Nessus Report

Report generated by Tenable Nessus™

Server 1

Sat, 10 Jan 2026 05:42:13 India Standard Time

TABLE OF CONTENTS
Vulnerabilities by HostExpand All | Collapse All
172.17.100.60
54
240
60
3
1822
Critical
High
Medium
Low
Info
Scan Information
Start time: Sat Jan 10 03:04:13 2026
End time: Sat Jan 10 03:47:07 2026
Host Information
Netbios Name: MUMPORTAL001
IP: 172.17.100.60
MAC Address: 00:50:56:BC:47:5E
OS: Microsoft Windows Server 2016 Datacenter Build 14393
Vulnerabilities

172177 - .NET Core SDK SEoL
-
Synopsis
An unsupported version of .NET Core SDK is installed on the remote host.
Description
According to its version, the .NET Core SDK installed on the remote host is no longer maintained by its vendor or provider.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities.
See Also
Solution
Upgrade to a version of .NET Core SDK that is currently supported.
Risk Factor
Critical
CVSS v3.0 Base Score
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Plugin Information
Published: 2023/03/07, Modified: 2023/03/07
Plugin Output

tcp/0


Path : C:\\program files\dotnet\\sdk\1.1.0
Installed version : 1.1.0
Security End of Life : June 26, 2019
Time since Security End of Life (Est.) : >= 6 years

tcp/0


Path : C:\\program files\dotnet\\sdk\7.0.400
Installed version : 7.0.400
Security End of Life : May 13, 2024
Time since Security End of Life (Est.) : >= 1 year
172178 - ASP.NET Core SEoL
-
Synopsis
An unsupported version of ASP.NET Core is installed on the remote host.
Description
According to its version, the ASP.NET Core installed on the remote host is no longer maintained by its vendor or provider.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities.
See Also
Solution
Upgrade to a version of ASP.NET Core that is currently supported.
Risk Factor
Critical
CVSS v3.0 Base Score
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Plugin Information
Published: 2023/03/07, Modified: 2023/03/07
Plugin Output

tcp/0


Path : C:\Program Files (x86)\dotnet\shared\Microsoft.AspNetCore.App\3.1.3
Installed version : 3.1.3
Security End of Life : December 13, 2022
Time since Security End of Life (Est.) : >= 3 years

tcp/0


Path : C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\3.1.3
Installed version : 3.1.3
Security End of Life : December 13, 2022
Time since Security End of Life (Est.) : >= 3 years

tcp/0


Path : C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\7.0.10
Installed version : 7.0.10
Security End of Life : May 13, 2024
Time since Security End of Life (Est.) : >= 1 year

156860 - Apache Log4j 1.x Multiple Vulnerabilities
-
Synopsis
A logging library running on the remote host has multiple vulnerabilities.
Description
According to its self-reported version number, the installation of Apache Log4j on the remote host is 1.x and is no longer supported. Log4j reached its end of life prior to 2016. Additionally, Log4j 1.x is affected by multiple vulnerabilities, including :

- Log4j includes a SocketServer that accepts serialized log events and deserializes them without verifying whether the objects are allowed or not. This can provide an attack vector that can be exploited. (CVE-2019-17571)

- Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. (CVE-2020-9488)

- JMSSink uses JNDI in an unprotected manner allowing any application using the JMSSink to be vulnerable if it is configured to reference an untrusted site or if the site referenced can be accesseed by the attacker.
(CVE-2022-23302)

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
See Also
Solution
Upgrade to a version of Apache Log4j that is currently supported.

Upgrading to the latest versions for Apache Log4j is highly recommended as intermediate versions / patches have known high severity vulnerabilities and the vendor is updating their advisories often as new research and knowledge about the impact of Log4j is discovered. Refer to https://logging.apache.org/log4j/2.x/security.html for the latest versions.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.1 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.4904
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2019-17571
CVE CVE-2020-9488
CVE CVE-2022-23302
CVE CVE-2022-23305
CVE CVE-2022-23307
CVE CVE-2023-26464
XREF CEA-ID:CEA-2021-0004
XREF CEA-ID:CEA-2021-0025
XREF IAVA:2021-A-0573
Plugin Information
Published: 2022/01/19, Modified: 2024/06/13
Plugin Output

tcp/445/cifs


Path : C:\oracle\product\10.2.0\db_1\oc4j\j2ee\oc4j_applications\applications\isqlplus\isqlplus.war
Installed version : 1.2.6

tcp/445/cifs


Path : C:\oracle\product\10.2.0\db_1\oc4j\j2ee\oc4j_applications\applications\isqlplus\isqlplus\WEB-INF\lib\log4j-1.2.6.jar
Installed version : 1.2.6

182252 - Apache Log4j SEoL (<= 1.x)
-
Synopsis
An unsupported version of Apache Log4j is installed on the remote host.
Description
According to its version, Apache Log4j is less than or equal to 1.x. It is, therefore, no longer maintained by its vendor or provider.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities.
See Also
Solution
Upgrade to a version of Apache Log4j that is currently supported.
Risk Factor
Critical
CVSS v3.0 Base Score
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Plugin Information
Published: 2023/09/29, Modified: 2023/11/02
Plugin Output

tcp/0


Path : C:\oracle\product\10.2.0\db_1\oc4j\j2ee\oc4j_applications\applications\isqlplus\isqlplus.war
Installed version : 1.2.6
Security End of Life : August 4, 2015
Time since Security End of Life (Est.) : >= 10 years

tcp/0


Path : C:\oracle\product\10.2.0\db_1\oc4j\j2ee\oc4j_applications\applications\isqlplus\isqlplus\WEB-INF\lib\log4j-1.2.6.jar
Installed version : 1.2.6
Security End of Life : August 4, 2015
Time since Security End of Life (Est.) : >= 10 years

151592 - KB5004238: Windows 10 Version 1607 / Windows Server 2016 Security Update (July 2021)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5004238. It is, therefore, affected by multiple vulnerabilities.
Solution
Apply Cumulative Update 5004238
Risk Factor
High
CVSS v3.0 Base Score
9.9 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.0
EPSS Score
0.1713
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2021/07/13, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5004238

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.4530
152434 - KB5005043: Windows 10 Version 1607 and Windows Server 2016 Security Update (August 2021)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5005043.
It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26424, CVE-2021-26432, CVE-2021-34530, CVE-2021-34533, CVE-2021-34534, CVE-2021-34535, CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)

- A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36942)

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2021-26425, CVE-2021-26426, CVE-2021-34483, CVE-2021-34484, CVE-2021-34487, CVE-2021-34536, CVE-2021-34537)

- An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.
(CVE-2021-34480)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-26433, CVE-2021-36926, CVE-2021-36932, CVE-2021-36933, CVE-2021-36938)
See Also
Solution
Apply Cumulative Update KB5005043.
Risk Factor
High
CVSS v3.0 Base Score
9.9 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.2
EPSS Score
0.9355
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
6.5 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-26424
CVE CVE-2021-26425
CVE CVE-2021-26426
CVE CVE-2021-26432
CVE CVE-2021-26433
CVE CVE-2021-34480
CVE CVE-2021-34481
CVE CVE-2021-34483
CVE CVE-2021-34484
CVE CVE-2021-34487
CVE CVE-2021-34530
CVE CVE-2021-34533
CVE CVE-2021-34534
CVE CVE-2021-34535
CVE CVE-2021-34536
CVE CVE-2021-34537
CVE CVE-2021-36926
CVE CVE-2021-36932
CVE CVE-2021-36933
CVE CVE-2021-36936
CVE CVE-2021-36937
CVE CVE-2021-36938
CVE CVE-2021-36942
CVE CVE-2021-36947
MSKB 5005043
XREF MSFT:MS21-5005043
XREF IAVA:2021-A-0373-S
XREF IAVA:2021-A-0374-S
XREF CISA-KNOWN-EXPLOITED:2021/11/17
XREF CISA-KNOWN-EXPLOITED:2022/04/21
Plugin Information
Published: 2021/08/10, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5005043

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.4583
156063 - KB5008207: Windows 10 Version 1607 and Windows Server 2016 Security Update (December 2021)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5008207.
It is, therefore, affected by multiple vulnerabilities:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-43215, CVE-2021-43217, CVE-2021-43232, CVE-2021-43233, CVE-2021-43234)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-43216, CVE-2021-43222, CVE-2021-43224, CVE-2021-43227, CVE-2021-43235, CVE-2021-43236)

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2021-41333, CVE-2021-43207, CVE-2021-43223, CVE-2021-43226, CVE-2021-43229, CVE-2021-43230, CVE-2021-43231, CVE-2021-43238, CVE-2021-43248, CVE-2021-43883, CVE-2021-43893)
See Also
Solution
Apply Cumulative Update KB5008207.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.7
EPSS Score
0.2366
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
6.5 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-41333
CVE CVE-2021-43207
CVE CVE-2021-43215
CVE CVE-2021-43216
CVE CVE-2021-43217
CVE CVE-2021-43222
CVE CVE-2021-43223
CVE CVE-2021-43224
CVE CVE-2021-43226
CVE CVE-2021-43227
CVE CVE-2021-43229
CVE CVE-2021-43230
CVE CVE-2021-43231
CVE CVE-2021-43232
CVE CVE-2021-43233
CVE CVE-2021-43234
CVE CVE-2021-43235
CVE CVE-2021-43236
CVE CVE-2021-43238
CVE CVE-2021-43248
CVE CVE-2021-43883
CVE CVE-2021-43893
MSKB 5008207
XREF MSFT:MS21-5008207
XREF IAVA:2021-A-0586-S
XREF IAVA:2021-A-0582-S
XREF CISA-KNOWN-EXPLOITED:2025/10/27
Plugin Information
Published: 2021/12/14, Modified: 2025/10/06
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5008207

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.4825
156619 - KB5009546: Windows 10 Version 1607 and Windows Server 2016 Security Update (January 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5009546.
It is, therefore, affected by multiple vulnerabilities:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-21849, CVE-2022-21850, CVE-2022-21851, CVE-2022-21874, CVE-2022-21878, CVE-2022-21892, CVE-2022-21893, CVE-2022-21922, CVE-2022-21928, CVE-2022-21958, CVE-2022-21959, CVE-2022-21960, CVE-2022-21961, CVE-2022-21962, CVE-2022-21963)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2022-21876, CVE-2022-21880, CVE-2022-21904, CVE-2022-21915)

- A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.
(CVE-2022-21894, CVE-2022-21900, CVE-2022-21905, CVE-2022-21913, CVE-2022-21924, CVE-2022-21925)

- A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2022-21836)

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2022-21843, CVE-2022-21848, CVE-2022-21883, CVE-2022-21889, CVE-2022-21890)

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2022-21833, CVE-2022-21834, CVE-2022-21835, CVE-2022-21838, CVE-2022-21857, CVE-2022-21859, CVE-2022-21860, CVE-2022-21862, CVE-2022-21863, CVE-2022-21864, CVE-2022-21866, CVE-2022-21867, CVE-2022-21868, CVE-2022-21870, CVE-2022-21871, CVE-2022-21873, CVE-2022-21875, CVE-2022-21879, CVE-2022-21881, CVE-2022-21884, CVE-2022-21885, CVE-2022-21895, CVE-2022-21897, CVE-2022-21901, CVE-2022-21902, CVE-2022-21903, CVE-2022-21908, CVE-2022-21910, CVE-2022-21914, CVE-2022-21916, CVE-2022-21919, CVE-2022-21920)
See Also
Solution
Apply Cumulative Update KB5009546.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.3703
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2022/01/11, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5009546

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.4886
159677 - KB5012596: Windows 10 version 1607 / Windows Server 2016 Security Update (April 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5012591.
It is, therefore, affected by multiple vulnerabilities:

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2022-26827, CVE-2022-24549, CVE-2022-26810, CVE-2022-26803, CVE-2022-26808, CVE-2022-26807, CVE-2022-26792, CVE-2022-26801, CVE-2022-26802, CVE-2022-26794, CVE-2022-26790, CVE-2022-26797, CVE-2022-26787, CVE-2022-26798, CVE-2022-26796, CVE-2022-26786, CVE-2022-26904, CVE-2022-26788, CVE-2022-24496, CVE-2022-24544, CVE-2022-24540, CVE-2022-24489, CVE-2022-24486, CVE-2022-24481, CVE-2022-24479, CVE-2022-24527, CVE-2022-24474, CVE-2022-24521, CVE-2022-24547, CVE-2022-24550, CVE-2022-24499, CVE-2022-24494, CVE-2022-24542, CVE-2022-24530)

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2022-26831, CVE-2022-26915, CVE-2022-24538, CVE-2022-24484, CVE-2022-26784)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-26823, CVE-2022-26812, CVE-2022-26919, CVE-2022-26811, CVE-2022-26809, CVE-2022-26918, CVE-2022-26917, CVE-2022-26813, CVE-2022-26826, CVE-2022-26824, CVE-2022-26815, CVE-2022-26814, CVE-2022-26916, CVE-2022-26822, CVE-2022-26829, CVE-2022-26820, CVE-2022-26819, CVE-2022-26818, CVE-2022-26825, CVE-2022-26817, CVE-2022-26821, CVE-2022-24545, CVE-2022-24541, CVE-2022-24492, CVE-2022-24491, CVE-2022-24537, CVE-2022-24536, CVE-2022-24487, CVE-2022-24534, CVE-2022-24485, CVE-2022-24533, CVE-2022-26903, CVE-2022-24495, CVE-2022-24528, CVE-2022-21983, CVE-2022-22008, CVE-2022-24500)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2022-26816, CVE-2022-24493, CVE-2022-24539, CVE-2022-24490, CVE-2022-26783, CVE-2022-26785, CVE-2022-24498, CVE-2022-24483)
See Also
Solution
Apply Cumulative Update 5012596
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.0
EPSS Score
0.9256
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-21983
CVE CVE-2022-22008
CVE CVE-2022-24474
CVE CVE-2022-24479
CVE CVE-2022-24481
CVE CVE-2022-24482
CVE CVE-2022-24483
CVE CVE-2022-24484
CVE CVE-2022-24485
CVE CVE-2022-24486
CVE CVE-2022-24487
CVE CVE-2022-24489
CVE CVE-2022-24490
CVE CVE-2022-24491
CVE CVE-2022-24492
CVE CVE-2022-24493
CVE CVE-2022-24494
CVE CVE-2022-24495
CVE CVE-2022-24496
CVE CVE-2022-24497
CVE CVE-2022-24498
CVE CVE-2022-24499
CVE CVE-2022-24500
CVE CVE-2022-24521
CVE CVE-2022-24527
CVE CVE-2022-24528
CVE CVE-2022-24530
CVE CVE-2022-24533
CVE CVE-2022-24534
CVE CVE-2022-24536
CVE CVE-2022-24537
CVE CVE-2022-24538
CVE CVE-2022-24539
CVE CVE-2022-24540
CVE CVE-2022-24541
CVE CVE-2022-24542
CVE CVE-2022-24544
CVE CVE-2022-24545
CVE CVE-2022-24547
CVE CVE-2022-24549
CVE CVE-2022-24550
CVE CVE-2022-26783
CVE CVE-2022-26784
CVE CVE-2022-26785
CVE CVE-2022-26786
CVE CVE-2022-26787
CVE CVE-2022-26788
CVE CVE-2022-26790
CVE CVE-2022-26792
CVE CVE-2022-26794
CVE CVE-2022-26796
CVE CVE-2022-26797
CVE CVE-2022-26798
CVE CVE-2022-26801
CVE CVE-2022-26802
CVE CVE-2022-26803
CVE CVE-2022-26807
CVE CVE-2022-26808
CVE CVE-2022-26809
CVE CVE-2022-26810
CVE CVE-2022-26811
CVE CVE-2022-26812
CVE CVE-2022-26813
CVE CVE-2022-26814
CVE CVE-2022-26815
CVE CVE-2022-26816
CVE CVE-2022-26817
CVE CVE-2022-26818
CVE CVE-2022-26819
CVE CVE-2022-26820
CVE CVE-2022-26821
CVE CVE-2022-26822
CVE CVE-2022-26823
CVE CVE-2022-26824
CVE CVE-2022-26825
CVE CVE-2022-26826
CVE CVE-2022-26827
CVE CVE-2022-26829
CVE CVE-2022-26831
CVE CVE-2022-26832
CVE CVE-2022-26903
CVE CVE-2022-26904
CVE CVE-2022-26915
CVE CVE-2022-26916
CVE CVE-2022-26917
CVE CVE-2022-26918
CVE CVE-2022-26919
MSKB 5012596
XREF MSFT:MS22-5012596
XREF IAVA:2022-A-0143-S
XREF IAVA:2022-A-0147-S
XREF IAVA:2022-A-0145-S
XREF CISA-KNOWN-EXPLOITED:2022/05/04
XREF CISA-KNOWN-EXPLOITED:2022/05/16
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2022/04/12, Modified: 2024/11/28
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5012596

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.5066
163940 - KB5016622: Windows 10 Version 1607 and Windows Server 2016 Security Update (August 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5016622. It is, therefore, affected by multiple vulnerabilities

- Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability (CVE-2022-35747, CVE-2022-35769)

- Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability (CVE-2022-30133, CVE-2022-35744)

- Windows Bluetooth Service Remote Code Execution Vulnerability (CVE-2022-30144)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5016622
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.2
EPSS Score
0.4615
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2022/08/09, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5016622

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.5291
164996 - KB5017305: Windows 10 Version 1607 and Windows Server 2016 Security Update (September 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5017305. It is, therefore, affected by multiple vulnerabilities

- Windows Photo Import API Elevation of Privilege Vulnerability (CVE-2022-26928)

- Windows Credential Roaming Service Elevation of Privilege Vulnerability (CVE-2022-30170)

- Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2022-30200)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5017305
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.2
EPSS Score
0.8578
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2022/09/13, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5017305

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.5356
171448 - KB5022838: Windows 10 Version 1607 and Windows Server 2016 Security Update (February 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5022838. It is, therefore, affected by multiple vulnerabilities

- Windows iSCSI Discovery Service Remote Code Execution Vulnerability (CVE-2023-21803)

- Microsoft PostScript Printer Driver Remote Code Execution Vulnerability (CVE-2023-21684, CVE-2023-21801)

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-21685, CVE-2023-21686, CVE-2023-21799)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5022838
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.2
EPSS Score
0.3048
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2023/02/14, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5022838

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.5717
172532 - KB5023697: Windows 10 Version 1607 and Windows Server 2016 Security Update (March 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5023697. It is, therefore, affected by multiple vulnerabilities

- An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context. (CVE-2023-1017)

- An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM. (CVE-2023-1018)

- Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2023-21708, CVE-2023-23405, CVE-2023-24869, CVE-2023-24908)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5023697
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.2
EPSS Score
0.7729
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2023/03/14, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5023697

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.5786
174120 - KB5025228: Windows 10 Version 1607 and Windows Server 2016 Security Update (April 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5025228. It is, therefore, affected by multiple vulnerabilities

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-28275)

- Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-28250)

- Microsoft Message Queuing Remote Code Execution Vulnerability (CVE-2023-21554)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5025228
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.4
EPSS Score
0.9216
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2023/04/11, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5025228

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.5850
175339 - KB5026363: Windows 10 Version 1607 and Windows Server 2016 Security Update (May 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5026363. It is, therefore, affected by multiple vulnerabilities

- Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-24943)

- Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2023-28283)

- Server for NFS Denial of Service Vulnerability (CVE-2023-24939)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5026363
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.7946
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-24900
CVE CVE-2023-24901
CVE CVE-2023-24903
CVE CVE-2023-24932
CVE CVE-2023-24939
CVE CVE-2023-24940
CVE CVE-2023-24941
CVE CVE-2023-24942
CVE CVE-2023-24943
CVE CVE-2023-24945
CVE CVE-2023-24946
CVE CVE-2023-24947
CVE CVE-2023-24948
CVE CVE-2023-28251
CVE CVE-2023-28283
CVE CVE-2023-29324
CVE CVE-2023-29325
CVE CVE-2023-29336
MSKB 5026363
XREF MSFT:MS23-5026363
XREF IAVA:2023-A-0248-S
XREF IAVA:2023-A-0249-S
XREF CISA-KNOWN-EXPLOITED:2023/05/30
Exploitable With
Core Impact (true)
Plugin Information
Published: 2023/05/09, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5026363

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.5921
177246 - KB5027219: Windows 10 Version 1607 and Windows Server 2016 Security Update (June 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5027219. It is, therefore, affected by multiple vulnerabilities

- Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-29363, CVE-2023-32014, CVE-2023-32015)

- Windows Collaborative Translation Framework Elevation of Privilege Vulnerability (CVE-2023-32009)

- Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2023-29373)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5027219
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.2
EPSS Score
0.2211
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2023/06/13, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5027219

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.5989
178152 - KB5028169: Windows 10 Version 1607 and Windows Server 2016 Security Update (July 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5028169. It is, therefore, affected by multiple vulnerabilities

- Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability (CVE-2023-35365, CVE-2023-35366, CVE-2023-35367)

- Windows Netlogon Information Disclosure Vulnerability (CVE-2023-21526)

- Windows Win32k Elevation of Privilege Vulnerability (CVE-2023-21756)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5028169
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.6873
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-21526
CVE CVE-2023-21756
CVE CVE-2023-32033
CVE CVE-2023-32034
CVE CVE-2023-32035
CVE CVE-2023-32038
CVE CVE-2023-32039
CVE CVE-2023-32040
CVE CVE-2023-32041
CVE CVE-2023-32042
CVE CVE-2023-32043
CVE CVE-2023-32044
CVE CVE-2023-32045
CVE CVE-2023-32046
CVE CVE-2023-32049
CVE CVE-2023-32053
CVE CVE-2023-32054
CVE CVE-2023-32055
CVE CVE-2023-32057
CVE CVE-2023-32083
CVE CVE-2023-32085
CVE CVE-2023-33154
CVE CVE-2023-33163
CVE CVE-2023-33164
CVE CVE-2023-33166
CVE CVE-2023-33167
CVE CVE-2023-33168
CVE CVE-2023-33169
CVE CVE-2023-33172
CVE CVE-2023-33173
CVE CVE-2023-33174
CVE CVE-2023-35296
CVE CVE-2023-35297
CVE CVE-2023-35299
CVE CVE-2023-35300
CVE CVE-2023-35302
CVE CVE-2023-35303
CVE CVE-2023-35304
CVE CVE-2023-35305
CVE CVE-2023-35306
CVE CVE-2023-35308
CVE CVE-2023-35309
CVE CVE-2023-35310
CVE CVE-2023-35312
CVE CVE-2023-35313
CVE CVE-2023-35314
CVE CVE-2023-35316
CVE CVE-2023-35317
CVE CVE-2023-35318
CVE CVE-2023-35319
CVE CVE-2023-35320
CVE CVE-2023-35321
CVE CVE-2023-35322
CVE CVE-2023-35324
CVE CVE-2023-35325
CVE CVE-2023-35328
CVE CVE-2023-35329
CVE CVE-2023-35330
CVE CVE-2023-35331
CVE CVE-2023-35332
CVE CVE-2023-35336
CVE CVE-2023-35338
CVE CVE-2023-35339
CVE CVE-2023-35340
CVE CVE-2023-35341
CVE CVE-2023-35342
CVE CVE-2023-35344
CVE CVE-2023-35345
CVE CVE-2023-35346
CVE CVE-2023-35348
CVE CVE-2023-35350
CVE CVE-2023-35351
CVE CVE-2023-35352
CVE CVE-2023-35353
CVE CVE-2023-35356
CVE CVE-2023-35357
CVE CVE-2023-35358
CVE CVE-2023-35360
CVE CVE-2023-35361
CVE CVE-2023-35362
CVE CVE-2023-35365
CVE CVE-2023-35366
CVE CVE-2023-35367
CVE CVE-2023-36871
CVE CVE-2023-36874
MSKB 5028169
XREF CISA-KNOWN-EXPLOITED:2023/08/01
XREF MSFT:MS23-5028169
XREF IAVA:2023-A-0347-S
XREF IAVA:2023-A-0345-S
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2023/07/11, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5028169

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.6085
179498 - KB5029242: Windows 10 Version 1607 and Windows Server 2016 Security Update (August 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5029242. It is, therefore, affected by multiple vulnerabilities

- Microsoft Message Queuing Remote Code Execution Vulnerability (CVE-2023-35385, CVE-2023-36910, CVE-2023-36911)

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36882)

- Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability (CVE-2023-35387)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5029242
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.6
EPSS Score
0.9322
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-20569
CVE CVE-2023-35359
CVE CVE-2023-35376
CVE CVE-2023-35377
CVE CVE-2023-35380
CVE CVE-2023-35381
CVE CVE-2023-35383
CVE CVE-2023-35384
CVE CVE-2023-35385
CVE CVE-2023-35386
CVE CVE-2023-35387
CVE CVE-2023-36882
CVE CVE-2023-36884
CVE CVE-2023-36889
CVE CVE-2023-36900
CVE CVE-2023-36903
CVE CVE-2023-36905
CVE CVE-2023-36906
CVE CVE-2023-36907
CVE CVE-2023-36908
CVE CVE-2023-36909
CVE CVE-2023-36910
CVE CVE-2023-36911
CVE CVE-2023-36912
CVE CVE-2023-36913
CVE CVE-2023-38172
CVE CVE-2023-38184
CVE CVE-2023-38254
MSKB 5029242
XREF MSFT:MS23-5029242
XREF IAVA:2023-A-0418-S
XREF IAVA:2023-A-0409-S
XREF IAVA:2023-A-0402-S
XREF IAVA:2023-A-0412-S
XREF IAVA:2023-A-0416-S
XREF CISA-KNOWN-EXPLOITED:2023/08/29
Exploitable With
Core Impact (true)
Plugin Information
Published: 2023/08/08, Modified: 2024/11/13
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5029242

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.6167
182862 - KB5031362: Windows 10 Version 1607 and Windows Server 2016 Security Update (October 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5031362. It is, therefore, affected by multiple vulnerabilities

- The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. (CVE-2023-44487)
- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36577)

- Windows IIS Server Elevation of Privilege Vulnerability (CVE-2023-36434)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5031362
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.9443
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-29348
CVE CVE-2023-35349
CVE CVE-2023-36431
CVE CVE-2023-36434
CVE CVE-2023-36436
CVE CVE-2023-36438
CVE CVE-2023-36557
CVE CVE-2023-36563
CVE CVE-2023-36564
CVE CVE-2023-36567
CVE CVE-2023-36570
CVE CVE-2023-36571
CVE CVE-2023-36572
CVE CVE-2023-36573
CVE CVE-2023-36574
CVE CVE-2023-36575
CVE CVE-2023-36576
CVE CVE-2023-36577
CVE CVE-2023-36578
CVE CVE-2023-36579
CVE CVE-2023-36581
CVE CVE-2023-36582
CVE CVE-2023-36583
CVE CVE-2023-36584
CVE CVE-2023-36585
CVE CVE-2023-36589
CVE CVE-2023-36590
CVE CVE-2023-36591
CVE CVE-2023-36592
CVE CVE-2023-36593
CVE CVE-2023-36594
CVE CVE-2023-36596
CVE CVE-2023-36598
CVE CVE-2023-36602
CVE CVE-2023-36606
CVE CVE-2023-36697
CVE CVE-2023-36701
CVE CVE-2023-36702
CVE CVE-2023-36703
CVE CVE-2023-36706
CVE CVE-2023-36707
CVE CVE-2023-36709
CVE CVE-2023-36710
CVE CVE-2023-36711
CVE CVE-2023-36712
CVE CVE-2023-36713
CVE CVE-2023-36717
CVE CVE-2023-36718
CVE CVE-2023-36720
CVE CVE-2023-36722
CVE CVE-2023-36724
CVE CVE-2023-36726
CVE CVE-2023-36729
CVE CVE-2023-36731
CVE CVE-2023-36732
CVE CVE-2023-36743
CVE CVE-2023-36776
CVE CVE-2023-36902
CVE CVE-2023-38159
CVE CVE-2023-38166
CVE CVE-2023-41765
CVE CVE-2023-41766
CVE CVE-2023-41767
CVE CVE-2023-41768
CVE CVE-2023-41769
CVE CVE-2023-41770
CVE CVE-2023-41771
CVE CVE-2023-41773
CVE CVE-2023-41774
CVE CVE-2023-44487
MSKB 5031362
XREF MSFT:MS23-5031362
XREF IAVA:2023-A-0552-S
XREF IAVA:2023-A-0553-S
XREF CISA-KNOWN-EXPLOITED:2023/12/07
XREF CISA-KNOWN-EXPLOITED:2023/10/31
XREF CEA-ID:CEA-2024-0004
XREF IAVB:2023-B-0083-S
Exploitable With
Core Impact (true)
Plugin Information
Published: 2023/10/10, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5031362

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.6343
185576 - KB5032197: Windows 10 Version 1607 and Windows Server 2016 Security Update (November 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5032197. It is, therefore, affected by multiple vulnerabilities

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36402)

- Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-36397)

- Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability (CVE-2023-36028)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5032197
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.9021
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36017
CVE CVE-2023-36025
CVE CVE-2023-36028
CVE CVE-2023-36036
CVE CVE-2023-36392
CVE CVE-2023-36393
CVE CVE-2023-36394
CVE CVE-2023-36395
CVE CVE-2023-36397
CVE CVE-2023-36398
CVE CVE-2023-36400
CVE CVE-2023-36401
CVE CVE-2023-36402
CVE CVE-2023-36403
CVE CVE-2023-36404
CVE CVE-2023-36405
CVE CVE-2023-36408
CVE CVE-2023-36423
CVE CVE-2023-36424
CVE CVE-2023-36425
CVE CVE-2023-36428
CVE CVE-2023-36705
CVE CVE-2023-36719
CVE CVE-2024-21315
MSKB 5032197
XREF MSFT:MS23-5032197
XREF CISA-KNOWN-EXPLOITED:2023/12/05
XREF IAVA:2023-A-0638-S
XREF IAVA:2023-A-0636-S
XREF IAVA:2024-A-0105
Exploitable With
Core Impact (true)
Plugin Information
Published: 2023/11/14, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5032197

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.6451
202043 - KB5040434: Windows 10 Version 1607 / Windows Server 2016 Security Update (July 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5040434. It is, therefore, affected by multiple vulnerabilities

- RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen- prefix collision attack against MD5 Response Authenticator signature. (CVE-2024-3596)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2024-30013, CVE-2024-38104) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5040434
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.9286
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-3596
CVE CVE-2024-28899
CVE CVE-2024-30013
CVE CVE-2024-30071
CVE CVE-2024-30079
CVE CVE-2024-30081
CVE CVE-2024-30098
CVE CVE-2024-35270
CVE CVE-2024-37969
CVE CVE-2024-37970
CVE CVE-2024-37971
CVE CVE-2024-37972
CVE CVE-2024-37973
CVE CVE-2024-37974
CVE CVE-2024-37975
CVE CVE-2024-37984
CVE CVE-2024-37986
CVE CVE-2024-37987
CVE CVE-2024-37988
CVE CVE-2024-37989
CVE CVE-2024-38010
CVE CVE-2024-38011
CVE CVE-2024-38013
CVE CVE-2024-38015
CVE CVE-2024-38017
CVE CVE-2024-38019
CVE CVE-2024-38022
CVE CVE-2024-38025
CVE CVE-2024-38027
CVE CVE-2024-38028
CVE CVE-2024-38030
CVE CVE-2024-38031
CVE CVE-2024-38033
CVE CVE-2024-38034
CVE CVE-2024-38041
CVE CVE-2024-38043
CVE CVE-2024-38044
CVE CVE-2024-38047
CVE CVE-2024-38048
CVE CVE-2024-38049
CVE CVE-2024-38050
CVE CVE-2024-38051
CVE CVE-2024-38052
CVE CVE-2024-38053
CVE CVE-2024-38054
CVE CVE-2024-38055
CVE CVE-2024-38056
CVE CVE-2024-38057
CVE CVE-2024-38058
CVE CVE-2024-38060
CVE CVE-2024-38061
CVE CVE-2024-38062
CVE CVE-2024-38064
CVE CVE-2024-38065
CVE CVE-2024-38066
CVE CVE-2024-38067
CVE CVE-2024-38068
CVE CVE-2024-38069
CVE CVE-2024-38070
CVE CVE-2024-38071
CVE CVE-2024-38072
CVE CVE-2024-38073
CVE CVE-2024-38074
CVE CVE-2024-38076
CVE CVE-2024-38077
CVE CVE-2024-38079
CVE CVE-2024-38085
CVE CVE-2024-38091
CVE CVE-2024-38099
CVE CVE-2024-38100
CVE CVE-2024-38101
CVE CVE-2024-38102
CVE CVE-2024-38104
CVE CVE-2024-38105
CVE CVE-2024-38112
CVE CVE-2024-38517
CVE CVE-2024-39684
MSKB 5040434
XREF MSFT:MS24-5040434
XREF CISA-KNOWN-EXPLOITED:2024/07/30
XREF IAVA:2024-A-0408-S
XREF IAVA:2024-A-0407-S
Exploitable With
Core Impact (true)
Plugin Information
Published: 2024/07/09, Modified: 2025/10/06
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5040434

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.7155
205447 - KB5041773: Windows 10 Version 1607 / Windows Server 2016 Security Update (August 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5041773. It is, therefore, affected by multiple vulnerabilities

- An elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS) including a subset of Azure Virtual Machine SKUS. This can allow an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS. (CVE-2024-21302)

- A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism. (CVE-2022-2601)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5041773
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.6
EPSS Score
0.9006
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2024/08/13, Modified: 2025/10/06
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5041773

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.7254
206902 - KB5043051: Windows 10 Version 1607 / Windows Server 2016 Security Update (September 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5043051. It is, therefore, affected by multiple vulnerabilities

- Windows MSHTML Platform Spoofing Vulnerability (CVE-2024-43461)

- Windows Remote Desktop Licensing Service Spoofing Vulnerability (CVE-2024-43455)

- Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability (CVE-2024-38260, CVE-2024-38263, CVE-2024-43454, CVE-2024-43467)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5043051
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.1 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.2639
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2024/09/10, Modified: 2025/10/22
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5043051

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.7330
208298 - KB5044293: Windows 10 Version 1607 / Windows Server 2016 Security Update (October 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5044293. It is, therefore, affected by multiple vulnerabilities

- Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability (CVE-2024-38212, CVE-2024-38261, CVE-2024-38265, CVE-2024-43453, CVE-2024-43549, CVE-2024-43564, CVE-2024-43589, CVE-2024-43592, CVE-2024-43593, CVE-2024-43607, CVE-2024-43608, CVE-2024-43611)

- Windows Netlogon Elevation of Privilege Vulnerability (CVE-2024-38124)

- Remote Desktop Client Remote Code Execution Vulnerability (CVE-2024-43599)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5044293
Risk Factor
Critical
CVSS v3.0 Base Score
9.0 (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.6 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.6
EPSS Score
0.5847
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2024/10/08, Modified: 2024/11/18
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5044293

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.7426
210850 - KB5046612: Windows 10 Version 1607 / Windows Server 2016 Security Update (November 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5046612. It is, therefore, affected by multiple vulnerabilities

- Windows Kerberos Remote Code Execution Vulnerability (CVE-2024-43639)

- Windows NT OS Kernel Elevation of Privilege Vulnerability (CVE-2024-43623)

- Windows Telephony Service Elevation of Privilege Vulnerability (CVE-2024-43626)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5046612
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
10.0
EPSS Score
0.9039
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-38203
CVE CVE-2024-43449
CVE CVE-2024-43450
CVE CVE-2024-43451
CVE CVE-2024-43620
CVE CVE-2024-43621
CVE CVE-2024-43622
CVE CVE-2024-43623
CVE CVE-2024-43626
CVE CVE-2024-43627
CVE CVE-2024-43628
CVE CVE-2024-43634
CVE CVE-2024-43635
CVE CVE-2024-43636
CVE CVE-2024-43637
CVE CVE-2024-43638
CVE CVE-2024-43639
CVE CVE-2024-43641
CVE CVE-2024-43643
CVE CVE-2024-43644
CVE CVE-2024-43645
CVE CVE-2024-43646
CVE CVE-2024-49019
CVE CVE-2024-49039
CVE CVE-2024-49046
MSKB 5046612
XREF MSFT:MS24-5046612
XREF CISA-KNOWN-EXPLOITED:2024/12/03
XREF IAVA:2024-A-0729-S
XREF IAVA:2024-A-0730-S
Plugin Information
Published: 2024/11/12, Modified: 2025/01/23
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5046612

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.7513
249125 - KB5063871: Windows 10 Version 1607 / Windows Server 2016 Security Update (August 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5063871. It is, therefore, affected by multiple vulnerabilities

- Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
(CVE-2025-53766)

- Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. (CVE-2025-49751)

- Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. (CVE-2025-49743)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5063871
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.0127
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2025/08/12, Modified: 2025/10/29
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5063871

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.8330
270384 - KB5066836: Windows 10 Version 1607 / Windows Server 2016 Security Update (October 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5066836. It is, therefore, affected by multiple vulnerabilities

- tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka Predictor heap-buffer-overflow. (CVE-2016-9535)

- In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image. (CVE-2025-47827)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5066836
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.1 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
9.2
EPSS Score
0.0824
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
6.2 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2016-9535
CVE CVE-2025-24052
CVE CVE-2025-24990
CVE CVE-2025-25004
CVE CVE-2025-47827
CVE CVE-2025-50152
CVE CVE-2025-53768
CVE CVE-2025-54957
CVE CVE-2025-55325
CVE CVE-2025-55328
CVE CVE-2025-55333
CVE CVE-2025-55335
CVE CVE-2025-55338
CVE CVE-2025-55678
CVE CVE-2025-55683
CVE CVE-2025-55687
CVE CVE-2025-55692
CVE CVE-2025-55695
CVE CVE-2025-55699
CVE CVE-2025-55700
CVE CVE-2025-55701
CVE CVE-2025-58714
CVE CVE-2025-58715
CVE CVE-2025-58716
CVE CVE-2025-58717
CVE CVE-2025-58718
CVE CVE-2025-58719
CVE CVE-2025-58722
CVE CVE-2025-58725
CVE CVE-2025-58726
CVE CVE-2025-58729
CVE CVE-2025-58730
CVE CVE-2025-58732
CVE CVE-2025-58733
CVE CVE-2025-58734
CVE CVE-2025-58735
CVE CVE-2025-58736
CVE CVE-2025-58737
CVE CVE-2025-58739
CVE CVE-2025-59184
CVE CVE-2025-59185
CVE CVE-2025-59186
CVE CVE-2025-59187
CVE CVE-2025-59188
CVE CVE-2025-59190
CVE CVE-2025-59192
CVE CVE-2025-59196
CVE CVE-2025-59197
CVE CVE-2025-59198
CVE CVE-2025-59200
CVE CVE-2025-59201
CVE CVE-2025-59202
CVE CVE-2025-59203
CVE CVE-2025-59205
CVE CVE-2025-59208
CVE CVE-2025-59209
CVE CVE-2025-59211
CVE CVE-2025-59214
CVE CVE-2025-59230
CVE CVE-2025-59242
CVE CVE-2025-59244
CVE CVE-2025-59253
CVE CVE-2025-59254
CVE CVE-2025-59258
CVE CVE-2025-59259
CVE CVE-2025-59260
CVE CVE-2025-59275
CVE CVE-2025-59277
CVE CVE-2025-59278
CVE CVE-2025-59280
CVE CVE-2025-59282
CVE CVE-2025-59294
CVE CVE-2025-59295
MSKB 5066836
XREF MSFT:MS25-5066836
XREF CISA-KNOWN-EXPLOITED:2025/11/04
XREF IAVA:2025-A-0775-S
XREF IAVA:2025-A-0776-S
Plugin Information
Published: 2025/10/14, Modified: 2025/11/18
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5066836

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.8519
274780 - KB5068864: Windows 10 Version 1607 / Windows Server 2016 Security Update (November 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5068864. It is, therefore, affected by multiple vulnerabilities

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands.
(CVE-2025-60724, CVE-2025-60714, CVE-2025-60715, CVE-2025-62452)
- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2025-59505, CVE-2025-59506, CVE-2025-59507, CVE-2025-59508, CVE-2025-59512, CVE-2025-59514, CVE-2025-60703, CVE-2025-60704, CVE-2025-60705, CVE-2025-60709, CVE-2025-60713, CVE-2025-60719, CVE-2025-60720, CVE-2025-62213, CVE-2025-62217)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5068864
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0007
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2025/11/11, Modified: 2025/11/14
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5068864

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.8592
95811 - MS16-148: Security Update for Microsoft Office (3204068)
-
Synopsis
An application installed on the remote host is affected by multiple vulnerabilities.
Description
The Microsoft Office application or Microsoft Office Services and Web Apps installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- An arbitrary command execution vulnerability exists in Microsoft Office due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted Office file, resulting in a bypass of security restrictions and the execution of arbitrary commands. (CVE-2016-7262)

- Multiple remote code execution vulnerabilities exist in Microsoft Office software due to a failure to properly handle objects in memory. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted Office file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-7263, CVE-2016-7277, CVE-2016-7289, CVE-2016-7298)

- Multiple information disclosure vulnerabilities exist in Microsoft Office software due to an out-of-bounds memory read error. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted Office file, resulting in the disclosure of memory contents. (CVE-2016-7264, CVE-2016-7265, CVE-2016-7268, CVE-2016-7276, CVE-2016-7290, CVE-2016-7291)

- An arbitrary command execution vulnerability exists in Microsoft Office due to improper validation of registry settings when running embedded content. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted document file multiple times, resulting in a bypass of security restrictions and the execution of arbitrary commands.
(CVE-2016-7266)

- A security bypass vulnerability exists in Microsoft Office due to improper parsing of file formats. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted Office file, resulting in a bypass security restrictions.
(CVE-2016-7267)

- An elevation of privilege vulnerability exists in Microsoft Office due to improper validation before loading libraries. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2016-7275)
See Also
Solution
Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Excel 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Word 2007, 2010; Microsoft Publisher 2010 Office Compatibility Pack; Excel Viewer; Word Viewer; Microsoft SharePoint Server 2007 and 2010; and Office Web Apps 2010.
Risk Factor
High
CVSS v3.0 Base Score
9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.2 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.8
EPSS Score
0.8709
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 94662
BID 94664
BID 94665
BID 94668
BID 94670
BID 94671
BID 94672
BID 94715
BID 94718
BID 94720
BID 94721
BID 94769
CVE CVE-2016-7262
CVE CVE-2016-7263
CVE CVE-2016-7264
CVE CVE-2016-7265
CVE CVE-2016-7266
CVE CVE-2016-7267
CVE CVE-2016-7268
CVE CVE-2016-7275
CVE CVE-2016-7276
CVE CVE-2016-7277
CVE CVE-2016-7289
CVE CVE-2016-7290
CVE CVE-2016-7291
CVE CVE-2016-7298
MSKB 3128020
MSKB 2883033
MSKB 3127986
MSKB 3127968
MSKB 3128029
MSKB 3127892
MSKB 3128037
MSKB 3128019
MSKB 3128025
MSKB 3128022
MSKB 3128024
MSKB 3128023
MSKB 3128016
MSKB 3128008
MSKB 3128026
MSKB 3118380
MSKB 3128032
MSKB 2889841
MSKB 3128034
MSKB 3114395
MSKB 3128035
MSKB 3128044
MSKB 3128043
MSKB 3127995
XREF MSFT:MS16-148
XREF IAVA:2016-A-0345-S
XREF CISA-KNOWN-EXPLOITED:2022/03/24
Plugin Information
Published: 2016/12/14, Modified: 2023/04/25
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 2889841
- C:\Program Files (x86)\Common Files\Microsoft Shared\Office14\usp10.dll has not been patched.
Remote version : 1.626.7601.22182
Should be : 1.626.7601.23585

Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7177.5000

Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7177.5000

Product : Publisher 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Mspub.exe has not been patched.
Remote version : 14.0.7011.1000
Fixed version : 14.0.7162.5000

172179 - Microsoft .NET Core SEoL
-
Synopsis
An unsupported version of Microsoft .NET Core is installed on the remote host.
Description
According to its version, the Microsoft .NET Core installed on the remote host is no longer maintained by its vendor or provider.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities.
See Also
Solution
Upgrade to a version of Microsoft .NET Core that is currently supported.
Risk Factor
Critical
CVSS v3.0 Base Score
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Plugin Information
Published: 2023/03/07, Modified: 2023/03/07
Plugin Output

tcp/0


Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\1.0.5\
Installed version : 1.0.5
Security End of Life : June 26, 2019
Time since Security End of Life (Est.) : >= 6 years

tcp/0


Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\1.1.2\
Installed version : 1.1.2
Security End of Life : June 26, 2019
Time since Security End of Life (Est.) : >= 6 years

tcp/0


Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.10\
Installed version : 7.0.10
Security End of Life : May 13, 2024
Time since Security End of Life (Est.) : >= 1 year

tcp/0


Path : C:\Program Files\dotnet\shared\Microsoft.NetCore.App\3.1.3\
Installed version : 3.1.3.28628
Security End of Life : December 13, 2022
Time since Security End of Life (Est.) : >= 3 years

270707 - Microsoft ASP.NET Core Security Feature Bypass (October 2025)
-
Synopsis
The remote Windows host is affected by a security feature bypass vulnerability.
Description
The version of ASP.NET Core installed on the remote Windows host is 8.0.x prior to 8.0.21, 9.0.x prior to 9.0.10, or 10.0.0-rc.1.25451.107. It is, therefore, affected by a security feature bypass vulnerability.
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Update .NET Core to version 8.0.21, 9.0.10, 10.0.0-rc.2.25502.107 or later.
Risk Factor
High
CVSS v3.0 Base Score
9.9 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L)
VPR Score
10.0
EPSS Score
0.0004
CVSS v2.0 Base Score
8.7 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:P)
STIG Severity
I
References
CVE CVE-2025-55315
XREF IAVA:2025-A-0753
Plugin Information
Published: 2025/10/17, Modified: 2025/10/17
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\8.0.7
Installed version : 8.0.7
Fixed version : 8.0.21
56998 - Microsoft Office Unsupported Version Detection
-
Synopsis
The remote host contains an unsupported version of Microsoft Office.
Description
According to its version, the installation of Microsoft Office on the remote Windows host is no longer supported.
Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
See Also
Solution
Upgrade to a version of Microsoft Office that is currently supported.
Risk Factor
Critical
CVSS v3.0 Base Score
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
References
XREF IAVA:0001-A-0503
Plugin Information
Published: 2011/12/02, Modified: 2024/03/22
Plugin Output

tcp/445/cifs


Installed product : Office 2010
End of support date : October 13, 2020
Supported versions : Office 2016, 2019, 2021 or Office 365
64784 - Microsoft SQL Server Unsupported Version Detection
-
Synopsis
An unsupported version of a database server is running on the remote host.
Description
According to its self-reported version number, the installation of Microsoft SQL Server on the remote host is no longer supported.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
See Also
Solution
Upgrade to a version of Microsoft SQL Server that is currently supported.
Risk Factor
Critical
CVSS v3.0 Base Score
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
References
XREF IAVA:0001-A-0560
Plugin Information
Published: 2013/02/21, Modified: 2025/10/30
Plugin Output

tcp/445/cifs


The following unsupported installations of Microsoft SQL Server were
detected :

Installed version : 13.0.4001.0 Express Edition
Install path : C:\Program Files\Microsoft SQL Server\130\LocalDB\Binn\
Instance : MSSQL13E.LOCALDB
Minimum supported version : 13.0.6300.2 (2016 SP3)

Installed version : 10.0.2531.0 (2008 SP1) Express Edition
Install path : C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn
Instance : SQLEXPRESS
Minimum supported version : This version is no longer supported.
45625 - Oracle Database Multiple Vulnerabilities (January 2010 CPU)
-
Synopsis
The remote database server is affected by multiple vulnerabilities.
Description
The remote Oracle database server is missing the January 2010 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :

- Listener

- Oracle OLAP

- Application Express Application Builder

- Oracle Data Pump

- Oracle Spatial

- Logical Standby

- RDBMS

- Oracle Spatial

- Unzip
See Also
Solution
Apply the appropriate patch according to the January 2010 Oracle Critical Patch Update advisory.
Risk Factor
Critical
VPR Score
6.7
EPSS Score
0.1936
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.8 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 37728
BID 37729
BID 37730
BID 37731
BID 37733
BID 37738
BID 37740
BID 37743
BID 37745
CVE CVE-2009-1996
CVE CVE-2009-3410
CVE CVE-2009-3411
CVE CVE-2009-3412
CVE CVE-2009-3413
CVE CVE-2009-3414
CVE CVE-2009-3415
CVE CVE-2010-0071
CVE CVE-2010-0072
Plugin Information
Published: 2010/04/26, Modified: 2022/04/11
Plugin Output

tcp/445/cifs


The following vulnerable instance of Oracle Database is installed on the
remote host :

Ohome Name(s) : OraDb10g_home1
Ohome : c:\oracle\product\10.2.0\db_1
Missing DB Patches : 9169460
56066 - Oracle Database Multiple Vulnerabilities (October 2009 CPU)
-
Synopsis
The remote database server is affected by multiple vulnerabilities.
Description
The remote Oracle database server is missing the October 2009 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :

- Advanced Queuing

- Application Express

- Auditing

- Authentication

- Core RDBMS

- Data Mining

- Data Pump

- Network Authentication

- Net Foundation Layer

- Oracle Spatial

- Oracle Text

- PL/SQL

- Workspace Manager
See Also
Solution
Apply the appropriate patch according to the October 2009 Oracle Critical Patch Update advisory.
Risk Factor
Critical
VPR Score
7.4
EPSS Score
0.8575
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
References
BID 36742
BID 36743
BID 36744
BID 36745
BID 36747
BID 36748
BID 36750
BID 36751
BID 36752
BID 36754
BID 36755
BID 36756
BID 36758
BID 36759
BID 36760
BID 36765
CVE CVE-2009-1007
CVE CVE-2009-1018
CVE CVE-2009-1964
CVE CVE-2009-1965
CVE CVE-2009-1971
CVE CVE-2009-1972
CVE CVE-2009-1979
CVE CVE-2009-1985
CVE CVE-2009-1991
CVE CVE-2009-1992
CVE CVE-2009-1993
CVE CVE-2009-1994
CVE CVE-2009-1995
CVE CVE-2009-1997
CVE CVE-2009-2000
CVE CVE-2009-2001
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2011/11/16, Modified: 2022/04/11
Plugin Output

tcp/445/cifs


The following vulnerable instance of Oracle Database is installed on the
remote host :

Ohome Name(s) : OraDb10g_home1
Ohome : c:\oracle\product\10.2.0\db_1
Missing DB Patches : 8880861
55786 - Oracle Database Unsupported Version Detection
-
Synopsis
The remote host is running an unsupported version of a database server.
Description
According to its version, the installation of Oracle Database running on the remote host is no longer supported.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
See Also
Solution
Upgrade to a version of Oracle Database that is currently supported.
Risk Factor
Critical
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
References
XREF IAVA:0001-A-0574
Plugin Information
Published: 2011/08/09, Modified: 2022/09/28
Plugin Output

tcp/445/cifs


The following unsupported instance of Oracle Database is installed on the
remote host :

SID :
Oracle home path : c:\oracle\product\10.2.0\db_1
Database version : 10.2.0.4.0
Supported versions : 19c / 21c
EOL URL : http://www.oracle.com/us/support/library/lifetime-support-technology-069183.pdf
234624 - Oracle Java SE Multiple Vulnerabilities (April 2025 CPU)
-
Synopsis
The remote host is affected by multiple vulnerabilities
Description
The versions of Java installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2025 CPU advisory.

