The remote Windows host is missing security update 5036910. It is, therefore, affected by multiple vulnerabilities

  - SmartScreen Prompt Security Feature Bypass Vulnerability (CVE-2024-29988)

  - Secure Boot Security Feature Bypass Vulnerability (CVE-2024-20669, CVE-2024-26168, CVE-2024-26171,     CVE-2024-26175, CVE-2024-26180, CVE-2024-26189, CVE-2024-26194, CVE-2024-26240, CVE-2024-26250,     CVE-2024-28896, CVE-2024-28897, CVE-2024-28898, CVE-2024-28903, CVE-2024-28919, CVE-2024-28920,     CVE-2024-28921, CVE-2024-28922, CVE-2024-28923, CVE-2024-28924, CVE-2024-28925, CVE-2024-29061,     CVE-2024-29062)

  - Windows rndismp6.sys Remote Code Execution Vulnerability (CVE-2024-26252, CVE-2024-26253)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

KB5036910: Windows 11 version 22H2 / Windows Server version 23H2 Security Update (April 2024)

high Nessus Plugin ID 193102

Version 1.5

Version 1.4

Version 1.3

Version 1.2

Version 1.1

Version 1.0

Version 1.5 May 17, 2024, 10:54 AM IAVM reference Plugin Feed: 202405171054
Version 1.4 May 6, 2024, 6:54 AM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202405060654
Version 1.3 May 1, 2024, 4:54 AM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") CISA reference Plugin Feed: 202405010454
Version 1.2 Apr 19, 2024, 2:11 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202404191411
Version 1.1 Apr 12, 2024, 12:13 PM IAVM reference STIG Severity (set to "I") Plugin Feed: 202404121213
Version 1.0 Apr 9, 2024, 9:12 PM New Plugin Feed: 202404092112