit attributes ("Exploit framework core" set to "True") Plugin Feed: 202302031605
Version 1.9 Dec 5, 2022, 10:02 PM CVE (set "CVE" coverage to "CVE-2022-26832") IAVM reference Plugin Feed: 202212052202