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (gstreamer)). Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. (CVE-2024-47606)

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u441; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. (CVE-2024-54534)

- Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Node (Node.js)). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.14 and 21.0.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle GraalVM for JDK executes to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM for JDK accessible data as well as unauthorized access to critical data or complete access to all Oracle GraalVM for JDK accessible data. (CVE-2025-23083)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply the appropriate patch according to the April 2025 Oracle Critical Patch Update advisory.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.1 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.0067
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2025/04/18, Modified: 2025/08/12
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Java\jdk-17\
Installed version : 17.0.12 / build 17.0.12
Fixed version : Upgrade to version 17.0.15 or greater
242293 - Oracle Java SE Multiple Vulnerabilities (July 2025 CPU)
-
Synopsis
The remote host is affected by multiple vulnerabilities
Description
The versions of Java installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2025 CPU advisory.

- Vulnerability in Oracle Java SE (component: JavaFX (libxml2)). Supported versions that are affected are Oracle Java SE: 8u451-b50. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE. (CVE-2024-40896)

- Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. (CVE-2025-30749)

- Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. (CVE-2025-50059)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply the appropriate patch according to the July 2025 Oracle Critical Patch Update advisory.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.8 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0023
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.8 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2025/07/18, Modified: 2025/10/30
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Java\jdk-17\
Installed version : 17.0.12 / build 17.0.12
Fixed version : Upgrade to version 17.0.16 or greater

209245 - Oracle MySQL Connectors (October 2024 CPU)
-
Synopsis
The remote host is affected by multiple vulnerabilities
Description
The 9.0.0 versions of MySQL Connectors installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2024 CPU advisory.

- Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (OpenSSL)).
Supported versions that are affected are 9.0.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors.
Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC (OpenSSL)). Supported versions that are affected are 9.0.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors.
(CVE-2024-5535, CVE-2024-6119)

- Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 9.0.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. (CVE-2024-21272)

- Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Supported versions that are affected are 9.0.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. (CVE-2024-21262)

- Security-in-Depth issue in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (zlib)).
This vulnerability cannot be exploited in the context of this product. Security-in-Depth issue in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC (zlib)). This vulnerability cannot be exploited in the context of this product. (CVE-2023-45853)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply the appropriate patch according to the October 2024 Oracle Critical Patch Update advisory.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.8 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.1655
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.8 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-45853
CVE CVE-2024-5535
CVE CVE-2024-6119
CVE CVE-2024-21262
CVE CVE-2024-21272
XREF IAVA:2024-A-0658
Plugin Information
Published: 2024/10/17, Modified: 2025/04/14
Plugin Output

tcp/0


Path : C:\Program Files\MySQL\Connector ODBC 5.1\
Installed version : 5.1.13
Fixed version : 9.1.0

tcp/0


Path : C:\Program Files\MySQL\Connector ODBC 5.3\
Installed version : 5.3.14
Fixed version : 9.1.0

147946 - Security Update for .NET Core (March 2021)
-
Synopsis
The remote Windows host is affected by a .NET Core remote code execution (RCE) vulnerability.
Description
The Microsoft .NET Core installation on the remote host is version 2.1.x prior to 2.1.26, 3.1.x prior to 3.1.13, or 5.x prior to 5.0.4. It is, therefore, affected by a remote code execution vulnerability. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Update .NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0103
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-26701
XREF IAVA:2021-A-0091-S
Plugin Information
Published: 2021/03/22, Modified: 2024/11/29
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NetCore.App\3.1.3\
Installed version : 3.1.3.28628
Fixed version : 3.1.13
187859 - Security Update for Microsoft .NET Core (January 2024)
-
Synopsis
The remote Windows host is affected by a .NET Core vulnerability
Description
The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_Jan_09 advisory.

- NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability (CVE-2024-0057)

- .NET Denial of Service Vulnerability (CVE-2024-20672)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Update .NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.0864
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-0057
CVE CVE-2024-20672
XREF IAVA:2024-A-0017-S
Plugin Information
Published: 2024/01/10, Modified: 2024/02/16
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.10\
Installed version : 7.0.10
Fixed version : 7.0.15
136511 - Security Updates for Microsoft Excel Products (May 2020)
-
Synopsis
The Microsoft Excel Products are missing a security update.
Description
The Microsoft Excel Products are missing a security update.
It is, therefore, affected by the following vulnerability :

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0901)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4484365
-KB4484384
-KB4484338

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.4586
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2020-0901
MSKB 4484365
MSKB 4484384
MSKB 4484338
XREF MSFT:MS20-4484365
XREF MSFT:MS20-4484384
XREF MSFT:MS20-4484338
XREF IAVA:2020-A-0199-S
Plugin Information
Published: 2020/05/12, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7249.5000
126583 - Security Updates for Microsoft Office Products (July 2019)
-
Synopsis
The Microsoft Office Products are affected by multiple vulnerabilities.
Description
The Microsoft Office Products are missing security updates. They are, therefore, affected by multiple vulnerabilities:

- An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. (CVE-2019-1084)

- A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents. An attacker who successfully exploited this vulnerability could read or write information in Office documents. (CVE-2019-1109)

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.(CVE-2019-1111)

- An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory.
An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.
To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it.
An attacker must know the memory address location where the object was created. (CVE-2019-1112) The update addresses the vulnerability by changing the way certain Excel functions handle objects in memory.
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4462224
-KB4464558
-KB4464543
-KB4018375
-KB4475514
-KB4464534
-KB4461539

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
9.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.2706
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 108415
BID 108965
BID 108974
BID 108975
CVE CVE-2019-1084
CVE CVE-2019-1109
CVE CVE-2019-1111
CVE CVE-2019-1112
MSKB 4462224
MSKB 4464558
MSKB 4464543
MSKB 4018375
MSKB 4475514
MSKB 4464534
MSKB 4461539
XREF MSFT:MS19-4462224
XREF MSFT:MS19-4464558
XREF MSFT:MS19-4464543
XREF MSFT:MS19-4018375
XREF MSFT:MS19-4475514
XREF MSFT:MS19-4464534
XREF MSFT:MS19-4461539
Plugin Information
Published: 2019/07/09, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 4462224
- C:\Program Files (x86)\Microsoft Office\Office14\graph.exe has not been patched.
Remote version : 14.0.7012.1000
Should be : 14.0.7235.5000
130913 - Security Updates for Microsoft Office Products (November 2019)
-
Synopsis
The Microsoft Office Products are affected by multiple vulnerabilities.
Description
The Microsoft Office Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.
(CVE-2019-1402)

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1448)

- A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.
(CVE-2019-1449)

- An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the users computer or data. (CVE-2019-1446)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4484152
-KB4484160
-KB4484148
-KB4484127
-KB4484113
-KB4484119

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.3802
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2019-1402
CVE CVE-2019-1446
CVE CVE-2019-1448
CVE CVE-2019-1449
MSKB 4484152
MSKB 4484160
MSKB 4484148
MSKB 4484127
MSKB 4484113
MSKB 4484119
XREF MSFT:MS19-4484152
XREF MSFT:MS19-4484160
XREF MSFT:MS19-4484148
XREF MSFT:MS19-4484127
XREF MSFT:MS19-4484113
XREF MSFT:MS19-4484119
Plugin Information
Published: 2019/11/12, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 4484160
- C:\Program Files (x86)\Microsoft Office\Office14\graph.exe has not been patched.
Remote version : 14.0.7012.1000
Should be : 14.0.7241.5000
207065 - Security Updates for Microsoft SQL Server Elevation of Privilege (September 2024)
-
Synopsis
The Microsoft SQL Server installation on the remote host is missing a security update.
Description
The Microsoft SQL Server installation on the remote host is missing a security update. It is affected by the following vulnerabilities:

- An elevation of privilege vulnerability. An authenticated, remote attacker can exploit this issue, to gain elevated privileges. (CVE-2024-37341, CVE-2024-37965, CVE-2024-37980)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for Microsoft SQL Server.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.076
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-37341
CVE CVE-2024-37965
CVE CVE-2024-37980
MSKB 5042207
MSKB 5042209
MSKB 5042578
MSKB 5042749
MSKB 5042211
MSKB 5042215
MSKB 5042214
MSKB 5042217
XREF MSFT:MS24-5042207
XREF MSFT:MS24-5042209
XREF MSFT:MS24-5042578
XREF MSFT:MS24-5042749
XREF MSFT:MS24-5042211
XREF MSFT:MS24-5042215
XREF MSFT:MS24-5042214
XREF MSFT:MS24-5042217
XREF IAVA:2024-A-0565-S
Plugin Information
Published: 2024/09/12, Modified: 2025/01/08
Plugin Output

tcp/445/cifs



KB : 5042749
- C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe has not been patched.
Remote version : 2019.150.4335.1
Should be : 2019.150.4390.2

SQL Server Version : 15.0.4335.1 Standard Edition
SQL Server Instance : MSSQLSERVER

156103 - Apache Log4j 1.2 JMSAppender Remote Code Execution (CVE-2021-4104)
-
Synopsis
A package installed on the remote host is affected by a remote code execution vulnerability.
Description
The version of Apache Log4j on the remote host is 1.2. It is, therefore, affected by a remote code execution vulnerability when specifically configured to use JMSAppender.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache Log4j version 2.16.0 or later since 1.x is end of life.

Upgrading to the latest versions for Apache Log4j is highly recommended as intermediate versions / patches have known high severity vulnerabilities and the vendor is updating their advisories often as new research and knowledge about the impact of Log4j is discovered. Refer to https://logging.apache.org/log4j/2.x/security.html for the latest versions.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.722
CVSS v2.0 Base Score
6.0 (CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-4104
XREF IAVA:2021-A-0573
XREF IAVA:0001-A-0650
Plugin Information
Published: 2021/12/15, Modified: 2024/06/13
Plugin Output

tcp/0


Path : C:\oracle\product\10.2.0\db_1\oc4j\j2ee\oc4j_applications\applications\isqlplus\isqlplus.war
Installed version : 1.2.6
Fixed version : 2.16.0

tcp/0


Path : C:\oracle\product\10.2.0\db_1\oc4j\j2ee\oc4j_applications\applications\isqlplus\isqlplus\WEB-INF\lib\log4j-1.2.6.jar
Installed version : 1.2.6
Fixed version : 2.16.0

147222 - KB5000803: Windows Security Update (March 2021)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5000803.
It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107, CVE-2021-26869, CVE-2021-26884)

- An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.
(CVE-2021-26411)

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2021-1640, CVE-2021-26862, CVE-2021-26864, CVE-2021-26865, CVE-2021-26866, CVE-2021-26868, CVE-2021-26872, CVE-2021-26873, CVE-2021-26875, CVE-2021-26878, CVE-2021-26880, CVE-2021-26882, CVE-2021-26891, CVE-2021-26898, CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26877, CVE-2021-26881, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895, CVE-2021-26897)

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26879, CVE-2021-26886, CVE-2021-26896, CVE-2021-27063)

- A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.
(CVE-2021-26892)
See Also
Solution
Apply Cumulative Update KB5000803.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.8
EPSS Score
0.9247
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-1640
CVE CVE-2021-24107
CVE CVE-2021-26411
CVE CVE-2021-26861
CVE CVE-2021-26862
CVE CVE-2021-26864
CVE CVE-2021-26865
CVE CVE-2021-26866
CVE CVE-2021-26868
CVE CVE-2021-26869
CVE CVE-2021-26872
CVE CVE-2021-26873
CVE CVE-2021-26875
CVE CVE-2021-26877
CVE CVE-2021-26878
CVE CVE-2021-26879
CVE CVE-2021-26880
CVE CVE-2021-26881
CVE CVE-2021-26882
CVE CVE-2021-26884
CVE CVE-2021-26886
CVE CVE-2021-26891
CVE CVE-2021-26892
CVE CVE-2021-26893
CVE CVE-2021-26894
CVE CVE-2021-26895
CVE CVE-2021-26896
CVE CVE-2021-26897
CVE CVE-2021-26898
CVE CVE-2021-26899
CVE CVE-2021-26901
CVE CVE-2021-27063
CVE CVE-2021-27077
MSKB 5000803
XREF MSFT:MS21-5000803
XREF IAVA:2021-A-0129-S
XREF IAVA:2021-A-0130-S
XREF IAVA:2021-A-0134-S
XREF IAVA:2021-A-0131-S
XREF CISA-KNOWN-EXPLOITED:2021/11/17
XREF CEA-ID:CEA-2021-0015
Exploitable With
CANVAS (true) Core Impact (true)
Plugin Information
Published: 2021/03/09, Modified: 2025/10/31
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5000803

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.4283
148465 - KB5001347: Windows 10 version 1607 / Windows Server 2016 Security Update (Apr 2021)
-
Synopsis
The remote host is missing one or more security updates.
Description
The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities:

- Win32k Elevation of Privilege Vulnerability (CVE-2021-27072)

- Windows Media Photo Codec Information Disclosure Vulnerability (CVE-2021-27079)

- Microsoft Internet Messaging API Remote Code Execution Vulnerability (CVE-2021-27089)

- Windows Kernel Information Disclosure Vulnerability (CVE-2021-27093, CVE-2021-28309)

- Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability (CVE-2021-27094, CVE-2021-28447)

- Windows Media Video Decoder Remote Code Execution Vulnerability (CVE-2021-27095, CVE-2021-28315)

- NTFS Elevation of Privilege Vulnerability (CVE-2021-27096)

- Windows Installer Spoofing Vulnerability (CVE-2021-26413)

- Windows Installer Elevation of Privilege Vulnerability (CVE-2021-26415, CVE-2021-28440)

- Windows Hyper-V Denial of Service Vulnerability (CVE-2021-26416)

- Windows Application Compatibility Cache Denial of Service Vulnerability (CVE-2021-28311)

- Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability (CVE-2021-28316)

- Microsoft Windows Codecs Library Information Disclosure Vulnerability (CVE-2021-28317)

- Windows GDI+ Information Disclosure Vulnerability (CVE-2021-28318)

- Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability (CVE-2021-28320)

- Windows DNS Information Disclosure Vulnerability (CVE-2021-28323, CVE-2021-28328)

- Windows SMB Information Disclosure Vulnerability (CVE-2021-28325)

- Windows AppX Deployment Server Denial of Service Vulnerability (CVE-2021-28326)

- Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434)

- Windows Speech Runtime Elevation of Privilege Vulnerability (CVE-2021-28347, CVE-2021-28351, CVE-2021-28436)

- Windows GDI+ Remote Code Execution Vulnerability (CVE-2021-28348, CVE-2021-28349, CVE-2021-28350)

- Windows Event Tracing Information Disclosure Vulnerability (CVE-2021-28435)

- Windows Installer Information Disclosure Vulnerability (CVE-2021-28437)

- Windows TCP/IP Driver Denial of Service Vulnerability (CVE-2021-28439)

- Windows Console Driver Denial of Service Vulnerability (CVE-2021-28443)

- Windows Hyper-V Security Feature Bypass Vulnerability (CVE-2021-28444)

- N/A (CVE-2021-28445, CVE-2021-28446)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released KB5001347 to address this issue.
Risk Factor
Medium
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.186
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2021/04/13, Modified: 2024/11/29
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5001347

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.4350
150367 - KB5003638: Windows 10 version 1607 / Windows Server 2016 Security Update (June 2021)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5003638. It is, therefore, affected by multiple vulnerabilities
See Also
Solution
Apply Cumulative Update 5003638
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.8
EPSS Score
0.9431
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-1675
CVE CVE-2021-26414
CVE CVE-2021-31199
CVE CVE-2021-31201
CVE CVE-2021-31953
CVE CVE-2021-31954
CVE CVE-2021-31956
CVE CVE-2021-31958
CVE CVE-2021-31959
CVE CVE-2021-31962
CVE CVE-2021-31968
CVE CVE-2021-31970
CVE CVE-2021-31971
CVE CVE-2021-31972
CVE CVE-2021-31973
CVE CVE-2021-31974
CVE CVE-2021-31975
CVE CVE-2021-31976
CVE CVE-2021-31977
CVE CVE-2021-33742
MSKB 5003638
XREF MSFT:MS21-5003638
XREF IAVA:2021-A-0280-S
XREF IAVA:2021-A-0279-S
XREF CISA-KNOWN-EXPLOITED:2021/11/17
XREF CEA-ID:CEA-2021-0032
Exploitable With
Core Impact (true)
Plugin Information
Published: 2021/06/08, Modified: 2025/10/31
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5003638

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.4467
151474 - KB5004948: Windows 10 1607 and Windows Server 2016 OOB Security Update RCE (July 2021)
-
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.
Description
A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file operations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM privileges.
See Also
Solution
Apply Cumulative Update 5004948
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.6
EPSS Score
0.9427
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.8 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-34527
MSKB 5004948
XREF IAVA:2021-A-0299
XREF MSFT:MS21-5004948
XREF CEA-ID:CEA-2021-0034
XREF CISA-KNOWN-EXPLOITED:2022/05/03
Exploitable With
CANVAS (true) Core Impact (true)
Plugin Information
Published: 2021/07/08, Modified: 2025/12/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5004948

- C:\Windows\system32\localspl.dll has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.4470
153377 - KB5005573: Windows 10 Version 1607 and Windows Server 2016 September 2021 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5005573.
It is, therefore, affected by multiple vulnerabilities :

- An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.
(CVE-2021-26435)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-36960, CVE-2021-36962, CVE-2021-36969, CVE-2021-36972, CVE-2021-38629, CVE-2021-38635, CVE-2021-38636)

- A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.
(CVE-2021-38624, CVE-2021-38632)

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2021-36955, CVE-2021-36963, CVE-2021-36964, CVE-2021-36967, CVE-2021-36973, CVE-2021-36974, CVE-2021-38628, CVE-2021-38630, CVE-2021-38633, CVE-2021-38634, CVE-2021-38638, CVE-2021-38639, CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-36965, CVE-2021-36958, CVE-2021-40444)

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-36961)

- A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36959)
See Also
Solution
Apply Cumulative Update KB5005573.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.8
EPSS Score
0.9433
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Published: 2021/09/14, Modified: 2024/11/28
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5005573

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.4651
154034 - KB5006669: Windows 10 Version 1607 and Windows Server 2016 Security Update (October 2021)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5006669.
It is, therefore, affected by multiple vulnerabilities:

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-36953, CVE-2021-40463)

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2021-26441, CVE-2021-26442, CVE-2021-40443, CVE-2021-40449, CVE-2021-40466, CVE-2021-40467, CVE-2021-40470, CVE-2021-40476, CVE-2021-40477, CVE-2021-40478, CVE-2021-40488, CVE-2021-40489, CVE-2021-41335, CVE-2021-41345, CVE-2021-41347)

- A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36970, CVE-2021-40455, CVE-2021-41361)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-40465, CVE-2021-40469, CVE-2021-41331, CVE-2021-41340, CVE-2021-41342)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-38662, CVE-2021-38663, CVE-2021-40454, CVE-2021-41332, CVE-2021-41343)

- A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.
(CVE-2021-40460, CVE-2021-41337, CVE-2021-41338)
Solution
Apply Security Update 5006669
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.4
EPSS Score
0.9189
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2021/10/12, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5006669

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.4704
154990 - KB5007192: Windows 10 Version 1607 and Windows Server 2016 Security Update (November 2021)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5007192.
It is, therefore, affected by multiple vulnerabilities:

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-38631, CVE-2021-38665, CVE-2021-41371)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-38666, CVE-2021-42275, CVE-2021-42276, CVE-2021-42279)

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-41356, CVE-2021-42274, CVE-2021-42284)

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2021-36957, CVE-2021-41366, CVE-2021-41367, CVE-2021-41370, CVE-2021-41377, CVE-2021-41379, CVE-2021-42277, CVE-2021-42278, CVE-2021-42280, CVE-2021-42282, CVE-2021-42283, CVE-2021-42285, CVE-2021-42287, CVE-2021-42291)
See Also
Solution
Apply Cumulative Update KB5007192.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.6
EPSS Score
0.9407
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-36957
CVE CVE-2021-38631
CVE CVE-2021-38665
CVE CVE-2021-38666
CVE CVE-2021-41356
CVE CVE-2021-41366
CVE CVE-2021-41367
CVE CVE-2021-41370
CVE CVE-2021-41371
CVE CVE-2021-41377
CVE CVE-2021-41379
CVE CVE-2021-42274
CVE CVE-2021-42275
CVE CVE-2021-42276
CVE CVE-2021-42277
CVE CVE-2021-42278
CVE CVE-2021-42279
CVE CVE-2021-42280
CVE CVE-2021-42282
CVE CVE-2021-42283
CVE CVE-2021-42284
CVE CVE-2021-42285
CVE CVE-2021-42287
CVE CVE-2021-42291
MSKB 5007192
XREF MSFT:MS21-5007192
XREF IAVA:2021-A-0539-S
XREF IAVA:2021-A-0545-S
XREF CISA-KNOWN-EXPLOITED:2022/03/17
XREF CISA-KNOWN-EXPLOITED:2022/05/02
XREF CEA-ID:CEA-2021-0053
Plugin Information
Published: 2021/11/09, Modified: 2025/10/31
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5007192

- C:\Windows\system32\gdiplus.dll has not been patched.
Remote version : 10.0.14393.4169
Should be : 10.0.14393.4770
157436 - KB5010359: Windows 10 Version 1607 and Windows Server 2016 Security Update (February 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5010359. It is, therefore, affected by multiple vulnerabilities

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2022-21993, CVE-2022-21998)

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2022-22002)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-21995)

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2022-21989, CVE-2022-21997, CVE-2022-21999, CVE-2022-22000, CVE-2022-22001)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5010359
Risk Factor
High
CVSS v3.0 Base Score
7.9 (CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.6 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.7
EPSS Score
0.7009
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-21974
CVE CVE-2022-21981
CVE CVE-2022-21985
CVE CVE-2022-21989
CVE CVE-2022-21992
CVE CVE-2022-21993
CVE CVE-2022-21995
CVE CVE-2022-21997
CVE CVE-2022-21998
CVE CVE-2022-21999
CVE CVE-2022-22000
CVE CVE-2022-22001
CVE CVE-2022-22002
CVE CVE-2022-22710
CVE CVE-2022-22717
CVE CVE-2022-22718
MSKB 5010359
XREF MSFT:MS22-5010359
XREF IAVA:2022-A-0074-S
XREF IAVA:2022-A-0068-S
XREF CISA-KNOWN-EXPLOITED:2022/04/15
XREF CISA-KNOWN-EXPLOITED:2022/05/10
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2022/02/08, Modified: 2025/05/14
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5010359

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.4946
158704 - KB5011495: Windows 10 Version 1607 and Windows Server 2016 Security Update (March 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5011495. It is, therefore, affected by multiple vulnerabilities

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2022-23283, CVE-2022-23284, CVE-2022-23287, CVE-2022-23290, CVE-2022-23293, CVE-2022-23296, CVE-2022-23298, CVE-2022-23299, CVE-2022-24454, CVE-2022-24455, CVE-2022-24459, CVE-2022-24460, CVE-2022-24505, CVE-2022-24507)

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2022-21975, CVE-2022-23253)

- A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.
(CVE-2022-24502)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2022-21977, CVE-2022-22010, CVE-2022-23281, CVE-2022-23297, CVE-2022-24503)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-21990, CVE-2022-23285, CVE-2022-23294)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5011495.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.3021
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.8 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2022/03/08, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5011495

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.5006
160934 - KB5013952: Windows 10 Version 1607 and Windows Server 2016 Security Update (May 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5013952. It is, therefore, affected by multiple vulnerabilities

- Windows LDAP Remote Code Execution Vulnerability (CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141)

- Windows Network File System Remote Code Execution Vulnerability (CVE-2022-26937)

- Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2022-26923)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5013952
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.0
EPSS Score
0.9144
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2022/05/10, Modified: 2025/01/07
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5013952

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.5125
162196 - KB5014702: Windows 10 Version 1607 and Windows Server 2016 Security Update (June 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5014702. It is, therefore, affected by multiple vulnerabilities

- Windows Network File System Remote Code Execution Vulnerability (CVE-2022-30136)

- Windows Kerberos Elevation of Privilege Vulnerability (CVE-2022-30165)

- Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2022-30139, CVE-2022-30141, CVE-2022-30143, CVE-2022-30146, CVE-2022-30149, CVE-2022-30153, CVE-2022-30161)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5014702
Risk Factor
Critical
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.8
EPSS Score
0.9361
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-21123
CVE CVE-2022-21125
CVE CVE-2022-21127
CVE CVE-2022-21166
CVE CVE-2022-30131
CVE CVE-2022-30136
CVE CVE-2022-30139
CVE CVE-2022-30140
CVE CVE-2022-30141
CVE CVE-2022-30142
CVE CVE-2022-30143
CVE CVE-2022-30145
CVE CVE-2022-30146
CVE CVE-2022-30147
CVE CVE-2022-30148
CVE CVE-2022-30149
CVE CVE-2022-30150
CVE CVE-2022-30151
CVE CVE-2022-30152
CVE CVE-2022-30153
CVE CVE-2022-30154
CVE CVE-2022-30155
CVE CVE-2022-30160
CVE CVE-2022-30161
CVE CVE-2022-30162
CVE CVE-2022-30163
CVE CVE-2022-30164
CVE CVE-2022-30165
CVE CVE-2022-30166
CVE CVE-2022-30190
MSKB 5014702
XREF MSFT:MS22-5014702
XREF IAVA:2022-A-0240-S
XREF IAVA:2022-A-0241-S
XREF CISA-KNOWN-EXPLOITED:2022/07/05
XREF CEA-ID:CEA-2022-0022
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Published: 2022/06/14, Modified: 2025/10/31
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5014702

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.5192
163052 - KB5015808: Windows 10 Version 1607 and Windows Server 2016 Security Update (July 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5015808.
It is, therefore, affected by multiple vulnerabilities:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-22024, CVE-2022-22027, CVE-2022-22029, CVE-2022-22038, CVE-2022-22039, CVE-2022-30211, CVE-2022-30214, CVE-2022-30221, CVE-2022-30222)

- A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.
(CVE-2022-22023, CVE-2022-22048, CVE-2022-30203)

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2022-22025, CVE-2022-22040, CVE-2022-22043, CVE-2022-30208)

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2022-22022, CVE-2022-22026, CVE-2022-22031, CVE-2022-22034, CVE-2022-22036, CVE-2022-22037, CVE-2022-22041, CVE-2022-22045, CVE-2022-22047, CVE-2022-22049, CVE-2022-22050, CVE-2022-30202, CVE-2022-30205, CVE-2022-30206, CVE-2022-30209, CVE-2022-30215, CVE-2022-30220, CVE-2022-30224, CVE-2022-30225, CVE-2022-30226)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2022-21845, CVE-2022-22028, CVE-2022-22042, CVE-2022-22711, CVE-2022-30213, CVE-2022-30223)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5015808
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.4674
CVSS v2.0 Base Score
8.5 (CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2022/07/12, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5015808

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.5246
166039 - KB5018411: Windows 10 Version 1607 and Windows Server 2016 Security Update (October 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5018411. It is, therefore, affected by multiple vulnerabilities

- Server Service Remote Protocol Elevation of Privilege Vulnerability (CVE-2022-38045)

- Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2022-38040)

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2022-37982, CVE-2022-38031)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5018411
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.246
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2022/10/11, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5018411

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.5427
167111 - KB5019964: Windows 10 Version 1607 and Windows Server 2016 Security Update (November 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5019964. It is, therefore, affected by multiple vulnerabilities

- AMD: CVE-2022-23824 IBPB and Return Address Predictor Interactions (CVE-2022-23824)

- Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability (CVE-2022-37966)

- Windows Kerberos Elevation of Privilege Vulnerability (CVE-2022-37967)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5019964
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.2
EPSS Score
0.3924
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-23824
CVE CVE-2022-37966
CVE CVE-2022-37967
CVE CVE-2022-37992
CVE CVE-2022-38015
CVE CVE-2022-38023
CVE CVE-2022-41039
CVE CVE-2022-41045
CVE CVE-2022-41047
CVE CVE-2022-41048
CVE CVE-2022-41049
CVE CVE-2022-41050
CVE CVE-2022-41052
CVE CVE-2022-41053
CVE CVE-2022-41054
CVE CVE-2022-41056
CVE CVE-2022-41057
CVE CVE-2022-41058
CVE CVE-2022-41064
CVE CVE-2022-41073
CVE CVE-2022-41086
CVE CVE-2022-41088
CVE CVE-2022-41090
CVE CVE-2022-41091
CVE CVE-2022-41093
CVE CVE-2022-41095
CVE CVE-2022-41097
CVE CVE-2022-41098
CVE CVE-2022-41099
CVE CVE-2022-41100
CVE CVE-2022-41101
CVE CVE-2022-41102
CVE CVE-2022-41109
CVE CVE-2022-41118
CVE CVE-2022-41125
CVE CVE-2022-41128
MSKB 5019964
XREF MSFT:MS22-5019964
XREF CISA-KNOWN-EXPLOITED:2022/12/09
XREF IAVA:2022-A-0477-S
XREF IAVA:2022-A-0484-S
XREF IAVA:2022-A-0473-S
XREF IAVA:2023-A-0552-S
XREF IAVA:2023-A-0553-S
Plugin Information
Published: 2022/11/08, Modified: 2025/10/22
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5019964

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.5501
168694 - KB5021235: Windows 10 Version 1607 and Windows Server 2016 Security Update (December 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5021235. It is, therefore, affected by multiple vulnerabilities

- PowerShell Remote Code Execution Vulnerability (CVE-2022-41076)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-44670, CVE-2022-44676)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5021235
Risk Factor
High
CVSS v3.0 Base Score
8.5 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.1 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.6798
CVSS v2.0 Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.6 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-41074
CVE CVE-2022-41076
CVE CVE-2022-41077
CVE CVE-2022-41094
CVE CVE-2022-41121
CVE CVE-2022-44666
CVE CVE-2022-44667
CVE CVE-2022-44668
CVE CVE-2022-44670
CVE CVE-2022-44673
CVE CVE-2022-44675
CVE CVE-2022-44676
CVE CVE-2022-44678
CVE CVE-2022-44679
CVE CVE-2022-44680
CVE CVE-2022-44681
CVE CVE-2022-44682
CVE CVE-2022-44683
CVE CVE-2022-44697
CVE CVE-2022-44698
CVE CVE-2022-44707
MSKB 5021235
XREF MSFT:MS22-5021235
XREF CISA-KNOWN-EXPLOITED:2023/01/03
XREF IAVA:2022-A-0530-S
XREF IAVA:2022-A-0533-S
Plugin Information
Published: 2022/12/13, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5021235

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.5582
169779 - KB5022289: Windows 10 Version 1607 and Windows Server 2016 Security Update (January 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5022289. It is, therefore, affected by multiple vulnerabilities

- Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2023-21732)

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-21681)

- Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability (CVE-2023-21674)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5022289
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.4
EPSS Score
0.5296
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2023/01/10, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5022289

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.5648
181312 - KB5030213: Windows 10 Version 1607 and Windows Server 2016 Security Update (September 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5030213. It is, therefore, affected by multiple vulnerabilities

- DHCP Server Service Denial of Service Vulnerability (CVE-2023-38162)

- Windows GDI Elevation of Privilege Vulnerability (CVE-2023-36804, CVE-2023-38161)

- DHCP Server Service Information Disclosure Vulnerability (CVE-2023-36801, CVE-2023-38152)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5030213
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.0689
CVSS v2.0 Base Score
8.3 (CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36801
CVE CVE-2023-36803
CVE CVE-2023-36804
CVE CVE-2023-36805
CVE CVE-2023-38139
CVE CVE-2023-38140
CVE CVE-2023-38141
CVE CVE-2023-38142
CVE CVE-2023-38143
CVE CVE-2023-38144
CVE CVE-2023-38147
CVE CVE-2023-38149
CVE CVE-2023-38152
CVE CVE-2023-38160
CVE CVE-2023-38161
CVE CVE-2023-38162
MSKB 5030213
XREF MSFT:MS23-5030213
XREF IAVA:2023-A-0472-S
XREF IAVA:2023-A-0471-S
Plugin Information
Published: 2023/09/12, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5030213

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.6252
186791 - KB5033373: Windows 10 Version 1607 and Windows Server 2016 Security Update (December 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5033373. It is, therefore, affected by multiple vulnerabilities

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36006)

- Win32k Elevation of Privilege Vulnerability (CVE-2023-36011)

- A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. (CVE-2023-20588)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5033373
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.3857
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2023/12/12, Modified: 2025/10/31
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5033373

- C:\Windows\system32\pcadm.dll has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.6529
187800 - KB5034119: Windows 10 Version 1607 and Windows Server 2016 Security Update (January 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5034119. It is, therefore, affected by multiple vulnerabilities

- Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2024-20654)

- BitLocker Security Feature Bypass Vulnerability (CVE-2024-20666)

- Windows Kerberos Security Feature Bypass Vulnerability (CVE-2024-20674)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5034119
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.2225
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.8 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2024/01/09, Modified: 2024/08/07
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5034119

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.6611
190487 - KB5034767: Windows 10 Version 1607 and Windows Server 2016 Security Update (February 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5034767. It is, therefore, affected by multiple vulnerabilities

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2024-21350, CVE-2024-21352, CVE-2024-21358, CVE-2024-21359, CVE-2024-21360, CVE-2024-21361, CVE-2024-21365, CVE-2024-21366, CVE-2024-21367, CVE-2024-21368, CVE-2024-21369, CVE-2024-21370, CVE-2024-21375, CVE-2024-21391, CVE-2024-21420)

- Windows Kernel Information Disclosure Vulnerability (CVE-2024-21340)

- Microsoft ActiveX Data Objects Remote Code Execution Vulnerability (CVE-2024-21349)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5034767
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.4613
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2024/02/13, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5034767

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.6707
191934 - KB5035855: Windows 10 Version 1607 / Windows Server 2016 Security Update (March 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5035855. It is, therefore, affected by multiple vulnerabilities

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2024-21441, CVE-2024-21444, CVE-2024-21450, CVE-2024-26161, CVE-2024-26166)

- Windows USB Hub Driver Remote Code Execution Vulnerability (CVE-2024-21429)

- Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability (CVE-2024-21430)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5035855
Risk Factor
Critical
CVSS v3.0 Base Score
8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.3458
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2024/03/12, Modified: 2025/10/22
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5035855

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.6795
193097 - KB5036899: Windows 10 Version 1607 / Windows Server 2016 Security Update (April 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5036899. It is, therefore, affected by multiple vulnerabilities

- Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability (CVE-2024-26214)

- Secure Boot Security Feature Bypass Vulnerability (CVE-2024-20669, CVE-2024-26168, CVE-2024-26171, CVE-2024-26175, CVE-2024-26180, CVE-2024-26189, CVE-2024-26194, CVE-2024-26240, CVE-2024-26250, CVE-2024-28896, CVE-2024-28897, CVE-2024-28898, CVE-2024-28903, CVE-2024-28919, CVE-2024-28921, CVE-2024-28922, CVE-2024-28923, CVE-2024-28924, CVE-2024-28925, CVE-2024-29061, CVE-2024-29062)

- Windows rndismp6.sys Remote Code Execution Vulnerability (CVE-2024-26252, CVE-2024-26253)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5036899
Risk Factor
Critical
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.6
EPSS Score
0.8317
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2024/04/09, Modified: 2025/10/06
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5036899

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.6897
197009 - KB5037763: Windows 10 Version 1607 / Windows Server 2016 Security Update (May 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5037763. It is, therefore, affected by multiple vulnerabilities

- Windows MSHTML Platform Security Feature Bypass Vulnerability (CVE-2024-30040)

- Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2024-29996, CVE-2024-30025, CVE-2024-30037)

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2024-30006)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5037763
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.2
EPSS Score
0.5191
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2024/05/14, Modified: 2025/10/06
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5037763

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.6981
200351 - KB5039214: Windows 10 Version 1607 / Windows Server 2016 Security Update (June 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5039214. It is, therefore, affected by multiple vulnerabilities

- Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability (CVE-2024-30097)

- Windows Remote Access Connection Manager Information Disclosure Vulnerability (CVE-2024-30069)

- DHCP Server Service Denial of Service Vulnerability (CVE-2024-30070)

- Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability (CVE-2024-30080)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5039214
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.7
EPSS Score
0.8897
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-50868
CVE CVE-2024-30062
CVE CVE-2024-30063
CVE CVE-2024-30065
CVE CVE-2024-30066
CVE CVE-2024-30067
CVE CVE-2024-30068
CVE CVE-2024-30069
CVE CVE-2024-30070
CVE CVE-2024-30076
CVE CVE-2024-30077
CVE CVE-2024-30078
CVE CVE-2024-30080
CVE CVE-2024-30082
CVE CVE-2024-30083
CVE CVE-2024-30084
CVE CVE-2024-30086
CVE CVE-2024-30087
CVE CVE-2024-30088
CVE CVE-2024-30090
CVE CVE-2024-30091
CVE CVE-2024-30093
CVE CVE-2024-30094
CVE CVE-2024-30095
CVE CVE-2024-30097
CVE CVE-2024-30099
CVE CVE-2024-35250
CVE CVE-2024-38213
MSKB 5039214
XREF MSFT:MS24-5039214
XREF IAVA:2024-A-0343-S
XREF IAVA:2024-A-0345-S
XREF CISA-KNOWN-EXPLOITED:2025/01/06
XREF CISA-KNOWN-EXPLOITED:2024/11/05
XREF CISA-KNOWN-EXPLOITED:2024/09/03
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2024/06/11, Modified: 2025/10/06
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5039214

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.7070
212232 - KB5048671: Windows 10 Version 1607 / Windows Server 2016 Security Update (December 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5048671. It is, therefore, affected by multiple vulnerabilities

- Input Method Editor (IME) Remote Code Execution Vulnerability (CVE-2024-49079)

- Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2024-49090)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5048671
Risk Factor
Critical
CVSS v3.0 Base Score
8.4 (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.0 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.8871
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2024/12/10, Modified: 2025/10/06
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5048671

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.7604
214123 - KB5049993: Windows 10 Version 1607 / Windows Server 2016 Security Update (January 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5049993. It is, therefore, affected by multiple vulnerabilities

- Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability (CVE-2025-21307)

- Windows Telephony Service Remote Code Execution Vulnerability (CVE-2025-21223, CVE-2025-21233, CVE-2025-21236, CVE-2025-21237, CVE-2025-21238, CVE-2025-21239, CVE-2025-21240, CVE-2025-21241, CVE-2025-21243, CVE-2025-21244, CVE-2025-21245, CVE-2025-21246, CVE-2025-21248, CVE-2025-21250, CVE-2025-21252, CVE-2025-21266, CVE-2025-21273, CVE-2025-21282, CVE-2025-21286, CVE-2025-21302, CVE-2025-21303, CVE-2025-21305, CVE-2025-21306, CVE-2025-21339, CVE-2025-21409, CVE-2025-21411, CVE-2025-21413, CVE-2025-21417)

