Sherlock icon indicating copy to clipboard operation
Sherlock copied to clipboard

Published 20 hours ago verified publisher icon rasta-mouse

Detecting MS16-016 vulnerability 32-bit Win 7 SP1

Open peterdjalaliev opened this issue 5 years ago • 5 comments

I am running Sherlock.ps1 on a CTF-style vulnerable machine and it flags MS16-016 as "Appears Vulnerable". However, according to sysinfo, the machine has installed the KB3124280 hotfix that fixes MS16-016.

peterdjalaliev avatar Jun 08 '19 03:06 peterdjalaliev

Sherlock output:

Title : User Mode to Ring (KiTrap0D) MSBulletin : MS10-015 CVEID : 2010-0232 Link : https://www.exploit-db.com/exploits/11199/ VulnStatus : Not Vulnerable

Title : Task Scheduler .XML MSBulletin : MS10-092 CVEID : 2010-3338, 2010-3888 Link : https://www.exploit-db.com/exploits/19930/ VulnStatus : Not Vulnerable

Title : NTUserMessageCall Win32k Kernel Pool Overflow MSBulletin : MS13-053 CVEID : 2013-1300 Link : https://www.exploit-db.com/exploits/33213/ VulnStatus : Not Vulnerable

Title : TrackPopupMenuEx Win32k NULL Page MSBulletin : MS13-081 CVEID : 2013-3881 Link : https://www.exploit-db.com/exploits/31576/ VulnStatus : Not Vulnerable

Title : TrackPopupMenu Win32k Null Pointer Dereference MSBulletin : MS14-058 CVEID : 2014-4113 Link : https://www.exploit-db.com/exploits/35101/ VulnStatus : Not Vulnerable

Title : ClientCopyImage Win32k MSBulletin : MS15-051 CVEID : 2015-1701, 2015-2433 Link : https://www.exploit-db.com/exploits/37367/ VulnStatus : Not Vulnerable

Title : Font Driver Buffer Overflow MSBulletin : MS15-078 CVEID : 2015-2426, 2015-2433 Link : https://www.exploit-db.com/exploits/38222/ VulnStatus : Not Vulnerable

Title : 'mrxdav.sys' WebDAV MSBulletin : MS16-016 CVEID : 2016-0051 Link : https://www.exploit-db.com/exploits/40085/ VulnStatus : Appears Vulnerable

Title : Secondary Logon Handle MSBulletin : MS16-032 CVEID : 2016-0099 Link : https://www.exploit-db.com/exploits/39719/ VulnStatus : Not Supported on single-core systems

Title : Windows Kernel-Mode Drivers EoP MSBulletin : MS16-034 CVEID : 2016-0093/94/95/96 Link : https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS1 6-034? VulnStatus : Not Vulnerable

Title : Win32k Elevation of Privilege MSBulletin : MS16-135 CVEID : 2016-7255 Link : https://github.com/FuzzySecurity/PSKernel-Primitives/tree/master/S ample-Exploits/MS16-135 VulnStatus : Not Vulnerable

Title : Nessus Agent 6.6.2 - 6.10.3 MSBulletin : N/A CVEID : 2017-7199 Link : https://aspe1337.blogspot.co.uk/2017/04/writeup-of-cve-2017-7199.h tml VulnStatus : Not Vulnerable

peterdjalaliev avatar Jun 08 '19 03:06 peterdjalaliev

PS C:> (Get-Item C:\Windows\System32\drivers\mrxdav.sys).VersionInfo

ProductVersion FileVersion FileName

6.1.7601.19113 6.1.7601.1911... C:\Windows\System32\drivers\mrxdav.sys

peterdjalaliev avatar Jun 08 '19 03:06 peterdjalaliev

https://support.microsoft.com/en-us/help/3124280/ms16-016-description-of-the-security-update-for-webdav-february-9-2016 lists two updated mrxdav.sys files: one with version 6.1.7601.19113 and one with version 6.1.7601.23317

peterdjalaliev avatar Jun 08 '19 03:06 peterdjalaliev

PS C:> systeminfo ... OS Name: Microsoft Windows 7 Professional OS Version: 6.1.7601 Service Pack 1 Build 7601 ... Hotfix(s): 5 Hotfix(s) Installed. [01]: KB2534111 [02]: KB3045171 [03]: KB3124280 [04]: KB4012212 [05]: KB976902

peterdjalaliev avatar Jun 08 '19 03:06 peterdjalaliev

I don't support Sherlock anymore. Issues won't be fixed.

rasta-mouse avatar Jun 08 '19 07:06 rasta-mouse