The remote Windows host is missing security update 5044343. It is, therefore, affected by multiple vulnerabilities

  - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability (CVE-2024-38212,     CVE-2024-38261, CVE-2024-38265, CVE-2024-43453, CVE-2024-43549, CVE-2024-43564, CVE-2024-43589,     CVE-2024-43592, CVE-2024-43593, CVE-2024-43607, CVE-2024-43608, CVE-2024-43611)

  - Windows Netlogon Elevation of Privilege Vulnerability (CVE-2024-38124)

  - Remote Desktop Client Remote Code Execution Vulnerability (CVE-2024-43599)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

KB5044343: Windows Server 2012 R2 Security Update (October 2024)

critical Nessus Plugin ID 208305

Version 1.6

Version 1.5

Version 1.4

Version 1.2

Version 1.1

Version 1.6 Nov 15, 2024, 3:52 PM IAVM reference Plugin Feed: 202411151552
Version 1.5 Nov 1, 2024, 3:44 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202411011544
Version 1.4 Oct 11, 2024, 5:40 PM IAVM reference STIG Severity (set to "I") Plugin Feed: 202410111740
Version 1.2 Oct 9, 2024, 10:24 PM CISA reference CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202410092224
Version 1.1 Oct 8, 2024, 10:36 PM New Plugin Feed: 202410082236