- Windows BitLocker Information Disclosure Vulnerability (CVE-2025-21210, CVE-2025-21214)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5049993
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.7811
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-7344
CVE CVE-2025-21189
CVE CVE-2025-21193
CVE CVE-2025-21202
CVE CVE-2025-21210
CVE CVE-2025-21211
CVE CVE-2025-21213
CVE CVE-2025-21214
CVE CVE-2025-21215
CVE CVE-2025-21217
CVE CVE-2025-21218
CVE CVE-2025-21219
CVE CVE-2025-21220
CVE CVE-2025-21223
CVE CVE-2025-21225
CVE CVE-2025-21226
CVE CVE-2025-21227
CVE CVE-2025-21228
CVE CVE-2025-21229
CVE CVE-2025-21230
CVE CVE-2025-21231
CVE CVE-2025-21232
CVE CVE-2025-21233
CVE CVE-2025-21236
CVE CVE-2025-21237
CVE CVE-2025-21238
CVE CVE-2025-21239
CVE CVE-2025-21240
CVE CVE-2025-21241
CVE CVE-2025-21242
CVE CVE-2025-21243
CVE CVE-2025-21244
CVE CVE-2025-21245
CVE CVE-2025-21246
CVE CVE-2025-21248
CVE CVE-2025-21249
CVE CVE-2025-21250
CVE CVE-2025-21251
CVE CVE-2025-21252
CVE CVE-2025-21255
CVE CVE-2025-21256
CVE CVE-2025-21257
CVE CVE-2025-21258
CVE CVE-2025-21260
CVE CVE-2025-21261
CVE CVE-2025-21263
CVE CVE-2025-21265
CVE CVE-2025-21266
CVE CVE-2025-21268
CVE CVE-2025-21269
CVE CVE-2025-21270
CVE CVE-2025-21272
CVE CVE-2025-21273
CVE CVE-2025-21274
CVE CVE-2025-21276
CVE CVE-2025-21277
CVE CVE-2025-21278
CVE CVE-2025-21280
CVE CVE-2025-21281
CVE CVE-2025-21282
CVE CVE-2025-21284
CVE CVE-2025-21285
CVE CVE-2025-21286
CVE CVE-2025-21287
CVE CVE-2025-21288
CVE CVE-2025-21289
CVE CVE-2025-21290
CVE CVE-2025-21293
CVE CVE-2025-21294
CVE CVE-2025-21295
CVE CVE-2025-21296
CVE CVE-2025-21297
CVE CVE-2025-21298
CVE CVE-2025-21299
CVE CVE-2025-21300
CVE CVE-2025-21301
CVE CVE-2025-21302
CVE CVE-2025-21303
CVE CVE-2025-21304
CVE CVE-2025-21305
CVE CVE-2025-21306
CVE CVE-2025-21307
CVE CVE-2025-21308
CVE CVE-2025-21309
CVE CVE-2025-21310
CVE CVE-2025-21312
CVE CVE-2025-21314
CVE CVE-2025-21316
CVE CVE-2025-21318
CVE CVE-2025-21319
CVE CVE-2025-21320
CVE CVE-2025-21321
CVE CVE-2025-21323
CVE CVE-2025-21324
CVE CVE-2025-21327
CVE CVE-2025-21328
CVE CVE-2025-21329
CVE CVE-2025-21331
CVE CVE-2025-21332
CVE CVE-2025-21336
CVE CVE-2025-21338
CVE CVE-2025-21339
CVE CVE-2025-21341
CVE CVE-2025-21374
CVE CVE-2025-21378
CVE CVE-2025-21389
CVE CVE-2025-21409
CVE CVE-2025-21411
CVE CVE-2025-21413
CVE CVE-2025-21417
MSKB 5049993
XREF MSFT:MS25-5049993
XREF IAVA:2025-A-0034-S
XREF IAVA:2025-A-0033-S
XREF CWE:20
XREF CWE:41
XREF CWE:59
XREF CWE:122
XREF CWE:125
XREF CWE:126
XREF CWE:190
XREF CWE:191
XREF CWE:200
XREF CWE:203
XREF CWE:269
XREF CWE:284
XREF CWE:347
XREF CWE:352
XREF CWE:362
XREF CWE:400
XREF CWE:416
XREF CWE:451
XREF CWE:476
XREF CWE:532
XREF CWE:591
XREF CWE:636
XREF CWE:693
XREF CWE:843
XREF CWE:908
XREF CWE:922
Exploitable With
Metasploit (true)
Plugin Information
Published: 2025/01/14, Modified: 2025/09/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5049993

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.7693
216134 - KB5052006: Windows 10 Version 1607 / Windows Server 2016 Security Update (February 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5052006. It is, therefore, affected by multiple vulnerabilities

- Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability (CVE-2025-21208, CVE-2025-21410)

- Windows Telephony Service Remote Code Execution Vulnerability (CVE-2025-21190, CVE-2025-21200, CVE-2025-21371, CVE-2025-21406, CVE-2025-21407)

- Microsoft Digest Authentication Remote Code Execution Vulnerability (CVE-2025-21368, CVE-2025-21369)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5052006
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.2857
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2025/02/11, Modified: 2025/10/06
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5052006

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.7783
232612 - KB5053594: Windows 10 Version 1607 / Windows Server 2016 Security Update (March 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5053594. It is, therefore, affected by multiple vulnerabilities

- Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. (CVE-2025-26645)

- Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. (CVE-2025-24035, CVE-2025-24045)

- ** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process. Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is End-of-Life and should be removed. For more information on this, refer to the CVE Record's reference information. (CVE-2024-9157)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5053594
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.5654
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-9157
CVE CVE-2025-21180
CVE CVE-2025-21247
CVE CVE-2025-24035
CVE CVE-2025-24044
CVE CVE-2025-24045
CVE CVE-2025-24046
CVE CVE-2025-24048
CVE CVE-2025-24050
CVE CVE-2025-24051
CVE CVE-2025-24054
CVE CVE-2025-24055
CVE CVE-2025-24056
CVE CVE-2025-24059
CVE CVE-2025-24061
CVE CVE-2025-24064
CVE CVE-2025-24066
CVE CVE-2025-24067
CVE CVE-2025-24071
CVE CVE-2025-24072
CVE CVE-2025-24983
CVE CVE-2025-24984
CVE CVE-2025-24985
CVE CVE-2025-24987
CVE CVE-2025-24988
CVE CVE-2025-24991
CVE CVE-2025-24992
CVE CVE-2025-24993
CVE CVE-2025-24995
CVE CVE-2025-24996
CVE CVE-2025-25008
CVE CVE-2025-26633
CVE CVE-2025-26645
MSKB 5053594
XREF MSFT:MS25-5053594
XREF IAVA:2025-A-0181-S
XREF IAVA:2025-A-0182-S
XREF CISA-KNOWN-EXPLOITED:2025/05/08
XREF CISA-KNOWN-EXPLOITED:2025/04/01
XREF CWE:23
XREF CWE:41
XREF CWE:59
XREF CWE:73
XREF CWE:122
XREF CWE:125
XREF CWE:126
XREF CWE:190
XREF CWE:200
XREF CWE:284
XREF CWE:416
XREF CWE:532
XREF CWE:591
XREF CWE:681
XREF CWE:693
XREF CWE:707
Plugin Information
Published: 2025/03/11, Modified: 2025/09/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5053594

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.7870
234044 - KB5055521: Windows 10 Version 1607 / Windows Server 2016 Security Update (April 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5055521. It is, therefore, affected by multiple vulnerabilities

- Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network. (CVE-2025-26687)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2025-27481)
- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. (CVE-2025-27740)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5055521
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.2827
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2025-21174
CVE CVE-2025-21191
CVE CVE-2025-21197
CVE CVE-2025-21203
CVE CVE-2025-21204
CVE CVE-2025-21205
CVE CVE-2025-21221
CVE CVE-2025-21222
CVE CVE-2025-24073
CVE CVE-2025-26637
CVE CVE-2025-26641
CVE CVE-2025-26647
CVE CVE-2025-26648
CVE CVE-2025-26652
CVE CVE-2025-26663
CVE CVE-2025-26664
CVE CVE-2025-26665
CVE CVE-2025-26667
CVE CVE-2025-26668
CVE CVE-2025-26669
CVE CVE-2025-26670
CVE CVE-2025-26671
CVE CVE-2025-26672
CVE CVE-2025-26673
CVE CVE-2025-26676
CVE CVE-2025-26679
CVE CVE-2025-26680
CVE CVE-2025-26686
CVE CVE-2025-26687
CVE CVE-2025-26688
CVE CVE-2025-27469
CVE CVE-2025-27470
CVE CVE-2025-27471
CVE CVE-2025-27473
CVE CVE-2025-27474
CVE CVE-2025-27477
CVE CVE-2025-27478
CVE CVE-2025-27479
CVE CVE-2025-27480
CVE CVE-2025-27481
CVE CVE-2025-27482
CVE CVE-2025-27483
CVE CVE-2025-27484
CVE CVE-2025-27485
CVE CVE-2025-27486
CVE CVE-2025-27487
CVE CVE-2025-27491
CVE CVE-2025-27727
CVE CVE-2025-27732
CVE CVE-2025-27733
CVE CVE-2025-27735
CVE CVE-2025-27736
CVE CVE-2025-27737
CVE CVE-2025-27738
CVE CVE-2025-27740
CVE CVE-2025-27741
CVE CVE-2025-27742
CVE CVE-2025-29809
CVE CVE-2025-29810
CVE CVE-2025-29824
MSKB 5055521
XREF CISA-KNOWN-EXPLOITED:2025/04/29
XREF MSFT:MS25-5055521
XREF IAVA:2025-A-0256-S
XREF IAVA:2025-A-0255-S
XREF CWE:20
XREF CWE:59
XREF CWE:121
XREF CWE:122
XREF CWE:125
XREF CWE:126
XREF CWE:200
XREF CWE:284
XREF CWE:345
XREF CWE:367
XREF CWE:400
XREF CWE:410
XREF CWE:416
XREF CWE:591
XREF CWE:667
XREF CWE:693
XREF CWE:787
XREF CWE:908
XREF CWE:922
XREF CWE:1390
Plugin Information
Published: 2025/04/08, Modified: 2025/09/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5055521

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.7962
235842 - KB5058383: Windows 10 Version 1607 / Windows Server 2016 Security Update (May 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5058383. It is, therefore, affected by multiple vulnerabilities

- Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. (CVE-2025-29967)

- Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. (CVE-2025-29830, CVE-2025-29958, CVE-2025-29959)

- Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. (CVE-2025-29832, CVE-2025-29835, CVE-2025-29836, CVE-2025-29960, CVE-2025-29961)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5058383
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
8.1
EPSS Score
0.2127
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2025-24063
CVE CVE-2025-26677
CVE CVE-2025-27468
CVE CVE-2025-29829
CVE CVE-2025-29830
CVE CVE-2025-29831
CVE CVE-2025-29832
CVE CVE-2025-29833
CVE CVE-2025-29835
CVE CVE-2025-29836
CVE CVE-2025-29837
CVE CVE-2025-29839
CVE CVE-2025-29840
CVE CVE-2025-29842
CVE CVE-2025-29954
CVE CVE-2025-29956
CVE CVE-2025-29957
CVE CVE-2025-29958
CVE CVE-2025-29959
CVE CVE-2025-29960
CVE CVE-2025-29961
CVE CVE-2025-29962
CVE CVE-2025-29966
CVE CVE-2025-29967
CVE CVE-2025-29968
CVE CVE-2025-29969
CVE CVE-2025-29974
CVE CVE-2025-30385
CVE CVE-2025-30388
CVE CVE-2025-30394
CVE CVE-2025-30397
CVE CVE-2025-32701
CVE CVE-2025-32706
CVE CVE-2025-32707
CVE CVE-2025-32709
CVE CVE-2025-32710
CVE CVE-2025-55229
MSKB 5058383
XREF MSFT:MS25-5058383
XREF CISA-KNOWN-EXPLOITED:2025/06/03
XREF IAVA:2025-A-0631-S
XREF IAVA:2025-A-0335-S
XREF IAVA:2025-A-0334-S
XREF CWE:20
XREF CWE:59
XREF CWE:121
XREF CWE:122
XREF CWE:125
XREF CWE:126
XREF CWE:191
XREF CWE:269
XREF CWE:345
XREF CWE:347
XREF CWE:349
XREF CWE:362
XREF CWE:367
XREF CWE:400
XREF CWE:416
XREF CWE:476
XREF CWE:591
XREF CWE:770
XREF CWE:787
XREF CWE:843
XREF CWE:908
Plugin Information
Published: 2025/05/13, Modified: 2025/10/29
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5058383

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.8062
238092 - KB5061010: Windows 10 Version 1607 / Windows Server 2016 Security Update (June 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5061010. It is, therefore, affected by multiple vulnerabilities

- Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. (CVE-2025-33066)

- Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
(CVE-2025-33073)

- Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
(CVE-2025-32712)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5061010
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.7
EPSS Score
0.5119
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2025-3052
CVE CVE-2025-24065
CVE CVE-2025-24068
CVE CVE-2025-24069
CVE CVE-2025-32712
CVE CVE-2025-32713
CVE CVE-2025-32714
CVE CVE-2025-32715
CVE CVE-2025-32716
CVE CVE-2025-32718
CVE CVE-2025-32719
CVE CVE-2025-32720
CVE CVE-2025-32721
CVE CVE-2025-32722
CVE CVE-2025-32724
CVE CVE-2025-32725
CVE CVE-2025-33050
CVE CVE-2025-33053
CVE CVE-2025-33055
CVE CVE-2025-33056
CVE CVE-2025-33057
CVE CVE-2025-33058
CVE CVE-2025-33059
CVE CVE-2025-33060
CVE CVE-2025-33061
CVE CVE-2025-33062
CVE CVE-2025-33064
CVE CVE-2025-33065
CVE CVE-2025-33066
CVE CVE-2025-33067
CVE CVE-2025-33068
CVE CVE-2025-33070
CVE CVE-2025-33071
CVE CVE-2025-33073
CVE CVE-2025-33075
CVE CVE-2025-47160
MSKB 5061010
XREF MSFT:MS25-5061010
XREF IAVA:2025-A-0428-S
XREF IAVA:2025-A-0417-S
XREF CISA-KNOWN-EXPLOITED:2025/11/10
XREF CISA-KNOWN-EXPLOITED:2025/07/01
XREF CWE:59
XREF CWE:73
XREF CWE:122
XREF CWE:125
XREF CWE:126
XREF CWE:190
XREF CWE:269
XREF CWE:284
XREF CWE:400
XREF CWE:416
XREF CWE:476
XREF CWE:693
XREF CWE:908
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2025/06/10, Modified: 2025/10/21
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5061010

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.8146
241559 - KB5062560: Windows 10 Version 1607 / Windows Server 2016 Security Update (July 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5062560. It is, therefore, affected by multiple vulnerabilities

- Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.
(CVE-2025-49659)

- Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally. (CVE-2025-48799)

- Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally. (CVE-2025-48820)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5062560
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
8.1
EPSS Score
0.0055
CVSS v2.0 Base Score
6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2025-36350
CVE CVE-2025-36357
CVE CVE-2025-47159
CVE CVE-2025-47971
CVE CVE-2025-47972
CVE CVE-2025-47973
CVE CVE-2025-47975
CVE CVE-2025-47976
CVE CVE-2025-47980
CVE CVE-2025-47981
CVE CVE-2025-47982
CVE CVE-2025-47984
CVE CVE-2025-47985
CVE CVE-2025-47986
CVE CVE-2025-47987
CVE CVE-2025-47991
CVE CVE-2025-47996
CVE CVE-2025-47998
CVE CVE-2025-47999
CVE CVE-2025-48000
CVE CVE-2025-48001
CVE CVE-2025-48799
CVE CVE-2025-48800
CVE CVE-2025-48803
CVE CVE-2025-48804
CVE CVE-2025-48805
CVE CVE-2025-48806
CVE CVE-2025-48808
CVE CVE-2025-48811
CVE CVE-2025-48814
CVE CVE-2025-48815
CVE CVE-2025-48816
CVE CVE-2025-48817
CVE CVE-2025-48818
CVE CVE-2025-48819
CVE CVE-2025-48820
CVE CVE-2025-48821
CVE CVE-2025-48822
CVE CVE-2025-48823
CVE CVE-2025-48824
CVE CVE-2025-49657
CVE CVE-2025-49658
CVE CVE-2025-49659
CVE CVE-2025-49660
CVE CVE-2025-49661
CVE CVE-2025-49663
CVE CVE-2025-49664
CVE CVE-2025-49665
CVE CVE-2025-49666
CVE CVE-2025-49667
CVE CVE-2025-49668
CVE CVE-2025-49669
CVE CVE-2025-49670
CVE CVE-2025-49671
CVE CVE-2025-49672
CVE CVE-2025-49673
CVE CVE-2025-49674
CVE CVE-2025-49675
CVE CVE-2025-49676
CVE CVE-2025-49678
CVE CVE-2025-49679
CVE CVE-2025-49680
CVE CVE-2025-49681
CVE CVE-2025-49683
CVE CVE-2025-49684
CVE CVE-2025-49686
CVE CVE-2025-49687
CVE CVE-2025-49688
CVE CVE-2025-49689
CVE CVE-2025-49691
CVE CVE-2025-49716
CVE CVE-2025-49721
CVE CVE-2025-49722
CVE CVE-2025-49725
CVE CVE-2025-49726
CVE CVE-2025-49727
CVE CVE-2025-49729
CVE CVE-2025-49730
CVE CVE-2025-49732
CVE CVE-2025-49740
CVE CVE-2025-49742
CVE CVE-2025-49744
CVE CVE-2025-49753
CVE CVE-2025-49760
CVE CVE-2025-55230
CVE CVE-2025-55231
MSKB 5062560
XREF MSFT:MS25-5062560
XREF IAVA:2025-A-0507-S
XREF IAVA:2025-A-0506-S
XREF IAVA:2025-A-0631-S
XREF CWE:20
XREF CWE:23
XREF CWE:59
XREF CWE:73
XREF CWE:122
XREF CWE:125
XREF CWE:126
XREF CWE:190
XREF CWE:191
XREF CWE:197
XREF CWE:200
XREF CWE:284
XREF CWE:306
XREF CWE:326
XREF CWE:349
XREF CWE:353
XREF CWE:362
XREF CWE:367
XREF CWE:400
XREF CWE:415
XREF CWE:416
XREF CWE:476
XREF CWE:591
XREF CWE:693
XREF CWE:787
XREF CWE:820
XREF CWE:822
XREF CWE:843
Plugin Information
Published: 2025/07/08, Modified: 2025/10/29
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5062560

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.8246
261798 - KB5065427: Windows 10 Version 1607 / Windows Server 2016 Security Update (September 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5065427. It is, therefore, affected by multiple vulnerabilities

- SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already supports mechanisms for hardening against relay attacks: SMB Server signing SMB Server Extended Protection for Authentication (EPA) Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks. If you have not already enabled SMB Server hardening measures, we advise customers to take the following actions to be protected from these relay attacks:
Assess your environment by utilizing the audit capabilities that we are exposing in the September 2025 security updates. See Support for Audit Events to deploy SMB Server HardeningSMB Server Signing & SMB Server EPA. Adopt appropriate SMB Server hardening measures. (CVE-2025-55234)

- Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally. (CVE-2025-49734)

- Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. (CVE-2025-53796, CVE-2025-53797, CVE-2025-53798, CVE-2025-53806)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5065427
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
8.1
EPSS Score
0.0073
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2025/09/09, Modified: 2025/10/29
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5065427

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.8422
277997 - KB5071543: Windows 10 Version 1607 / Windows Server 2016 Security Update (December 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5071543. It is, therefore, affected by multiple vulnerabilities

- Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. (CVE-2025-62549)

- Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. (CVE-2025-62458)

- Null pointer dereference in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally. (CVE-2025-62466)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5071543
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
8.1
EPSS Score
0.002
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2025-54100
CVE CVE-2025-59517
CVE CVE-2025-62455
CVE CVE-2025-62458
CVE CVE-2025-62466
CVE CVE-2025-62470
CVE CVE-2025-62472
CVE CVE-2025-62473
CVE CVE-2025-62474
CVE CVE-2025-62549
CVE CVE-2025-62565
CVE CVE-2025-62567
CVE CVE-2025-62571
CVE CVE-2025-62573
CVE CVE-2025-64661
MSKB 5071543
XREF MSFT:MS25-5071543
XREF IAVA:2025-A-0916
XREF IAVA:2025-A-0917
Plugin Information
Published: 2025/12/09, Modified: 2025/12/12
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5071543

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.8688
69828 - MS13-068: Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2756473)
-
Synopsis
The version of Microsoft Office installed on the remote Windows is affected by a code execution vulnerability.
Description
The Outlook component of Microsoft Office is affected by a remote code execution vulnerability due to a flaw in how Outlook parses S/MIME messages. It is possible for a remote attacker to execute arbitrary code if a user opens or previews a specially crafted email in an affected version of Outlook.
See Also
Solution
Microsoft has released a set of patches for Office 2007 and 2010.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.3672
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 62188
CVE CVE-2013-3870
MSKB 2825999
MSKB 2794707
XREF MSFT:MS13-068
Plugin Information
Published: 2013/09/11, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2794707
- C:\Program Files (x86)\Microsoft Office\Office14\\Outlook.exe has not been patched.
Remote version : 14.0.7012.1000
Should be : 14.0.7105.5000
69832 - MS13-072: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537)
-
Synopsis
The Microsoft Office component installed on the remote host is affected by multiple remote code execution vulnerabilities.
Description
The remote Windows host is running a version of Microsoft Office, Microsoft Word, Office Compatibility Pack, or Microsoft Word Viewer that is affected by the following remote code execution vulnerabilities :

- A remote code execution vulnerability exists due to the way the XML parser used by Word resolves external entities. (CVE-2013-3160)

- Remote code execution vulnerabilities exist due to memory corruption issues in the way that Microsoft Office parses files.
(CVE-2013-3847, CVE-2013-3848, CVE-2013-3849, CVE-2013-3850, CVE-2013-3851, CVE-2013-3852, CVE-2013-3853, CVE-2013-3854, CVE-2013-3855, CVE-2013-3856, CVE-2013-3857, CVE-2013-3858)

If an attacker can trick a user on the affected host into opening a specially crafted file, it may be possible to leverage these issues to read arbitrary files on the target system or execute arbitrary code, subject to the user's privileges.
See Also
Solution
Microsoft has released a set of patches for Office 2003, 2007, 2010, Office Compatibility Pack, and Microsoft Word Viewer.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.6689
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 62162
BID 62165
BID 62168
BID 62169
BID 62170
BID 62171
BID 62216
BID 62217
BID 62220
BID 62222
BID 62223
BID 62224
BID 62226
CVE CVE-2013-3160
CVE CVE-2013-3847
CVE CVE-2013-3848
CVE CVE-2013-3849
CVE CVE-2013-3850
CVE CVE-2013-3851
CVE CVE-2013-3852
CVE CVE-2013-3853
CVE CVE-2013-3854
CVE CVE-2013-3855
CVE CVE-2013-3856
CVE CVE-2013-3857
CVE CVE-2013-3858
MSKB 2597973
MSKB 2760411
MSKB 2760769
MSKB 2760823
MSKB 2767773
MSKB 2767913
MSKB 2817474
MSKB 2817682
MSKB 2817683
MSKB 2845537
XREF MSFT:MS13-072
XREF IAVA:2013-A-0178-S
Plugin Information
Published: 2013/09/11, Modified: 2023/02/16
Plugin Output

tcp/445/cifs



Product : Word 2010
File : C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe
Installed version : 14.0.7015.1000
Fixed version : 14.0.7106.5001

Product : Microsoft Office 2010
File : C:\Program Files (x86)\Microsoft Office\Office14\\Wwlib.dll
Installed version :
Fixed version : 14.0.7106.5001
69833 - MS13-073: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2858300))
-
Synopsis
It is possible to execute arbitrary code on the remote host through Microsoft Excel.
Description
The remote Windows host is running a version of Microsoft Excel that is affected by the following vulnerabilities :

- Two memory corruption vulnerabilities exist due to the way the application handles objects in memory when parsing Office files. (CVE-2013-1315 / CVE-2013-3158)

- An information disclosure vulnerability exists due to the way the application parses XML files containing external entities. (CVE-2013-3159)

If an attacker can trick a user on the affected host into opening a specially crafted Excel file, it may be possible to leverage these issues to read arbitrary files on the target system or execute arbitrary code, subject to the user's privileges.
See Also
Solution
Microsoft has released a set of patches for Excel 2003, 2007, 2010, 2013, Excel Viewer, and Office Compatibility Pack.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.7368
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 62167
BID 62219
BID 62225
CVE CVE-2013-1315
CVE CVE-2013-3158
CVE CVE-2013-3159
MSKB 2858300
MSKB 2760583
MSKB 2760588
MSKB 2760590
MSKB 2760597
MSKB 2768017
MSKB 2810048
XREF MSFT:MS13-073
Plugin Information
Published: 2013/09/11, Modified: 2019/12/13
Plugin Output

tcp/445/cifs



Product : Excel 2010
File : C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
Installed version : 14.0.7015.1000
Fixed version : 14.0.7104.5000
70337 - MS13-085: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080)
-
Synopsis
The Microsoft Office component installed on the remote host is affected by multiple remote code execution vulnerabilities.
Description
The remote Windows host is running a version of Microsoft Office, Microsoft Excel, Office Compatibility Pack, or Microsoft Excel Viewer that is affected by remote code execution vulnerabilities in the way that Microsoft Excel parses file contents. (CVE-2013-3889, CVE-2013-3890).

If an attacker can trick a user on the affected host into opening a specially crafted file, it may be possible to leverage these issues to read arbitrary files on the target system or execute arbitrary code, subject to the user's privileges.
See Also
Solution
Microsoft has released a set of patches for Excel 2007, Excel 2010, Excel 2013, Office 2007, Office 2010, Office 2013, Excel Viewer, and Office Compatibility Pack.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.6499
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 62824
BID 62829
CVE CVE-2013-3889
CVE CVE-2013-3890
MSKB 2760585
MSKB 2760591
MSKB 2817623
MSKB 2826023
MSKB 2826033
MSKB 2826035
MSKB 2827238
MSKB 2827324
MSKB 2827326
MSKB 2827328
MSKB 2885080
XREF MSFT:MS13-085
Plugin Information
Published: 2013/10/09, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



Product : Excel 2010
File : C:\Program Files (x86)\Microsoft Office\Office14
Installed version : 14.0.7015.1000
Fixed version : 14.0.7109.5000

Product : Microsoft Office 2010
File : C:\Program Files (x86)\Microsoft Office\Office14\Oart.dll
Installed version : 14.0.7015.1000
Fixed version : 14.0.7108.5000

Product : Microsoft Office 2010
File : C:\Program Files (x86)\Microsoft Office\Office14\Oartconv.dll
Installed version : 14.0.7015.1000
Fixed version : 14.0.7108.5000
71941 - MS14-001: Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605)
-
Synopsis
The remote host is affected by multiple memory corruption vulnerabilities.
Description
The remote Windows host has a version of Microsoft Office, Microsoft Word, Office Compatibility Pack, Microsoft Word Viewer, SharePoint Server, or Microsoft Office Web Apps that is affected by one or more unspecified memory corruption vulnerabilities. By tricking a user into opening a specially crafted file, it may be possible for a remote attacker to take complete control of the system or execute arbitrary code.
See Also
Solution
Microsoft has released a set of patches for Office 2003, 2007, 2010, Office Compatibility Pack, Microsoft Word Viewer, SharePoint Server, and Office Web Apps.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.3724
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 64726
BID 64727
BID 64728
CVE CVE-2014-0258
CVE CVE-2014-0259
CVE CVE-2014-0260
MSKB 2827224
MSKB 2837577
MSKB 2837596
MSKB 2837615
MSKB 2837617
MSKB 2837625
MSKB 2863834
MSKB 2863866
MSKB 2863867
MSKB 2863879
MSKB 2863901
MSKB 2863902
XREF MSFT:MS14-001
XREF IAVA:2014-A-0006-S
Plugin Information
Published: 2014/01/14, Modified: 2023/02/16
Plugin Output

tcp/445/cifs



Product : Word 2010
File : C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe
Installed version : 14.0.7015.1000
Fixed version : 14.0.7113.5001

Product : Microsoft Office 2010
File : C:\Program Files (x86)\Microsoft Office\Office14\\Wwlib.dll
Installed version :
Fixed version : 14.0.7113.5001
73413 - MS14-017: Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2949660)
-
Synopsis
The remote host is affected by multiple memory corruption vulnerabilities.
Description
The remote Windows host has a version of Microsoft Office, Microsoft Word, Office Compatibility Pack, Microsoft Word Viewer, SharePoint Server, or Microsoft Office Web Apps that is affected by one or more unspecified memory corruption vulnerabilities. By tricking a user into opening a specially crafted file, it may be possible for a remote attacker to take complete control of the system or execute arbitrary code.
See Also
Solution
Microsoft has released a set of patches for Office 2003, 2007, 2010, 2013, Office Compatibility Pack, Microsoft Word Viewer, SharePoint Server, and Office Web Apps.
Risk Factor
High
VPR Score
9.6
EPSS Score
0.9313
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 66385
BID 66614
BID 66629
CVE CVE-2014-1757
CVE CVE-2014-1758
CVE CVE-2014-1761
MSKB 2863910
MSKB 2878220
MSKB 2878221
MSKB 2878236
MSKB 2878237
MSKB 2863907
MSKB 2878303
MSKB 2878304
MSKB 2878219
MSKB 2863919
MSKB 2863926
XREF CERT:882841
XREF IAVA:2014-A-0049-S
XREF MSFT:MS14-017
XREF CISA-KNOWN-EXPLOITED:2022/08/15
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2014/04/08, Modified: 2023/02/16
Plugin Output

tcp/445/cifs



Product : Word 2010
File : C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe
Installed version : 14.0.7015.1000
Fixed version : 14.0.7121.5004

Product : Microsoft Office 2010
File : C:\Program Files (x86)\Microsoft Office\Office14\\Wwlib.dll
Installed version :
Fixed version : 14.0.7121.5004
78437 - MS14-061: Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434)
-
Synopsis
The remote host is affected by a remote code execution vulnerability.
Description
The remote Windows host has a version of Microsoft Office, Microsoft Word, Office Compatibility Pack, SharePoint Server, or Microsoft Office Web Apps that is affected by remote code execution vulnerability due to a flaw in parsing Word documents. This vulnerability can be triggered by tricking a user into opening a specially crafted Word document.
See Also
Solution
Microsoft has released a set of patches for Office 2007, 2010, Office Compatibility Pack, SharePoint Server, and Office Web Apps.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.3203
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 70360
CVE CVE-2014-4117
MSKB 2883031
MSKB 2883032
MSKB 2883008
MSKB 2883013
MSKB 2883098
MSKB 2889827
XREF MSFT:MS14-061
Plugin Information
Published: 2014/10/15, Modified: 2018/07/30
Plugin Output

tcp/445/cifs



Product : Word 2010
File : C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe
Installed version : 14.0.7015.1000
Fixed version : 14.0.7134.5000

Product : Microsoft Office 2010
File : C:\Program Files (x86)\Microsoft Office\Office14\\Wwlib.dll
Installed version : 14.0.7015.1000
Fixed version : 14.0.7134.5000
79830 - MS14-081: Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3017301)
-
Synopsis
The remote host is affected by multiple remote code execution vulnerabilities.
Description
The remote Windows host has a version of Microsoft Office, Microsoft Word, Office Compatibility Pack, Microsoft Word Viewer, SharePoint Server, or Microsoft Office Web Apps that is affected by one or more remote code execution vulnerabilities due to Microsoft Word improperly handling objects in memory. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted Office file, resulting in execution of arbitrary code in the context of the current user.
See Also
Solution
Microsoft has released a set of patches for Office 2007, 2010, 2013, Office Compatibility Pack, Microsoft Word Viewer, SharePoint Server, and Office Web Apps.
Risk Factor
High
VPR Score
7.4
EPSS Score
0.5785
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 71469
BID 71470
CVE CVE-2014-6356
CVE CVE-2014-6357
MSKB 2920793
MSKB 2899518
MSKB 2899519
MSKB 2910916
MSKB 2920729
MSKB 2920792
MSKB 2899581
MSKB 2883050
MSKB 2910892
MSKB 2889851
XREF MSFT:MS14-081
XREF IAVA:2014-A-0190-S
Plugin Information
Published: 2014/12/09, Modified: 2023/02/16
Plugin Output

tcp/445/cifs



Product : Word 2010
File : C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe
Installed version : 14.0.7015.1000
Fixed version : 14.0.7140.5000

Product : Microsoft Office 2010
File : C:\Program Files (x86)\Microsoft Office\Office14\\Wwlib.dll
Installed version : 14.0.7015.1000
Fixed version : 14.0.7140.5000
79831 - MS14-082: Vulnerability in Microsoft Office Could Allow Remote Code Execution (3017349)
-
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.
Description
The remote Windows host is running a version of Microsoft Office that is affected by a remote code execution vulnerability due to a use-after-free memory issue caused by Microsoft Word not properly handling objects in memory. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted Office file, resulting in execution of arbitrary code in the context of the current user.
See Also
Solution
Microsoft has released a set of patches for Microsoft Office 2007, 2010, and 2013.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.3174
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 71474
CVE CVE-2014-6364
MSKB 2596927
MSKB 2553154
MSKB 2726958
XREF MSFT:MS14-082
XREF IAVA:2014-A-0187
Plugin Information
Published: 2014/12/09, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2553154
- C:\Windows\SysWOW64\FM20.DLL has not been patched.
Remote version : 14.0.6009.1000
Should be : 14.0.7140.5001
79832 - MS14-083: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (3017347)
-
Synopsis
The Microsoft Office component installed on the remote host is affected by multiple remote code execution vulnerabilities.
Description
The remote Windows host has a version of Microsoft Excel or Office Compatibility Pack that is affected by multiple remote code execution vulnerabilities due to Microsoft Excel improperly handling objects in memory. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted Office file, resulting in execution of arbitrary code in the context of the current user.
See Also
Solution
Microsoft has released a set of patches for Excel 2007, Excel 2010, Excel 2013, and Office Compatibility Pack.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.2273
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 71500
BID 71501
CVE CVE-2014-6360
CVE CVE-2014-6361
MSKB 2910902
MSKB 2910929
MSKB 2920790
MSKB 2920791
MSKB 2984942
XREF MSFT:MS14-083
Plugin Information
Published: 2014/12/09, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



Product : Excel 2010
File : C:\Program Files (x86)\Microsoft Office\Office14
Installed version : 14.0.7015.1000
Fixed version : 14.0.7140.5000
81265 - MS15-012: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3032328)
-
Synopsis
The remote host is affected by multiple remote code execution vulnerabilities.
Description
The remote Windows host has a version of Microsoft Office, Office Compatibility Pack, Microsoft Word Viewer, Microsoft Excel Viewer, SharePoint Server, or Microsoft Office Web Apps that is affected by one or more remote code execution vulnerabilities due to Microsoft Word and Microsoft Excel improperly handling objects in memory. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted Office file, resulting in execution of arbitrary code in the context of the current user.
See Also
Solution
Microsoft has released a set of patches for Office 2007, 2010, 2013, Office Compatibility Pack, Microsoft Word Viewer, Microsoft Excel Viewer, SharePoint Server, and Office Web Apps.
Risk Factor
High
VPR Score
9.0
EPSS Score
0.7122
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 72460
BID 72463
BID 72465
CVE CVE-2015-0063
CVE CVE-2015-0064
CVE CVE-2015-0065
MSKB 2920788
MSKB 2956099
MSKB 2956073
MSKB 2956058
MSKB 2956081
MSKB 2956066
MSKB 2920753
MSKB 2956092
MSKB 2920791
MSKB 2956097
MSKB 2956098
MSKB 2920810
MSKB 2956070
XREF MSFT:MS15-012
XREF IAVA:2015-A-0037-S
Plugin Information
Published: 2015/02/10, Modified: 2023/02/16
Plugin Output

tcp/445/cifs



Product : Excel 2010
File : C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
Installed version : 14.0.7015.1000
Fixed version : 14.0.7143.5000

Product : Word 2010
File : C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe
Installed version : 14.0.7015.1000
Fixed version : 14.0.7143.5000

Product : Microsoft Office 2010
File : C:\Program Files (x86)\Microsoft Office\Office14\\Wwlib.dll
Installed version : 14.0.7015.1000
Fixed version : 14.0.7143.5000
81757 - MS15-022: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3038999)
-
Synopsis
The remote host is affected by multiple remote code execution vulnerabilities.
Description
The remote Windows host has a version of Microsoft Office, Office Compatibility Pack, Microsoft Word Viewer, Microsoft Excel Viewer, SharePoint Server, or Microsoft Office Web Apps that is affected by multiple vulnerabilities :

- Multiple remote code execution vulnerabilities exist due to incorrectly handling objects and rich text format files in memory. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file using the affected software, resulting in execution of arbitrary code in the context of the current user. (CVE-2015-0085, CVE-2015-0086, CVE-2015-0097)

- Multiple cross-site scripting vulnerabilities exist due to improperly sanitized requests to affected SharePoint servers. An authenticated attacker, via a specially crafted request, can exploit these vulnerabilities to execute script code in the security context of the current user. (CVE-2015-1633, CVE-2015-1636)
See Also
Solution
Microsoft has released a set of patches for Office 2007, 2010, 2013, Office Compatibility Pack, Microsoft Word Viewer, Microsoft Excel Viewer, SharePoint Server, and Office Web Apps.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.7933
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 72899
BID 72911
BID 72917
BID 72919
BID 72922
CVE CVE-2015-0085
CVE CVE-2015-0086
CVE CVE-2015-0097
CVE CVE-2015-1633
CVE CVE-2015-1636
MSKB 2984939
MSKB 2956103
MSKB 2899580
MSKB 2956109
MSKB 2956076
MSKB 2956138
MSKB 2883100
MSKB 2889839
MSKB 2956142
MSKB 2920812
MSKB 2956139
MSKB 2956151
MSKB 2956163
MSKB 2956188
MSKB 2956189
MSKB 2956107
MSKB 2956106
MSKB 2956136
MSKB 2956143
MSKB 2920731
MSKB 2956069
MSKB 2956158
MSKB 2881068
MSKB 2956208
MSKB 2956175
MSKB 2956183
MSKB 2760508
MSKB 2956180
MSKB 2956153
MSKB 2760554
MSKB 2880473
MSKB 2737989
MSKB 2881078
MSKB 2956181
MSKB 2760361
XREF MSFT:MS15-022
XREF IAVA:2015-A-0052-S
Plugin Information
Published: 2015/03/11, Modified: 2023/02/16
Plugin Output

tcp/445/cifs



Product : Excel 2010
File : C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
Installed version : 14.0.7015.1000
Fixed version : 14.0.7145.5001

Product : PowerPoint 2010
File : C:\Program Files (x86)\Microsoft Office\Office14\ppcore.dll
Installed version : 14.0.7015.1000
Fixed version : 14.0.7145.5001

Product : Word 2010
File : C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe
Installed version : 14.0.7015.1000
Fixed version : 14.0.7145.5001

Product : Microsoft Office 2010
File : C:\Program Files (x86)\Microsoft Office\Office14\\Wwlib.dll
Installed version : 14.0.7015.1000
Fixed version : 14.0.7145.5000
82769 - MS15-033: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3048019)
-
Synopsis
The remote host is affected by multiple remote code execution vulnerabilities.
Description
The remote Windows host has a version of Microsoft Office, Office Compatibility Pack, Microsoft Word, Microsoft Word Viewer, SharePoint Server, or Microsoft Office Web Apps installed that is affected by multiple remote code execution vulnerabilities :

- A remote code execution vulnerability exists due to improper handling rich text format files in memory. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted file using the affected software, resulting in execution of arbitrary code in the context of the current user.
(CVE-2015-1641)

- Multiple use-after-free errors exist due to improper parsing specially crafted Office files. A remote attacker can exploit these errors by convincing a user to open a specially crafted file using the affected software, resulting in execution of arbitrary code in the context of the current user. (CVE-2015-1649, CVE-2015-1650, CVE-2015-1651)
See Also
Solution
Microsoft has released a set of patches for Office 2010, Word 2007, 2010, 2013, Office Compatibility Pack, Microsoft Word Viewer, SharePoint Server, and Office Web Apps.
Risk Factor
High
VPR Score
9.7
EPSS Score
0.9362
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 73991
BID 74007
BID 74011
BID 74012
CVE CVE-2015-1641
CVE CVE-2015-1649
CVE CVE-2015-1650
CVE CVE-2015-1651
MSKB 2965284
MSKB 2965236
MSKB 2553428
MSKB 2965289
MSKB 2965210
MSKB 2553164
MSKB 2965238
MSKB 2965224
MSKB 2965215
MSKB 2965306
XREF MSFT:MS15-033
XREF IAVA:2015-A-0090-S
XREF CISA-KNOWN-EXPLOITED:2022/05/03
Plugin Information
Published: 2015/04/14, Modified: 2023/02/16
Plugin Output

tcp/445/cifs



Product : Word 2010
File : C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe
Installed version : 14.0.7015.1000
Fixed version : 14.0.7147.5000

Product : Microsoft Office 2010
File : C:\Program Files (x86)\Microsoft Office\Office14\\Wwlib.dll
Installed version : 14.0.7015.1000
Fixed version : 14.0.7147.5000
83416 - MS15-046: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3057181)
-
Synopsis
The remote host is affected by multiple remote code execution vulnerabilities.
Description
The remote Windows host has a version of Microsoft Office, Microsoft Word, Microsoft Excel, Microsoft PowerPoint, SharePoint Server, SharePoint Foundation Server, or Microsoft Office Web Apps installed that is affected by multiple remote code execution vulnerabilities due to improper handling of objects in memory. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file, resulting in execution of arbitrary code in the context of the current user.
See Also
Solution
Microsoft has released a set of patches for Office 2007, Office 2010, Office 2013, Word 2010, Word 2013, Excel 2010, Excel 2013, PowerPoint 2010, PowerPoint 2013, PowerPoint Viewer, SharePoint Server Foundation 2010, SharePoint Server 2013, and Office Web Apps.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.3755
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 74481
BID 74484
CVE CVE-2015-1682
CVE CVE-2015-1683
MSKB 2975808
MSKB 2986216
MSKB 2975816
MSKB 2965307
MSKB 3023055
MSKB 3039725
MSKB 3039748
MSKB 3039736
MSKB 3054833
MSKB 3054834
MSKB 3054835
MSKB 3054838
MSKB 3054839
MSKB 3054840
MSKB 3054841
MSKB 3054842
MSKB 3054843
MSKB 3054845
MSKB 3054847
MSKB 3054848
MSKB 3085544
XREF MSFT:MS15-046
XREF IAVA:2015-A-0103-S
Plugin Information
Published: 2015/05/13, Modified: 2023/02/16
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010
KB : 3054841
- C:\Program Files (x86)\Microsoft Office\Office14\Wwlib.dll has not been patched.
Remote version : 14.0.7015.1000
Should be : 14.0.7151.5001

Product : Microsoft Office 2010
KB : 3054834
- C:\Program Files (x86)\Microsoft Office\Office14\Oart.dll has not been patched.
Remote version : 14.0.7015.1000
Should be : 14.0.7151.5001

Product : Microsoft Office 2010
KB : 3054848
- C:\Program Files (x86)\Microsoft Office\Office14\Oartconv.dll has not been patched.
Remote version : 14.0.7015.1000
Should be : 14.0.7151.5001

Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7151.5001

Product : PowerPoint 2010
- C:\Program Files (x86)\Microsoft Office\Office14\ppcore.dll has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7151.5001

Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7151.5001
84739 - MS15-070: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3072620)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host has a version of Microsoft Office, Microsoft Word, Microsoft Excel, Microsoft PowerPoint, SharePoint Server, or Microsoft Office Compatibility Pack installed that is affected by multiple vulnerabilities :

- An ASLR bypass vulnerability exists in Microsoft Excel due to memory being released in an unintended manner. A remote attacker can exploit this by convincing a user to open a specially crafted Excel (.xls) file, allowing the attacker to more reliably predict the memory offsets of specific instructions in a given call stack. The attacker can then utilize this information to more easily exploit additional vulnerabilities.
(CVE-2015-2375)

- Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2015-2376, CVE-2015-2377, CVE-2015-2379, CVE-2015-2380, CVE-2015-2415, CVE-2015-2424)

- A remote code execution vulnerability exists in Microsoft excel due to improper handling of the loading of dynamic link library (DLL) files. A remote attacker can exploit this vulnerability by placing a specially crafted DLL file in the user's current working directory and then convincing the user to launch a program designed to load the DLL, resulting in the execution of arbitrary code in the context of the current user.
(CVE-2015-2378)
See Also
Solution
Microsoft has released a set of patches for Office 2007. Office 2010, Office 2013, Word 2007, Word 2010, Word 2013, Excel 2007, Excel 2010, Excel 2013, PowerPoint 2007, PowerPoint 2010, PowerPoint 2013, Excel Viewer, Word Viewer, Office Compatibility Pack, SharePoint Server 2007, SharePoint Server 2010, and SharePoint Server 2013.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.7662
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2015-2375
CVE CVE-2015-2376
CVE CVE-2015-2377
CVE CVE-2015-2378
CVE CVE-2015-2379
CVE CVE-2015-2380
CVE CVE-2015-2415
CVE CVE-2015-2424
MSKB 2837612
MSKB 2965208
MSKB 2965209
MSKB 2965281
MSKB 2965283
MSKB 3054861
MSKB 3054949
MSKB 3054958
MSKB 3054963
MSKB 3054968
MSKB 3054971
MSKB 3054973
MSKB 3054981
MSKB 3054990
MSKB 3054996
MSKB 3054999
XREF MSFT:MS15-070
XREF IAVA:2015-A-0163-S
XREF CISA-KNOWN-EXPLOITED:2022/03/24
Plugin Information
Published: 2015/07/14, Modified: 2023/02/16
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010
KB : 3054971
- C:\Program Files (x86)\Microsoft Office\Office14\Wwlib.dll has not been patched.
Remote version : 14.0.7015.1000
Should be : 14.0.7153.5002

Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7153.5000

Product : PowerPoint 2010
- C:\Program Files (x86)\Microsoft Office\Office14\ppcore.dll has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7138.5000

Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7153.5002
85350 - MS15-081: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3080790)
-
Synopsis
The remote Windows host is affected by multiple remote code execution vulnerabilities.
Description
The remote Windows host has a version of Microsoft Office, Word, Word Viewer, Excel, PowerPoint, Visio, SharePoint Server, Microsoft Office Compatibility Pack, Microsoft Word Web Apps, or Microsoft Office Web Apps installed that is affected by multiple remote code execution vulnerabilities :

- Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted Office file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2015-1642, CVE-2015-2467, CVE-2015-2468, CVE-2015-2469, CVE-2015-2477)

- An information disclosure vulnerability exists when files at a medium integrity level become accessible to Internet Explorer running in Enhanced Protection Mode (EPM). An attacker can exploit this vulnerability by leveraging another vulnerability to execute code in IE with EPM, and then executing Excel, Notepad, PowerPoint, Visio, or Word using an unsafe command line parameter.
(CVE-2015-2423)

- A remote code execution vulnerability exists due a failure to properly validate templates. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted template file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2015-2466)

- A remote code execution vulnerability exists when Office decreases an integer value beyond its intended minimum value. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted Office file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2015-2470)
See Also
Solution
Microsoft has released a set of patches for Office 2007, 2010, 2013, 2013 RT, 2016, SharePoint Server 2010, SharePoint Server 2013, Microsoft Office Compatibility Pack, Microsoft Word Web Apps 2010, and Microsoft Office Web Apps 2013.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.7288
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 76200
BID 76202
BID 76204
BID 76206
BID 76212
BID 76214
BID 76217
BID 76219
CVE CVE-2015-1642
CVE CVE-2015-2423
CVE CVE-2015-2466
CVE CVE-2015-2467
CVE CVE-2015-2468
CVE CVE-2015-2469
CVE CVE-2015-2470
CVE CVE-2015-2477
MSKB 2553313
MSKB 2596650
MSKB 2598244
MSKB 2687409
MSKB 2837610
MSKB 2920691
MSKB 2920708
MSKB 2965280
MSKB 2965310
MSKB 2986254
MSKB 3039734
MSKB 3039798
MSKB 3054816
MSKB 3054858
MSKB 3054876
MSKB 3054888
MSKB 3054929
MSKB 3054960
MSKB 3054974
MSKB 3054991
MSKB 3054992
MSKB 3055003
MSKB 3055029
MSKB 3055030
MSKB 3055033
MSKB 3055037
MSKB 3055039
MSKB 3055044
MSKB 3055051
MSKB 3055052
MSKB 3055053
MSKB 3055054
MSKB 3085538
XREF MSFT:MS15-081
XREF IAVA:2015-A-0194-S
XREF CISA-KNOWN-EXPLOITED:2022/03/24
Plugin Information
Published: 2015/08/12, Modified: 2023/02/16
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 2553313
- C:\Program Files (x86)\Microsoft Office\Office14\ieawsdc.dll has not been patched.
Remote version : 14.0.6100.0
Should be : 14.0.6101.0

Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7155.5000

Product : PowerPoint 2010
- C:\Program Files (x86)\Microsoft Office\Office14\ppcore.dll has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7155.5000

Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7155.5001
85879 - MS15-099: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3089664)
-
Synopsis
The remote Windows host is affected by multiple remote code execution vulnerabilities.
Description
The remote Windows host has a version of Microsoft Office, Excel, Excel Viewer, SharePoint Server, Microsoft Office Compatibility Pack, Microsoft Office Web Apps, and/or Microsoft SharePoint Foundation installed that is affected by one or more of the following vulnerabilities :

- Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file in Microsoft Office, resulting in execution of arbitrary code in the context of the current user. (CVE-2015-2520, CVE-2015-2521, CVE-2015-2523)

- A cross-site scripting vulnerability exists in SharePoint due to improper sanitization of user-supplied web requests. A remote attacker can exploit this vulnerability, via a specially crafted web request, to execute arbitrary script code in the context of the current user. (CVE-2015-2522)

- A remote code execution vulnerability exists in Microsoft Office due to improper handling of malformed graphics images. A remote attacker can exploit this vulnerability by convincing a user to open a file or visit a website containing a specially crafted EPS image binary, resulting in execution of arbitrary code in the context of the current user. (CVE-2015-2545)
See Also
Solution
Microsoft has released a set of patches for Office 2007, 2010, 2013, 2013 RT, 2016, SharePoint Server 2013, Microsoft Office Compatibility Pack, and Microsoft Office Web Apps 2013.
Risk Factor
High
VPR Score
9.6
EPSS Score
0.9345
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 76561
BID 76562
BID 76564
BID 76588
BID 76667
CVE CVE-2015-2520
CVE CVE-2015-2521
CVE CVE-2015-2522
CVE CVE-2015-2523
CVE CVE-2015-2545
MSKB 3054813
MSKB 3054932
MSKB 3054965
MSKB 3054987
MSKB 3085635
MSKB 3054993
MSKB 3054995
MSKB 3085483
MSKB 3085487
MSKB 3085501
MSKB 3085502
MSKB 3085526
MSKB 3085543
MSKB 2920693
XREF MSFT:MS15-099
XREF IAVA:2015-A-0214
XREF EDB-ID:38214
XREF EDB-ID:38215
XREF EDB-ID:38216
XREF CISA-KNOWN-EXPLOITED:2022/03/24
Exploitable With
Core Impact (true)
Plugin Information
Published: 2015/09/09, Modified: 2022/03/08
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 3054965
- C:\Program Files (x86)\Common Files\Microsoft Shared\GRPHFLT\epsimp32.flt has not been patched.
Remote version : 2010.1400.7006.1000
Should be : 2010.1400.7162.5001

Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7157.5000
86374 - MS15-110: Security Updates for Microsoft Office to Address Remote Code Execution (3089440)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host has a version of Microsoft Office, Excel, Excel Viewer, SharePoint Server, Microsoft Office Compatibility Pack, or Microsoft Office Web Apps installed that is affected by multiple vulnerabilities :

- Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file, resulting in execution of arbitrary code in the context of the current user. (CVE-2015-2555, CVE-2015-2557, CVE-2015-2558)

- An information disclosure vulnerability exists in the SharePoint InfoPath Forms Services due to improper parsing of document type definitions (DTD) in XML files.
A remote attacker can exploit this, via a crafted XML file, to browse the contents of arbitrary files on a SharePoint server. (CVE-2015-2556)

- A cross-site scripting vulnerability exists in Office Web Apps Server due to improper sanitization of crafted requests before returning it to the user. A remote attacker can exploit this to run arbitrary script code in the user's browser session. (CVE-2015-6037)

- A security feature bypass vulnerability exists in SharePoint due to improper enforcement of permission levels for applications or users. This allows Office Marketplace to inject JavaScript code that will persist in a SharePoint page. A remote attacker can exploit this to conduct a cross-site scripting attack, resulting in execution of arbitrary code in the user's browser session. (CVE-2015-6039)
See Also
Solution
Microsoft has released a set of patches for Office 2007, 2010, 2013, 2013 RT, 2016; SharePoint Server 2007, 2010, 2013; Microsoft Office Compatibility Pack SP3; Microsoft Excel Viewer; and Microsoft Office Web Apps 2010, 2013.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.4303
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 76988
BID 76996
BID 76997
BID 77003
BID 77009
BID 77011
CVE CVE-2015-2555
CVE CVE-2015-2556
CVE CVE-2015-2557
CVE CVE-2015-2558
CVE CVE-2015-6037
CVE CVE-2015-6039
MSKB 2553405
MSKB 2596670
MSKB 2920693
MSKB 3054994
MSKB 3085514
MSKB 3085520
MSKB 3085542
MSKB 3085567
MSKB 3085568
MSKB 3085571
MSKB 3085582
MSKB 3085583
MSKB 3085595
MSKB 3085596
MSKB 3085609
MSKB 3085615
MSKB 3085618
MSKB 3085619
XREF MSFT:MS15-110
Plugin Information
Published: 2015/10/13, Modified: 2018/07/30
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7160.5000
86823 - MS15-116: Security Update for Microsoft Office to Address Remote Code Execution (3104540)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host has a version of Microsoft Office, Access, Excel, InfoPath, OneNote, PowerPoint, Project, Publisher, Visio, Word, Excel Viewer, Word Viewer, SharePoint Server, Office Compatibility Pack, Office Web Apps, Skype for Business, or Lync installed that is affected by multiple vulnerabilities :

- Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted Office file, resulting in execution of arbitrary code in the context of the current user. (CVE-2015-6038, CVE-2015-6091, CVE-2015-6092, CVE-2015-6093, CVE-2015-6094)

- An elevation of privilege vulnerability exists when an attacker instantiates an affected Office application via a COM control. An attacker who successfully exploits this vulnerability can gain elevated privileges and break out of the Internet Explorer sandbox.
(CVE-2015-2503)
See Also
Solution
Microsoft has released a set of patches for Office 2007, 2010, 2013, 2013 RT, 2016; SharePoint Server 2007, 2010, 2013; Office Compatibility Pack, Excel Viewer, Word Viewer, Office Web Apps 2010 and 2013, and Lync 2013 and 2016.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.4348
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
BID 77485
BID 77489
BID 77490
BID 77491
BID 77492
BID 77493
CVE CVE-2015-2503
CVE CVE-2015-6038
CVE CVE-2015-6091
CVE CVE-2015-6092
CVE CVE-2015-6093
CVE CVE-2015-6094
MSKB 2596614
MSKB 2596770
MSKB 2687406
MSKB 2817478
MSKB 2878230
MSKB 2880506
MSKB 2889915
MSKB 2899473
MSKB 2899516
MSKB 2910978
MSKB 2920680
MSKB 2920698
MSKB 2920726
MSKB 2965313
MSKB 3054793
MSKB 3054978
MSKB 3085477
MSKB 3085511
MSKB 3085548
MSKB 3085551
MSKB 3085552
MSKB 3085561
MSKB 3085584
MSKB 3085594
MSKB 3085614
MSKB 3085634
MSKB 3101359
MSKB 3101360
MSKB 3101364
MSKB 3101365
MSKB 3101367
MSKB 3101370
MSKB 3101371
MSKB 3101496
MSKB 3101499
MSKB 3101506
MSKB 3101507
MSKB 3101509
MSKB 3101510
MSKB 3101512
MSKB 3101513
MSKB 3101514
MSKB 3101521
MSKB 3101525
MSKB 3101526
MSKB 3101529
MSKB 3101533
MSKB 3101543
MSKB 3101544
MSKB 3101553
MSKB 3101554
MSKB 3101555
MSKB 3101558
MSKB 3101559
MSKB 3101560
MSKB 3101564
XREF MSFT:MS15-116
XREF IAVA:2015-A-0272-S
Plugin Information
Published: 2015/11/10, Modified: 2023/02/17
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010
KB : 3101529
- C:\Program Files (x86)\Microsoft Office\Office14\Wwlib.dll has not been patched.
Remote version : 14.0.7015.1000
Should be : 14.0.7162.5000

Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7162.5000

Product : OneNote 2010
- C:\Program Files (x86)\Microsoft Office\Office14\OneNote.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7162.5000

Product : PowerPoint 2010
- C:\Program Files (x86)\Microsoft Office\Office14\ppcore.dll has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7162.5000

Product : Publisher 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Mspub.exe has not been patched.
Remote version : 14.0.7011.1000
Fixed version : 14.0.7162.5000

Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7162.5000
87260 - MS15-131: Security Update for Microsoft Office to Address Remote Code Execution (3116111)
-
Synopsis
The remote Windows host is affected by multiple remote code execution vulnerabilities.
Description
The remote Windows host has a version of Microsoft Office, Word, Word Viewer, Excel, Excel Viewer, or Microsoft Office Compatibility Pack installed that is affected by multiple remote code execution vulnerabilities :

- Multiple memory corruption issues exist due to improper handling of objects in memory. A remote attacker can exploit these issues by convincing a user to open a specially crafted file in an affected version of Office, resulting in the execution of arbitrary code in the context of the current user. (CVE-2015-6040, CVE-2015-6118, CVE-2015-6122, CVE-2015-6124, CVE-2015-6177)

- A remote code execution vulnerability exists due to improper parsing of email messages. A remote attacker can exploit this vulnerability by convincing a user to open or preview a specially crafted email message, resulting in the execution of arbitrary code in the context of the current user. (CVE-2015-6172)
See Also
Solution
Microsoft has released a set of patches for Office 2007, 2010, 2013, 2013 RT, 2016, Word, Word Viewer, Excel, Excel Viewer, and Microsoft Office Compatibility Pack.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.3755
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
BID 78543
BID 78546
BID 78547
BID 78548
BID 78549
BID 78550
CVE CVE-2015-6040
CVE CVE-2015-6118
CVE CVE-2015-6122
CVE CVE-2015-6124
CVE CVE-2015-6172
CVE CVE-2015-6177
MSKB 3085528
MSKB 3085549
MSKB 3101532
MSKB 3114342
MSKB 3114382
MSKB 3114403
MSKB 3114415
MSKB 3114422
MSKB 3114425
MSKB 3114431
MSKB 3114433
MSKB 3114457
MSKB 3114458
MSKB 3114479
XREF MSFT:MS15-131
XREF IAVA:2015-A-0300-S
Plugin Information
Published: 2015/12/08, Modified: 2023/02/17
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7164.5000

Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7164.5001
87882 - MS16-004: Security Update for Microsoft Office to Address Remote Code Execution (3124585)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host has a version of Microsoft Office, Word, Word Viewer, Excel, Excel Viewer, PowerPoint, Visio, SharePoint, Visual Basic, or Microsoft Office Compatibility Pack installed that is affected by multiple vulnerabilities :

- Multiple cross-site scripting vulnerabilities exist in Microsoft SharePoint due to improper enforcement of Access Control Policy (ACP) configuration settings. A remote attacker can exploit these vulnerabilities, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2015-6117, CVE-2016-0011)

- Multiple remote code execution vulnerabilities exist in Microsoft Office due to improper handling of objects in memory. An attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file in Microsoft Office, resulting in execution of arbitrary code in the context of the current user. (CVE-2016-0010, CVE-2016-0035)

- An information disclosure vulnerability exists in Microsoft Office due to a failure to use the Address Space Layout Randomization (ASLR) security feature. An attacker can exploit this to predict memory offsets of specific instructions in a call stack. (CVE-2016-0012)
See Also
Solution
Microsoft has released a set of patches for Office 2007, 2010, 2013, 2013 RT, 2016, Word, Word Viewer, Excel, Excel Viewer, PowerPoint, Visio, SharePoint Server 2013, SharePoint Foundation 2013, Microsoft Office Compatibility Pack, and Visual Basic 6.0 Runtime.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.5962
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
BID 80028
BID 80029
BID 80030
BID 80031
BID 80032
CVE CVE-2015-6117
CVE CVE-2016-0010
CVE CVE-2016-0011
CVE CVE-2016-0012
CVE CVE-2016-0035
MSKB 2881067
MSKB 3114541
MSKB 3114540
MSKB 3114429
MSKB 3114421
MSKB 3114549
MSKB 2881029
MSKB 3114553
MSKB 3114554
MSKB 3114564
MSKB 3114396
MSKB 3114402
MSKB 3114557
MSKB 3039794
MSKB 3114486
MSKB 3114504
MSKB 3114482
MSKB 3114489
MSKB 3114494
MSKB 2920727
MSKB 3114527
MSKB 3114520
MSKB 3114518
MSKB 3114511
MSKB 3114526
MSKB 3114546
MSKB 3114547
MSKB 3114569
MSKB 3114503
MSKB 3096896
XREF MSFT:MS16-004
XREF IAVA:2016-A-0011-S
Plugin Information
Published: 2016/01/12, Modified: 2023/02/17
Plugin Output

tcp/445/cifs



Product : PowerPoint 2010 SP2
KB : 3114396
- C:\Program Files (x86)\Microsoft Office\Office14\ppcore.dll has not been patched.
Remote version : 14.0.7015.1000
Should be : 14.0.7165.5000

Product : Microsoft Office 2010 SP2
KB : 2881029
- C:\Windows\SysWOW64\mscomctl.ocx has not been patched.
Remote version : 6.1.98.34
Should be : 6.1.98.46

Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7165.5002

Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7165.5000
88647 - MS16-015: Security Update for Microsoft Office to Address Remote Code Execution (3134226)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host has a version of Microsoft Office, Word, Word Viewer, Excel, Excel Viewer, SharePoint, Microsoft Office Compatibility Pack, or Office Web Apps installed that is affected by multiple vulnerabilities :

- Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file in Microsoft Office, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-0022, CVE-2016-0052, CVE-2016-0053, CVE-2016-0054, CVE-2016-0055, CVE-2015-0056)

- A cross-site scripting vulnerability exists in SharePoint due to improper sanitization of specially crafted web requests. An authenticated, remote attacker can exploit this, via a specially crafted web request, to execute arbitrary script code in a user's browser session. (CVE-2016-0039)
See Also
Solution
Microsoft has released a set of patches for Office 2007, 2010, 2013, 2013 RT, and 2016; Word, Word Viewer, Excel, Excel Viewer; SharePoint Server 2007, 2010, and 2013; SharePoint Foundation 2013, Microsoft Office Compatibility Pack, and Office Web Apps.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.3152
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 82508
BID 82512
BID 82652
BID 82654
BID 82657
BID 82660
BID 82787
CVE CVE-2016-0022
CVE CVE-2016-0039
CVE CVE-2016-0052
CVE CVE-2016-0053
CVE CVE-2016-0054
CVE CVE-2016-0055
CVE CVE-2016-0056
MSKB 3039768
MSKB 3114335
MSKB 3114338
MSKB 3114401
MSKB 3114407
MSKB 3114432
MSKB 3114481
MSKB 3114548
MSKB 3114698
MSKB 3114702
MSKB 3114724
MSKB 3114733
MSKB 3114734
MSKB 3114741
MSKB 3114742
MSKB 3114745
MSKB 3114747
MSKB 3114748
MSKB 3114752
MSKB 3114755
MSKB 3104759
MSKB 3114773
XREF MSFT:MS16-015
XREF IAVA:2016-A-0043-S
Plugin Information
Published: 2016/02/09, Modified: 2023/02/17
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7166.5000

Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7166.5000
89752 - MS16-029: Security Update for Microsoft Office to Address Remote Code Execution (3141806)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host has a version of Microsoft Office, Office Compatibility Pack, Office Web Apps, Microsoft SharePoint, Microsoft Word, or Word Viewer installed that is affected by multiple vulnerabilities :

- Multiple remote code execution vulnerabilities exist in Microsoft Office software due to improper handling of objects in memory. An attacker can exploit these, by convincing a user to open a specially crafted file, to execute arbitrary code in the context of the current user. (CVE-2016-0021, CVE-2016-0134)

- A security feature bypass vulnerability exists in Microsoft Office software due to an improperly signed binary file. An attacker with write access to the target host can exploit this, by overwriting the file with a malicious binary with a similar configuration, to execute arbitrary code. (CVE-2016-0057).
See Also
Solution
Microsoft has released a set of patches for Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft InfoPath 2007, 2010 and 2013; Microsoft Word 2007, 2010, 2013, 2013 RT, and 2016; Word Viewer; SharePoint Server 2010 and 2013; Microsoft Office Compatibility Pack; and Office Web Apps 2010 and 2013.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.4
EPSS Score
0.4852
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 84024
BID 84026
BID 84030
CVE CVE-2016-0021
CVE CVE-2016-0057
CVE CVE-2016-0134
MSKB 2956063
MSKB 2956110
MSKB 3039746
MSKB 3114414
MSKB 3114426
MSKB 3114690
MSKB 3114812
MSKB 3114814
MSKB 3114821
MSKB 3114824
MSKB 3114833
MSKB 3114855
MSKB 3114866
MSKB 3114873
MSKB 3114878
MSKB 3114880
MSKB 3114900
MSKB 3114901
XREF MSFT:MS16-029
XREF IAVA:2016-A-0063-S
Plugin Information
Published: 2016/03/08, Modified: 2023/02/17
Plugin Output

tcp/445/cifs



Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7167.5001
90436 - MS16-042: Security Update for Microsoft Office (3148775)
-
Synopsis
An application installed on the remote Windows host is affected by multiple remote code execution vulnerabilities.
Description
The version of Microsoft Office installed on the remote Windows host is affected by multiple remote code execution vulnerabilities due to improper handling of objects in memory. A remote attacker can exploit these issues by convincing a user to open a specially crafted file in Microsoft Office, resulting in the execution of arbitrary code in the context of the current user.
See Also
Solution
Microsoft has released a set of patches for Microsoft Office 2010;
Microsoft Word 2007, 2010, 2013, and 2013 RT; Microsoft Excel 2007, 2010, 2013, 2013 RT, and 2016; Word Viewer; Excel Viewer; SharePoint Server 2007, 2010, and 2013; Microsoft Office Compatibility Pack; and Office Web Apps 2010 and 2013.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.4064
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 85897
BID 85901
BID 85923
BID 85934
CVE CVE-2016-0122
CVE CVE-2016-0127
CVE CVE-2016-0136
CVE CVE-2016-0139
MSKB 3114871
MSKB 3114888
MSKB 3114892
MSKB 3114895
MSKB 3114897
MSKB 3114898
MSKB 3114927
MSKB 3114934
MSKB 3114937
MSKB 3114947
MSKB 3114964
MSKB 3114982
MSKB 3114983
MSKB 3114987
MSKB 3114988
MSKB 3114990
MSKB 3114993
MSKB 3114994
XREF MSFT:MS16-042
XREF IAVA:2016-A-0090-S
Plugin Information
Published: 2016/04/12, Modified: 2023/02/17
Plugin Output

tcp/445/cifs



Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7168.5000

Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7168.5000
91004 - MS16-054: Security Update for Microsoft Office (3155544)
-
Synopsis
An application installed on the remote Windows host is affected by multiple remote code execution vulnerabilities.
Description
The version of Microsoft Office installed on the remote Windows host is affected by multiple vulnerabilities :

- Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website or open a specially crafted file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-0126, CVE-2016-0140, CVE-2016-0198)

- A remote code execution vulnerability exists in the Windows Font library due to improper handling of embedded fonts. An unauthenticated, remote attacker can exploit this by convincing a user to visit a specially crafted website or open a specially crafted file, resulting in the execution arbitrary code in the context of the current user. (CVE-2016-0183)
See Also
Solution
Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Word 2007, 2010, 2013, 2013 RT, and 2016; Word Viewer; Microsoft Office Compatibility Pack;
Office Web Apps 2010; and Microsoft SharePoint Server 2010.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.4037
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 89938
BID 89953
BID 89962
CVE CVE-2016-0126
CVE CVE-2016-0140
CVE CVE-2016-0183
CVE CVE-2016-0198
MSKB 2984938
MSKB 2984943
MSKB 3115115
MSKB 3115116
MSKB 3115121
MSKB 3054984
MSKB 3101520
MSKB 3115123
MSKB 3115016
MSKB 3115025
MSKB 3115103
MSKB 3115094
MSKB 3115132
MSKB 3115117
MSKB 3115124
XREF MSFT:MS16-054
XREF IAVA:2016-A-0124-S
Plugin Information
Published: 2016/05/10, Modified: 2023/02/17
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 3054984
- C:\Program Files (x86)\Microsoft Office\Office14\oartconv.dll has not been patched.
Remote version : 14.0.7015.1000
Should be : 14.0.7169.5000

Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7169.5000
91611 - MS16-070: Security Update for Microsoft Office (3163610)
-
Synopsis
An application installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities in Microsoft Office :

- Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these by convincing a user to open a specially crafted file or visit a website that hosts such a file, resulting in the execution of arbitrary code in the context of the user.
(CVE-2016-0025, CVE-2016-3233)

- A flaw exists due to improper disclosure of memory contents. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted file, resulting in the disclosure of potentially sensitive information. (CVE-2016-3234)

- A flaw exists due to improper validation of input before loading OLE library files. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code. (CVE-2016-3235)
See Also
Solution
Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Word 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Excel 2007 and 2010; Microsoft Visio 2007, 2010, 2013, and 2016; Visio Viewer 2007 and 2010; Word Viewer;
Microsoft Office Compatibility Pack; Office Web Apps 2010 and 2013;
Microsoft SharePoint Server 2010 and 2013; and Office Online Server.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.8116
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 91089
BID 91091
BID 91095
BID 91096
CVE CVE-2016-0025
CVE CVE-2016-3233
CVE CVE-2016-3234
CVE CVE-2016-3235
MSKB 2596915
MSKB 2999465
MSKB 3114740
MSKB 3114872
MSKB 3115014
MSKB 3115020
MSKB 3115041
MSKB 3115107
MSKB 3115111
MSKB 3115130
MSKB 3115134
MSKB 3115144
MSKB 3115170
MSKB 3115173
MSKB 3115182
MSKB 3115187
MSKB 3115194
MSKB 3115195
MSKB 3115196
MSKB 3115198
MSKB 3115243
MSKB 3115244
XREF MSFT:MS16-070
XREF IAVA:2016-A-0148-S
XREF CISA-KNOWN-EXPLOITED:2022/05/03
Exploitable With
Metasploit (true)
Plugin Information
Published: 2016/06/15, Modified: 2023/04/25
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7170.5000

Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7170.5000
92019 - MS16-088: Security Update for Microsoft Office (3170008)
-
Synopsis
An application installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple remote code execution vulnerabilities exist in Microsoft Office software due to improper handling of objects in memory. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted Office file, resulting in the execution of arbitrary code in the context of the current user.
(CVE-2016-3278, CVE-2016-3280, CVE-2016-3281, CVE-2016-3282, CVE-2016-3283, CVE-2016-3284)

- A remote code execution vulnerability exists in Microsoft Office software due to improper handling of XLA files. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted XLA file in Office, resulting in the execution of arbitrary code in the context of the current user.
(CVE-2016-3279)
See Also
Solution
Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Word 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Excel 2007, 2010, 2013, 2013 RT, and 2016;
Microsoft Outlook 2010, 2013, 2013 RT, and 2016; Microsoft PowerPoint 2010, 2013, and 2013 RT; Excel Viewer; Word Viewer; Microsoft Office Compatibility Pack; Office Web Apps 2010 and 2013; Microsoft SharePoint Server 2010, 2013 and 2016; Microsoft SharePoint Foundation 2010 and 2013; and Office Online Server.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.5459
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 91574
BID 91582
BID 91587
BID 91588
BID 91589
BID 91592
CVE CVE-2016-3278
CVE CVE-2016-3279
CVE CVE-2016-3280
CVE CVE-2016-3281
CVE CVE-2016-3282
CVE CVE-2016-3283
CVE CVE-2016-3284
MSKB 3114890
MSKB 3115114
MSKB 3115118
MSKB 3115246
MSKB 3115254
MSKB 3115259
MSKB 3115262
MSKB 3115272
MSKB 3115279
MSKB 3115285
MSKB 3115289
MSKB 3115292
MSKB 3115294
MSKB 3115299
MSKB 3115301
MSKB 3115306
MSKB 3115308
MSKB 3115309
MSKB 3115311
MSKB 3115312
MSKB 3115315
MSKB 3115317
MSKB 3115318
MSKB 3115322
MSKB 3115386
MSKB 3115393
MSKB 3115395
XREF MSFT:MS16-088
XREF IAVA:2016-A-0176-S
Plugin Information
Published: 2016/07/12, Modified: 2023/02/17
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7171.5000

Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7171.5002

Product : PowerPoint 2010
- C:\Program Files (x86)\Microsoft Office\Office14\ppcore.dll has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7171.5000

Product : Outlook 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe has not been patched.
Remote version : 14.0.7012.1000
Fixed version : 14.0.7169.5000
92839 - MS16-099: Security Update for Microsoft Office (3177451)
-
Synopsis
An application installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The Microsoft Office application installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple memory corruption issues exist in Microsoft Office software due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these issues, by convincing a user to open a specially crafted file, to execute arbitrary code in the context of the current user. (CVE-2016-3313, CVE-2016-3316, CVE-2016-3317, CVE-2016-3318)

- An information disclosure vulnerability exists in Microsoft OneNote due to an unspecified flaw. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted OneNote file, to disclose sensitive memory contents.
(CVE-2016-3315)
See Also
Solution
Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Word 2007, 2010, 2013, 2013 RT, and 2016; Microsoft OneNote 2007, 2010, 2013, 2013 RT, and 2016;
Microsoft Outlook 2007, 2010, 2013, and 2016; and Word Viewer.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.5027
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 92289
BID 92294
BID 92300
BID 92303
BID 92308
CVE CVE-2016-3313
CVE CVE-2016-3315
CVE CVE-2016-3316
CVE CVE-2016-3317
CVE CVE-2016-3318
MSKB 3114340
MSKB 3114400
MSKB 3114442
MSKB 3114456
MSKB 3114869
MSKB 3114885
MSKB 3114893
MSKB 3114981
MSKB 3115256
MSKB 3115415
MSKB 3115419
MSKB 3115427
MSKB 3115439
MSKB 3115440
MSKB 3115449
MSKB 3115452
MSKB 3115465
MSKB 3115468
MSKB 3115471
MSKB 3115474
MSKB 3115479
MSKB 3115480
XREF MSFT:MS16-099
XREF IAVA:2016-A-0203-S
Plugin Information
Published: 2016/08/10, Modified: 2023/02/17
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 3114400
- C:\Program Files (x86)\Common Files\Microsoft Shared\GRPHFLT\epsimp32.flt has not been patched.
Remote version : 2010.1400.7006.1000
Should be : 2010.1400.7163.5000

Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7172.5000

Product : OneNote 2010
- C:\Program Files (x86)\Microsoft Office\Office14\OneNote.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7162.5000

Product : Outlook 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe has not been patched.
Remote version : 14.0.7012.1000
Fixed version : 14.0.7172.5000
93481 - MS16-107: Security Update for Microsoft Office (3185852)
-
Synopsis
An application installed on the remote host is affected by multiple vulnerabilities.
Description
The Microsoft Office application installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in the the Click-to-Run (C2R) components due to improper handling of objects in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to obtain sensitive information and thereby bypass the Address Space Layout Randomization (ASLR) security feature. (CVE-2016-0137)

- An information disclosure vulnerability exists due to Visual Basic macros improperly exporting a user's private key from the certificate store while saving a document.
An unauthenticated, remote attacker can exploit this, by convincing a user to provide the saved document, to gain access to the user's private key. (CVE-2016-0141)

- Multiple remote code execution vulnerabilities exist in Microsoft Office software due to improper handling of objects in memory. A remote attacker can exploit these, by convincing a user to open a specially crafted Office file, to execute arbitrary code in the context of the current user. (CVE-2016-3357, CVE-2016-3358, CVE-2016-3359, CVE-2016-3360, CVE-2016-3361, CVE-2016-3362, CVE-2016-3363, CVE-2016-3364, CVE-2016-3365, CVE-2016-3381)

- A spoofing vulnerability exists in Microsoft Outlook due to a failure to conform to RFC2046 and properly identify the end of a MIME attachment. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted email attachment, to cause antivirus or antispam security features to fail. (CVE-2016-3366)
See Also
Solution
Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Excel 2007, 2010, 2013, 2013 RT, and 2016; Microsoft PowerPoint 2007, 2010, 2013, and 2013 RT;
Microsoft Outlook 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Visio 2016; Office Compatibility Pack; Excel Viewer; PowerPoint Viewer; Word Viewer; Microsoft SharePoint Server 2007, 2010, and 2013; Office Web Apps 2010 and 2013; and Office Online Server.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.3241
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
II
References
BID 92785
BID 92786
BID 92791
BID 92795
BID 92796
BID 92798
BID 92799
BID 92801
BID 92803
BID 92804
BID 92805
BID 92831
BID 92903
CVE CVE-2016-0137
CVE CVE-2016-0141
CVE CVE-2016-3357
CVE CVE-2016-3358
CVE CVE-2016-3359
CVE CVE-2016-3360
CVE CVE-2016-3361
CVE CVE-2016-3362
CVE CVE-2016-3363
CVE CVE-2016-3364
CVE CVE-2016-3365
CVE CVE-2016-3366
CVE CVE-2016-3381
MSKB 2553432
MSKB 2597974
MSKB 3054862
MSKB 3054969
MSKB 3114744
MSKB 3115112
MSKB 3115119
MSKB 3115169
MSKB 3115443
MSKB 3115459
MSKB 3115462
MSKB 3115463
MSKB 3115466
MSKB 3115467
MSKB 3115472
MSKB 3115487
MSKB 3118268
MSKB 3118270
MSKB 3118280
MSKB 3118284
MSKB 3118290
MSKB 3118292
MSKB 3118293
MSKB 3118297
MSKB 3118299
MSKB 3118300
MSKB 3118303
MSKB 3118309
MSKB 3118313
MSKB 3118316
XREF MSFT:MS16-107
XREF IAVA:2016-A-0243-S
Plugin Information
Published: 2016/09/14, Modified: 2023/02/17
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 2553432
- C:\Program Files (x86)\Microsoft Office\Office14\offowc.dll has not been patched.
Remote version : 14.0.7011.1000
Should be : 14.0.7173.5000

Product : Outlook 2010 SP2
KB : 3118313
- C:\Program Files (x86)\Microsoft Office\Office14\outlmime.dll has not been patched.
Remote version : 14.0.7010.1000
Should be : 14.0.7173.5000

Product : PowerPoint 2010 SP2
KB : 3115467
- C:\Program Files (x86)\Microsoft Office\Office14\ppcore.dll has not been patched.
Remote version : 14.0.7015.1000
Should be : 14.0.7173.5000

Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7173.5000
94016 - MS16-121: Security Update for Microsoft Office (3194063)
-
Synopsis
An application installed on the remote host is affected by a remote code execution vulnerability.
Description
The Microsoft Office application installed on the remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability due to improper handling of RTF files. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted Office file, resulting in the execution of arbitrary code in the context of the current user.
See Also
Solution
Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Word 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Office Compatibility Pack; Microsoft Word Viewer; Microsoft SharePoint Server 2010 and 2013; Microsoft Office Web Apps 2010 and 2013; and Office Online Server.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.712
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 93372
CVE CVE-2016-7193
MSKB 3118307
MSKB 3118308
MSKB 3118311
MSKB 3118312
MSKB 3118331
MSKB 3118345
MSKB 3118352
MSKB 3118360
MSKB 3118377
MSKB 3118384
MSKB 3127897
MSKB 3127898
MSKB 3193438
MSKB 3193442
XREF MSFT:MS16-121
XREF IAVA:2016-A-0280-S
XREF CISA-KNOWN-EXPLOITED:2022/03/24
Plugin Information
Published: 2016/10/12, Modified: 2023/02/17
Plugin Output

tcp/445/cifs



Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7174.5001
94634 - MS16-133: Security Update for Microsoft Office (3199168)
-
Synopsis
An application installed on the remote host is affected by multiple vulnerabilities.
Description
The Microsoft Office application installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these by convincing a user to visit a specially crafted website or open a specially crafted Office file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-7213, CVE-2016-7228, CVE-2016-7229, CVE-2016-7230, CVE-2016-7231, CVE-2016-7232, CVE-2016-7234, CVE-2016-7235, CVE-2016-7236, CVE-2016-7245)

- An information disclosure vulnerability exists due to an out-of-bounds read error caused by an uninitialized variable. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted Office file, resulting in the disclosure of memory contents. (CVE-2016-7233)

- A denial of service vulnerability exists due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted file, resulting in a crash of the application. (CVE-2016-7244)
See Also
Solution
Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Excel 2007, 2010, 2013, 2013 RT, and 2016; Microsoft PowerPoint 2010; Microsoft Word 2007, 2010, 2013, and 2013 RT; Office Compatibility Pack; Excel Viewer;
PowerPoint Viewer; Word Viewer; Microsoft SharePoint Server 2010 and 2013; and Office Web Apps 2010 and 2013
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.7
EPSS Score
0.4835
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 93993
BID 93994
BID 93995
BID 93996
BID 94005
BID 94006
BID 94020
BID 94022
BID 94025
BID 94026
BID 94029
BID 94031
CVE CVE-2016-7213
CVE CVE-2016-7228
CVE CVE-2016-7229
CVE CVE-2016-7230
CVE CVE-2016-7231
CVE CVE-2016-7232
CVE CVE-2016-7233
CVE CVE-2016-7234
CVE CVE-2016-7235
CVE CVE-2016-7236
CVE CVE-2016-7244
CVE CVE-2016-7245
MSKB 2986253
MSKB 3115120
MSKB 3115135
MSKB 3115153
MSKB 3118378
MSKB 3118381
MSKB 3118382
MSKB 3118390
MSKB 3118395
MSKB 3118396
MSKB 3127889
MSKB 3127893
MSKB 3127904
MSKB 3127921
MSKB 3127927
MSKB 3127929
MSKB 3127932
MSKB 3127948
MSKB 3127949
MSKB 3127950
MSKB 3127951
MSKB 3127953
MSKB 3127954
MSKB 3127962
XREF MSFT:MS16-133
XREF IAVA:2016-A-0319-S
Plugin Information
Published: 2016/11/08, Modified: 2023/02/17
Plugin Output

tcp/445/cifs



Product : PowerPoint 2010 SP2
KB : 3118378
- C:\Program Files (x86)\Microsoft Office\Office14\ppcore.dll has not been patched.
Remote version : 14.0.7015.1000
Should be : 14.0.7176.5000

Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7176.5000

Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7176.5000
97794 - MS17-013: Security Update for Microsoft Graphics Component (4013075)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple elevation of privilege vulnerabilities exist in the Windows Graphics Device Interface (GDI) component due to improper handling of objects in memory. A local attacker can exploit these vulnerabilities, via a specially crafted application, to execute arbitrary code in kernel mode. (CVE-2017-0001, CVE-2017-0005, CVE-2017-0025, CVE-2017-0047)

- Multiple remote code execution vulnerabilities exist in the Windows Graphics component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to visit a specially crafted web page or open a specially crafted document, to execute arbitrary code. (CVE-2017-0014, CVE-2017-0108)

- An information disclosure vulnerability exists in the Windows Graphics Device Interface (GDI) component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted web page or open a specially crafted document, to disclose the contents of memory. (CVE-2017-0038)

- Multiple information disclosure vulnerabilities exist in the Windows Graphics Device Interface (GDI) component due to improper handling of memory addresses. A local attacker can exploit these vulnerabilities, via a specially crafted application, to disclose sensitive information. (CVE-2017-0060, CVE-2017-0062, CVE-2017-0073)

- Multiple information disclosure vulnerabilities exist in the Color Management Module (ICM32.dll) due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted web page, to disclose sensitive information and bypass usermode Address Space Layout Randomization (ASLR). (CVE-2017-0061, CVE-2017-0063)
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.
Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2010 Attendee, Lync 2013, Lync Basic 2013, Live Meeting 2007 Console, and Silverlight 5.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.8223
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 96013
BID 96023
BID 96033
BID 96034
BID 96057
BID 96626
BID 96637
BID 96638
BID 96643
BID 96713
BID 96715
BID 96722
CVE CVE-2017-0001
CVE CVE-2017-0005
CVE CVE-2017-0014
CVE CVE-2017-0025
CVE CVE-2017-0038
CVE CVE-2017-0047
CVE CVE-2017-0060
CVE CVE-2017-0061
CVE CVE-2017-0062
CVE CVE-2017-0063
CVE CVE-2017-0073
CVE CVE-2017-0108
MSKB 3127945
MSKB 3127958
MSKB 3141535
MSKB 3172539
MSKB 3178653
MSKB 3178656
MSKB 3178688
MSKB 3178693
MSKB 4010096
MSKB 4010299
MSKB 4010300
MSKB 4010301
MSKB 4010303
MSKB 4010304
MSKB 4012212
MSKB 4012213
MSKB 4012214
MSKB 4012215
MSKB 4012216
MSKB 4012217
MSKB 4012497
MSKB 4012583
MSKB 4017018
MSKB 4012584
MSKB 4012606
MSKB 4013198
MSKB 4013429
MSKB 4013867
XREF MSFT:MS17-013
XREF IAVA:2017-A-0063
XREF CISA-KNOWN-EXPLOITED:2022/03/24
XREF CISA-KNOWN-EXPLOITED:2022/06/14
Plugin Information
Published: 2017/03/17, Modified: 2022/05/25
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 3178688
- C:\Program Files (x86)\Common Files\Microsoft Shared\Office14\usp10.dll has not been patched.
Remote version : 1.626.7601.22182
Should be : 1.626.7601.23668
97740 - MS17-014: Security Update for Microsoft Office (4013241)
-
Synopsis
An application installed on the remote host is affected by multiple vulnerabilities.
Description
The Microsoft Office application, Office Web Apps, or SharePoint Server installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple remote code execution vulnerabilities exist in Microsoft Office software due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these, by convincing a user to open a specially crafted document file, to execute arbitrary code in the context of the current user. (CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, CVE-2017-0053)

- An information disclosure vulnerability exists in Microsoft Office due to improper disclosure of memory contents. An unauthenticated, remote attacker can exploit this to disclose sensitive system memory information by convincing a user to open a specially crafted document file. (CVE-2017-0027)

- A denial of service vulnerability exists in Microsoft Office that allows an unauthenticated, remote attacker to cause Office to stop responding by convincing a user to open a specially crafted document file.
(CVE-2017-0029)

- An out-of-bounds read error exists in Microsoft Office due to an uninitialized variable. A local attacker can exploit this to disclose memory contents by opening a specially crafted document file. (CVE-2017-0105)

- A cross-site scripting (XSS) vulnerability exists in Microsoft SharePoint Server due to improper validation of input before returning it to users. An authenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-0107)
See Also
Solution
Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, and 2016; Microsoft Excel 2007, 2010, 2013, and 2016;
Microsoft Word 2007, 2010, 2013, and 2016; Microsoft Office Compatibility Pack; Microsoft Excel Viewer; Microsoft Word Viewer;
Microsoft SharePoint Server 2007, 2010, and 2013; Microsoft SharePoint Foundation 2013; and Microsoft Office Web Apps Server 2010 and 2013.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.4318
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 96042
BID 96043
BID 96045
BID 96050
BID 96051
BID 96052
BID 96740
BID 96741
BID 96745
BID 96746
BID 96748
BID 96752
CVE CVE-2017-0006
CVE CVE-2017-0019
CVE CVE-2017-0020
CVE CVE-2017-0027
CVE CVE-2017-0029
CVE CVE-2017-0030
CVE CVE-2017-0031
CVE CVE-2017-0052
CVE CVE-2017-0053
CVE CVE-2017-0105
CVE CVE-2017-0107
MSKB 3172431
MSKB 3172457
MSKB 3172464
MSKB 3172540
MSKB 3172542
MSKB 3178673
MSKB 3178674
MSKB 3178676
MSKB 3178677
MSKB 3178678
MSKB 3178680
MSKB 3178682
MSKB 3178683
MSKB 3178684
MSKB 3178685
MSKB 3178686
MSKB 3178687
MSKB 3178689
MSKB 3178690
MSKB 3178694
XREF MSFT:MS17-014
XREF IAVA:2017-A-0060-S
Plugin Information
Published: 2017/03/15, Modified: 2023/02/17
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7179.5000

Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7179.5000
192147 - Microsoft Azure Data Studio < 1.48.0 Elevation of Privilege Vulnerability (CVE-2024-26203)
-
Synopsis
An application installed on the remote Windows host is affected by an elevation of privilege vulnerability.
Description
The version of Microsoft Azure Data Studio installed on the remote Windows host is prior to 1.48.0. It is, therefore, affected by an unspecified elevation of privilege vulnerability.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Azure Data Studio version 1.48.0 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
7.3 (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.4 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0214
CVSS v2.0 Base Score
6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-26203
XREF IAVA:2024-A-0157
Plugin Information
Published: 2024/03/15, Modified: 2024/03/18
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Azure Data Studio\
Installed version : 1.41.2.0
Fixed version : 1.48.0
249120 - Microsoft Web Deploy < 10.0.2001 Remote Code Execution (CVE-2025-53772)
-
Synopsis
A web application deployment tool on the remote Windows host is affected by a remote code execution vulnerability.
Description
The version of Microsoft Web Deploy installed on the remote host is prior to 10.0.2001 It is, therefore, affected by a remote code execution vulnerability:

- Deserialization of untrusted data in Web Deploy allows an authorized attacker to execute code over a network.
(CVE-2025-53772) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Web Deploy version 10.0.2001 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
VPR Score
7.4
EPSS Score
0.0052
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
STIG Severity
I
References
CVE CVE-2025-53772
XREF IAVA:2025-A-0602
Plugin Information
Published: 2025/08/12, Modified: 2025/08/15
Plugin Output

tcp/445/cifs


Path : C:\Program Files\IIS\Microsoft Web Deploy V3\
Installed version : 10.0.1981
Fixed version : 10.0.2001
208192 - Notepad++ < 8.4.1 DLL hijacking vulnerability
-
Synopsis
The text editor on the remote Windows host is affected by DLL hijacking
Description
Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Notepad++ 8.4.1 or later.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0004
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:C)
References
Plugin Information
Published: 2024/10/04, Modified: 2025/09/22
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Notepad++
Installed version : 8.3.3.0
Fixed version : 8.4.1

