The remote Windows host is missing security update 5012591.
It is, therefore, affected by multiple vulnerabilities:

  - An elevation of privilege vulnerability. An attacker can     exploit this to gain elevated privileges.
    (CVE-2022-24474, CVE-2022-24479, CVE-2022-24481,     CVE-2022-24486, CVE-2022-24494, CVE-2022-24496,     CVE-2022-24499, CVE-2022-24521, CVE-2022-24527,     CVE-2022-24530, CVE-2022-24540, CVE-2022-24542,     CVE-2022-24544, CVE-2022-24546, CVE-2022-24547,     CVE-2022-24549, CVE-2022-24550, CVE-2022-26786,     CVE-2022-26787, CVE-2022-26788, CVE-2022-26789,     CVE-2022-26790, CVE-2022-26792, CVE-2022-26793,     CVE-2022-26794, CVE-2022-26795, CVE-2022-26796,     CVE-2022-26797, CVE-2022-26798, CVE-2022-26801,     CVE-2022-26802, CVE-2022-26803, CVE-2022-26807,     CVE-2022-26808, CVE-2022-26810, CVE-2022-26827,     CVE-2022-26828, CVE-2022-26904, CVE-2022-26914)

  - A denial of service (DoS) vulnerability. An attacker can     exploit this issue to cause the affected component to     deny system or application services. (CVE-2022-26831,     CVE-2022-26915)

  - A remote code execution vulnerability. An attacker can     exploit this to bypass authentication and execute     unauthorized arbitrary commands. (CVE-2022-21983,     CVE-2022-22008, CVE-2022-24485, CVE-2022-24487,     CVE-2022-24491, CVE-2022-24492, CVE-2022-24495,     CVE-2022-24500, CVE-2022-24528, CVE-2022-24533,     CVE-2022-24534, CVE-2022-24537, CVE-2022-24541,     CVE-2022-24545, CVE-2022-26809, CVE-2022-26826,     CVE-2022-26903, CVE-2022-26916, CVE-2022-26917,     CVE-2022-26918, CVE-2022-26919)

  - An information disclosure vulnerability. An attacker can     exploit this to disclose potentially sensitive     information. (CVE-2022-24483, CVE-2022-24493,     CVE-2022-24498, CVE-2022-26920)

Detections

Analytics

KB5012591: Windows 10 version 1909 / Windows Server 1909 Security Update (April 2022)

critical Nessus Plugin ID 159679

Version 1.12

Version 1.11

Version 1.10

Version 1.9

Version 1.12 Nov 28, 2024, 6:57 AM CVSS metrics ("CVSSv3 score" set to 9.8) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") CVSSv3 score source (changed from "CVE-2022-26810" to none) Plugin Feed: 202411280657
Version 1.11 Nov 27, 2024, 12:25 PM CVSS metrics ("CVSSv3 score" set to 7.8) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H") CVSSv3 score source (set to "CVE-2022-26810") Plugin Feed: 202411271225
Version 1.10 Jun 17, 2024, 3:35 PM Plugin metadata (add more granular CPEs to Windows OS plugins) Plugin Feed: 202406171535
Version 1.9 Feb 3, 2023, 4:05 PM Exploit attributes ("Exploit framework core" set to "True") Plugin Feed: 202302031605