MS KB2532445: AppLocker Rules Bypass

low Nessus Plugin ID 70395

Synopsis

The remote host is missing an update that prevents a rules bypass vulnerability.

Description

The remote host is missing Microsoft KB2532445, an update that prevents an attacker from bypassing AppLocker rules by using an Office macro.

Solution

Microsoft has released a set of patches for Windows 7 and 2008 R2.

See Also

https://support.microsoft.com/en-us/help/2532445/you-can-circumvent-applocker-rules-by-using-an-office-macro-on-a-compu

Plugin Details

Severity: Low

ID: 70395

File Name: smb_kb2532445.nasl

Version: 1.7

Type: local

Agent: windows

Family: Windows

Published: 10/11/2013

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.0

CVSS v2

Risk Factor: Low

Base Score: 3.6

Temporal Score: 2.7

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/Registry/Enumerated, SMB/WindowsVersion, SMB/ProductName, AppLocker/enabled

Exploit Ease: No known exploits are available

Patch Publication Date: 11/9/2011

Vulnerability Publication Date: 11/9/2011

Reference Information

CVE: CVE-2011-4434

BID: 50687

MSKB: 2532445