181867 - Notepad++ < 8.5.7 Multiple Buffer Overflow Vulnerabilities
-
Synopsis
The text editor on the remote Windows host is affected by multiple vulnerabilties.
Description
The version of Notepad++ installed on the remote host is prior to 8.5.7. It is, therefore, affected by multiple buffer overflow vulnerabilties. An authenticated, local attacker could exploit these to cause a denial of service condition or the execution of arbitrary code.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Notepad++ 8.5.7 or later.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0011
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:C)
References
Plugin Information
Published: 2023/09/26, Modified: 2023/09/27
Plugin Output

tcp/0


Path : C:\Program Files (x86)\Notepad++
Installed version : 8.3.3.0
Fixed version : 8.5.7

240630 - Notepad++ < 8.8.2 Privilege Escalation (CVE-2025-49144)
-
Synopsis
A text editor on the remote Windows host is affected by privilege escalation.
Description
The version of Notepad++ installed on the remote host is prior to 8.8.2. It is, therefore, affected by a privilege escalation vulnerability:

- Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory (typically Downloads folder - which is known as Vulnerable directory). Upon running the installer, the attack executes automatically with SYSTEM privileges. This issue has been fixed and will be released in version 8.8.2.
(CVE-2025-49144) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Notepad++ 8.8.2 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
7.3 (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
VPR Score
8.4
EPSS Score
0.0001
CVSS v2.0 Base Score
6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)
STIG Severity
I
References
CVE CVE-2025-49144
XREF IAVA:2025-A-0452
Plugin Information
Published: 2025/06/26, Modified: 2025/11/10
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Notepad++
Installed version : 8.3.3.0
Fixed version : 8.8.2
56064 - Oracle Database Multiple Vulnerabilities (April 2009 CPU)
-
Synopsis
The remote database server is affected by multiple vulnerabilities.
Description
The remote Oracle database server is missing the April 2009 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :

- Advanced Queuing

- Application Express

- Cluster Ready Services

- Core RDBMS

- Database Vault

- Listener

- Password Policy

- Resource Manager

- SQLX Functions

- Workspace Manager
See Also
Solution
Apply the appropriate patch according to the April 2009 Oracle Critical Patch Update advisory.
Risk Factor
High
VPR Score
6.0
EPSS Score
0.5392
CVSS v2.0 Base Score
8.5 (CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.7 (CVSS2#E:POC/RL:OF/RC:C)
References
Plugin Information
Published: 2011/11/16, Modified: 2022/04/11
Plugin Output

tcp/445/cifs


The following vulnerable instance of Oracle Database is installed on the
remote host :

Ohome Name(s) : OraDb10g_home1
Ohome : c:\oracle\product\10.2.0\db_1
Missing DB Patches : 8307238
45626 - Oracle Database Multiple Vulnerabilities (April 2010 CPU)
-
Synopsis
The remote database server is affected by multiple vulnerabilities.
Description
The remote Oracle database server is missing the April 2010 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :

- Core RDBMS

- JavaVM

- Change Data Capture

- Audit
See Also
Solution
Apply the appropriate patch according to the April 2010 Oracle Critical Patch Update advisory.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.5923
CVSS v2.0 Base Score
7.1 (CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
References
BID 39421
BID 39424
BID 39427
BID 39428
BID 39434
BID 39439
CVE CVE-2010-0851
CVE CVE-2010-0852
CVE CVE-2010-0854
CVE CVE-2010-0860
CVE CVE-2010-0866
CVE CVE-2010-0867
Exploitable With
(true)
Plugin Information
Published: 2010/04/26, Modified: 2022/04/11
Plugin Output

tcp/445/cifs


The following vulnerable instance of Oracle Database is installed on the
remote host :

Ohome Name(s) : OraDb10g_home1
Ohome : c:\oracle\product\10.2.0\db_1
Missing DB Patches : 9393550
53897 - Oracle Database Multiple Vulnerabilities (April 2011 CPU)
-
Synopsis
The remote database server is affected by multiple vulnerabilities.
Description
The remote Oracle database server is missing the April 2011 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :

- Oracle Warehouse Builder (CVE-2011-0792, CVE-2011-0799)

- Oracle Security Service (CVE-2009-3555)

- Application Service Level Management (CVE-2011-0787)

- Network Foundation (CVE-2011-0806)

- Oracle Help (CVE-2011-0785)

- UIX (CVE-2011-0805)

- Database Vault (CVE-2011-0793, CVE-2011-0804)
See Also
Solution
Apply the appropriate patch according to the April 2011 Oracle Critical Patch Update advisory.
Risk Factor
High
VPR Score
7.4
EPSS Score
0.0294
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.9 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 47429
BID 47430
BID 47431
BID 47432
BID 47436
BID 47441
BID 47443
BID 47451
CVE CVE-2009-3555
CVE CVE-2011-0785
CVE CVE-2011-0787
CVE CVE-2011-0792
CVE CVE-2011-0793
CVE CVE-2011-0799
CVE CVE-2011-0804
CVE CVE-2011-0805
CVE CVE-2011-0806
XREF CWE:310
Plugin Information
Published: 2011/05/13, Modified: 2022/04/11
Plugin Output

tcp/445/cifs


The following vulnerable instance of Oracle Database is installed on the
remote host :

Ohome Name(s) : OraDb10g_home1
Ohome : c:\oracle\product\10.2.0\db_1
Missing DB Patches : 12328503
58798 - Oracle Database Multiple Vulnerabilities (April 2012 CPU)
-
Synopsis
The remote database server is affected by multiple vulnerabilities.
Description
The remote Oracle database server is missing the April 2012 Critical Patch Update (CPU) and is, therefore, potentially affected by security issues in the following components :

- Core RDBMS

- Oracle Spatial

- OCI

- Enterprise Manager Base Platform

- Application Express
See Also
Solution
Apply the appropriate patch according to the April 2012 Oracle Critical Patch Update advisory.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.0077
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 53063
BID 53072
BID 53076
BID 53081
BID 53084
BID 53089
BID 53090
BID 53092
BID 53093
BID 53097
BID 53101
BID 53104
CVE CVE-2012-0510
CVE CVE-2012-0511
CVE CVE-2012-0512
CVE CVE-2012-0519
CVE CVE-2012-0520
CVE CVE-2012-0525
CVE CVE-2012-0526
CVE CVE-2012-0527
CVE CVE-2012-0528
CVE CVE-2012-0534
CVE CVE-2012-0552
CVE CVE-2012-1708
Plugin Information
Published: 2012/04/19, Modified: 2022/04/11
Plugin Output

tcp/445/cifs


The following vulnerable instance of Oracle Database is installed on the
remote host :

Ohome Name(s) : OraDb10g_home1
Ohome : c:\oracle\product\10.2.0\db_1
Missing DB Patches : 13928776
51573 - Oracle Database Multiple Vulnerabilities (January 2011 CPU)
-
Synopsis
The remote database server is affected by multiple vulnerabilities.
Description
The remote Oracle database server is missing the January 2011 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :

- Client System Analyzer

- Cluster Verify Utility

- Database Vault

- Oracle Spatial

- Scheduler Agent

- UIX
See Also
Solution
Apply the appropriate patch according to the January 2011 Oracle Critical Patch Update advisory.
Risk Factor
High
VPR Score
7.0
EPSS Score
0.7697
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
6.2 (CVSS2#E:F/RL:OF/RC:C)
References
BID 45845
BID 45855
BID 45859
BID 45880
BID 45883
BID 45905
CVE CVE-2010-3590
CVE CVE-2010-3600
CVE CVE-2010-4413
CVE CVE-2010-4420
CVE CVE-2010-4421
CVE CVE-2010-4423
Exploitable With
Core Impact (true) (true) Metasploit (true)
Plugin Information
Published: 2011/01/19, Modified: 2022/04/11
Plugin Output

tcp/445/cifs


The following vulnerable instance of Oracle Database is installed on the
remote host :

Ohome Name(s) : OraDb10g_home1
Ohome : c:\oracle\product\10.2.0\db_1
Missing DB Patches : 10349200
56065 - Oracle Database Multiple Vulnerabilities (July 2009 CPU)
-
Synopsis
The remote database server is affected by multiple vulnerabilities.
Description
The remote Oracle database server is missing the July 2009 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :

- Advanced Replication

- Auditing

- Config Management

- Core RDBMS

- Listener

- Network Foundation

- Secure Enterprise Search

- Upgrade

- Visual Private Database
See Also
Solution
Apply the appropriate patch according to the July 2009 Oracle Critical Patch Update advisory.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.3751
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.0 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 35676
BID 35677
BID 35679
BID 35680
BID 35681
BID 35682
BID 35683
BID 35684
BID 35685
BID 35687
BID 35689
BID 35692
CVE CVE-2009-0987
CVE CVE-2009-1015
CVE CVE-2009-1019
CVE CVE-2009-1020
CVE CVE-2009-1021
CVE CVE-2009-1963
CVE CVE-2009-1966
CVE CVE-2009-1967
CVE CVE-2009-1968
CVE CVE-2009-1969
CVE CVE-2009-1970
CVE CVE-2009-1973
Plugin Information
Published: 2011/11/16, Modified: 2022/04/11
Plugin Output

tcp/445/cifs


The following vulnerable instance of Oracle Database is installed on the
remote host :

Ohome Name(s) : OraDb10g_home1
Ohome : c:\oracle\product\10.2.0\db_1
Missing DB Patches : 8559467
47718 - Oracle Database Multiple Vulnerabilities (July 2010 CPU)
-
Synopsis
The remote database server is affected by multiple vulnerabilities.
Description
The remote Oracle database server is missing the July 2010 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :

- Listener

- Net Foundation Layer

- Oracle OLAP

- Application Express

- Network Layer

- Export
See Also
Solution
Apply the appropriate patch according to the July 2010 Oracle Critical Patch Update advisory.
Risk Factor
High
VPR Score
5.3
EPSS Score
0.0082
CVSS v2.0 Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
5.8 (CVSS2#E:U/RL:OF/RC:C)
References
BID 41621
BID 41635
BID 41639
BID 41643
CVE CVE-2010-0892
CVE CVE-2010-0900
CVE CVE-2010-0901
CVE CVE-2010-0902
CVE CVE-2010-0903
CVE CVE-2010-0911
Plugin Information
Published: 2010/07/14, Modified: 2022/04/11
Plugin Output

tcp/445/cifs


The following vulnerable instance of Oracle Database is installed on the
remote host :

Ohome Name(s) : OraDb10g_home1
Ohome : c:\oracle\product\10.2.0\db_1
Missing DB Patches : 9777078
55632 - Oracle Database Multiple Vulnerabilities (July 2011 CPU)
-
Synopsis
The remote database server is affected by multiple vulnerabilities.
Description
The remote Oracle database server is missing the July 2011 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :

- Core RDBMS (CVE-2011-0832, CVE-2011-0835, CVE-2011-0838, CVE-2011-0880, CVE-2011-2230, CVE-2011-2239, CVE-2011-2243, CVE-2011-2253)

- Content Management (CVE-2011-0882)

- Database Target Type Menus (CVE-2011-2257)

- SQL Performance Advisories/UIs (CVE-2011-2248)

- Schema Management (CVE-2011-0870)

- Security Framework (CVE-2011-0848, CVE-2011-2244)

- Security Management (CVE-2011-0852)

- Streams, AQ & Replication Management (CVE-2011-0822)

- XML Developer Kit (CVE-2011-2231, CVE-2011-2232)

- CMDB Metadata & Instance APIs (CVE-2011-0816)

- EMCTL (CVE-2011-0875, CVE-2011-0881)

- Enterprise Config Management (CVE-2011-0811, CVE-2011-0831)

- Enterprise Manager Console (CVE-2011-0876)

- Event Management (CVE-2011-0830)

- Instance Management (CVE-2011-0877, CVE-2011-0879)

- Database Vault (CVE-2011-2238)

- Oracle Universal Installer (CVE-2011-2240)
See Also
Solution
Apply the appropriate patch according to the July 2011 Oracle Critical Patch Update advisory.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.0233
CVSS v2.0 Base Score
7.1 (CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
References
BID 48726
BID 48727
BID 48728
BID 48729
BID 48730
BID 48731
BID 48732
BID 48733
BID 48734
BID 48735
BID 48736
BID 48737
BID 48738
BID 48739
BID 48740
BID 48741
BID 48742
BID 48743
BID 48745
BID 48746
BID 48748
BID 48749
BID 48750
BID 48751
BID 48754
BID 48760
BID 48764
BID 48794
CVE CVE-2011-0811
CVE CVE-2011-0816
CVE CVE-2011-0822
CVE CVE-2011-0830
CVE CVE-2011-0831
CVE CVE-2011-0832
CVE CVE-2011-0835
CVE CVE-2011-0838
CVE CVE-2011-0848
CVE CVE-2011-0852
CVE CVE-2011-0870
CVE CVE-2011-0875
CVE CVE-2011-0876
CVE CVE-2011-0877
CVE CVE-2011-0879
CVE CVE-2011-0880
CVE CVE-2011-0881
CVE CVE-2011-0882
CVE CVE-2011-2230
CVE CVE-2011-2231
CVE CVE-2011-2232
CVE CVE-2011-2238
CVE CVE-2011-2239
CVE CVE-2011-2240
CVE CVE-2011-2242
CVE CVE-2011-2243
CVE CVE-2011-2244
CVE CVE-2011-2248
CVE CVE-2011-2253
CVE CVE-2011-2257
Plugin Information
Published: 2011/07/20, Modified: 2022/04/11
Plugin Output

tcp/445/cifs


The following vulnerable instance of Oracle Database is installed on the
remote host :

Ohome Name(s) : OraDb10g_home1
Ohome : c:\oracle\product\10.2.0\db_1
Missing DB Patches : 12429521
50652 - Oracle Database Multiple Vulnerabilities (October 2010 CPU)
-
Synopsis
The remote database server is affected by multiple vulnerabilities.
Description
The remote Oracle database server is missing the October 2010 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :

- Enterprise Manager Console

- Java Virtual Machine

- Change Data Capture

- OLAP

- Job Queue

- XDK

- Core RDBMS

- Perl
See Also
Solution
Apply the appropriate patch according to the October 2010 Oracle Critical Patch Update advisory.
Risk Factor
High
VPR Score
5.8
EPSS Score
0.3653
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)
References
BID 40235
BID 43935
BID 43940
BID 43945
BID 43956
BID 43958
BID 43961
BID 43964
BID 43970
CVE CVE-2010-1321
CVE CVE-2010-2389
CVE CVE-2010-2390
CVE CVE-2010-2391
CVE CVE-2010-2407
CVE CVE-2010-2411
CVE CVE-2010-2412
CVE CVE-2010-2415
CVE CVE-2010-2419
XREF SECUNIA:41815
Plugin Information
Published: 2010/11/18, Modified: 2022/04/11
Plugin Output

tcp/445/cifs


The following vulnerable instance of Oracle Database is installed on the
remote host :

Ohome Name(s) : OraDb10g_home1
Ohome : c:\oracle\product\10.2.0\db_1
Missing DB Patches : 10084982
56653 - Oracle Database Multiple Vulnerabilities (October 2011 CPU)
-
Synopsis
The remote database server is affected by multiple vulnerabilities.
Description
The remote Oracle database server is missing the October 2011 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :

- Oracle Text

- Application Express

- Core RDBMS

- Database Vault
See Also
Solution
Apply the appropriate patch according to the October 2011 Oracle Critical Patch Update advisory.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.0093
CVSS v2.0 Base Score
8.5 (CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:U/RL:OF/RC:C)
References
BID 50197
BID 50199
BID 50203
BID 50219
BID 50222
CVE CVE-2011-2301
CVE CVE-2011-2322
CVE CVE-2011-3511
CVE CVE-2011-3512
CVE CVE-2011-3525
Plugin Information
Published: 2011/10/26, Modified: 2022/04/11
Plugin Output

tcp/445/cifs


The following vulnerable instance of Oracle Database is installed on the
remote host :

Ohome Name(s) : OraDb10g_home1
Ohome : c:\oracle\product\10.2.0\db_1
Missing DB Patches : 12914910
209282 - Oracle Java SE Multiple Vulnerabilities (October 2024 CPU)
-
Synopsis
The remote host is affected by multiple vulnerabilities
Description
The versions of Java installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2024 CPU advisory.

- Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Node (Node.js)). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM for JDK. (CVE-2024-36138)

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component:
JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u421; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. (CVE-2023-42950)

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component:
JavaFX (libxml2)). Supported versions that are affected are Oracle Java SE: 8u421; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. (CVE-2024-25062)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply the appropriate patch according to the October 2024 Oracle Critical Patch Update advisory.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
6.7 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.0074
CVSS v2.0 Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
6.1 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2024/10/18, Modified: 2025/11/05
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Java\jdk-17\
Installed version : 17.0.12 / build 17.0.12
Fixed version : Upgrade to version 17.0.13 or greater
271249 - Oracle Java SE Multiple Vulnerabilities (October 2025 CPU)
-
Synopsis
The remote host is affected by multiple vulnerabilities
Description
The 8u461, 11.0.28, 17.0.16, 21.0.8, 25, versions of Java installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2025 CPU advisory.

- Vulnerability in Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u461-b50. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE. (CVE-2025-31257)

- Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. (CVE-2025-53057)

- Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. (CVE-2025-53066)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply the appropriate patch according to the October 2025 Oracle Critical Patch Update advisory.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
VPR Score
9.2
EPSS Score
0.0009
CVSS v2.0 Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
STIG Severity
I
References
Plugin Information
Published: 2025/10/23, Modified: 2025/12/23
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Java\jdk-17\
Installed version : 17.0.12 / build 17.0.12
Fixed version : Upgrade to version 17.0.17 or greater
242073 - RARLAB WinRAR < 7.12 Beta 1 Directory Traversal Remote Code Execution (CVE-2025-6218)
-
Synopsis
The remote Windows host has an application installed which is affected by a directory traversal remote code execution vulnerability.
Description
The remote host is running RARLAB WinRAR, an archive manager for Windows, whose reported version is prior to 7.12 Beta 1. It is, therefore, affected by a vulnerability:

- RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198. (CVE-2025-6218)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to RARLAB WinRAR version 7.12 Beta 1 or later.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
9.4
EPSS Score
0.0029
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2025-6218
XREF IAVA:2025-A-0227
XREF ZDI:ZDI-25-409
XREF CISA-KNOWN-EXPLOITED:2025/12/30
Plugin Information
Published: 2025/07/14, Modified: 2025/12/09
Plugin Output

tcp/445/cifs


Path : C:\Program Files\WinRAR\WinRAR.exe
Installed version : 6.0.0.0
Fixed version : 7.12 Beta 1
248462 - RARLAB WinRAR < 7.13 Directory Traversal (CVE-2025-8088)
-
Synopsis
The remote Windows host has an application installed which is affected by a directory traversal vulnerability.
Description
The remote host is running RARLAB WinRAR, an archive manager for Windows, whose reported version is prior to 7.13. It is, therefore, affected by a vulnerability:

- A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. (CVE-2025-8088)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to RARLAB WinRAR version 7.13 or later.
Risk Factor
Critical
CVSS v4.0 Base Score
8.4 (CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.0562
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2025-8088
XREF CISA-KNOWN-EXPLOITED:2025/09/02
XREF IAVA:2025-A-0608
Plugin Information
Published: 2025/08/11, Modified: 2025/08/21
Plugin Output

tcp/445/cifs


Path : C:\Program Files\WinRAR\WinRAR.exe
Installed version : 6.0.0.0
Fixed version : 7.13
137264 - Security Feature Bypass Vulnerability for Microsoft Excel Products (June 2020)
-
Synopsis
The Microsoft Excel Products are affected by multiple vulnerabilities.
Description
The Microsoft Excel Products is missing a security update, and Therefore is affected by a security feature bypass vulnerability. An attacker who exploited this vulnerability could cause a system to load remote images which could disclose the IP address of the targeted system to the attacker.
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4484415
-KB4484410
-KB4484403

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.2062
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2020-1225
CVE CVE-2020-1226
MSKB 4484415
MSKB 4484410
MSKB 4484403
XREF MSFT:MS20-4484415
XREF MSFT:MS20-4484410
XREF MSFT:MS20-4484403
XREF IAVA:2020-A-0249-S
Plugin Information
Published: 2020/06/09, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7252.5000
152488 - Security Update for .NET Core (August 2021)
-
Synopsis
The remote Windows host is affected by a .NET Core denial of service (DoS) vulnerability.
Description
The Microsoft .NET Core installation on the remote host is version 2.1.x prior to 2.1.29, 3.1.x prior to 3.1.18, or 5.x prior to 5.0.9. It is, therefore affected by a denial of service (DoS) vulnerability, as server applications providing WebSocket endpoints can be tricked into endlessly looping while trying to read a single WebSocket frame.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Update .NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.6
EPSS Score
0.024
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-26423
XREF IAVA:2021-A-0379
Plugin Information
Published: 2021/08/11, Modified: 2021/08/20
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NetCore.App\3.1.3\
Installed version : 3.1.3.28628
Fixed version : 3.1.18
145041 - Security Update for .NET Core (January 2021)
-
Synopsis
The remote Windows host is affected by a .NET Core denial of service (DoS) vulnerability.
Description
The Microsoft .NET Core installation on the remote host is version 3.1.x < 3.1.11 or 5.x prior to 5.0.2. It is, therefore, affected by a denial of service (DoS) vulnerability in the way Kestrel parses HTTP/2 requests. An unauthenticated, remote attacker can exploit this issue, by sending a specially crafted requests to the .NET Core application, to cause a DoS condition.
See Also
Solution
Update .NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.6
EPSS Score
0.025
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2021-1723
XREF CEA-ID:CEA-2021-0001
Plugin Information
Published: 2021/01/18, Modified: 2022/12/07
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NetCore.App\3.1.3\
Installed version : 3.1.3.28628
Fixed version : 3.1.11
138465 - Security Update for .NET Core (July 2020)
-
Synopsis
The remote Windows host is affected by a .NET Core remote code execution (RCE) vulnerability.
Description
The Microsoft .NET Core installation on the remote host is version 2.1.x < 2.1.20 or 3.1.x < 3.1.6. It is, therefore, affected by a remote code execution (RCE) vulnerability due to failing to check the source markup of XML file input. An unauthenticated, remote attacker can exploit this, by issuing specially crafted requests to applications that process certain types of XML, to execute arbitrary code in the context of the current user.
See Also
Solution
Refer to vendor documentation.
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
9.0
EPSS Score
0.9343
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.6 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-1147
XREF IAVA:2020-A-0304-S
XREF CISA-KNOWN-EXPLOITED:2022/05/03
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2020/07/14, Modified: 2023/04/25
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NetCore.App\3.1.3\
Installed version : 3.1.3.28628
Fixed version : 3.1.6
125217 - Security Update for .NET Core (May 2019)
-
Synopsis
The remote Windows host is affected by a .NET Core denial of service vulnerabilities.
Description
The Microsoft .NET Core installation on the remote host is version 1.0.x < 1.0.16, 1.1.x < 1.1.13, 2.1.x < 2.1.11, 2.2.x < 2.2.5.
It is, therefore, affected by a denial of service (DoS) vulnerability when .NET Core improperly handles web requests. An unauthenticated, remote attacker could exploit this issue, via sending a specially crafted requests to the .NET Core application, to cause the application to stop responding.
See Also
Solution
Refer to vendor documentation.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.1
EPSS Score
0.0451
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
BID 108207
BID 108208
BID 108245
CVE CVE-2019-0820
CVE CVE-2019-0980
CVE CVE-2019-0981
CVE CVE-2019-0982
XREF IAVA:2019-A-0149-S
XREF CEA-ID:CEA-2019-0326
Plugin Information
Published: 2019/05/16, Modified: 2024/05/22
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\1.0.5\
Installed version : 1.0.5
Fixed version : 1.0.16 (1.0.16.5115)

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\1.1.2\
Installed version : 1.1.2
Fixed version : 1.1.13 (1.1.13.1809)
136565 - Security Update for .NET Core (May 2020)
-
Synopsis
The remote Windows host is affected by a .NET Core denial of service vulnerability.
Description
The Microsoft .NET Core installation on the remote host is version 2.1.x < 2.1.18 or 3.1.x < 3.1.4. It is, therefore, affected by a denial of service vulnerability due to an unspecified flaw related to handling web requests. An unauthenticated, remote attacker could cause denial of service conditions by sending specially crafted web requests.
See Also
Solution
Refer to vendor documentation.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.6
EPSS Score
0.0149
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-1108
XREF IAVA:2020-A-0200-S
Plugin Information
Published: 2020/05/13, Modified: 2021/06/11
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NetCore.App\3.1.3\
Installed version : 3.1.3.28628
Fixed version : 3.1.4
183024 - Security Update for Microsoft .NET 7 Core (October 2023)
-
Synopsis
The remote Windows host is affected by a .NET Core vulnerability
Description
The version of Microsoft .NET 7 Core installed on the remote host is prior to 7.0.12. It is, therefore, affected by multiple vulnerabilities as referenced in the 2023_Oct_10 advisory.

- A vulnerability exists in the ASP.NET Core Kestrel web server where a malicious client may flood the server with specially crafted HTTP/2 requests, causing denial of service. (CVE-2023-44487)

- A null pointer vulnerability exists in MsQuic.dll which may lead to Denial of Service. This issue only affects Windows systems. (CVE-2023-38171)

- A memory leak vulnerability exists in MsQuic.dll which may lead to Denial of Service. This issue only affects Windows systems. (CVE-2023-36435)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Update .NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
6.9
EPSS Score
0.9443
CVSS v2.0 Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
6.4 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36435
CVE CVE-2023-38171
CVE CVE-2023-44487
XREF CISA-KNOWN-EXPLOITED:2023/10/31
XREF IAVA:2023-A-0543-S
XREF CEA-ID:CEA-2024-0004
XREF IAVB:2023-B-0083-S
Plugin Information
Published: 2023/10/13, Modified: 2024/02/23
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.10\
Installed version : 7.0.10
Fixed version : 7.0.12
232847 - Security Update for Microsoft .NET 8 Core (January 2025)
-
Synopsis
The remote Windows host is affected by a .NET Core vulnerability
Description
The version of Microsoft .NET 8 Core installed on the remote host is prior to 8.0.12. It is, therefore, affected by multiple vulnerabilities as referenced in the vendor advisory.

- .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172)

- .NET Elevation of Privilege Vulnerability (CVE-2025-21173)

- .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Update .NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
VPR Score
6.7
EPSS Score
0.0035
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
References
Plugin Information
Published: 2025/03/19, Modified: 2025/03/19
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.7\
Installed version : 8.0.7
Fixed version : 8.0.12
193142 - Security Update for Microsoft .NET Core (April 2024)
-
Synopsis
The remote Windows host is affected by a .NET Core vulnerability
Description
The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2024_Apr_09 advisory.

- .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (CVE-2024-21409)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Update .NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
Medium
CVSS v3.0 Base Score
7.3 (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.4 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.547
CVSS v2.0 Base Score
6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-21409
XREF IAVA:2024-A-0218-S
Plugin Information
Published: 2024/04/10, Modified: 2024/05/17
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.10\
Installed version : 7.0.10
Fixed version : 7.0.18
234051 - Security Update for Microsoft .NET Core (April 2025)
-
Synopsis
The remote Windows host is affected by a .NET Core vulnerability
Description
The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the vendor advisory.

- Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. (CVE-2025-26682)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Update .NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.6
EPSS Score
0.3085
CVSS v2.0 Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
5.8 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2025-26682
XREF IAVA:2025-A-0238-S
Plugin Information
Published: 2025/04/08, Modified: 2025/05/16
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.7\
Installed version : 8.0.7
Fixed version : 8.0.15
190535 - Security Update for Microsoft .NET Core (February 2024)
-
Synopsis
The remote Windows host is affected by a .NET Core vulnerability
Description
The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2024_Feb_13 advisory.

- .NET Denial of Service Vulnerability (CVE-2024-21404)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Update .NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.0216
CVSS v2.0 Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
5.8 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-21404
XREF IAVA:2024-A-0089-S
Plugin Information
Published: 2024/02/14, Modified: 2024/03/15
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.10\
Installed version : 7.0.10
Fixed version : 7.0.16
238082 - Security Update for Microsoft .NET Core (June 2025)
-
Synopsis
The remote Windows host is affected by a .NET Core vulnerability
Description
The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the vendor advisory.

- .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-30399)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Update .NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.0006
CVSS v2.0 Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.6 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2025-30399
XREF IAVA:2025-A-0410-S
Plugin Information
Published: 2025/06/10, Modified: 2025/10/29
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.7\
Installed version : 8.0.7
Fixed version : 8.0.17
192012 - Security Update for Microsoft .NET Core (March 2024)
-
Synopsis
The remote Windows host is affected by a .NET Core vulnerability
Description
The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2024_Mar_12 advisory.

- .NET and Visual Studio Denial of Service Vulnerability (CVE-2024-21392)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Update .NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.1026
CVSS v2.0 Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
5.8 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-21392
XREF IAVA:2024-A-0151-S
Plugin Information
Published: 2024/03/13, Modified: 2024/04/11
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.10\
Installed version : 7.0.10
Fixed version : 7.0.17
232619 - Security Update for Microsoft .NET Core (March 2025)
-
Synopsis
The remote Windows host is affected by a .NET Core vulnerability
Description
The version of Microsoft .NET Core installed on the remote host is 8.0.x < 8.0.14 or 9.0.x < 9.0.3.
It is, therefore, affected by a vulnerability as referenced in the vendor advisory.

- Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network. (CVE-2025-24070)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Update .NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
Medium
CVSS v3.0 Base Score
7.0 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H)
CVSS v3.0 Temporal Score
6.1 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.5
EPSS Score
0.0015
CVSS v2.0 Base Score
6.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:C)
CVSS v2.0 Temporal Score
4.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2025-24070
XREF IAVA:2025-A-0175-S
Plugin Information
Published: 2025/03/11, Modified: 2025/04/10
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.7\
Installed version : 8.0.7
Fixed version : 8.0.14
235852 - Security Update for Microsoft .NET Core (May 2025)
-
Synopsis
The remote Windows host is affected by a .NET Core vulnerability
Description
The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the vendor advisory.

- External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network. (CVE-2025-26646)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Update .NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
High
CVSS v3.0 Base Score
8.0 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0004
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2025-26646
XREF IAVA:2025-A-0330-S
Plugin Information
Published: 2025/05/13, Modified: 2025/06/12
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.7\
Installed version : 8.0.7
Fixed version : 8.0.16
208286 - Security Update for Microsoft .NET Core (October 2024)
-
Synopsis
The remote Windows host is affected by a .NET Core vulnerability
Description
The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the vendor advisory.

- .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2024-38229)

- .NET and Visual Studio Denial of Service Vulnerability (CVE-2024-43483,CVE-2024-43484,CVE-2024-43485)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Update .NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0338
CVSS v2.0 Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
5.8 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-38229
CVE CVE-2024-43483
CVE CVE-2024-43484
CVE CVE-2024-43485
XREF IAVA:2024-A-0625-S
XREF IAVA:2024-A-0632-S
Plugin Information
Published: 2024/10/08, Modified: 2025/05/07
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.7\
Installed version : 8.0.7
Fixed version : 8.0.10
181277 - Security Update for Microsoft .NET Core (September 2023)
-
Synopsis
The remote Windows host is affected by a .NET Core vulnerability
Description
The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 2023_Sep_12 advisory.

- Visual Studio Remote Code Execution Vulnerability (CVE-2023-36792, CVE-2023-36793, CVE-2023-36794, CVE-2023-36796)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Update .NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.0156
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36792
CVE CVE-2023-36793
CVE CVE-2023-36794
CVE CVE-2023-36796
XREF IAVA:2023-A-0475-S
Plugin Information
Published: 2023/09/12, Modified: 2023/10/12
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.10\
Installed version : 7.0.10
Fixed version : 7.0.11
139496 - Security Update for Microsoft ASP.NET Core (DoS) (August 2020)
-
Synopsis
The Microsoft ASP.NET Core installations on the remote host contain vulnerable packages.
Description
The Microsoft ASP.NET Core installation on the remote host is version 2.1.x < 2.1.21, or 3.1.x < 3.1.7. It is, therefore, affected by a denial of service (DoS) vulnerability when ASP.NET Core improperly handles web requests. An unauthenticated, remote attacker can exploit this issue, via sending a specially crafted requests to the ASP.NET Core application to cause the application to stop responding.
See Also
Solution
Update ASP.NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.6
EPSS Score
0.0644
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-1597
XREF IAVA:2020-A-0354-S
XREF CEA-ID:CEA-2020-0101
Plugin Information
Published: 2020/08/11, Modified: 2022/12/05
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\dotnet\shared\Microsoft.AspNetCore.App\3.1.3
Installed version : 3.1.3
Fixed version : 3.1.7

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\3.1.3
Installed version : 3.1.3
Fixed version : 3.1.7
136527 - Security Update for Microsoft ASP.NET Core (DoS) (May 2020)
-
Synopsis
The Microsoft ASP.NET Core installations on the remote host contain vulnerable packages.
Description
The Microsoft ASP.NET Core installation on the remote host is version 3.x < 3.1.4. It is, therefore, affected by a denial of service (DoS) vulnerability when ASP.NET Core improperly handles web requests. An unauthenticated, remote attacker can exploit this issue, via sending a specially crafted requests to the ASP.NET Core application to cause the application to stop responding.
See Also
Solution
Update ASP.NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.6
EPSS Score
0.0206
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-1161
XREF IAVA:2020-A-0197-S
Plugin Information
Published: 2020/05/13, Modified: 2022/04/11
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\dotnet\shared\Microsoft.AspNetCore.App\3.1.3
Installed version : 3.1.3
Fixed version : 3.1.4

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\3.1.3
Installed version : 3.1.3
Fixed version : 3.1.4
190545 - Security Update for Microsoft ASP.NET Core (February 2024) (CVE-2024-21386)
-
Synopsis
The remote Windows host is affected by a ASP.NET Core vulnerability
Description
The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a denial of service as referenced in the vendor advisory.

- ASP.NET Core Denial of Service Vulnerability

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Update .NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.1026
CVSS v2.0 Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
5.8 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-21386
XREF IAVA:2024-A-0093
Plugin Information
Published: 2024/02/14, Modified: 2024/03/12
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\7.0.10
Installed version : 7.0.10
Fixed version : 7.0.16
145040 - Security Update for Microsoft ASP.NET Core (January 2021)
-
Synopsis
The Microsoft ASP.NET Core installations on the remote host contain vulnerable packages.
Description
The Microsoft ASP.NET Core installation on the remote host is version 3.1.x < 3.1.11 or 5.x prior to 5.0.2. It is, therefore, affected by a denial of service (DoS) vulnerability in the way Kestrel parses HTTP/2 requests. An unauthenticated, remote attacker can exploit this issue, by sending a specially crafted requests to the ASP.NET Core application, to cause a DoS condition.
See Also
Solution
Update ASP.NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.6
EPSS Score
0.025
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2021-1723
XREF CEA-ID:CEA-2021-0001
Plugin Information
Published: 2021/01/18, Modified: 2022/12/07
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\dotnet\shared\Microsoft.AspNetCore.App\3.1.3
Installed version : 3.1.3
Fixed version : 3.1.11

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\3.1.3
Installed version : 3.1.3
Fixed version : 3.1.11
140425 - Security Update for Microsoft ASP.NET Core (September 2020)
-
Synopsis
The Microsoft ASP.NET Core installations on the remote host contain vulnerable packages.
Description
The Microsoft ASP.NET Core installation on the remote host is version 2.1.x < 2.1.22, or 3.1.x < 3.1.8. It is, therefore, affected by a security feature bypass vulnerability in the way ASP.NET Core parses encoded cookie names. An unauthenticated, remote attacker can exploit this issue, by sending a specially crafted cookies to the ASP.NET Core application to set a second cookie.
See Also
Solution
Update ASP.NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.1
EPSS Score
0.2052
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-1045
XREF IAVA:2020-A-0415-S
XREF CEA-ID:CEA-2020-0118
Plugin Information
Published: 2020/09/08, Modified: 2022/12/06
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\dotnet\shared\Microsoft.AspNetCore.App\3.1.3
Installed version : 3.1.3
Fixed version : 3.1.8

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\3.1.3
Installed version : 3.1.3
Fixed version : 3.1.8
103138 - Security Update for Microsoft Office Excel Products (September 2017)
-
Synopsis
The Microsoft Excel Products are affected by multiple vulnerabilities.
Description
The Microsoft Excel Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.
(CVE-2017-8631, CVE-2017-8632)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4011108
-KB4011050
-KB4011061
-KB4011062
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.2642
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 100734
BID 100751
CVE CVE-2017-8631
CVE CVE-2017-8632
MSKB 4011108
MSKB 4011062
MSKB 4011061
XREF MSFT:MS17-4011050
XREF MSFT:MS17-4011108
XREF MSFT:MS17-4011062
XREF MSFT:MS17-4011061
XREF IAVA:2017-A-0274
Plugin Information
Published: 2017/09/12, Modified: 2019/11/12
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7188.5000
99314 - Security Update for Microsoft Office Products (April 2017) (Petya)
-
Synopsis
An application installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The Microsoft Office application, Office Web Apps, or SharePoint Server installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- An arbitrary code execution vulnerability exists in Microsoft Outlook due to improper parsing of email messages. An unauthenticated, remote attacker can exploit this, via a specially crafted email message, to execute arbitrary code. (CVE-2017-0106)

- An information disclosure vulnerability exists in Microsoft Office due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted Excel file, to disclose the contents of memory.
(CVE-2017-0194)

- A cross-site scripting (XSS) vulnerability exists in Office Web Apps Server due to improper validation of input before returning it to users. An authenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-0195)

- An arbitrary code execution vulnerability exists in Microsoft Office due to improper validation of input before loading dynamic link library (DLL) files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted Office document, to execute arbitrary code. (CVE-2017-0197)

- An arbitrary code execution vulnerability exists in Microsoft Office and Windows WordPad due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted file, to execute arbitrary code. Note that this vulnerability is being utilized to spread the Petya ransomware. (CVE-2017-0199)

- A security feature bypass vulnerability exists in Microsoft Office due to improper parsing of file formats. An unauthenticated, remote attacker can exploit this, by convincing a user into opening a specially crafted file, to bypass security features.
(CVE-2017-0204)

- A spoofing vulnerability in Microsoft Outlook due to improper validation of input passed via HTML tags. An unauthenticated, remote attacker can exploit this, by sending an email with specific HTML tags, to display a malicious authentication prompt and gain access to a user's authentication information or login credentials.
(CVE-2017-0207)
See Also
Solution
Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, and 2016; Microsoft Excel 2007 and 2010; Microsoft OneNote 2007 and 2010; Microsoft Outlook 2007, 2010, 2013, and 2016; Microsoft Office Compatibility Pack; Excel Services on Microsoft SharePoint Server 2010 and 2013; Microsoft Excel Web App 2010; Microsoft Office Web Apps Server 2010 and 2013; and Office Online Server.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.8
EPSS Score
0.9437
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 95961
BID 97411
BID 97413
BID 97417
BID 97436
BID 97458
BID 97463
BID 97498
CVE CVE-2017-0106
CVE CVE-2017-0194
CVE CVE-2017-0195
CVE CVE-2017-0197
CVE CVE-2017-0199
CVE CVE-2017-0204
CVE CVE-2017-0207
MSKB 2589382
MSKB 3101522
MSKB 3118388
MSKB 3127890
MSKB 3127895
MSKB 3141529
MSKB 3141538
MSKB 3172519
MSKB 3178664
MSKB 3178702
MSKB 3178703
MSKB 3178710
MSKB 3178724
MSKB 3178725
MSKB 3191827
MSKB 3191829
MSKB 3191830
MSKB 3191840
MSKB 3191845
MSKB 3191847
XREF CERT:921560
XREF EDB-ID:41894
XREF EDB-ID:41934
XREF MSFT:MS17-2589382
XREF MSFT:MS17-3101522
XREF MSFT:MS17-3118388
XREF MSFT:MS17-3127890
XREF MSFT:MS17-3127895
XREF MSFT:MS17-3141529
XREF MSFT:MS17-3141538
XREF MSFT:MS17-3172519
XREF MSFT:MS17-3178664
XREF MSFT:MS17-3178702
XREF MSFT:MS17-3178703
XREF MSFT:MS17-3178710
XREF MSFT:MS17-3178724
XREF MSFT:MS17-3178725
XREF MSFT:MS17-3191827
XREF MSFT:MS17-3191829
XREF MSFT:MS17-3191830
XREF MSFT:MS17-3191840
XREF MSFT:MS17-3191845
XREF MSFT:MS17-3191847
XREF IAVA:2017-A-0101-S
XREF IAVA:2017-A-0104-S
XREF CISA-KNOWN-EXPLOITED:2022/05/03
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2017/04/12, Modified: 2023/06/16
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7180.5000

Product : Outlook 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe has not been patched.
Remote version : 14.0.7012.1000
Fixed version : 14.0.7180.5001

Product : Microsoft OneNote 2010 SP2
KB : 2589382
- c:\program files (x86)\microsoft office\office14\onenotesyncpc.dll has not been patched.
Remote version : 14.0.7011.1000
Should be : 14.0.7180.5000
101371 - Security Update for Microsoft Office Products (July 2017)
-
Synopsis
An application installed on the remote Windows host is affected by multiple remote code execution vulnerabilities.
Description
The Microsoft Office application, Microsoft Office Compatibility Pack, or Microsoft Excel Viewer installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple remote code execution vulnerabilities due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to open a specially crafted document or to visit a specially crafted website, to execute arbitrary code in the context of the current user.

Note that KB2880514 for Office 2007 and KB3203468 for Office 2010 SP2 are only applicable to Office installations with the Galician language pack installed.
See Also
Solution
Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, and 2016; Microsoft Excel 2007, 2010, 2013, and 2016;
Microsoft Excel Viewer 2007; and Microsoft Office Compatibility Pack.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.8
EPSS Score
0.9425
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 99441
BID 99442
BID 99445
BID 99446
CVE CVE-2017-0243
CVE CVE-2017-8501
CVE CVE-2017-8502
CVE CVE-2017-8570
MSKB 2880514
MSKB 3191833
MSKB 3191894
MSKB 3191897
MSKB 3191907
MSKB 3203468
MSKB 3203477
MSKB 3213537
MSKB 3213545
MSKB 3213555
MSKB 3213624
MSKB 3213640
XREF MSFT:MS17-2880514
XREF MSFT:MS17-3191833
XREF MSFT:MS17-3191894
XREF MSFT:MS17-3191897
XREF MSFT:MS17-3191907
XREF MSFT:MS17-3203468
XREF MSFT:MS17-3203477
XREF MSFT:MS17-3213537
XREF MSFT:MS17-3213545
XREF MSFT:MS17-3213555
XREF MSFT:MS17-3213624
XREF MSFT:MS17-3213640
XREF CISA-KNOWN-EXPLOITED:2022/08/25
Exploitable With
CANVAS (true)
Plugin Information
Published: 2017/07/11, Modified: 2022/02/28
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7183.5000
100782 - Security Update for Microsoft Office Products (June 2017)
-
Synopsis
An application installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The Microsoft Office application installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple remote code execution vulnerabilities exist in Microsoft Office due to improper validation of input before loading dynamic link library (DLL) files. An unauthenticated, remote attacker can exploit these, by convincing a user to open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0260. CVE-2017-8506)

- Multiple information disclosure vulnerabilities exist in Windows Uniscribe due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a specially crafted website or to open a specially crafted document file, to disclose the contents of memory. (CVE-2017-0282, CVE-2017-0284, CVE-2017-0285, CVE-2017-8534)

- Multiple remote code execution vulnerabilities exist in Windows Uniscribe due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a specially crafted website or open a specially crafted document, to execute arbitrary code in the context of the current user.
(CVE-2017-0283, CVE-2017-8528)

- Multiple information disclosure vulnerabilities exist in the Windows GDI component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a specially crafted website or to open a specially crafted document file, to disclose the contents of memory.
(CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, CVE-2017-8533)

- A remote code execution vulnerability exists in Microsoft Windows due to improper parsing of PDF files.
An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted PDF file, to execute arbitrary code in the context of the current user. (CVE-2017-0292)

- A remote code execution vulnerability exists in Microsoft Outlook due to improper parsing of email messages. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted email message, to execute arbitrary code in the context of the current user. (CVE-2017-8507)

- A security bypass vulnerability exists in Microsoft Outlook due to improper parsing of file formats. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted Office document, to bypass security feature protections.
(CVE-2017-8508)

- Multiple remote code execution vulnerabilities exist in Microsoft Office due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these, by convincing a user to open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-8550)

- A remote code execution vulnerability exists in Microsoft PowerPoint due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted file, to execute arbitrary code in the context of the current user. (CVE-2017-8513)

- A remote code execution vulnerability exists in the Windows font library due to improper handling of embedded fonts. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft document, to execute arbitrary code in the context of the current user. (CVE-2017-8527)
See Also
Solution
Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, and 2016; Microsoft OneNote 2010; Microsoft Outlook 2007, 2010, and 2016; Microsoft PowerPoint 2007; Microsoft Word 2007, 2010, 2013, and 2016; Microsoft Word Viewer; and Microsoft Office Compatibility Pack.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.5511
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 98810
BID 98811
BID 98812
BID 98813
BID 98815
BID 98816
BID 98819
BID 98820
BID 98821
BID 98822
BID 98827
BID 98828
BID 98830
BID 98836
BID 98885
BID 98891
BID 98914
BID 98916
BID 98918
BID 98920
BID 98922
BID 98923
BID 98929
BID 98933
BID 98949
CVE CVE-2017-0260
CVE CVE-2017-0282
CVE CVE-2017-0283
CVE CVE-2017-0284
CVE CVE-2017-0285
CVE CVE-2017-0286
CVE CVE-2017-0287
CVE CVE-2017-0288
CVE CVE-2017-0289
CVE CVE-2017-0292
CVE CVE-2017-8506
CVE CVE-2017-8507
CVE CVE-2017-8508
CVE CVE-2017-8509
CVE CVE-2017-8510
CVE CVE-2017-8511
CVE CVE-2017-8512
CVE CVE-2017-8513
CVE CVE-2017-8527
CVE CVE-2017-8528
CVE CVE-2017-8531
CVE CVE-2017-8532
CVE CVE-2017-8533
CVE CVE-2017-8534
CVE CVE-2017-8550
MSKB 3118304
MSKB 3118389
MSKB 3127888
MSKB 3162051
MSKB 3178667
MSKB 3191828
MSKB 3191837
MSKB 3191844
MSKB 3191848
MSKB 3191882
MSKB 3191898
MSKB 3191908
MSKB 3191932
MSKB 3191938
MSKB 3191943
MSKB 3191944
MSKB 3191945
MSKB 3203383
MSKB 3203386
MSKB 3203392
MSKB 3203393
MSKB 3203427
MSKB 3203436
MSKB 3203438
MSKB 3203441
MSKB 3203460
MSKB 3203461
MSKB 3203463
MSKB 3203464
MSKB 3203467
MSKB 3203484
XREF MSFT:MS17-3118304
XREF MSFT:MS17-3118389
XREF MSFT:MS17-3127888
XREF MSFT:MS17-3162051
XREF MSFT:MS17-3178667
XREF MSFT:MS17-3191828
XREF MSFT:MS17-3191837
XREF MSFT:MS17-3191844
XREF MSFT:MS17-3191848
XREF MSFT:MS17-3191882
XREF MSFT:MS17-3191898
XREF MSFT:MS17-3191908
XREF MSFT:MS17-3191932
XREF MSFT:MS17-3191938
XREF MSFT:MS17-3191943
XREF MSFT:MS17-3191944
XREF MSFT:MS17-3191945
XREF MSFT:MS17-3203383
XREF MSFT:MS17-3203386
XREF MSFT:MS17-3203392
XREF MSFT:MS17-3203393
XREF MSFT:MS17-3203427
XREF MSFT:MS17-3203436
XREF MSFT:MS17-3203438
XREF MSFT:MS17-3203441
XREF MSFT:MS17-3203460
XREF MSFT:MS17-3203461
XREF MSFT:MS17-3203463
XREF MSFT:MS17-3203464
XREF MSFT:MS17-3203467
XREF MSFT:MS17-3203484
XREF IAVA:2017-A-0179-S
Plugin Information
Published: 2017/06/14, Modified: 2025/12/16
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 3203461
- C:\Program Files (x86)\Common Files\Microsoft Shared\GRPHFLT\epsimp32.flt has not been patched.
Remote version : 2010.1400.7006.1000
Should be : 2010.1400.7182.5000

Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7182.5000

Product : Microsoft OneNote 2010 SP2
KB : 3191908
- c:\program files (x86)\microsoft office\office14\onenotesyncpc.dll has not been patched.
Remote version : 14.0.7011.1000
Should be : 14.0.7182.5000

Product : Outlook 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe has not been patched.
Remote version : 14.0.7012.1000
Fixed version : 14.0.7182.5000
100103 - Security Update for Microsoft Office Products (May 2017)
-
Synopsis
An application installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The Microsoft Office application, Office Web Apps, or SharePoint Server installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in Microsoft Office software due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0254)

- A cross-site scripting (XSS) vulnerability exists in Microsoft SharePoint Server due improper validation of user-supplied input in web requests. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-0255)

- A remote code execution vulnerability exists in Microsoft Office due to improper handling of malformed graphics images. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted EPS file, to execute arbitrary code in the context of the current user. (CVE-2017-0261)

- A remote code execution vulnerability exists in Microsoft Office when handling malformed graphics images. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted EPS file or visit a specially crafted website, to execute arbitrary code. (CVE-2017-0262)

- A remote code execution vulnerability exists in Microsoft Office due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted file, to execute arbitrary code in the context of the current user. (CVE-2017-0281)
See Also
Solution
Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, and 2016; Microsoft Word 2007, 2010, 2013, and 2016; Skype for Business 2016; Microsoft Word Viewer; Microsoft Office Compatibility Pack; SharePoint Server 2010; SharePoint Enterprise Server 2013 and 2016; SharePoint Foundation 2013; Word Automation Services on Microsoft SharePoint Server 2010 and 2013; Microsoft Office Project Server 2013; Microsoft Office Web Apps Server 2010 and 2013; and Office Online Server.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.9225
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 98101
BID 98104
BID 98107
BID 98279
BID 98297
CVE CVE-2017-0254
CVE CVE-2017-0255
CVE CVE-2017-0261
CVE CVE-2017-0262
CVE CVE-2017-0281
MSKB 2596904
MSKB 3114375
MSKB 3118310
MSKB 3162040
MSKB 3162054
MSKB 3162069
MSKB 3172458
MSKB 3172475
MSKB 3172482
MSKB 3172532
MSKB 3172536
MSKB 3178633
MSKB 3178638
MSKB 3178729
MSKB 3191835
MSKB 3191836
MSKB 3191839
MSKB 3191841
MSKB 3191843
MSKB 3191858
MSKB 3191863
MSKB 3191865
MSKB 3191880
MSKB 3191881
MSKB 3191885
MSKB 3191886
MSKB 3191887
MSKB 3191888
MSKB 3191890
MSKB 3191895
MSKB 3191899
MSKB 3191904
MSKB 3191909
MSKB 3191913
MSKB 3191914
MSKB 3191915
XREF MSFT:MS17-2596904
XREF MSFT:MS17-3114375
XREF MSFT:MS17-3118310
XREF MSFT:MS17-3162040
XREF MSFT:MS17-3162054
XREF MSFT:MS17-3162069
XREF MSFT:MS17-3172458
XREF MSFT:MS17-3172475
XREF MSFT:MS17-3172482
XREF MSFT:MS17-3172532
XREF MSFT:MS17-3172536
XREF MSFT:MS17-3178633
XREF MSFT:MS17-3178638
XREF MSFT:MS17-3178729
XREF MSFT:MS17-3191835
XREF MSFT:MS17-3191836
XREF MSFT:MS17-3191839
XREF MSFT:MS17-3191841
XREF MSFT:MS17-3191843
XREF MSFT:MS17-3191858
XREF MSFT:MS17-3191863
XREF MSFT:MS17-3191865
XREF MSFT:MS17-3191880
XREF MSFT:MS17-3191881
XREF MSFT:MS17-3191885
XREF MSFT:MS17-3191886
XREF MSFT:MS17-3191887
XREF MSFT:MS17-3191888
XREF MSFT:MS17-3191890
XREF MSFT:MS17-3191895
XREF MSFT:MS17-3191899
XREF MSFT:MS17-3191904
XREF MSFT:MS17-3191909
XREF MSFT:MS17-3191913
XREF MSFT:MS17-3191914
XREF MSFT:MS17-3191915
XREF IAVA:2017-A-0143-S
XREF CISA-KNOWN-EXPLOITED:2022/08/10
XREF CISA-KNOWN-EXPLOITED:2022/03/24
Exploitable With
Core Impact (true)
Plugin Information
Published: 2017/05/10, Modified: 2023/02/17
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 3118310
- C:\Program Files (x86)\Common Files\Microsoft Shared\GRPHFLT\epsimp32.flt has not been patched.
Remote version : 2010.1400.7006.1000
Should be : 2010.1400.7181.5002

Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7181.5000
168747 - Security Updates for Microsoft .NET Core (December 2022)
-
Synopsis
The Microsoft .NET core installations on the remote host are affected by remote code execution vulnerability.
Description
A remote code execution vulnerability exists in .NET Core 3.1, .NET 6.0, and .NET 7.0, where a malicious actor could cause a user to run arbitrary code as a result of parsing maliciously crafted xps files.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Update .NET Core Runtime to version 3.1.32 or 6.0.12 or 7.0.1.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0893
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-41089
MSKB 5021953
MSKB 5021954
MSKB 5021955
XREF MSFT:MS22-5021953
XREF MSFT:MS22-5021954
XREF MSFT:MS22-5021955
XREF IAVA:2022-A-0526
Plugin Information
Published: 2022/12/15, Modified: 2024/01/16
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NetCore.App\3.1.3\
Installed version : 3.1.3.28628
Fixed version : 3.1.32
166054 - Security Updates for Microsoft .NET Core (October 2022)
-
Synopsis
The Microsoft .NET core installations on the remote host are affected by a privilege escalation vulnerability.
Description
A privilege escalation vulnerability exists in .NET core 6.0 < 6.0.10 and .NET Core 3.1 < 3.1.30. An authenticated, local attacker can exploit this, via the NuGet client, to cause the user to execute arbitrary code.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Update .NET Core Runtime to version 3.1.30 or 6.0.10.
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.1877
CVSS v2.0 Base Score
6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.6 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-41032
MSKB 5019349
MSKB 5019351
XREF MSFT:MS22-5019349
XREF MSFT:MS22-5019351
XREF IAVA:2022-A-0411-S
Plugin Information
Published: 2022/10/12, Modified: 2024/01/16
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NetCore.App\3.1.3\
Installed version : 3.1.3.28628
Fixed version : 3.1.30
165077 - Security Updates for Microsoft .NET Core (September 2022)
-
Synopsis
The Microsoft .NET core installations on the remote host are affected by a denial of service vulnerability.
Description
A denial of service vulnerability exists in .NET core 6.0 < 6.0.9 and .NET Core 3.1 < 3.1.29. An unauthenticated, remote attacker can exploit this, by sending a customized payload that is parsed during model binding, to cause a stack overflow, which may cause the application to stop responding.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Update .NET Core Runtime to version 3.1.29 or 6.0.9.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.0103
CVSS v2.0 Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
6.4 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-38013
MSKB 5017903
MSKB 5017915
XREF MSFT:MS22-5017903
XREF MSFT:MS22-5017915
XREF IAVA:2022-A-0374-S
Plugin Information
Published: 2022/09/14, Modified: 2024/01/16
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NetCore.App\3.1.3\
Installed version : 3.1.3.28628
Fixed version : 3.1.29
161167 - Security Updates for Microsoft .NET core (May 2022)
-
Synopsis
The Microsoft .NET core installations on the remote host are affected by multiple vulnerabilities.
Description
The Microsoft .NET core installations on the remote host are missing security updates. It is, therefore, affected by multiple denial of service vulnerabilities:

- A vulnerability where a malicious client can cause a denial of service via excess memory allocations through HttpClient. (CVE-2022-23267)

- A vulnerability where a malicious client can manipulate cookies and cause a denial of service. (CVE-2022-29117)

- A vulnerability where a malicious client can cause a denial of service when HTML forms are parsed. (CVE-2022-29145)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Update .NET Core Runtime to version 3.1.25, 5.0.17 or 6.0.5.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.0238
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
4.1 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-23267
CVE CVE-2022-29117
CVE CVE-2022-29145
XREF IAVA:2022-A-0201-S
Plugin Information
Published: 2022/05/13, Modified: 2023/10/27
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NetCore.App\3.1.3\
Installed version : 3.1.3.28628
Fixed version : 3.1.25
156227 - Security Updates for Microsoft ASP.NET Core (December 2021)
-
Synopsis
The Microsoft ASP.NET Core installations on the remote host are missing a security update.
Description
The Microsoft ASP.NET Core installations on the remote host are missing a security update. It is, therefore, affected by an elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Update ASP.NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.0028
CVSS v2.0 Base Score
4.6 (CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
3.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-43877
XREF IAVA:2021-A-0581-S
Plugin Information
Published: 2021/12/21, Modified: 2024/11/28
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\dotnet\shared\Microsoft.AspNetCore.App\3.1.3
Installed version : 3.1.3
Fixed version : 3.1.22

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\3.1.3
Installed version : 3.1.3
Fixed version : 3.1.22
168826 - Security Updates for Microsoft ASP.NET Core (December 2022)
-
Synopsis
The Microsoft ASP.NET core installations on the remote host are affected by remote code execution vulnerability.
Description
A remote code execution vulnerability exists in ASP.NET core 3.1, ASP.NET 6.0, and ASP.NET 7.0, where a malicious actor could cause a user to run arbitrary code as a result of parsing maliciously crafted xps files.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Update ASP.NET Core Runtime to version 3.1.32 or 6.0.12 or 7.0.1.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0893
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-41089
MSKB 5021953
MSKB 5021954
MSKB 5021955
XREF MSFT:MS22-5021953
XREF MSFT:MS22-5021954
XREF MSFT:MS22-5021955
XREF IAVA:2022-A-0526
Plugin Information
Published: 2022/12/15, Modified: 2023/11/20
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\dotnet\shared\Microsoft.AspNetCore.App\3.1.3
Installed version : 3.1.3
Fixed version : 3.1.32

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\3.1.3
Installed version : 3.1.3
Fixed version : 3.1.32
182957 - Security Updates for Microsoft ASP.NET Core (October 2023)
-
Synopsis
The Microsoft ASP.NET core installations on the remote host are affected by a denial of service vulnerability.
Description
The version of ASP.NET core installed on the remote host is affected by a denial of service (DoS) vulnerability. The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Update ASP.NET Core Runtime to version 6.0.23, 7.0.12, 8.0.0-rc2 or later
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
6.9
EPSS Score
0.9443
CVSS v2.0 Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
6.4 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-44487
XREF CISA-KNOWN-EXPLOITED:2023/10/31
XREF IAVA:2023-A-0545-S
XREF CEA-ID:CEA-2024-0004
XREF IAVB:2023-B-0083-S
Plugin Information
Published: 2023/10/12, Modified: 2024/02/23
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\7.0.10
Installed version : 7.0.10
Fixed version : 7.0.12
165076 - Security Updates for Microsoft ASP.NET Core (September 2022)
-
Synopsis
The Microsoft ASP.NET Core installations on the remote host are missing a security update.
Description
A denial of service vulnerability exists in ASP.NET core 6.0 < 6.0.9 and ASP.NET Core 3.1 < 3.1.29. An unauthenticated, remote attacker can exploit this, by sending a customized payload that is parsed during model binding, to cause a stack overflow, which may cause the application to stop responding.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Update ASP.NET Core Runtime to version 3.1.29 or 6.0.9.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.0103
CVSS v2.0 Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
6.4 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-38013
MSKB 5017903
MSKB 5017915
XREF MSFT:MS22-5017903
XREF MSFT:MS22-5017915
XREF IAVA:2022-A-0374-S
Plugin Information
Published: 2022/09/14, Modified: 2023/10/11
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\dotnet\shared\Microsoft.AspNetCore.App\3.1.3
Installed version : 3.1.3
Fixed version : 3.1.29

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\3.1.3
Installed version : 3.1.3
Fixed version : 3.1.29
108969 - Security Updates for Microsoft Excel Products (April 2018)
-
Synopsis
The Microsoft Excel Products are affected by multiple vulnerabilities.
Description
The Microsoft Excel Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0920, CVE-2018-1011, CVE-2018-1027, CVE-2018-1029)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4018353
-KB4018350
-KB4018337
-KB4018362
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.3741
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
CVE CVE-2018-0920
CVE CVE-2018-1011
CVE CVE-2018-1027
CVE CVE-2018-1029
MSKB 4018353
MSKB 4018350
MSKB 4018337
MSKB 4018362
XREF MSFT:MS18-4018353
XREF MSFT:MS18-4018350
XREF MSFT:MS18-4018337
XREF MSFT:MS18-4018362
Plugin Information
Published: 2018/04/10, Modified: 2024/11/11
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7197.5000
123949 - Security Updates for Microsoft Excel Products (April 2019)
-
Synopsis
The Microsoft Excel Products are missing a security update.
Description
The Microsoft Excel Products are missing a security update.
It is, therefore, affected by the following vulnerability :

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0828)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4462230
-KB4462209
-KB4462236

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.2548
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2019-0828
MSKB 4462230
MSKB 4462209
MSKB 4462236
XREF MSFT:MS19-4462230
XREF MSFT:MS19-4462209
XREF MSFT:MS19-4462236
Plugin Information
Published: 2019/04/09, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7232.5000
135474 - Security Updates for Microsoft Excel Products (April 2020)
-
Synopsis
The Microsoft Excel Products are affected by multiple vulnerabilities.
Description
The Microsoft Excel Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2020-0760)

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0906)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4484283
-KB4484273
-KB4484285

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.3457
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2020-0760
CVE CVE-2020-0906
CVE CVE-2020-0979
MSKB 4484283
MSKB 4484273
MSKB 4484285
XREF MSFT:MS20-4484283
XREF MSFT:MS20-4484273
XREF MSFT:MS20-4484285
XREF IAVA:2020-A-0144-S
Plugin Information
Published: 2020/04/14, Modified: 2024/03/19
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7248.5000
148470 - Security Updates for Microsoft Excel Products (April 2021)
-
Synopsis
The Microsoft Excel Products are affected by multiple vulnerabilities.
Description
The Microsoft Excel Products are missing security updates. It is, therefore, affected by multiple vulnerabilities :

- Microsoft Office Remote Code Execution Vulnerability (CVE-2021-28449)

- Microsoft Excel Remote Code Execution Vulnerability (CVE-2021-28451, CVE-2021-28454, CVE-2021-28456) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB3017810
-KB4504721
-KB4504735 For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.0347
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-28449
CVE CVE-2021-28451
CVE CVE-2021-28454
CVE CVE-2021-28456
MSKB 3017810
MSKB 4504721
MSKB 4504735
XREF MSFT:MS21-3017810
XREF MSFT:MS21-4504721
XREF MSFT:MS21-4504735
XREF IAVA:2021-A-0170-S
Plugin Information
Published: 2021/04/13, Modified: 2024/01/04
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7268.5000
111694 - Security Updates for Microsoft Excel Products (August 2018)
-
Synopsis
The Microsoft Excel Products are affected by multiple vulnerabilities.
Description
The Microsoft Excel Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the users computer or data. (CVE-2018-8382)

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8375, CVE-2018-8379)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4032223
-KB4032229
-KB4032241
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.346
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2018-8375
CVE CVE-2018-8379
CVE CVE-2018-8382
MSKB 4032223
MSKB 4032229
MSKB 4032241
XREF MSFT:MS18-4032223
XREF MSFT:MS18-4032229
XREF MSFT:MS18-4032241
Plugin Information
Published: 2018/08/14, Modified: 2024/08/21
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7212.5000
139497 - Security Updates for Microsoft Excel Products (August 2020)
-
Synopsis
The Microsoft Excel Products are affected by multiple vulnerabilities.
Description
The Microsoft Excel Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the users computer or data. (CVE-2020-1497)

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1494, CVE-2020-1495, CVE-2020-1496, CVE-2020-1498, CVE-2020-1504)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4484465
-KB4484449
-KB4484461

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.1579
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-1494
CVE CVE-2020-1495
CVE CVE-2020-1496
CVE CVE-2020-1497
CVE CVE-2020-1498
CVE CVE-2020-1504
MSKB 4484465
MSKB 4484449
MSKB 4484461
XREF MSFT:MS20-4484465
XREF MSFT:MS20-4484449
XREF MSFT:MS20-4484461
XREF IAVA:2020-A-0365-S
XREF CEA-ID:CEA-2020-0101
Plugin Information
Published: 2020/08/11, Modified: 2024/12/02
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7256.5000
119592 - Security Updates for Microsoft Excel Products (December 2018)
-
Synopsis
The Microsoft Excel Products are affected by multiple vulnerabilities.
Description
The Microsoft Excel Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel software. The security update addresses the vulnerability by properly initializing the affected variable. (CVE-2018-8627)

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8597, CVE-2018-8636)

- An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the users computer or data. (CVE-2018-8598)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4461577
-KB4461559
-KB4461542
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.3134
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2018-8597
CVE CVE-2018-8598
CVE CVE-2018-8627
CVE CVE-2018-8636
MSKB 4461577
MSKB 4461559
MSKB 4461542
XREF MSFT:MS18-4461577
XREF MSFT:MS18-4461559
XREF MSFT:MS18-4461542
Plugin Information
Published: 2018/12/11, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7225.5000
143564 - Security Updates for Microsoft Excel Products (December 2020)
-
Synopsis
The Microsoft Excel Products are affected by multiple vulnerabilities.
Description
The Microsoft Excel Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2020-17126)

- A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.
(CVE-2020-17130)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4493148
-KB4486754
-KB4493139

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0398
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-17123
CVE CVE-2020-17125
CVE CVE-2020-17126
CVE CVE-2020-17127
CVE CVE-2020-17128
CVE CVE-2020-17129
CVE CVE-2020-17130
MSKB 4493148
MSKB 4493139
MSKB 4486754
XREF MSFT:MS20-4493148
XREF MSFT:MS20-4493139
XREF MSFT:MS20-4486754
XREF IAVA:2020-A-0556-S
XREF IAVA:2021-A-0017-S
XREF CEA-ID:CEA-2020-0138
Plugin Information
Published: 2020/12/08, Modified: 2024/02/06
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7263.5000
133616 - Security Updates for Microsoft Excel Products (February 2020)
-
Synopsis
The Microsoft Excel Products are affected by multiple vulnerabilities.
Description
The Microsoft Excel Products are missing a security update. It is, therefore, affected by the following vulnerability :

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
See Also
Solution
Microsoft has released the following security updates to address this issue:
- KB4484256
- KB4484265
- KB4484267

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.3291
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2020-0759
MSKB 4484256
MSKB 4484265
MSKB 4484267
XREF MSFT:MS20-4484256
XREF MSFT:MS20-4484265
XREF MSFT:MS20-4484267
Plugin Information
Published: 2020/02/11, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7245.5000
146336 - Security Updates for Microsoft Excel Products (February 2021)
-
Synopsis
The Microsoft Excel Products are affected by multiple vulnerabilities.
Description
The Microsoft Excel Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-24067, CVE-2021-24068, CVE-2021-24069, CVE-2021-24070)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4493222
-KB4493211
-KB4493196

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0148
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-24067
CVE CVE-2021-24068
CVE CVE-2021-24069
CVE CVE-2021-24070
MSKB 4493222
MSKB 4493211
MSKB 4493196
XREF MSFT:MS21-4493222
XREF MSFT:MS21-4493211
XREF MSFT:MS21-4493196
XREF IAVA:2021-A-0067-S
Plugin Information
Published: 2021/02/09, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7265.5000
105694 - Security Updates for Microsoft Excel Products (January 2018)
-
Synopsis
The Microsoft Excel Products are affected by a remote code execution vulnerability.
Description
The Microsoft Excel Products are missing a security update.
It is, therefore, affected by the following vulnerability :

- A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0796)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4011602
-KB4011627
-KB4011639
-KB4011660
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.364
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
BID 102372
CVE CVE-2018-0796
MSKB 4011602
MSKB 4011627
MSKB 4011639
MSKB 4011660
XREF MSFT:MS17-4011602
XREF MSFT:MS17-4011627
XREF MSFT:MS17-4011639
XREF MSFT:MS17-4011660
XREF IAVA:2018-A-0009-S
Plugin Information
Published: 2018/01/09, Modified: 2025/11/10
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7192.5000
132867 - Security Updates for Microsoft Excel Products (January 2020)
-
Synopsis
The Microsoft Excel Products are affected by multiple vulnerabilities.
Description
The Microsoft Excel Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0650, CVE-2020-0651)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4484234
-KB4484217
-KB4484243 For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.3365
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2020-0650
CVE CVE-2020-0651
MSKB 4484234
MSKB 4484217
MSKB 4484243
XREF MSFT:MS20-4484234
XREF MSFT:MS20-4484217
XREF MSFT:MS20-4484243
Plugin Information
Published: 2020/01/14, Modified: 2024/04/01
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7244.5000
144879 - Security Updates for Microsoft Excel Products (January 2021)
-
Synopsis
The Microsoft Excel Products are affected by multiple vulnerabilities.
Description
The Microsoft Excel Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-1713, CVE-2021-1714)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4493186
-KB4493165
-KB4493176

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0158
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-1713
CVE CVE-2021-1714
MSKB 4493186
MSKB 4493165
MSKB 4493176
XREF MSFT:MS21-4493186
XREF MSFT:MS21-4493165
XREF MSFT:MS21-4493176
XREF IAVA:2021-A-0016-S
XREF CEA-ID:CEA-2021-0001
Plugin Information
Published: 2021/01/12, Modified: 2022/12/07
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7264.5000
126580 - Security Updates for Microsoft Excel Products (July 2019)
-
Synopsis
The Microsoft Excel Products are affected by multiple vulnerabilities.
Description
The Microsoft Excel Products are missing security updates. They are, therefore, affected by multiple vulnerabilities:

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2019-1110, CVE-2019-1111)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4464565
-KB4464572
-KB4475513 For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.2706
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 108967
BID 108974
CVE CVE-2019-1110
CVE CVE-2019-1111
MSKB 4464565
MSKB 4464572
MSKB 4475513
XREF MSFT:MS19-4464565
XREF MSFT:MS19-4464572
XREF MSFT:MS19-4475513
Plugin Information
Published: 2019/07/09, Modified: 2024/05/10
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7235.5000
108293 - Security Updates for Microsoft Excel Products (March 2018)
-
Synopsis
The Microsoft Excel Products are affected by a security feature bypass vulnerability.
Description
The Microsoft Excel Products are missing a security update.
It is, therefore, affected by the following vulnerability :

- A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document. The security feature bypass by itself does not allow arbitrary code execution. To successfully exploit the vulnerability, an attacker would have to embed a control in an Excel worksheet that specifies a macro should be run. To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file with an affected version of Microsoft Office software. The security update addresses the vulnerability by enforcing macro settings on Excel documents.
(CVE-2018-0907)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4011675
-KB4011714
-KB4011727
-KB4018291
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0678
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
BID 103325
CVE CVE-2018-0907
MSKB 4011675
MSKB 4011714
MSKB 4011727
MSKB 4018291
XREF MSFT:MS18-4011675
XREF MSFT:MS18-4011714
XREF MSFT:MS18-4011727
XREF MSFT:MS18-4018291
XREF IAVA:2018-A-0077-S
Plugin Information
Published: 2018/03/13, Modified: 2020/12/11
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7195.5000
147225 - Security Updates for Microsoft Excel Products (March 2021)
-
Synopsis
The Microsoft Excel Products are affected by multiple vulnerabilities.
Description
The Microsoft Excel Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-27053, CVE-2021-27054, CVE-2021-27057)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4504707
-KB4493239
-KB4493233

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.0487
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-27053
CVE CVE-2021-27054
CVE CVE-2021-27057
MSKB 4504707
MSKB 4493239
MSKB 4493233
XREF MSFT:MS21-4504707
XREF MSFT:MS21-4493239
XREF MSFT:MS21-4493233
XREF IAVA:2021-A-0135-S
Plugin Information
Published: 2021/03/09, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7266.5000
109612 - Security Updates for Microsoft Excel Products (May 2018)
-
Synopsis
The Microsoft Excel Products are affected by multiple vulnerabilities.
Description
The Microsoft Excel Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities :
- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8147, CVE-2018-8148, CVE-2018-8162)
- An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. (CVE-2018-8163)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4022146
-KB4018399
-KB4018382
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.3391
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2018-8147
CVE CVE-2018-8148
CVE CVE-2018-8162
CVE CVE-2018-8163
MSKB 4022146
MSKB 4018399
MSKB 4018382
XREF MSFT:MS18-4022146
XREF MSFT:MS18-4018399
XREF MSFT:MS18-4018382
XREF IAVA:2018-A-0151-S
Plugin Information
Published: 2018/05/08, Modified: 2024/10/11
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7208.5000
104556 - Security Updates for Microsoft Excel Products (November 2017)
-
Synopsis
The Microsoft Excel Products are affected by multiple vulnerabilities.
Description
The Microsoft Excel Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-11878)

- A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document. The security feature bypass by itself does not allow arbitrary code execution. To successfully exploit the vulnerability, an attacker would have to embed a control in an Excel worksheet that specifies a macro should be run.
(CVE-2017-11877)

- A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. (CVE-2017-11884)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4011197
-KB4011220
-KB4011233
-KB4011199
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.5562
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 100734
BID 100751
BID 101766
CVE CVE-2017-11877
CVE CVE-2017-11878
CVE CVE-2017-11884
MSKB 4011197
MSKB 4011220
MSKB 4011233
MSKB 4011199
XREF MSFT:MS17-4011197
XREF MSFT:MS17-4011220
XREF MSFT:MS17-4011233
XREF MSFT:MS17-4011199
XREF IAVA:2017-A-0337-S
Plugin Information
Published: 2017/11/14, Modified: 2021/06/03
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7190.5000
118921 - Security Updates for Microsoft Excel Products (November 2018)
-
Synopsis
The Microsoft Excel Products are affected by multiple vulnerabilities.
Description
The Microsoft Excel Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8574, CVE-2018-8577)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4461503
-KB4461530
-KB4461488
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.2281
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 105833
BID 105834
CVE CVE-2018-8574
CVE CVE-2018-8577
MSKB 4461503
MSKB 4461530
MSKB 4461488
XREF MSFT:MS18-4461503
XREF MSFT:MS18-4461530
XREF MSFT:MS18-4461488
Plugin Information
Published: 2018/11/13, Modified: 2024/07/22
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7224.5000
130911 - Security Updates for Microsoft Excel Products (November 2019)
-
Synopsis
The Microsoft Excel Products are affected by multiple vulnerabilities.
Description
The Microsoft Excel Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1448)

- An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the users computer or data. (CVE-2019-1446)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4484164
-KB4484158
-KB4484144 For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.3802
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2019-1446
CVE CVE-2019-1448
MSKB 4484164
MSKB 4484158
MSKB 4484144
XREF MSFT:MS19-4484164
XREF MSFT:MS19-4484158
XREF MSFT:MS19-4484144
Plugin Information
Published: 2019/11/12, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7241.5000
142685 - Security Updates for Microsoft Excel Products (November 2020)
-
Synopsis
The Microsoft Excel Products are affected by multiple vulnerabilities.
Description
The Microsoft Office Excel installation on the remote host is missing a security update. It is, therefore, affected by an unspecified remote code execution vulnerability. An attacker can exploit this vulnerability by tricking a user into opening a specially crafted Office file.
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4486718
-KB4486743
-KB4486734

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.046
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2020-17064
CVE CVE-2020-17065
CVE CVE-2020-17066
CVE CVE-2020-17067
MSKB 4486718
MSKB 4486743
MSKB 4486734
XREF MSFT:MS20-4486718
XREF MSFT:MS20-4486743
XREF MSFT:MS20-4486734
XREF CEA-ID:CEA-2020-0135
Plugin Information
Published: 2020/11/10, Modified: 2024/02/09
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7262.5000
118007 - Security Updates for Microsoft Excel Products (October 2018)
-
Synopsis
The Microsoft Excel Products are missing a security update.
Description
The Microsoft Excel Products are missing a security update.
It is, therefore, affected by the following vulnerability :

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in Protected View. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8502)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4461466
-KB4461460
-KB4461448
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.2612
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2018-8502
MSKB 4461466
MSKB 4461460
MSKB 4461448
XREF MSFT:MS18-4461466
XREF MSFT:MS18-4461460
XREF MSFT:MS18-4461448
Plugin Information
Published: 2018/10/09, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7214.5000
129727 - Security Updates for Microsoft Excel Products (October 2019)
-
Synopsis
The Microsoft Excel Products are affected by multiple vulnerabilities.
Description
The Microsoft Excel Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1327, CVE-2019-1331)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4484123
-KB4484130
-KB4484112 For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.3831
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2019-1327
CVE CVE-2019-1331
MSKB 4484123
MSKB 4484130
MSKB 4484112
XREF MSFT:MS19-4484123
XREF MSFT:MS19-4484130
XREF MSFT:MS19-4484112
Plugin Information
Published: 2019/10/08, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7239.5000
141417 - Security Updates for Microsoft Excel Products (October 2020)
-
Synopsis
The Microsoft Excel Products are affected by multiple vulnerabilities.
Description
The Microsoft Excel Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-16929, CVE-2020-16931, CVE-2020-16932)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4486695
-KB4486678
-KB4486707

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0652
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-16929
CVE CVE-2020-16931
CVE CVE-2020-16932
MSKB 4486695
MSKB 4486678
MSKB 4486707
XREF MSFT:MS20-4486695
XREF MSFT:MS20-4486678
XREF MSFT:MS20-4486707
XREF IAVA:2020-A-0462-S
XREF CEA-ID:CEA-2020-0126
Plugin Information
Published: 2020/10/13, Modified: 2022/12/05
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7261.5000
128645 - Security Updates for Microsoft Excel Products (September 2019)
-
Synopsis
The Microsoft Excel Products are affected by multiple vulnerabilities.
Description
The Microsoft Excel Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1297)

- An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the users computer or data. (CVE-2019-1263)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4475566
-KB4475574
-KB4475579 For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.3084
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:C)
References
CVE CVE-2019-1263
CVE CVE-2019-1297
MSKB 4475566
MSKB 4475574
MSKB 4475579
XREF MSFT:MS19-4475566
XREF MSFT:MS19-4475574
XREF MSFT:MS19-4475579
XREF CISA-KNOWN-EXPLOITED:2022/03/17
Plugin Information
Published: 2019/09/10, Modified: 2023/04/25
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7237.5000
140426 - Security Updates for Microsoft Excel Products (September 2020)
-
Synopsis
The Microsoft Excel Products are affected by multiple vulnerabilities.
Description
The Microsoft Excel Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the users computer or data. (CVE-2020-1224)

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1332, CVE-2020-1335, CVE-2020-1594)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4484507
-KB4484526
-KB4486665

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
Medium
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.2188
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-1224
CVE CVE-2020-1332
CVE CVE-2020-1335
CVE CVE-2020-1594
MSKB 4484507
MSKB 4484526
MSKB 4486665
XREF MSFT:MS20-4484507
XREF MSFT:MS20-4484526
XREF MSFT:MS20-4486665
XREF IAVA:2020-A-0405-S
XREF CEA-ID:CEA-2020-0118
Plugin Information
Published: 2020/09/08, Modified: 2024/11/29
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7258.5000
135476 - Security Updates for Microsoft Office Products (April 2020)
-
Synopsis
The Microsoft Office Products are affected by multiple vulnerabilities.
Description
The Microsoft Office Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2020-0760)

- A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. (CVE-2020-0980)

- A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0991)

- A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Microsoft Office Access Connectivity Engine handles objects in memory.
(CVE-2020-0961)

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0906, CVE-2020-0979)
See Also
Solution
Microsoft has released security updates for Microsoft Office Products.

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.4016
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2020-0760
CVE CVE-2020-0906
CVE CVE-2020-0961
CVE CVE-2020-0979
CVE CVE-2020-0980
CVE CVE-2020-0991
MSKB 3128012
MSKB 3203462
MSKB 4011104
MSKB 4484117
MSKB 4484126
MSKB 4484214
MSKB 4484229
MSKB 4484238
MSKB 4484258
MSKB 4484260
MSKB 4484266
MSKB 4484287
MSKB 4484294
XREF MSFT:MS20-3128012
XREF MSFT:MS20-3203462
XREF MSFT:MS20-4011104
XREF MSFT:MS20-4484117
XREF MSFT:MS20-4484126
XREF MSFT:MS20-4484214
XREF MSFT:MS20-4484229
XREF MSFT:MS20-4484238
XREF MSFT:MS20-4484258
XREF MSFT:MS20-4484260
XREF MSFT:MS20-4484266
XREF MSFT:MS20-4484287
XREF MSFT:MS20-4484294
XREF IAVA:2020-A-0142-S
Plugin Information
Published: 2020/04/14, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 3203462
- C:\Program Files (x86)\Common Files\Microsoft Shared\VBA\VBA7\vbe7.dll has not been patched.
Remote version : 7.0.16.28
Should be : 7.0.16.45

Product : Microsoft Office 2010 SP2
KB : 4484266
- C:\Program Files (x86)\Microsoft Office\Office14\graph.exe has not been patched.
Remote version : 14.0.7012.1000
Should be : 14.0.7248.5000
148474 - Security Updates for Microsoft Office Products (April 2021)
-
Synopsis
The Microsoft Office Products are affected by multiple vulnerabilities.
Description
The Microsoft office Product is missing security updates. It is, therefore, affected by multiple vulnerabilities:

- Microsoft Office Remote Code Execution Vulnerability (CVE-2021-28449)

- Microsoft Word Remote Code Execution Vulnerability (CVE-2021-28453)

- Microsoft Excel Remote Code Execution Vulnerability (CVE-2021-28454)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB2553491
-KB2589361
-KB3178639
-KB3178643
-KB4504738
-KB4504722
-KB4504726
-KB4504724
-KB4504739
-KB4504727
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.0274
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-28449
CVE CVE-2021-28453
CVE CVE-2021-28454
MSKB 2553491
MSKB 2589361
MSKB 3178639
MSKB 3178643
MSKB 4493215
MSKB 4504738
MSKB 4504722
MSKB 4504726
MSKB 4504724
MSKB 4504739
MSKB 4504727
XREF MSFT:MS21-2553491
XREF MSFT:MS21-2589361
XREF MSFT:MS21-3178639
XREF MSFT:MS21-3178643
XREF MSFT:MS21-4493215
XREF MSFT:MS21-4504738
XREF MSFT:MS21-4504722
XREF MSFT:MS21-4504726
XREF MSFT:MS21-4504724
XREF MSFT:MS21-4504739
XREF MSFT:MS21-4504727
XREF IAVA:2021-A-0174-S
Plugin Information
Published: 2021/04/13, Modified: 2024/01/04
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 4504738
- C:\Program Files (x86)\Common Files\Microsoft Shared\Office14\mso.dll has not been patched.
Remote version : 14.0.7265.5000
Should be : 14.0.7268.5000

Product : Microsoft Office 2010 SP2
KB : 4504739
- C:\Program Files (x86)\Microsoft Office\Office14\graph.exe has not been patched.
Remote version : 14.0.7012.1000
Should be : 14.0.7268.5000

Product : Microsoft Office 2010 SP2
KB : 2589361
- C:\Program Files (x86)\Common Files\Microsoft Shared\EURO\msoeuro.dll has not been patched.
Remote version : 14.0.4756.1000
Should be : 14.0.7268.5000

Product : Microsoft Office 2010 SP2
KB : 2553491
- C:\Program Files (x86)\Microsoft Office\Office14\Library\Analysis\analys32.xll has not been patched.
Remote version : 14.0.4756.1000
Should be : 14.0.7268.5000
139499 - Security Updates for Microsoft Office Products (August 2020)
-
Synopsis
The Microsoft Office Products are affected by multiple vulnerabilities.
Description
The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1494, CVE-2020-1495, CVE-2020-1496)

- An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the users computer or data. (CVE-2020-1497)

- An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the users computer or data. (CVE-2020-1503, CVE-2020-1583)

- A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1563)

- An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) components handle objects in memory. An attacker who successfully exploited the vulnerability could elevate privileges. The attacker would need to already have the ability to execute code on the system.
(CVE-2020-1581)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4484346
-KB4484354
-KB4484359
-KB4484375
-KB4484379
-KB4484431
-KB4484492 For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.2252
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-1494
CVE CVE-2020-1495
CVE CVE-2020-1496
CVE CVE-2020-1497
CVE CVE-2020-1503
CVE CVE-2020-1563
CVE CVE-2020-1581
CVE CVE-2020-1583
MSKB 4484346
MSKB 4484354
MSKB 4484359
MSKB 4484375
MSKB 4484379
MSKB 4484431
MSKB 4484492
XREF MSFT:MS20-4484346
XREF MSFT:MS20-4484354
XREF MSFT:MS20-4484359
XREF MSFT:MS20-4484375
XREF MSFT:MS20-4484379
XREF MSFT:MS20-4484431
XREF MSFT:MS20-4484492
XREF IAVA:2020-A-0359-S
XREF IAVA:2020-A-0365-S
XREF IAVA:2020-A-0369-S
XREF CEA-ID:CEA-2020-0101
Plugin Information
Published: 2020/08/11, Modified: 2024/12/02
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 4484375
- C:\Program Files (x86)\Microsoft Office\Office14\graph.exe has not been patched.
Remote version : 14.0.7012.1000
Should be : 14.0.7256.5000
105189 - Security Updates for Microsoft Office Products (December 2017)
-
Synopsis
The Microsoft Office Products are missing a security update.
Description
The Microsoft Office Products are missing a security update.
It is, therefore, affected by the following vulnerability :

- An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the users computer or data. (CVE-2017-11934)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4011612
-KB4011277
-KB4011095
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.3241
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 102064
BID 102067
BID 102105
CVE CVE-2017-11934
CVE CVE-2017-11935
CVE CVE-2017-11939
MSKB 4011612
MSKB 4011277
MSKB 4011095
XREF MSFT:MS17-4011612
XREF MSFT:MS17-4011277
XREF MSFT:MS17-4011095
XREF IAVA:2017-A-0363-S
Plugin Information
Published: 2017/12/12, Modified: 2023/02/17
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 4011612
- C:\Program Files (x86)\Microsoft Office\Office14\wwlib.dll has not been patched.
Remote version : 14.0.7015.1000
Should be : 14.0.7191.5000
119595 - Security Updates for Microsoft Office Products (December 2018)
-
Synopsis
The Microsoft Office Products are affected by multiple vulnerabilities.
Description
The Microsoft Office Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities:

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2018-8597)

- An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory. (CVE-2018-8627)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4461570
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.3134
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2018-8597
CVE CVE-2018-8627
MSKB 4461570
XREF MSFT:MS18-4461570
Plugin Information
Published: 2018/12/11, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 4461570
- C:\Program Files (x86)\Microsoft Office\Office14\graph.exe has not been patched.
Remote version : 14.0.7012.1000
Should be : 14.0.7225.5000
131937 - Security Updates for Microsoft Office Products (December 2019)
-
Synopsis
The Microsoft Office Products are affected by multiple vulnerabilities.
Description
The Microsoft Office Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the users computer or data. (CVE-2019-1464)

- A denial of service vulnerability exists in Microsoft Word software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system. Exploitation of the vulnerability requires that a specially crafted document be sent to a vulnerable user. The security update addresses the vulnerability by correcting how Microsoft Word handles objects in memory. (CVE-2019-1461)

- An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.
(CVE-2019-1400, CVE-2019-1463)

- A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1462)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4484182
-KB4484180
-KB4484186
-KB4484193
-KB4484192
-KB4475598
-KB4484184

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.2131
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2019-1400
CVE CVE-2019-1461
CVE CVE-2019-1462
CVE CVE-2019-1463
CVE CVE-2019-1464
MSKB 4484182
MSKB 4484180
MSKB 4484186
MSKB 4484193
MSKB 4484192
MSKB 4475598
MSKB 4484184
XREF MSFT:MS19-4484182
XREF MSFT:MS19-4484180
XREF MSFT:MS19-4484186
XREF MSFT:MS19-4484193
XREF MSFT:MS19-4484192
XREF MSFT:MS19-4475598
XREF MSFT:MS19-4484184
Plugin Information
Published: 2019/12/10, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 4484192
- C:\Program Files (x86)\Microsoft Office\Office14\graph.exe has not been patched.
Remote version : 14.0.7012.1000
Should be : 14.0.7243.5000
143555 - Security Updates for Microsoft Office Products (December 2020)
-
Synopsis
The Microsoft Office Products are affected by multiple remote code execution vulnerabilities.
Description
The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple remote code execution vulnerabilities. An attacker can exploit these to bypass authentication and execute unauthorized arbitrary commands.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released the following security updates to address these issues:
-KB4486698
-KB4493140
-KB4486757

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.041
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-17122
CVE CVE-2020-17128
MSKB 4486698
MSKB 4493140
MSKB 4486757
XREF MSFT:MS20-4486698
XREF MSFT:MS20-4493140
XREF MSFT:MS20-4486757
XREF IAVA:2020-A-0557-S
XREF IAVA:2021-A-0017-S
XREF CEA-ID:CEA-2020-0138
Plugin Information
Published: 2020/12/08, Modified: 2025/08/29
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 4493140
- C:\Program Files (x86)\Microsoft Office\Office14\graph.exe has not been patched.
Remote version : 14.0.7012.1000
Should be : 14.0.7263.5000
122132 - Security Updates for Microsoft Office Products (February 2019)
-
Synopsis
The Microsoft Office Products are affected by multiple vulnerabilities.
Description
The Microsoft Office Products are missing security updates. They are, therefore, affected by multiple vulnerabilities:

- A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. (CVE-2019-0538, CVE-2019-0582)

- A security feature bypass vulnerability exists when Microsoft Office does not validate URLs. An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials. An attacker who successfully exploited this vulnerability could perform a phishing attack. (CVE-2019-0540)

- An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user's computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.
(CVE-2019-0669)

- A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. (CVE-2019-0671, CVE-2019-0672, CVE-2019-0673, CVE-2019-0674, CVE-2019-0675)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4018294
-KB4018300
-KB4018313
-KB4462138
-KB4462146
-KB4462174
-KB4462177

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.3544
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 106419
BID 106433
CVE CVE-2019-0538
CVE CVE-2019-0540
CVE CVE-2019-0582
CVE CVE-2019-0669
CVE CVE-2019-0671
CVE CVE-2019-0672
CVE CVE-2019-0673
CVE CVE-2019-0674
CVE CVE-2019-0675
MSKB 4018294
MSKB 4018300
MSKB 4018313
MSKB 4462138
MSKB 4462146
MSKB 4462174
MSKB 4462177
XREF MSFT:MS19-4018294
XREF MSFT:MS19-4018300
XREF MSFT:MS19-4018313
XREF MSFT:MS19-4462138
XREF MSFT:MS19-4462146
XREF MSFT:MS19-4462174
XREF MSFT:MS19-4462177
Plugin Information
Published: 2019/02/12, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 4462177
- C:\Program Files (x86)\Microsoft Office\Office14\graph.exe has not been patched.
Remote version : 14.0.7012.1000
Should be : 14.0.7229.5000
105728 - Security Updates for Microsoft Office Products (January 2018)
-
Synopsis
The Microsoft Office Products are missing a security update.
Description
The Microsoft Office Products are missing security updates.
It is, therefore, affected by the following vulnerabilities :

- A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0794, CVE-2018-0795)

- An Office RTF remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle RTF files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0797)

- A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0798, CVE-2018-0801, CVE-2018-0802, CVE-2018-0804, CVE-2018-0805, CVE-2018-0806, CVE-2018-0807, CVE-2018-0812)

- A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted email messages. An attacker who successfully exploited the vulnerability could take control of an affected system.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Outlook. (CVE-2018-0793)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4011201
-KB4011574
-KB4011580
-KB4011610
-KB4011611
-KB4011622
-KB4011632
-KB4011636
-KB4011656
-KB4011658
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.8
EPSS Score
0.9407
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
BID 102347
BID 102348
BID 102356
BID 102370
BID 102373
BID 102375
BID 102406
BID 102457
BID 102459
BID 102460
BID 102461
BID 102463
CVE CVE-2018-0793
CVE CVE-2018-0794
CVE CVE-2018-0795
CVE CVE-2018-0797
CVE CVE-2018-0798
CVE CVE-2018-0801
CVE CVE-2018-0802
CVE CVE-2018-0804
CVE CVE-2018-0805
CVE CVE-2018-0806
CVE CVE-2018-0807
CVE CVE-2018-0812
CVE CVE-2018-0845
CVE CVE-2018-0848
CVE CVE-2018-0849
CVE CVE-2018-0862
MSKB 4011201
MSKB 4011574
MSKB 4011580
MSKB 4011610
MSKB 4011611
MSKB 4011622
MSKB 4011632
MSKB 4011636
MSKB 4011656
MSKB 4011658
XREF MSFT:MS17-4011201
XREF MSFT:MS17-4011574
XREF MSFT:MS17-4011580
XREF MSFT:MS17-4011610
XREF MSFT:MS17-4011611
XREF MSFT:MS17-4011622
XREF MSFT:MS17-4011632
XREF MSFT:MS17-4011636
XREF MSFT:MS17-4011656
XREF MSFT:MS17-4011658
XREF IAVA:2018-A-0009-S
XREF CISA-KNOWN-EXPLOITED:2022/05/03
Exploitable With
Core Impact (true)
Plugin Information
Published: 2018/01/10, Modified: 2023/04/25
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 4011610
- C:\Program Files (x86)\Common Files\Microsoft Shared\Equation\eqnedt32.exe has not been patched.
Remote version : 2000.11.9.0
Should be : 2018.0.0.0
121024 - Security Updates for Microsoft Office Products (January 2019)
-
Synopsis
The Microsoft Office Products are affected by multiple vulnerabilities.
Description
The Microsoft Office Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities:

- A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2019-0541)

- An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages. An attacker who successfully exploited this vulnerability could gather information about the victim.
An attacker could exploit this vulnerability by sending a specially crafted email to the victim. The update addresses the vulnerability by correcting the way Microsoft Outlook handles these types of messages.
(CVE-2019-0559)

- An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the users computer or data. (CVE-2019-0560)

- An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the users computer or data. (CVE-2019-0560)

- A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. (CVE-2019-0585)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB2553332
-KB3172522
-KB4022162
-KB4461535
-KB4461537
-KB4461614
-KB4461617

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.2
EPSS Score
0.8094
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
CVE CVE-2019-0541
CVE CVE-2019-0559
CVE CVE-2019-0560
CVE CVE-2019-0561
CVE CVE-2019-0585
MSKB 2553332
MSKB 3172522
MSKB 4022162
MSKB 4461535
MSKB 4461537
MSKB 4461614
MSKB 4461617
XREF MSFT:MS19-2553332
XREF MSFT:MS19-3172522
XREF MSFT:MS19-4022162
XREF MSFT:MS19-4461535
XREF MSFT:MS19-4461537
XREF MSFT:MS19-4461614
XREF MSFT:MS19-4461617
XREF CISA-KNOWN-EXPLOITED:2022/05/03
Plugin Information
Published: 2019/01/08, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 2553332
- C:\Program Files (x86)\Microsoft Office\Office14\msohev.dll has not been patched.
Remote version : 14.0.7007.1000
Should be : 14.0.7227.5000
132869 - Security Updates for Microsoft Office Products (January 2020)
-
Synopsis
The Microsoft Office Products are affected by multiple vulnerabilities.
Description
The Microsoft Office Products are missing a security update. It is, therefore, affected by the following vulnerability:

- A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4484221
-KB4484227
-KB4484236 For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.1667
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2020-0652
MSKB 4484221
MSKB 4484227
MSKB 4484236
XREF MSFT:MS20-4484221
XREF MSFT:MS20-4484227
XREF MSFT:MS20-4484236
XREF IAVA:2020-A-0029-S
Plugin Information
Published: 2020/01/14, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 4484236
- C:\Program Files (x86)\Microsoft Office\Office14\graph.exe has not been patched.
Remote version : 14.0.7012.1000
Should be : 14.0.7244.5000
144885 - Security Updates for Microsoft Office Products (January 2021)
-
Synopsis
The Microsoft Office Products are affected by multiple vulnerabilities.
Description
The Microsoft office Product is missing security updates. It is, therefore, affected by multiple vulnerabilities:

- Microsoft Office Remote Code Execution Vulnerability (CVE-2021-1711)

- Microsoft Excel Remote Code Execution Vulnerability (CVE-2021-1714)

- Microsoft Word Remote Code Execution Vulnerability (CVE-2021-1715, CVE-2021-1716)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4486759
-KB4493168
-KB4493181
-KB4486755
-KB4486762
-KB4493142
-KB4493143

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0222
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-1711
CVE CVE-2021-1714
CVE CVE-2021-1715
CVE CVE-2021-1716
MSKB 4493168
MSKB 4486759
MSKB 4493181
MSKB 4486755
MSKB 4486762
MSKB 4493143
MSKB 4493142
XREF MSFT:MS21-4493168
XREF MSFT:MS21-4486759
XREF MSFT:MS21-4493181
XREF MSFT:MS21-4486755
XREF MSFT:MS21-4486762
XREF MSFT:MS21-4493143
XREF MSFT:MS21-4493142
XREF IAVA:2021-A-0016-S
XREF IAVA:2021-A-0017-S
XREF IAVA:2021-A-0024-S
XREF CEA-ID:CEA-2021-0001
Plugin Information
Published: 2021/01/12, Modified: 2022/12/07
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 4493181
- C:\Program Files (x86)\Microsoft Office\Office14\graph.exe has not been patched.
Remote version : 14.0.7012.1000
Should be : 14.0.7264.5000
110495 - Security Updates for Microsoft Office Products (June 2018)
-
Synopsis
The Microsoft Office Products are affected by multiple vulnerabilities.
Description
The Microsoft Office Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the users computer or data. (CVE-2018-8246)

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8248)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4022182
-KB3115197
-KB3115248
-KB4022177
-KB4018387
-KB4022199
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.5207
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2018-8246
CVE CVE-2018-8248
MSKB 4022182
MSKB 3115197
MSKB 3115248
MSKB 4022177
MSKB 4018387
MSKB 4022199
XREF MSFT:MS18-4022182
XREF MSFT:MS18-3115197
XREF MSFT:MS18-3115248
XREF MSFT:MS18-4022177
XREF MSFT:MS18-4018387
XREF MSFT:MS18-4022199
Plugin Information
Published: 2018/06/12, Modified: 2019/11/04
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 3115197
- C:\Program Files (x86)\Microsoft Office\Office14\oart.dll has not been patched.
Remote version : 14.0.7015.1000
Should be : 14.0.7210.5000

Product : Microsoft Office 2010 SP2
KB : 3115248
- C:\Program Files (x86)\Microsoft Office\Office14\oartconv.dll has not been patched.
Remote version : 14.0.7015.1000
Should be : 14.0.7210.5000

Product : Microsoft Office 2010 SP2
KB : 4022199
- C:\Program Files (x86)\Microsoft Office\Office14\graph.exe has not been patched.
Remote version : 14.0.7012.1000
Should be : 14.0.7210.5000
109614 - Security Updates for Microsoft Office Products (May 2018)
-
Synopsis
The Microsoft Office Products are affected by multiple vulnerabilities.
Description
The Microsoft Office Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8147, CVE-2018-8148)

- An information disclosure vulnerability exists in Outlook when a message is opened. This vulnerability could potentially result in the disclosure of sensitive information to a malicious site. (CVE-2018-8160)

- A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8157, CVE-2018-8158, CVE-2018-8161)

- A remote code execution vulnerability exists in Microsoft InfoPath when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2018-8173)

- A security feature bypass vulnerability exists when the Microsoft Outlook attachment block filter does not properly handle attachments. An attacker who successfully exploited the vulnerability could execute arbitrary commands. The security feature bypass by itself does not allow arbitrary code execution. (CVE-2018-8150)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4022137
-KB2899590
-KB3172436
-KB4022139
-KB3162075
-KB4018327
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.3391
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2018-8147
CVE CVE-2018-8148
CVE CVE-2018-8150
CVE CVE-2018-8157
CVE CVE-2018-8158
CVE CVE-2018-8160
CVE CVE-2018-8161
CVE CVE-2018-8173
MSKB 4022137
MSKB 2899590
MSKB 3172436
MSKB 4022139
MSKB 3162075
MSKB 4018327
XREF MSFT:MS18-4022137
XREF MSFT:MS18-2899590
XREF MSFT:MS18-3172436
XREF MSFT:MS18-4022139
XREF MSFT:MS18-3162075
XREF MSFT:MS18-4018327
XREF IAVA:2018-A-0151-S
Plugin Information
Published: 2018/05/08, Modified: 2024/10/11
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 2899590
- C:\Program Files (x86)\Microsoft Office\Office14\graph.exe has not been patched.
Remote version : 14.0.7012.1000
Should be : 14.0.7208.5000
104557 - Security Updates for Microsoft Office Products (November 2017)
-
Synopsis
The Microsoft Office Products are affected by multiple vulnerabilities.
Description
The Microsoft Office Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities :

- Microsoft has released an update for Microsoft Office that provides enhanced security as a defense-in-depth measure.

- A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2017-11854)

- A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2017-11882)
See Also
Solution
Microsoft has released security updates for Microsoft Office Products.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.8
EPSS Score
0.9438
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 101746
BID 101757
CVE CVE-2017-11854
CVE CVE-2017-11882
MSKB 3162047
MSKB 4011268
MSKB 4011604
MSKB 4011262
MSKB 4011618
XREF MSFT:MS17-3162047
XREF MSFT:MS17-4011268
XREF MSFT:MS17-4011604
XREF MSFT:MS17-4011262
XREF MSFT:MS17-4011618
XREF IAVA:2017-A-0337-S
XREF CISA-KNOWN-EXPLOITED:2022/05/03
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2017/11/14, Modified: 2023/04/25
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 4011618
- C:\Program Files (x86)\Common Files\Microsoft Shared\Equation\eqnedt32.exe has not been patched.
Remote version : 2000.11.9.0
Should be : 2017.8.14.0
118923 - Security Updates for Microsoft Office Products (November 2018)
-
Synopsis
The Microsoft Office Products are affected by multiple vulnerabilities.
Description
The Microsoft Office Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities:

- A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. (CVE-2018-8539)

- A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. (CVE-2018-8573)

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2018-8577)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB3114565
-KB4022232
-KB4022237
-KB4032218
-KB4461524
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.1857
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 105834
BID 105835
BID 105836
CVE CVE-2018-8539
CVE CVE-2018-8573
CVE CVE-2018-8577
MSKB 3114565
MSKB 4022232
MSKB 4022237
MSKB 4032218
MSKB 4461524
XREF MSFT:MS18-3114565
XREF MSFT:MS18-4022232
XREF MSFT:MS18-4022237
XREF MSFT:MS18-4032218
XREF MSFT:MS18-4461524
Plugin Information
Published: 2018/11/13, Modified: 2024/07/22
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 4032218
- C:\Program Files (x86)\Microsoft Office\Office14\graph.exe has not been patched.
Remote version : 14.0.7012.1000
Should be : 14.0.7224.5000

Product : Microsoft Office 2010 SP2
KB : 3114565
- C:\Program Files (x86)\Common Files\Microsoft Shared\Office14\msptls.dll has not been patched.
Remote version : 14.0.7005.1000
Should be : 14.0.7224.5000
142689 - Security Updates for Microsoft Office Products (November 2020)
-
Synopsis
The Microsoft Office Products are affected by multiple vulnerabilities.
Description
The Microsoft office Product is missing security updates.

- Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability (CVE-2020-17062)

- Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17019, CVE-2020-17065, CVE-2020-17066. (CVE-2020-17064)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4484534
-KB4484520
-KB4486722
-KB4486737
-KB4484455
-KB4486738
-KB4484508
-KB4486725

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.046
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-17062
CVE CVE-2020-17064
MSKB 4484534
MSKB 4484520
MSKB 4486722
MSKB 4486737
MSKB 4484455
MSKB 4486738
MSKB 4484508
MSKB 4486725
XREF MSFT:MS20-4484534
XREF MSFT:MS20-4484520
XREF MSFT:MS20-4486722
XREF MSFT:MS20-4486737
XREF MSFT:MS20-4484455
XREF MSFT:MS20-4486738
XREF MSFT:MS20-4484508
XREF MSFT:MS20-4486725
XREF IAVA:2020-A-0516-S
XREF CEA-ID:CEA-2020-0135
Plugin Information
Published: 2020/11/10, Modified: 2024/02/09
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 4486737
- C:\Program Files (x86)\Microsoft Office\Office14\graph.exe has not been patched.
Remote version : 14.0.7012.1000
Should be : 14.0.7262.5000

Product : Microsoft Office 2010 SP2
KB : 4484455
- C:\Program Files (x86)\Common Files\Microsoft Shared\VBA\VBA7\vbe7.dll has not been patched.
Remote version : 7.0.16.28
Should be : 7.0.16.47
103784 - Security Updates for Microsoft Office Products (October 2017)
-
Synopsis
The Microsoft Office Products are affected by multiple vulnerabilities.
Description
The Microsoft Office Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities :

- Microsoft has released an update for Microsoft Office that provides enhanced security as a defense-in-depth measure.

- A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. (CVE-2017-11825)

- A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2017-11826)
See Also
Solution
Microsoft has released security updates for Microsoft Office Products.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.4
EPSS Score
0.9034
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 101124
BID 101219
CVE CVE-2017-11825
CVE CVE-2017-11826
MSKB 3172524
MSKB 3172531
MSKB 4011185
MSKB 2920723
MSKB 2553338
MSKB 2837599
MSKB 4011222
MSKB 3213648
MSKB 4011232
MSKB 3213630
MSKB 3213627
XREF MSFT:MS17-3172524
XREF MSFT:MS17-3172531
XREF MSFT:MS17-4011185
XREF MSFT:MS17-2920723
XREF MSFT:MS17-2553338
XREF MSFT:MS17-2837599
XREF MSFT:MS17-4011222
XREF MSFT:MS17-3213648
XREF MSFT:MS17-4011232
XREF MSFT:MS17-32136304
XREF MSFT:MS17-3213627
XREF IAVA:2017-A-0291-S
XREF CISA-KNOWN-EXPLOITED:2022/03/24
Exploitable With
Core Impact (true)
Plugin Information
Published: 2017/10/11, Modified: 2023/02/17
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 2553338
- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\ose.exe has not been patched.
Remote version : 14.0.4730.1010
Should be : 14.0.7189.5000

Product : Microsoft Office 2010 SP2
KB : 2837599
- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\osetup.dll has not been patched.
Remote version : 14.0.7011.1000
Should be : 14.0.7189.5000

Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7189.5001
129730 - Security Updates for Microsoft Office Products (October 2019)
-
Synopsis
The Microsoft Office Products are affected by multiple vulnerabilities.
Description
The Microsoft Office Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1327, CVE-2019-1331)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4475558
-KB4475554
-KB4475569 For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.3831
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2019-1327
CVE CVE-2019-1331
MSKB 4475558
MSKB 4475554
MSKB 4475569
XREF MSFT:MS19-4475558
XREF MSFT:MS19-4475554
XREF MSFT:MS19-4475569
Plugin Information
Published: 2019/10/08, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 4475569
- C:\Program Files (x86)\Microsoft Office\Office14\graph.exe has not been patched.
Remote version : 14.0.7012.1000
Should be : 14.0.7239.5000
141418 - Security Updates for Microsoft Office Products (October 2020)
-
Synopsis
The Microsoft Office Products are affected by multiple vulnerabilities.
Description
The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-16929, CVE-2020-16930)

- A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-16954)

- A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.(CVE-2020-16957)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4484417
-KB4484435
-KB4486682
-KB4486688
-KB4486700

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0652
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-16929
CVE CVE-2020-16930
CVE CVE-2020-16954
CVE CVE-2020-16957
MSKB 4484417
MSKB 4484435
MSKB 4486682
MSKB 4486688
MSKB 4486700
XREF MSFT:MS20-4484417
XREF MSFT:MS20-4484435
XREF MSFT:MS20-4486682
XREF MSFT:MS20-4486688
XREF MSFT:MS20-4486700
XREF IAVA:2020-A-0454-S
XREF IAVA:2020-A-0462-S
XREF CEA-ID:CEA-2020-0126
Plugin Information
Published: 2020/10/13, Modified: 2022/12/05
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 4486700
- C:\Program Files (x86)\Microsoft Office\Office14\graph.exe has not been patched.
Remote version : 14.0.7012.1000
Should be : 14.0.7261.5000
103133 - Security Updates for Microsoft Office Products (September 2017)
-
Synopsis
The Microsoft Office Products are affected by multiple vulnerabilities.
Description
The Microsoft Office Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.
(CVE-2017-8630, CVE-2017-8744)

- A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability. In a web- based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file. The security update addresses the vulnerabilities by correcting how the Windows font library handles embedded fonts. (CVE-2017-8682)

- An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.
The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.
(CVE-2017-8695)

- A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content.
Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit this vulnerability and then convince a user to open the document file.The security update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory. (CVE-2017-8696)

- A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website.
Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Office handles objects in memory.
(CVE-2017-8742)

- An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. Note that where the severity is indicated as Critical in the Affected Products table, the Preview Pane is an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how GDI handles memory addresses. (CVE-2017-8676)
See Also
Solution
Microsoft has released security updates for Microsoft Office Products.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.6601
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 100732
BID 100741
BID 100748
BID 100755
BID 100772
BID 100773
BID 100780
CVE CVE-2017-8630
CVE CVE-2017-8676
CVE CVE-2017-8682
CVE CVE-2017-8695
CVE CVE-2017-8696
CVE CVE-2017-8742
CVE CVE-2017-8744
MSKB 4011055
MSKB 3213649
MSKB 4011038
MSKB 3213626
MSKB 3213646
MSKB 3213641
MSKB 3213642
MSKB 3213564
MSKB 3203474
MSKB 3213638
MSKB 4011103
MSKB 4011126
MSKB 4011063
MSKB 4011062
MSKB 3213551
MSKB 3213631
XREF MSFT:MS17-4011055
XREF MSFT:MS17-3213649
XREF MSFT:MS17-4011038
XREF MSFT:MS17-3213626
XREF MSFT:MS17-3213646
XREF MSFT:MS17-3213641
XREF MSFT:MS17-3213642
XREF MSFT:MS17-3213564
XREF MSFT:MS17-3203474
XREF MSFT:MS17-3213638
XREF MSFT:MS17-4011103
XREF MSFT:MS17-4011126
XREF MSFT:MS17-4011063
XREF MSFT:MS17-4011062
XREF MSFT:MS17-3213551
XREF MSFT:MS17-3213631
XREF IAVA:2017-A-0274
Plugin Information
Published: 2017/09/12, Modified: 2025/11/21
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 3213626
- C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\Wpft632.cnv has not been patched.
Remote version : 2010.1400.7004.1000
Should be : 2010.1400.7188.5000
140430 - Security Updates for Microsoft Office Products (September 2020)
-
Synopsis
The Microsoft Office Products are affected by multiple vulnerabilities.
Description
The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the users computer or data. (CVE-2020-1224)

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1193, CVE-2020-1332, CVE-2020-1335, CVE-2020-1594)

- A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. (CVE-2020-1218, CVE-2020-1338)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4484513
-KB4484533
-KB4484532
-KB4484517
-KB4484530
-KB4484469
-KB4484466

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
Medium
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.2188
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-1193
CVE CVE-2020-1218
CVE CVE-2020-1224
CVE CVE-2020-1332
CVE CVE-2020-1335
CVE CVE-2020-1338
CVE CVE-2020-1594
MSKB 4484513
MSKB 4484533
MSKB 4484532
MSKB 4484517
MSKB 4484530
MSKB 4484469
MSKB 4484466
XREF MSFT:MS20-4484513
XREF MSFT:MS20-4484533
XREF MSFT:MS20-4484532
XREF MSFT:MS20-4484517
XREF MSFT:MS20-4484530
XREF MSFT:MS20-4484469
XREF MSFT:MS20-4484466
XREF IAVA:2020-A-0406-S
XREF CEA-ID:CEA-2020-0118
Plugin Information
Published: 2020/09/08, Modified: 2024/11/29
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 4484532
- C:\Program Files (x86)\Microsoft Office\Office14\graph.exe has not been patched.
Remote version : 14.0.7012.1000
Should be : 14.0.7258.5000
135479 - Security Updates for Microsoft PowerPoint Products (April 2020)
-
Synopsis
The Microsoft PowerPoint Products are missing a security update.
Description
The Microsoft PowerPoint Products are missing a security update. It is, therefore, affected by the following vulnerability :

- A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2020-0760)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4484235
-KB4484246
-KB4484226

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
Medium
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.3457
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2020-0760
MSKB 4484235
MSKB 4484246
MSKB 4484226
XREF MSFT:MS20-4484235
XREF MSFT:MS20-4484246
XREF MSFT:MS20-4484226
XREF IAVA:2020-A-0141-S
Plugin Information
Published: 2020/04/14, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : PowerPoint 2010
- C:\Program Files (x86)\Microsoft Office\Office14\ppcore.dll has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7248.5000
119599 - Security Updates for Microsoft PowerPoint Products (December 2018)
-
Synopsis
The Microsoft PowerPoint Products are missing a security update.
Description
The Microsoft PowerPoint Products are missing a security update. It is, therefore, affected by the following vulnerability :

- A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8628)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4461532
-KB4461481
-KB4461521
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.3453
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2018-8628
MSKB 4461532
MSKB 4461481
MSKB 4461521
XREF MSFT:MS18-4461532
XREF MSFT:MS18-4461481
XREF MSFT:MS18-4461521
Plugin Information
Published: 2018/12/11, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : PowerPoint 2010
- C:\Program Files (x86)\Microsoft Office\Office14\ppcore.dll has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7225.5000
131938 - Security Updates for Microsoft PowerPoint Products (December 2019)
-
Synopsis
The Microsoft PowerPoint Products are missing a security update.
Description
The Microsoft PowerPoint Products are missing a security update. It is, therefore, affected by the following vulnerability :

- A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1462)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4461590
-KB4461613
-KB4484166 For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.2131
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2019-1462
MSKB 4461590
MSKB 4461613
MSKB 4484166
XREF MSFT:MS19-4461590
XREF MSFT:MS19-4461613
XREF MSFT:MS19-4484166
Plugin Information
Published: 2019/12/10, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : PowerPoint 2010
- C:\Program Files (x86)\Microsoft Office\Office14\ppcore.dll has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7243.5000
143567 - Security Updates for Microsoft PowerPoint Products (December 2020)
-
Synopsis
The Microsoft PowerPoint Products are missing a security update.
Description
The Microsoft PowerPoint Products are missing a security update. It is, therefore, affected by the following vulnerability:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2020-17124)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4484393
-KB4484372
-KB4484468

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0255
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-17124
MSKB 4484372
MSKB 4484468
MSKB 4484393
XREF MSFT:MS20-4484372
XREF MSFT:MS19-4484468
XREF MSFT:MS19-4484393
XREF IAVA:2020-A-0559-S
XREF IAVA:2021-A-0017-S
Plugin Information
Published: 2020/12/08, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : PowerPoint 2010
- C:\Program Files (x86)\Microsoft Office\Office14\ppcore.dll has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7263.5000
147216 - Security Updates for Microsoft PowerPoint Products (March 2021)
-
Synopsis
The Microsoft PowerPoint Products are missing a security update.
Description
The Microsoft PowerPoint Products are missing a security update. It is, therefore, affected by the following vulnerability:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-27056)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4493227
-KB4504702
-KB4493224
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.1123
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2021-27056
MSKB 4493227
MSKB 4504702
MSKB 4493224
XREF MSFT:MS21-4493227
XREF MSFT:MS21-4504702
XREF MSFT:MS21-4493224
XREF IAVA:2021-A-0128-S
Plugin Information
Published: 2021/03/09, Modified: 2023/08/11
Plugin Output

tcp/445/cifs



Product : PowerPoint 2010
- C:\Program Files (x86)\Microsoft Office\Office14\ppcore.dll has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7266.5000
118015 - Security Updates for Microsoft PowerPoint Products (October 2018)
-
Synopsis
The Microsoft PowerPoint Products are missing a security update.
Description
The Microsoft PowerPoint Products are missing a security update. It is, therefore, affected by the following vulnerability :

- A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in Protected View. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8501)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4092453
-KB4092482
-KB4461434
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.2056
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2018-8501
MSKB 4092453
MSKB 4092482
MSKB 4461434
XREF MSFT:MS18-4092453
XREF MSFT:MS18-4092482
XREF MSFT:MS18-4461434
Plugin Information
Published: 2018/10/09, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : PowerPoint 2010
- C:\Program Files (x86)\Microsoft Office\Office14\ppcore.dll has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7214.5000
111787 - Security Updates for Microsoft Powerpoint Products (August 2018)
-
Synopsis
The Microsoft Powerpoint Products are missing a security update.
Description
The Microsoft Powerpoint Products are missing a security update. It is, therefore, affected by the following vulnerability.

- A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8376)
See Also
Solution
Microsoft has released KB4018310 to address this issue.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.3246
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2018-8376
MSKB 4018310
XREF MSFT:MS18-4018310
Plugin Information
Published: 2018/08/16, Modified: 2019/11/04
Plugin Output

tcp/445/cifs



Product : PowerPoint 2010
- C:\Program Files (x86)\Microsoft Office\Office14\ppcore.dll has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7212.5000
103136 - Security Updates for Microsoft Powerpoint Products (September 2017)
-
Synopsis
The Microsoft Powerpoint Products are affected by multiple vulnerabilities.
Description
The Microsoft Powerpoint Products are missing security updates. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website.
Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Office handles objects in memory.
(CVE-2017-8742, CVE-2017-8743)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4011041
-KB3128027
-KB4011069
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.3652
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 100741
BID 100746
CVE CVE-2017-8742
CVE CVE-2017-8743
MSKB 4011041
MSKB 3128027
MSKB 4011069
XREF MSFT:MS17-3213642
XREF MSFT:MS17-4011041
XREF MSFT:MS17-3128027
XREF MSFT:MS17-4011069
XREF IAVA:2017-A-0274
Plugin Information
Published: 2017/09/12, Modified: 2019/11/12
Plugin Output

tcp/445/cifs



Product : PowerPoint 2010
- C:\Program Files (x86)\Microsoft Office\Office14\ppcore.dll has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7188.5000
135462 - Security Updates for Microsoft Publisher Products (April 2020)
-
Synopsis
The Microsoft Publisher Products are missing a security update.
Description
The Microsoft Publisher Products are missing a security update. It is, therefore, affected by the following vulnerability :

- A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2020-0760)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB3162033
-KB4011097
-KB4032216
Risk Factor
Medium
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.3457
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-0760
MSKB 3162033
MSKB 4011097
MSKB 4032216
XREF MSFT:MS20-3162033
XREF MSFT:MS20-4011097
XREF MSFT:MS20-4032216
XREF IAVA:2020-A-0173-S
Plugin Information
Published: 2020/04/14, Modified: 2022/05/17
Plugin Output

tcp/445/cifs



Product : Publisher 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Mspub.exe has not been patched.
Remote version : 14.0.7011.1000
Fixed version : 14.0.7248.5000
110500 - Security Updates for Microsoft Publisher Products (June 2018)
-
Synopsis
The Microsoft Publisher Products are missing a security update.
Description
The Microsoft Publisher Products are missing a security update. It is, therefore, affected by the following vulnerability :

- An elevation of privilege vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects. An attacker who successfully exploited the vulnerability could force arbitrary code to be executed in the Local Machine zone. (CVE-2018-8245)
See Also
Solution
Microsoft has released KB4011186 to address this issue.
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.3905
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2018-8245
MSKB 4011186
XREF MSFT:MS18-4011186
XREF IAVA:2018-A-0191-S
Plugin Information
Published: 2018/06/12, Modified: 2020/04/24
Plugin Output

tcp/445/cifs



Product : Publisher 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Mspub.exe has not been patched.
Remote version : 14.0.7011.1000
Fixed version : 14.0.7210.5000
103122 - Security Updates for Microsoft Publisher Products (September 2017)
-
Synopsis
The Microsoft Publisher Products are missing a security update.
Description
The Microsoft Publisher Products are missing a security update. It is, therefore, affected by the following vulnerability :

- A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.
(CVE-2017-8725)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB3114428
-KB3141537
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.3241
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 100758
CVE CVE-2017-8725
MSKB 3141537
XREF MSFT:MS17-3114428
XREF MSFT:MS17-3141537
XREF IAVA:2017-A-0274
Plugin Information
Published: 2017/09/12, Modified: 2019/11/12
Plugin Output

tcp/445/cifs



Product : Publisher 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Mspub.exe has not been patched.
Remote version : 14.0.7011.1000
Fixed version : 14.0.7188.5000
175450 - Security Updates for Microsoft SQL Server (April 2023)
-
Synopsis
The Microsoft SQL Server installation on the remote host is missing a security update.
Description
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2023-23384) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for Microsoft SQL Server.
Risk Factor
High
CVSS v3.0 Base Score
7.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVSS v3.0 Temporal Score
6.4 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.4
EPSS Score
0.0079
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-23384
MSKB 5020863
MSKB 5021037
MSKB 5021045
MSKB 5021112
MSKB 5021123
MSKB 5021124
MSKB 5021125
MSKB 5021126
MSKB 5021127
MSKB 5021128
MSKB 5021129
MSKB 5021522
XREF MSFT:MS23-5020863
XREF MSFT:MS23-5021037
XREF MSFT:MS23-5021045
XREF MSFT:MS23-5021112
XREF MSFT:MS23-5021123
XREF MSFT:MS23-5021124
XREF MSFT:MS23-5021125
XREF MSFT:MS23-5021126
XREF MSFT:MS23-5021127
XREF MSFT:MS23-5021128
XREF MSFT:MS23-5021129
XREF MSFT:MS23-5021522
XREF IAVA:2023-A-0189-S
Plugin Information
Published: 2023/05/12, Modified: 2023/08/11
Plugin Output

tcp/445/cifs



KB : 5020863
- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe has not been patched.
Remote version : 2007.100.2531.0
Should be : 2007.100.6814.4

SQL Server Version : 10.0.2531.0 (2008 SP1) Express Edition
SQL Server Instance : SQLEXPRESS
249129 - Security Updates for Microsoft SQL Server (August 2025)
-
Synopsis
The Microsoft SQL Server installation on the remote host is missing a security update.
Description
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability:

- An elevation of privilege vulnerability. (CVE-2025-53727)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for Microsoft SQL Server.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
VPR Score
6.7
EPSS Score
0.0007
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
STIG Severity
I
References
CVE CVE-2025-53727
MSKB 5063814
MSKB 5063756
MSKB 5063757
MSKB 5063758
MSKB 5063759
MSKB 5063760
MSKB 5063761
MSKB 5063762
XREF MSFT:MS25-5063814
XREF MSFT:MS25-5063756
XREF MSFT:MS25-5063757
XREF MSFT:MS25-5063758
XREF MSFT:MS25-5063759
XREF MSFT:MS25-5063760
XREF MSFT:MS25-5063761
XREF MSFT:MS25-5063762
XREF IAVA:2025-A-0599-S
XREF CWE:89
Plugin Information
Published: 2025/08/12, Modified: 2025/10/29
Plugin Output

tcp/445/cifs



KB : 5063757
- C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe has not been patched.
Remote version : 2019.150.4335.1
Should be : 2019.150.4440.1

SQL Server Version : 15.0.4335.1 Standard Edition
SQL Server Instance : MSSQLSERVER
171604 - Security Updates for Microsoft SQL Server (February 2023)
-
Synopsis
The Microsoft SQL Server installation on the remote host is affected by multiple vulnerabilities.
Description
The Microsoft SQL Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2023-21528, CVE-2023-21568, CVE-2023-21704, CVE-2023-21705, CVE-2023-21713, CVE-2023-21718)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB5021126
-KB5021129
-KB5021522
-KB5021127
-KB5021045
-KB5021037
-KB5021128
-KB5021124
-KB5021125
-KB5020863
-KB5021112
-KB5021123
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.0056
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-21528
CVE CVE-2023-21568
CVE CVE-2023-21704
CVE CVE-2023-21705
CVE CVE-2023-21713
CVE CVE-2023-21718
MSKB 5020863
MSKB 5021112
MSKB 5021126
MSKB 5021129
MSKB 5021522
MSKB 5021127
MSKB 5021045
MSKB 5021037
MSKB 5021128
MSKB 5021123
MSKB 5021124
MSKB 5021125
XREF MSFT:MS23-5020863
XREF MSFT:MS23-5021112
XREF MSFT:MS23-5021126
XREF MSFT:MS23-5021129
XREF MSFT:MS23-5021522
XREF MSFT:MS23-5021127
XREF MSFT:MS23-5021045
XREF MSFT:MS23-5021037
XREF MSFT:MS23-5021128
XREF MSFT:MS23-5021124
XREF MSFT:MS23-5021125
XREF IAVA:2023-A-0086
Plugin Information
Published: 2023/02/17, Modified: 2023/09/04
Plugin Output

tcp/445/cifs



KB : 5020863
- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe has not been patched.
Remote version : 2007.100.2531.0
Should be : 2007.100.6814.4

SQL Server Version : 10.0.2531.0 (2008 SP1) Express Edition
SQL Server Instance : SQLEXPRESS
216604 - Security Updates for Microsoft SQL Server (July 2024)
-
Synopsis
The Microsoft SQL Server installation on the remote host is affected by multiple vulnerabilities.
Description
The Microsoft SQL Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2024-20701, CVE-2024-21303, CVE-2024-21308, CVE-2024-21317, CVE-2024-21331, CVE-2024-21332, CVE-2024-21333, CVE-2024-21335, CVE-2024-21373, CVE-2024-21398, CVE-2024-21414, CVE-2024-21415, CVE-2024-21425, CVE-2024-21428, CVE-2024-21449, CVE-2024-28928, CVE-2024-35256, CVE-2024-35271, CVE-2024-35272, CVE-2024-37318, CVE-2024-37319, CVE-2024-37320, CVE-2024-37321, CVE-2024-37322, CVE-2024-37323, CVE-2024-37324, CVE-2024-37326, CVE-2024-37327, CVE-2024-37328, CVE-2024-37329, CVE-2024-37330, CVE-2024-37331, CVE-2024-37332, CVE-2024-37333, CVE-2024-37334, CVE-2024-37336, CVE-2024-38087, CVE-2024-38088)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB5040942
-KB5040939
-KB5040936
-KB5040986
-KB5040944
-KB5040948
-KB5040940
-KB5040946
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0692
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2024-20701
CVE CVE-2024-21303
CVE CVE-2024-21308
CVE CVE-2024-21317
CVE CVE-2024-21331
CVE CVE-2024-21332
CVE CVE-2024-21333
CVE CVE-2024-21335
CVE CVE-2024-21373
CVE CVE-2024-21398
CVE CVE-2024-21414
CVE CVE-2024-21415
CVE CVE-2024-21425
CVE CVE-2024-21428
CVE CVE-2024-21449
CVE CVE-2024-28928
CVE CVE-2024-35256
CVE CVE-2024-35271
CVE CVE-2024-35272
CVE CVE-2024-37318
CVE CVE-2024-37319
CVE CVE-2024-37320
CVE CVE-2024-37321
CVE CVE-2024-37322
CVE CVE-2024-37323
CVE CVE-2024-37324
CVE CVE-2024-37326
CVE CVE-2024-37327
CVE CVE-2024-37328
CVE CVE-2024-37329
CVE CVE-2024-37330
CVE CVE-2024-37331
CVE CVE-2024-37332
CVE CVE-2024-37333
CVE CVE-2024-37334
CVE CVE-2024-37336
CVE CVE-2024-38087
CVE CVE-2024-38088
MSKB 5040942
MSKB 5040939
MSKB 5040936
MSKB 5040986
MSKB 5040944
MSKB 5040948
MSKB 5040940
MSKB 5040946
XREF MSFT:MS24-5040942
XREF MSFT:MS24-5040939
XREF MSFT:MS24-5040936
XREF MSFT:MS24-5040986
XREF MSFT:MS24-5040944
XREF MSFT:MS24-5040948
XREF MSFT:MS24-5040940
XREF MSFT:MS24-5040946
XREF CWE:121
XREF CWE:122
XREF CWE:190
XREF CWE:415
XREF CWE:416
Plugin Information
Published: 2025/02/21, Modified: 2025/09/17
Plugin Output

tcp/445/cifs



KB : 5040948
- C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe has not been patched.
Remote version : 2019.150.4335.1
Should be : 2019.150.4382.1

SQL Server Version : 15.0.4335.1 Standard Edition
SQL Server Instance : MSSQLSERVER
241544 - Security Updates for Microsoft SQL Server (July 2025)
-
Synopsis
The Microsoft SQL Server installation on the remote host is missing a security update.
Description
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerabilities:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2025-49717)

- Information disclosure vulnerabilities. An authenticated, remote attacker can exploit this to disclose sensitive database and file information. (CVE-2025-49718, CVE-2025-49719)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for Microsoft SQL Server.
Risk Factor
High
CVSS v3.0 Base Score
8.5 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)
VPR Score
8.1
EPSS Score
0.003
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
STIG Severity
I
References
CVE CVE-2025-49717
CVE CVE-2025-49718
CVE CVE-2025-49719
MSKB 5058712
MSKB 5058713
MSKB 5058714
MSKB 5058716
MSKB 5058717
MSKB 5058718
MSKB 5058721
MSKB 5058722
XREF MSFT:MS25-5058712
XREF MSFT:MS25-5058713
XREF MSFT:MS25-5058714
XREF MSFT:MS25-5058716
XREF MSFT:MS25-5058717
XREF MSFT:MS25-5058718
XREF MSFT:MS25-5058721
XREF MSFT:MS25-5058722
XREF IAVA:2025-A-0492-S
XREF CWE:20
XREF CWE:122
XREF CWE:908
Plugin Information
Published: 2025/07/08, Modified: 2025/10/29
Plugin Output

tcp/445/cifs



KB : 5058722
- C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe has not been patched.
Remote version : 2019.150.4335.1
Should be : 2019.150.4435.7

SQL Server Version : 15.0.4335.1 Standard Edition
SQL Server Instance : MSSQLSERVER
211472 - Security Updates for Microsoft SQL Server (November 2024)
-
Synopsis
The Microsoft SQL Server installation on the remote host is missing a security update.
Description
The Microsoft SQL Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2024-38255, CVE-2024-43459, CVE-2024-43462, CVE-2024-48993, CVE-2024-48994, CVE-2024-48995, CVE-2024-48996, CVE-2024-48997, CVE-2024-48998, CVE-2024-48999, CVE-2024-49000, CVE-2024-49001, CVE-2024-49002, CVE-2024-49003, CVE-2024-49004, CVE-2024-49005, CVE-2024-49006, CVE-2024-49007, CVE-2024-49008, CVE-2024-49009, CVE-2024-49010, CVE-2024-49011, CVE-2024-49012, CVE-2024-49013, CVE-2024-49014, CVE-2024-49015, CVE-2024-49016, CVE-2024-49017, CVE-2024-49018, CVE-2024-49021, CVE-2024-49043)
See Also
Solution
Microsoft has released security updates for Microsoft SQL Server.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.0596
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-38255
CVE CVE-2024-43459
CVE CVE-2024-43462
CVE CVE-2024-48993
CVE CVE-2024-48994
CVE CVE-2024-48995
CVE CVE-2024-48996
CVE CVE-2024-48997
CVE CVE-2024-48998
CVE CVE-2024-48999
CVE CVE-2024-49000
CVE CVE-2024-49001
CVE CVE-2024-49002
CVE CVE-2024-49003
CVE CVE-2024-49004
CVE CVE-2024-49005
CVE CVE-2024-49006
CVE CVE-2024-49007
CVE CVE-2024-49008
CVE CVE-2024-49009
CVE CVE-2024-49010
CVE CVE-2024-49011
CVE CVE-2024-49012
CVE CVE-2024-49013
CVE CVE-2024-49014
CVE CVE-2024-49015
CVE CVE-2024-49016
CVE CVE-2024-49017
CVE CVE-2024-49018
CVE CVE-2024-49021
CVE CVE-2024-49043
MSKB 5046855
MSKB 5046856
MSKB 5046857
MSKB 5046858
MSKB 5046859
MSKB 5046860
MSKB 5046861
MSKB 5046862
XREF MSFT:MS24-5046855
XREF MSFT:MS24-5046856
XREF MSFT:MS24-5046857
XREF MSFT:MS24-5046858
XREF MSFT:MS24-5046859
XREF MSFT:MS24-5046860
XREF MSFT:MS24-5046861
XREF MSFT:MS24-5046862
XREF IAVA:2024-A-0731
Plugin Information
Published: 2024/11/15, Modified: 2024/11/18
Plugin Output

tcp/445/cifs



KB : 5046860
- C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe has not been patched.
Remote version : 2019.150.4335.1
Should be : 2019.150.4410.1

SQL Server Version : 15.0.4335.1 Standard Edition
SQL Server Instance : MSSQLSERVER
275459 - Security Updates for Microsoft SQL Server (November 2025)
-
Synopsis
The Microsoft SQL Server installation on the remote host is missing a security update.
Description
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected a vulnerability:

- Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. (CVE-2025-59499)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for Microsoft SQL Server.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
VPR Score
6.7
EPSS Score
0.0007
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
STIG Severity
I
References
CVE CVE-2025-59499
MSKB 5068400
MSKB 5068401
MSKB 5068402
MSKB 5068403
MSKB 5068404
MSKB 5068405
MSKB 5068406
MSKB 5068407
XREF MSFT:MS25-5068400
XREF MSFT:MS25-5068401
XREF MSFT:MS25-5068402
XREF MSFT:MS25-5068403
XREF MSFT:MS25-5068404
XREF MSFT:MS25-5068405
XREF MSFT:MS25-5068406
XREF MSFT:MS25-5068407
XREF IAVA:2025-A-0848
Plugin Information
Published: 2025/11/14, Modified: 2025/11/14
Plugin Output

tcp/445/cifs



KB : 5068404
- C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe has not been patched.
Remote version : 2019.150.4335.1
Should be : 2019.150.4455.2

SQL Server Version : 15.0.4335.1 Standard Edition
SQL Server Instance : MSSQLSERVER
207067 - Security Updates for Microsoft SQL Server (September 2024)
-
Synopsis
The Microsoft SQL Server installation on the remote host is missing a security update.
Description
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerabilities:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2024-26186, CVE-2024-26191, CVE-2024-37335, CVE-2024-37338, CVE-2024-37339, CVE-2024-37340)

- An information disclosure vulnerability. An authenticated, remote attacker can exploit this to disclose sensitive database and file information. (CVE-2024-37337, CVE-2024-37342, CVE-2024-37966)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for Microsoft SQL Server.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0464
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-26186
CVE CVE-2024-26191
CVE CVE-2024-37335
CVE CVE-2024-37337
CVE CVE-2024-37338
CVE CVE-2024-37339
CVE CVE-2024-37340
CVE CVE-2024-37342
CVE CVE-2024-37966
MSKB 5042578
MSKB 5042749
MSKB 5042211
MSKB 5042215
MSKB 5042214
MSKB 5042217
XREF MSFT:MS24-5042578
XREF MSFT:MS24-5042749
XREF MSFT:MS24-5042211
XREF MSFT:MS24-5042215
XREF MSFT:MS24-5042214
XREF MSFT:MS24-5042217
XREF IAVA:2024-A-0565-S
Plugin Information
Published: 2024/09/12, Modified: 2024/11/15
Plugin Output

tcp/445/cifs



KB : 5042749
- C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe has not been patched.
Remote version : 2019.150.4335.1
Should be : 2019.150.4390.2

SQL Server Version : 15.0.4335.1 Standard Edition
SQL Server Instance : MSSQLSERVER
261809 - Security Updates for Microsoft SQL Server (September 2025)
-
Synopsis
The Microsoft SQL Server installation on the remote host is missing a security update.
Description
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerabilities:

- Improper Handling of Exceptional Conditions in Newtonsoft.Json (CVE-2024-21907)

- An information disclosure vulnerability (CVE-2025-47997)

- A privilege escalation vulnerability (CVE-2025-55227)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for Microsoft SQL Server.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
VPR Score
6.7
EPSS Score
0.0252
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
STIG Severity
I
References
CVE CVE-2024-21907
CVE CVE-2025-47997
CVE CVE-2025-55227
MSKB 5065220
MSKB 5065221
MSKB 5065222
MSKB 5065223
MSKB 5065224
MSKB 5065225
MSKB 5065226
MSKB 5065227
XREF MSFT:MS25-5065220
XREF MSFT:MS25-5065221
XREF MSFT:MS25-5065222
XREF MSFT:MS25-5065223
XREF MSFT:MS25-5065224
XREF MSFT:MS25-5065225
XREF MSFT:MS25-5065226
XREF MSFT:MS25-5065227
XREF IAVA:2025-A-0669
XREF CWE:77
XREF CWE:200
XREF CWE:362
XREF CWE:755
Plugin Information
Published: 2025/09/09, Modified: 2025/09/17
Plugin Output

tcp/445/cifs



KB : 5065222
- C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe has not been patched.
Remote version : 2019.150.4335.1
Should be : 2019.150.4445.1

SQL Server Version : 15.0.4335.1 Standard Edition
SQL Server Instance : MSSQLSERVER

193160 - Security Updates for Microsoft SQL Server ODBC Driver (April 2024)
-
Synopsis
The Microsoft SQL Server installation on the remote host is missing a security update.
Description
The Microsoft SQL Server driver installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2024-28929)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2024-28930)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2024-28931)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for the Microsoft SQL Driver.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0893
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2024/04/10, Modified: 2025/01/22
Plugin Output

tcp/0


Path : C:\Windows\System32\msodbcsql17.dll
Installed version : 17.10.5.1
Fixed version : 17.10.6

193161 - Security Updates for Microsoft SQL Server OLE DB Driver (April 2024)
-
Synopsis
The Microsoft SQL Server OLE DB Driver installed on the remote host is missing a security update.
Description
The Microsoft SQL Server OLE DB Driver installed on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2024-28906)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2024-28908)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2024-28909)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for the Microsoft SQL OLE DB Driver.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0906
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2024/04/10, Modified: 2025/08/15
Plugin Output

tcp/445/cifs


Path : C:\Windows\System32\msoledbsql.dll
Installed version : 18.6.7.0
Fixed version : 18.7.2
205300 - Security Updates for Microsoft SQL Server OLE DB Driver (July 2024)
-
Synopsis
The Microsoft SQL Server OLE DB Driver installed on the remote host is missing a security update.
Description
The Microsoft SQL Server OLE DB Driver installed on the remote host is missing a security update. It is, therefore, affected by a remote code execution vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver. This could result in the database returning malicious data that could cause arbitrary code execution on the client.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for the Microsoft SQL OLE DB Driver.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0243
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2024/08/09, Modified: 2025/08/15
Plugin Output

tcp/445/cifs


Path : C:\Windows\System32\msoledbsql.dll
Installed version : 18.6.7.0
Fixed version : 18.7.4
135482 - Security Updates for Microsoft Word Products (April 2020)
-
Synopsis
The Microsoft Word Products are affected by multiple vulnerabilities.
Description
The Microsoft Word Products are missing security updates. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2020-0760)

- A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. (CVE-2020-0980)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4484300
-KB4484319
-KB4484295

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.4016
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2020-0760
CVE CVE-2020-0980
MSKB 4484300
MSKB 4484319
MSKB 4484295
XREF MSFT:MS20-4484300
XREF MSFT:MS20-4484319
XREF MSFT:MS20-4484295
XREF IAVA:2020-A-0149-S
Plugin Information
Published: 2020/04/14, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7248.5000
148478 - Security Updates for Microsoft Word Products (April 2021)
-
Synopsis
The Microsoft Word Products are affected by a remote code execution vulnerability.
Description
The Microsoft Word Products are missing security updates. It is, therefore, affected by a remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4493208
-KB4493218
-KB4493198 For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.0208
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-28453
MSKB 4493208
MSKB 4493218
MSKB 4493198
XREF MSFT:MS21-4493208
XREF MSFT:MS21-4493218
XREF MSFT:MS21-4493198
XREF IAVA:2021-A-0177-S
Plugin Information
Published: 2021/04/13, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7268.5000
127856 - Security Updates for Microsoft Word Products (August 2019)
-
Synopsis
A Microsoft Word product is affected by multiple vulnerabilities.
Description
A Microsoft Word product is missing security updates. It is, therefore, affected by the following vulnerability :

- A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. (CVE-2019-1201)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4475533
-KB4475547
-KB4475540
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.1029
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2019-1201
MSKB 4475533
MSKB 4475547
MSKB 4475540
XREF MSFT:MS19-4475533
XREF MSFT:MS19-4475547
XREF MSFT:MS19-4475540
Plugin Information
Published: 2019/08/13, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7236.5000
105192 - Security Updates for Microsoft Word Products (December 2017)
-
Synopsis
The Microsoft Word Products are affected by multiple vulnerabilities.
Description
The Microsoft Word Products are missing security updates. Microsoft has released an update for Microsoft Office that provides enhanced security as a defense-in-depth measure. The update disables the Dynamic Update Exchange protocol (DDE) in all supported editions of Microsoft Word. More information can be found in Microsoft Security Advisory 4053440.
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4011590
-KB4011608
-KB4011614
-KB4011575
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
STIG Severity
II
References
MSKB 4011590
MSKB 4011608
MSKB 4011614
MSKB 4011575
XREF MSFT:MS17-4011590
XREF MSFT:MS17-4011608
XREF MSFT:MS17-4011614
XREF MSFT:MS17-4011575
XREF IAVA:2017-A-0363-S
Plugin Information
Published: 2017/12/12, Modified: 2023/02/20
Plugin Output

tcp/445/cifs



Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7191.5000
105700 - Security Updates for Microsoft Word Products (January 2018)
-
Synopsis
The Microsoft Word Products are affected by multiple vulnerabilities.
Description
The Microsoft Words Products are missing security updates. It is therefore affected by multiple issues involving handling of Office and RTF (Rich Text Format) files. If successfully exploited, an attacker could execute code in the context of the current user.
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4011657
-KB4011659
-KB4011651
-KB4011643
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.8
EPSS Score
0.9406
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
BID 102370
BID 102373
BID 102375
BID 102381
BID 102406
CVE CVE-2018-0792
CVE CVE-2018-0793
CVE CVE-2018-0794
CVE CVE-2018-0797
CVE CVE-2018-0798
CVE CVE-2018-0845
CVE CVE-2018-0848
CVE CVE-2018-0849
CVE CVE-2018-0862
MSKB 4011657
MSKB 4011643
MSKB 4011659
MSKB 4011651
XREF MSFT:MS18-4011657
XREF MSFT:MS18-4011643
XREF MSFT:MS18-4011659
XREF MSFT:MS18-4011651
XREF IAVA:2018-A-0009-S
XREF CISA-KNOWN-EXPLOITED:2022/05/03
Plugin Information
Published: 2018/01/09, Modified: 2023/04/25
Plugin Output

tcp/445/cifs



Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7192.5000
121028 - Security Updates for Microsoft Word Products (January 2019)
-
Synopsis
The Microsoft Word Products are affected by multiple vulnerabilities.
Description
The Microsoft Word Products are missing security updates. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. (CVE-2019-0585)

- An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly. An attacker who successfully exploited this vulnerability could read arbitrary files from a targeted system.
(CVE-2019-0561)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4461543
-KB4461594
-KB4461625

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.2816
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2019-0561
CVE CVE-2019-0585
MSKB 4461543
MSKB 4461594
MSKB 4461625
XREF MSFT:MS19-4461543
XREF MSFT:MS19-4461594
XREF MSFT:MS19-4461625
Plugin Information
Published: 2019/01/08, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7228.5000
144875 - Security Updates for Microsoft Word Products (January 2021)
-
Synopsis
The Microsoft Word Products are affected by multiple vulnerabilities.
Description
The Microsoft Word Products are missing security updates. It is, therefore, affected by multiple vulnerabilities:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-1715, CVE-2021-1716)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4486764
-KB4493156
-KB4493145

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0215
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-1715
CVE CVE-2021-1716
MSKB 4486764
MSKB 4493156
MSKB 4493145
XREF MSFT:MS21-4486764
XREF MSFT:MS21-4493156
XREF MSFT:MS21-4493145
XREF IAVA:2021-A-0024-S
XREF CEA-ID:CEA-2021-0001
Plugin Information
Published: 2021/01/12, Modified: 2022/12/07
Plugin Output

tcp/445/cifs



Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7264.5000
110994 - Security Updates for Microsoft Word Products (July 2018)
-
Synopsis
The Microsoft Word Products are missing a security update.
Description
The Microsoft Word Products are missing a security update.
It is, therefore, affected by the following vulnerability :

- A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails. An attacker could exploit the vulnerability by sending a specially crafted email and attachment to a victim, or by hosting a malicious .eml file on a web server. The attacker who successfully exploited the vulnerability could then embed untrusted TrueType fonts in the body of an email. This behavior could be combined with other exploits to further compromise a user's system. The security update addresses the vulnerability by correcting how Microsoft Outlook handles attachments. (CVE-2018-8310)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4022218
-KB4022224
-KB4022202
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.6
EPSS Score
0.0551
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 104615
CVE CVE-2018-8310
MSKB 4022218
MSKB 4022224
MSKB 4022202
XREF MSFT:MS18-4022218
XREF MSFT:MS18-4022224
XREF MSFT:MS18-4022202
Plugin Information
Published: 2018/07/10, Modified: 2019/11/04
Plugin Output

tcp/445/cifs



Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7211.5000
138474 - Security Updates for Microsoft Word Products (July 2020)
-
Synopsis
The Microsoft Word Products are affected by multiple vulnerabilities.
Description
The Microsoft Word Products are missing security updates. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the users computer or data. (CVE-2020-1445)

- A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. (CVE-2020-1446, CVE-2020-1447, CVE-2020-1448)

- An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. The security update addresses the vulnerability by properly initializing the affected variable. (CVE-2020-1342)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4484458
-KB4484446
-KB4484438

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
Medium
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.4595
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2020-1342
CVE CVE-2020-1445
CVE CVE-2020-1446
CVE CVE-2020-1447
CVE CVE-2020-1448
MSKB 4484458
MSKB 4484446
MSKB 4484438
XREF MSFT:MS20-4484458
XREF MSFT:MS20-4484446
XREF MSFT:MS20-4484438
XREF IAVA:2020-A-0312-S
Plugin Information
Published: 2020/07/14, Modified: 2024/03/01
Plugin Output

tcp/445/cifs



Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7254.5000
125832 - Security Updates for Microsoft Word Products (June 2019)
-
Synopsis
The Microsoft Word Products are missing a security update.
Description
The Microsoft Word Products are missing a security update.
It is, therefore, affected by the following vulnerability :

- A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. (CVE-2019-1034)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4461619
-KB4464590
-KB4464596
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.126
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2019-1034
MSKB 4461619
MSKB 4464590
MSKB 4464596
XREF MSFT:MS19-4461619
XREF MSFT:MS19-4464590
XREF MSFT:MS19-4464596
XREF CEA-ID:CEA-2019-0430
Plugin Information
Published: 2019/06/11, Modified: 2022/12/05
Plugin Output

tcp/445/cifs



Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7234.5000
108301 - Security Updates for Microsoft Word Products (March 2018)
-
Synopsis
The Microsoft Word Products are affected by multiple vulnerabilities.
Description
The Microsoft Word Products are missing security updates. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. The security update addresses the vulnerability by properly initializing the affected variable. (CVE-2018-0919)

- A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0922)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4011721
-KB4011674
-KB4011730
-KB4011695
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.3251
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
BID 103311
BID 103314
CVE CVE-2018-0919
CVE CVE-2018-0922
MSKB 4011721
MSKB 4011674
MSKB 4011730
MSKB 4011695
XREF MSFT:MS18-4011721
XREF MSFT:MS18-4011674
XREF MSFT:MS18-4011730
XREF MSFT:MS18-4011695
XREF IAVA:2018-A-0077-S
Plugin Information
Published: 2018/03/13, Modified: 2020/12/11
Plugin Output

tcp/445/cifs



Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7195.5000
134382 - Security Updates for Microsoft Word Products (March 2020)
-
Synopsis
The Microsoft Word Products are affected by a Remote Code Execution Vulnerability. (CVE-2020-0850, CVE-2020-0892)
Description
The Microsoft Word Products are missing security updates.
It is, therefore, affected by affected by the following vulnerability:

- A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.

To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Word software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. (CVE-2020-0850, CVE-2020-0892)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4484268
-KB4484240
-KB4484231

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open Word and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.4016
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2020-0850
CVE CVE-2020-0892
MSKB 4484268
MSKB 4484240
MSKB 4484231
XREF MSFT:MS20-4484268
XREF MSFT:MS20-4484240
XREF MSFT:MS20-4484231
Plugin Information
Published: 2020/03/10, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7246.5000
109617 - Security Updates for Microsoft Word Products (May 2018)
-
Synopsis
The Microsoft Word Products are missing a security update.
Description
The Microsoft Word Products are missing a security update.
It is, therefore, affected by the following vulnerability :

- A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8161)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4018396
-KB4018383
-KB4022141
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.3244
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2018-8161
MSKB 4018396
MSKB 4018383
MSKB 4022141
XREF MSFT:MS18-4018396
XREF MSFT:MS18-4018383
XREF MSFT:MS18-4022141
XREF IAVA:2018-A-0151-S
Plugin Information
Published: 2018/05/08, Modified: 2020/12/11
Plugin Output

tcp/445/cifs



Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7208.5000
104562 - Security Updates for Microsoft Word Products (November 2017)
-
Synopsis
The Microsoft Word Products are missing a security update.
Description
The Microsoft Office Products are missing a security update.
It is, therefore, affected by the following vulnerability :

- A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-11854)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4011250
-KB4011242
-KB4011270
-KB4011266
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.1871
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 101746
CVE CVE-2017-11854
MSKB 4011250
MSKB 4011242
MSKB 4011270
MSKB 4011266
XREF MSFT:MS17-4011250
XREF MSFT:MS17-4011242
XREF MSFT:MS17-4011270
XREF MSFT:MS17-4011266
XREF IAVA:2017-A-0337-S
Plugin Information
Published: 2017/11/14, Modified: 2021/06/03
Plugin Output

tcp/445/cifs



Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7190.5000
118930 - Security Updates for Microsoft Word Products (November 2018)
-
Synopsis
The Microsoft Word Products are missing a security update.
Description
The Microsoft Word Products are missing a security update.
It is, therefore, affected by the following vulnerability :

- A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. (CVE-2018-8573)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4461526
-KB4461504
-KB4461485
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.1857
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 105836
CVE CVE-2018-8573
MSKB 4461526
MSKB 4461504
MSKB 4461485
XREF MSFT:MS18-4461526
XREF MSFT:MS18-4461504
XREF MSFT:MS18-4461485
Plugin Information
Published: 2018/11/13, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7224.5000
118016 - Security Updates for Microsoft Word Products (October 2018)
-
Synopsis
The Microsoft Word Products are missing a security update.
Description
The Microsoft Word Products are missing a security update.
It is, therefore, affected by the following vulnerability :

- A remote code execution vulnerability exists in Microsoft Word software when the software fails to properly handle objects in Protected View. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8504)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4092439
-KB4461457
-KB4461449
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.1681
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2018-8504
MSKB 4092439
MSKB 4461457
MSKB 4461449
XREF MSFT:MS18-4092439
XREF MSFT:MS18-4461457
XREF MSFT:MS18-4461449
Plugin Information
Published: 2018/10/09, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7214.5000
141415 - Security Updates for Microsoft Word Products (October 2020)
-
Synopsis
The Microsoft Word Products are missing a security update.
Description
The Microsoft Word Products are missing a security update.
It is, therefore, affected by the following vulnerability :

- A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. (CVE-2020-16933)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4486703
-KB4486692
-KB4486701
-KB4486679

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
Medium
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0157
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2020-16933
MSKB 4486703
MSKB 4486692
MSKB 4486679
XREF MSFT:MS20-4486703
XREF MSFT:MS20-4486692
XREF MSFT:MS20-4486679
XREF CEA-ID:CEA-2020-0126
Plugin Information
Published: 2020/10/13, Modified: 2024/11/29
Plugin Output

tcp/445/cifs



Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7261.5000
140433 - Security Updates for Microsoft Word Products (September 2020)
-
Synopsis
The Microsoft Word Products are missing a security update.
Description
The Microsoft Word Products are missing a security update.
It is, therefore, affected by the following vulnerability :

- A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. (CVE-2020-1218)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4484510
-KB4484522
-KB4486660

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
Medium
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.024
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-1218
MSKB 4484510
MSKB 4484522
MSKB 4486660
XREF MSFT:MS20-4484510
XREF MSFT:MS20-4484522
XREF MSFT:MS20-4486660
XREF IAVA:2020-A-0404-S
XREF CEA-ID:CEA-2020-0118
Plugin Information
Published: 2020/09/08, Modified: 2024/11/29
Plugin Output

tcp/445/cifs



Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7258.5000
135478 - Security Updates for Outlook (April 2020)
-
Synopsis
The Microsoft Outlook application installed on the remote host is missing a security update.
Description
The Microsoft Outlook application installed on the remote host is missing a security update. It is, therefore, affected by the following vulnerability :

- A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2020-0760)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4484281
-KB4484274
-KB4484284

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
Medium
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.3457
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2020-0760
MSKB 4484281
MSKB 4484274
MSKB 4484284
XREF MSFT:MS20-4484281
XREF MSFT:MS20-4484274
XREF MSFT:MS20-4484284
XREF IAVA:2020-A-0152-S
Plugin Information
Published: 2020/04/14, Modified: 2020/07/17
Plugin Output

tcp/445/cifs



Product : Outlook 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe has not been patched.
Remote version : 14.0.7012.1000
Fixed version : 14.0.7248.5000
148464 - Security Updates for Outlook (April 2021)
-
Synopsis
The Microsoft Outlook application installed on the remote host is affected by a memory corruption vulnerability.
Description
The Microsoft Outlook application installed on the remote host is missing security updates. It is, therefore, affected by a memory corruption vulnerability.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4504712
-KB4504733
-KB4493185

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.0073
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2021-28452
MSKB 4504712
MSKB 4504733
MSKB 4493185
XREF MSFT:MS21-4504712
XREF MSFT:MS21-4504733
XREF MSFT:MS21-4493185
XREF IAVA:2021-A-0175-S
Plugin Information
Published: 2021/04/13, Modified: 2024/11/29
Plugin Output

tcp/445/cifs



Product : Outlook 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe has not been patched.
Remote version : 14.0.7012.1000
Fixed version : 14.0.7268.5000
127854 - Security Updates for Outlook (August 2019)
-
Synopsis
The Microsoft Outlook application installed on the remote host is affected by multiple vulnerabilities.
Description
The Microsoft Outlook application installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. (CVE-2019-1200)

- An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages. An attacker who successfully exploited the vulnerability could attempt to force Outlook to load a local or remote message store (over SMB).
(CVE-2019-1204)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4475553
-KB4475573
-KB4475563
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.1249
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2019-1200
CVE CVE-2019-1204
MSKB 4475553
MSKB 4475573
MSKB 4475563
XREF MSFT:MS19-4475553
XREF MSFT:MS19-4475573
XREF MSFT:MS19-4475563
Plugin Information
Published: 2019/08/13, Modified: 2020/02/14
Plugin Output

tcp/445/cifs



Product : Outlook 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe has not been patched.
Remote version : 14.0.7012.1000
Fixed version : 14.0.7236.5000
119598 - Security Updates for Outlook (December 2018)
-
Synopsis
The Microsoft Outlook application installed on the remote host is missing a security update.
Description
The Microsoft Outlook application installed on the remote host is missing a security update. It is, therefore, affected by the following vulnerability :

- A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. (CVE-2018-8587)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4461576
-KB4461556
-KB4461544
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.4676
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2018-8587
MSKB 4461576
MSKB 4461556
MSKB 4461544
XREF MSFT:MS18-4461576
XREF MSFT:MS18-4461556
XREF MSFT:MS18-4461544
Plugin Information
Published: 2018/12/11, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : Outlook 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe has not been patched.
Remote version : 14.0.7012.1000
Fixed version : 14.0.7226.5000
143563 - Security Updates for Outlook (December 2020)
-
Synopsis
The Microsoft Outlook application installed on the remote host is missing a security update.
Description
The Microsoft Outlook application installed on the remote host is missing a security update. It is, therefore, affected by the following vulnerability:

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2020-17119)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4486732
-KB4486742
-KB4486748

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.0507
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-17119
MSKB 4486742
MSKB 4486732
MSKB 4486748
XREF MSFT:MS20-4486742
XREF MSFT:MS20-4486732
XREF MSFT:MS20-4486748
XREF IAVA:2020-A-0558-S
XREF IAVA:2021-A-0017-S
Plugin Information
Published: 2020/12/08, Modified: 2025/08/29
Plugin Output

tcp/445/cifs



Product : Outlook 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe has not been patched.
Remote version : 14.0.7012.1000
Fixed version : 14.0.7261.5000
106807 - Security Updates for Outlook (February 2018)
-
Synopsis
The Microsoft Outlook application installed on the remote host is affected by multiple vulnerabilities.
Description
The Microsoft Outlook application installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages. An attacker who successfully exploited the vulnerability could attempt to force Outlook to load a local or remote message store (over SMB).
(CVE-2018-0850)

- A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2018-0852)
See Also
Solution
Microsoft has released the following security updates to address this issue:
- KB4011682
- KB4011697
- KB4011711
- KB4011200
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.3054
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 102866
BID 102871
CVE CVE-2018-0850
CVE CVE-2018-0852
MSKB 4011682
MSKB 4011697
MSKB 4011711
MSKB 4011200
XREF MSFT:MS18-4011682
XREF MSFT:MS18-4011697
XREF MSFT:MS18-4011711
XREF MSFT:MS18-4011200
XREF IAVA:2018-A-0051-S
Plugin Information
Published: 2018/02/13, Modified: 2025/10/29
Plugin Output

tcp/445/cifs



Product : Outlook 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe has not been patched.
Remote version : 14.0.7012.1000
Fixed version : 14.0.7194.5000
105699 - Security Updates for Outlook (January 2018)
-
Synopsis
The version of Outlook installed on the remote host is affected by a remote code execution vulnerability.
Description
The version of Microsoft Outlook installed on the remote host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in the way that Microsoft Outlook parses specially crafted email messages. An attacker who successfully exploited the vulnerability could take control of an affected system, then install programs; view, change, or delete data; or create new accounts with full user rights.
See Also
Solution
Microsoft has released a set of patches for Outlook 2007, 2010, 2013, and 2016.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.3557
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
BID 102383
CVE CVE-2018-0791
MSKB 4011213
MSKB 4011273
MSKB 4011637
MSKB 4011626
XREF MSFT:MS18-4011213
XREF MSFT:MS18-4011273
XREF MSFT:MS18-4011637
XREF MSFT:MS18-4011626
XREF IAVA:2018-A-0009-S
Plugin Information
Published: 2018/01/09, Modified: 2021/06/03
Plugin Output

tcp/445/cifs



Product : Outlook 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe has not been patched.
Remote version : 14.0.7012.1000
Fixed version : 14.0.7192.5000
102035 - Security Updates for Outlook (July 2017)
-
Synopsis
An application installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The Microsoft Office or Outlook application installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- A security feature bypass vulnerability exists in Microsoft Office due to improper handling of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to open and interact with a specially crafted document file, to bypass security measures and execute arbitrary commands.
(CVE-2017-8571)

- An information disclosure vulnerability exists in Microsoft Office due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted document file, to disclose the contents of memory.
(CVE-2017-8572)

- A remote code execution vulnerability exists in Microsoft Outlook due to improper parsing of email messages. An unauthenticated, remote attacker can exploit this, with a specially crafted email message with a malicious attachment, to execute arbitrary code in the context of the current user. (CVE-2017-8663)
See Also
Solution
Microsoft has released a set of patches for Outlook 2007, 2010, 2013, and 2016.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.1432
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 99452
BID 99453
BID 100004
CVE CVE-2017-8571
CVE CVE-2017-8572
CVE CVE-2017-8663
MSKB 2956078
MSKB 3213643
MSKB 4011052
MSKB 4011078
XREF MSFT:MS17-2956078
XREF MSFT:MS17-3213643
XREF MSFT:MS17-4011052
XREF MSFT:MS17-4011078
Plugin Information
Published: 2017/07/28, Modified: 2019/11/12
Plugin Output

tcp/445/cifs



Product : Outlook 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe has not been patched.
Remote version : 14.0.7012.1000
Fixed version : 14.0.7187.5000
138470 - Security Updates for Outlook (July 2020)
-
Synopsis
The Microsoft Outlook application installed on the remote host is missing a security update.
Description
The Microsoft Outlook application installed on the remote host is missing a security update. It is, therefore, affected by the following vulnerability :

- A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. (CVE-2020-1349)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4484382
-KB4484363
-KB4484433

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.2597
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2020-1349
MSKB 4484382
MSKB 4484363
MSKB 4484433
XREF MSFT:MS20-4484382
XREF MSFT:MS20-4484363
XREF MSFT:MS20-4484433
XREF IAVA:2020-A-0308-S
Plugin Information
Published: 2020/07/14, Modified: 2020/08/14
Plugin Output

tcp/445/cifs



Product : Outlook 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe has not been patched.
Remote version : 14.0.7012.1000
Fixed version : 14.0.7248.5000
118928 - Security Updates for Outlook (November 2018)
-
Synopsis
The Microsoft Outlook application installed on the remote host is affected by multiple vulnerabilities.
Description
The Microsoft Outlook application installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8582)

- A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. (CVE-2018-8522, CVE-2018-8524, CVE-2018-8576)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4461486
-KB4461529
-KB4461506
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.2039
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 105820
BID 105822
BID 105823
BID 105825
BID 105826
BID 105828
CVE CVE-2018-8522
CVE CVE-2018-8524
CVE CVE-2018-8558
CVE CVE-2018-8576
CVE CVE-2018-8579
CVE CVE-2018-8582
MSKB 4461486
MSKB 4461529
MSKB 4461506
XREF MSFT:MS18-4461486
XREF MSFT:MS18-4461529
XREF MSFT:MS18-4461506
Plugin Information
Published: 2018/11/13, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : Outlook 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe has not been patched.
Remote version : 14.0.7012.1000
Fixed version : 14.0.7224.5000
103752 - Security Updates for Outlook (October 2017)
-
Synopsis
The version of Outlook installed on the remote host is affected by multiple vulnerabilities.
Description
The version of Microsoft Outlook installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists when Microsoft Outlook fails to establish a secure connection. An attacker who exploited the vulnerability could use it to obtain the email content of a user. The security update addresses the vulnerability by preventing Outlook from disclosing user email content.
(CVE-2017-11776)

- A security feature bypass vulnerability exists when Microsoft Office improperly handles objects in memory.
An attacker who successfully exploited the vulnerability could execute arbitrary commands. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability, and then convince users to open the document file and interact with the document. The security update addresses the vulnerability by correcting how Microsoft Office handles objects in memory. (CVE-2017-11774)
See Also
Solution
Microsoft has released a set of patches for Outlook 2010, 2013, and 2016.
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.8285
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.9 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 101098
BID 101106
CVE CVE-2017-11774
CVE CVE-2017-11776
MSKB 4011178
MSKB 4011196
XREF MSFT:MS17-4011162
XREF MSFT:MS17-4011178
XREF MSFT:MS17-4011196
XREF IAVA:2017-A-0291-S
XREF CISA-KNOWN-EXPLOITED:2022/05/03
Plugin Information
Published: 2017/10/10, Modified: 2023/02/17
Plugin Output

tcp/445/cifs



Product : Outlook 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe has not been patched.
Remote version : 14.0.7012.1000
Fixed version : 14.0.7189.5000
118014 - Security Updates for Outlook (October 2018)
-
Synopsis
The Microsoft Outlook application installed on the remote host is affected by multiple vulnerabilities.
Description
The Microsoft Outlook application installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities including a remote code execution vulnerability requiring user interaction. See Microsoft Security Advisory ADV180026 for more information.
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4092477
-KB4461440
-KB4227170
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
References
MSKB 4092477
MSKB 4461440
MSKB 4227170
XREF MSFT:MS18-4092477
XREF MSFT:MS18-4461440
XREF MSFT:MS18-4227170
Plugin Information
Published: 2018/10/09, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : Outlook 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe has not been patched.
Remote version : 14.0.7012.1000
Fixed version : 14.0.7214.5000
141428 - Security Updates for Outlook (October 2020)
-
Synopsis
The Microsoft Outlook application installed on the remote host is affected by multiple vulnerabilities.
Description
The Microsoft Outlook application installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-16947)

- A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system. Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Outlook server. The security update addresses the vulnerability by correcting how Microsoft Outlook handles objects in memory. (CVE-2020-16949)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4484524
-KB4486663
-KB4486671

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.4558
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-16947
CVE CVE-2020-16949
MSKB 4484524
MSKB 4486663
MSKB 4486671
XREF MSFT:MS20-4484524
XREF MSFT:MS20-4486663
XREF MSFT:MS20-4486671
XREF IAVA:2020-A-0455-S
XREF CEA-ID:CEA-2020-0126
Plugin Information
Published: 2020/10/13, Modified: 2024/11/29
Plugin Output

tcp/445/cifs



Product : Outlook 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe has not been patched.
Remote version : 14.0.7012.1000
Fixed version : 14.0.7261.5000
103456 - Security Updates for Outlook (September 2017)
-
Synopsis
The version of Outlook installed on the remote host is affected by multiple vulnerabilities.
Description
The version of Microsoft Outlook installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted email messages. An attacker who successfully exploited the vulnerability could take control of an affected system to then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-0106)

- A security feature bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats. To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file. (CVE-2017-0204)

- A remote code execution vulnerability exists when Microsoft Office improperly validates input before loading dynamic link library (DLL) files. An attacker who successfully exploited this vulnerability could take control of an affected system to then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8506)

- A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted email messages. An attacker who successfully exploited this vulnerability could take control of an affected system.
(CVE-2017-8507)

- A security feature bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats. (CVE-2017-8508)

- A security feature bypass vulnerability exists when Microsoft Office Outlook improperly handles input.
An attacker who successfully exploited the vulnerability could execute arbitrary commands. (CVE-2017-8571)

- An information disclosure vulnerability exists when Microsoft Outlook fails to properly validate authentication requests. (CVE-2017-8572)

- A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted email messages. An attacker who successfully exploited the vulnerability could take control of an affected system.
(CVE-2017-8663)
See Also
Solution
Microsoft has released a set of patches for Outlook 2007, 2010, 2013, and 2016.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.3391
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 97413
BID 97458
BID 98811
BID 98827
BID 98828
BID 99452
BID 99453
BID 100004
CVE CVE-2017-0106
CVE CVE-2017-0204
CVE CVE-2017-8506
CVE CVE-2017-8507
CVE CVE-2017-8508
CVE CVE-2017-8571
CVE CVE-2017-8572
CVE CVE-2017-8663
MSKB 4011089
MSKB 4011110
MSKB 4011091
MSKB 4011090
XREF MSFT:MS17-4011089
XREF MSFT:MS17-4011110
XREF MSFT:MS17-4011091
XREF MSFT:MS17-4011090
Plugin Information
Published: 2017/09/25, Modified: 2019/11/12
Plugin Output

tcp/445/cifs



Product : Outlook 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe has not been patched.
Remote version : 14.0.7012.1000
Fixed version : 14.0.7187.5000
233416 - VMware Tools 11.x / 12.x < 12.5.1 Authentication Bypass (VMSA-2025-0005)
-
Synopsis
The virtualization tool suite is installed on the remote Windows host is affected by an authentication bypass vulnerability.
Description
The version of VMware Tools installed on the remote Windows host is 11.x or 12.x prior to 12.5.1. It is, therefore, affected by an authentication bypass vulnerability:

- VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM. (CVE-2025-22230)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to VMware Tools version 12.5.1 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
VPR Score
6.7
EPSS Score
0.0003
CVSS v2.0 Base Score
6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)
STIG Severity
I
References
CVE CVE-2025-22230
XREF VMSA:2025-0005
XREF IAVA:2025-A-0199-S
Plugin Information
Published: 2025/03/27, Modified: 2025/05/16
Plugin Output

tcp/445/cifs


Path : C:\Program Files\VMware\VMware Tools\
Installed version : 12.3.5.46049
Fixed version : 12.5.1
266420 - VMware Tools 11.x < 12.5.4 / 13.x < 13.0.5 Multiple Vulnerabilities (VMSA-2025-0015)
-
Synopsis
The virtualization tool suite installed on the remote host is affected by multiple vulnerabilities.
Description
The version of VMware Tools installed on the remote host is 11.x or 12.x prior to 12.5.4, or 13.x prior to 13.0.5.
It is, therefore, affected by multiple vulnerabilities as disclosed in the VMSA-2025-0015 advisory:

- VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM. (CVE-2025-41244)

- VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls. A malicious actor with non-administrative privileges on a guest VM, who is already authenticated through vCenter or ESX may exploit this issue to access other guest VMs. Successful exploitation requires knowledge of credentials of the targeted VMs and vCenter or ESX. (CVE-2025-41246)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to VMware Tools version 12.5.4, 13.0.5 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
9.2
EPSS Score
0.0002
CVSS v2.0 Base Score
6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.6 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2025-41244
CVE CVE-2025-41246
XREF VMSA:2025-0015
XREF IAVA:2025-A-0712
XREF CISA-KNOWN-EXPLOITED:2025/11/20
Plugin Information
Published: 2025/10/02, Modified: 2025/10/30
Plugin Output

tcp/445/cifs


Path : C:\Program Files\VMware\VMware Tools\
Installed version : 12.3.5.46049
Fixed version : 12.5.4
CVE(s) : CVE-2025-41244 CVE-2025-41246
276819 - Visual Studio Tools for Applications Elevation of Privilege (CVE-2025-29803)
-
Synopsis
A Microsoft development toolset on the remote Windows host is affected by privilege escalation.
Description
In VSTA 2019 (prior 16.0.35907.0) and VSTA 2022 (prior to 17.0.35906.0), the software contains a vulnerability (CVE-2025-29803) that could allow remote or local attackers to execute arbitrary code or escalate privileges within the host application, potentially compromising systems that rely on VSTA for automation or extensibility.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to VSTA 16.0.35907.0, 17.0.35906.0 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
7.3 (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
VPR Score
6.7
EPSS Score
0.0005
CVSS v2.0 Base Score
6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)
STIG Severity
I
References
CVE CVE-2025-29803
XREF IAVA:2025-A-0247
Plugin Information
Published: 2025/11/25, Modified: 2025/11/25
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Common Files\Microsoft Shared\VSTA\16.0\Bin\VstaCore.dll
Installed version : 16.0.31110
Fixed version : 16.0.35907.0
180174 - WinRAR < 6.23 RCE
-
Synopsis
The remote Windows host has an application installed which is affected by a remote code execution vulnerability.
Description
The remote host is running WinRAR, an archive manager for Windows.

The version of WinRAR installed on the remote host is affected by a an improper validation of user-supplied data, which can result in memory access past the end of an allocated buffer which can be exploited remotely and may allow attackers to execute code in the context of the current process.
See Also
Solution
Upgrade to WinRAR version 6.23 or later.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.7
EPSS Score
0.9385
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2023-38831
CVE CVE-2023-40477
XREF CISA-KNOWN-EXPLOITED:2023/09/14
XREF IAVA:2023-A-0436-S
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2023/08/24, Modified: 2024/05/03
Plugin Output

tcp/445/cifs


Path : C:\Program Files\WinRAR\WinRAR.exe
Installed version : 6.0.0.0
Fixed version : 6.23
192940 - WinRAR < 7.00 Multiple Vulnerabilities
-
Synopsis
The remote Windows host has an application installed which is affected by multiple vulnerabilities.
Description
The remote host is running WinRAR, an archive manager for Windows, whose reported version is prior to 7.00. It is, therefore, affected by multiple vulnerabilties:

- The vulnerability exists due to an error within the archive extraction functionality. A remote attacker can use a specially crafted archive to bypass the Mark-Of-The-Web protection mechanism and potentially compromise the affected system. (CVE-2024-30370)

- RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen output via ANSI escape sequences, a different issue than CVE-2024-33899. (CVE-2024-36052)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to WinRAR version 7.00 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVSS v3.0 Temporal Score
6.7 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.0042
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.9 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2024-30370
CVE CVE-2024-36052
XREF IAVA:2024-A-0194-S
XREF IAVA:2024-A-0303-S
Plugin Information
Published: 2024/04/05, Modified: 2025/06/23
Plugin Output

tcp/445/cifs


Path : C:\Program Files\WinRAR\WinRAR.exe
Installed version : 6.0.0.0
Fixed version : 7.0
166555 - WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation (EnableCertPaddingCheck)
-
Synopsis
The remote Windows host is potentially missing a mitigation for a remote code execution vulnerability.
Description
The remote system may be in a vulnerable state to CVE-2013-3900 due to a missing or misconfigured registry keys:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck
- HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck An unauthenticated, remote attacker could exploit this, by sending specially crafted requests, to execute arbitrary code on an affected host.
See Also
Solution
Add and enable registry value EnableCertPaddingCheck:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck

Additionally, on 64 Bit OS systems, Add and enable registry value EnableCertPaddingCheck:

- HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.0
EPSS Score
0.7941
CVSS v2.0 Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.6 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2013-3900
XREF CISA-KNOWN-EXPLOITED:2022/07/10
XREF IAVA:2013-A-0227
Plugin Information
Published: 2022/10/26, Modified: 2025/12/17
Plugin Output

tcp/445/cifs



Nessus detected the following potentially insecure registry key configuration:
- Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the registry.
- Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the registry.
149390 - KB5003197: Windows 10 1607 / Windows Server 2016 Security Update (May 2021)
-
Synopsis
The remote host is missing one or more security updates.
Description
The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released KB5003197 to address this issue.
Risk Factor
High
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVSS v3.0 Temporal Score
6.2 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.6391
CVSS v2.0 Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.6 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-24587
CVE CVE-2020-24588
CVE CVE-2020-26144
CVE CVE-2021-26419
CVE CVE-2021-28455
CVE CVE-2021-28476
CVE CVE-2021-28479
CVE CVE-2021-31182
CVE CVE-2021-31184
CVE CVE-2021-31186
CVE CVE-2021-31187
CVE CVE-2021-31188
CVE CVE-2021-31193
CVE CVE-2021-31194
MSKB 5003197
XREF MSFT:MS21-5003197
XREF IAVA:2021-A-0223-S
XREF IAVA:2021-A-0222-S
Plugin Information
Published: 2021/05/11, Modified: 2024/11/28
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5003197

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.4225
Should be : 10.0.14393.4402
55129 - MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)
-
Synopsis
An application on the remote Windows host has an information disclosure vulnerability.
Description
An application on the remote host has an XML external entity vulnerability. When parsing a specially crafted Web Service Discovery (.disco) file, external XML entities are allowed for untrusted user input. This could result in information disclosure.

A remote attacker could exploit this by tricking a user into opening a specially crafted .disco file, resulting in the disclosure of sensitive information.
See Also
Solution
Microsoft has released a set of patches for InfoPath 2007 and 2010, SQL Server 2005, 2008, and 2008 R2, SQL Server Management Studio Express 2005, Visual Studio 2005, 2008, and 2010.
Risk Factor
Medium
VPR Score
3.4
EPSS Score
0.3249
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 48196
CVE CVE-2011-1280
MSKB 2251481
MSKB 2251487
MSKB 2251489
MSKB 2494086
MSKB 2494089
MSKB 2494094
MSKB 2494112
MSKB 2494113
MSKB 2494120
MSKB 2494123
MSKB 2510061
MSKB 2546869
XREF MSFT:MS11-049
XREF IAVB:2011-B-0064
Plugin Information
Published: 2011/06/15, Modified: 2022/04/11
Plugin Output

tcp/445/cifs



KB : 2494096
- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe has not been patched.
Remote version : 2007.100.2531.0
Should be : 2007.100.2573.0

SQL Server Version : 10.0.2531.0 (2008 SP1) Express Edition
SQL Server Instance : SQLEXPRESS
55797 - MS11-067: Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230)
-
Synopsis
The remote Windows host contains a web control that could allow information disclosure.
Description
The installed version of the Microsoft Report Viewer control fails to properly validate parameters within a data source, which results in a reflected (or non-persistent) cross-site scripting vulnerability.

If an attacker can trick a user into clicking on a link to a malicious server, he could inject a client-side script in the user's browser that in turn could be used to spoof content or disclose sensitive information.
See Also
Solution
Microsoft has released a set of patches for Microsoft Visual Studio 2005 SP1 and the Microsoft Report Viewer 2005 SP1 Redistributable Package.
Risk Factor
Medium
VPR Score
3.8
EPSS Score
0.6611
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.4 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 49033
CVE CVE-2011-1976
MSKB 2548826
MSKB 2579115
XREF MSFT:MS11-067
Plugin Information
Published: 2011/08/09, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2579115
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Report Viewer Redistributable 2005\Install.exe has not been patched.
Remote version : 8.0.50727.1843
Should be : 8.0.50727.5677
58333 - MS12-021: Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019)
-
Synopsis
The remote Windows host contains a development application that is affected by a privilege escalation vulnerability.
Description
The installed version of Microsoft Visual Studio does not properly validate add-ins in the path before loading them into the application.

An attacker can elevate his privileges by placing a specially crafted add-in in the path used by Visual Studio and convincing a user with higher privileges to start Visual Studio.
See Also
Solution
Microsoft has released a set of patches for Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1.
Risk Factor
Medium
VPR Score
5.9
EPSS Score
0.0451
CVSS v2.0 Base Score
6.9 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.1 (CVSS2#E:U/RL:OF/RC:C)
References
BID 52329
CVE CVE-2012-0008
MSKB 2669970
MSKB 2644980
MSKB 2645410
XREF MSFT:MS12-021
Plugin Information
Published: 2012/03/13, Modified: 2019/01/10
Plugin Output

tcp/445/cifs



KB : 2645410
- C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\\ShellExtensions\Platform\AppenvStub.dll has not been patched.
Remote version : 10.0.40219.1
Should be : 10.0.40219.377
70852 - MS13-094: Vulnerability in Microsoft Outlook Could Allow Information Disclosure (2894514)
-
Synopsis
The version of Microsoft Outlook installed on the remote Windows host is affected by an information disclosure vulnerability.
Description
The Outlook component of Microsoft Office is affected by an information disclosure vulnerability due to a flaw in how Outlook parses S/MIME messages. It is possible for a remote attacker to exploit the vulnerability if a user opens or previews a specially crafted email in an affected version of Outlook.
See Also
Solution
Microsoft has released a set of patches for Office 2007, 2010, 2013 and 2013 RT.
Risk Factor
Medium
VPR Score
2.7
EPSS Score
0.122
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 63603
CVE CVE-2013-3905
MSKB 2825644
MSKB 2837597
MSKB 2837618
XREF MSFT:MS13-094
Plugin Information
Published: 2013/11/13, Modified: 2019/11/27
Plugin Output

tcp/445/cifs



KB : 2837597
- C:\Program Files (x86)\Microsoft Office\Office14\\Outlook.exe has not been patched.
Remote version : 14.0.7012.1000
Should be : 14.0.7109.5000
73983 - MS14-024: Vulnerability in a Microsoft Common Control Could Allow Security Feature Bypass (2961033)
-
Synopsis
The remote Windows host is affected by a security feature bypass vulnerability.
Description
The remote Windows host is running a version of Microsoft Office that contains a shared component (MSCOMCTL common controls library) that is affected by a security feature bypass. Successful exploitation of the issue could allow an attacker to bypass the Address Space Layout Randomization (ASLR) security feature. An attacker would need to entice a victim to visit a specially crafted web page with a browser capable of instantiating COM components in order to exploit the issue.
See Also
Solution
Microsoft has released a set of patches for Microsoft Office 2007, 2010, and 2013.
Risk Factor
Medium
VPR Score
5.9
EPSS Score
0.1293
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 67273
CVE CVE-2014-1809
MSKB 2961033
MSKB 2880508
MSKB 2880507
MSKB 2880502
MSKB 2817330
MSKB 2760272
MSKB 2880971
MSKB 2810073
MSKB 2596804
MSKB 2589288
XREF MSFT:MS14-024
XREF IAVB:2014-B-0057
Plugin Information
Published: 2014/05/14, Modified: 2019/11/26
Plugin Output

tcp/445/cifs



KB : 2810073
- C:\Windows\SysWOW64\mscomctl.ocx has not been patched.
Remote version : 6.1.98.34
Should be : 6.1.98.39
81266 - MS15-013: Vulnerability in Microsoft Office Could Allow Security Feature Bypass (3033857)
-
Synopsis
The remote Windows host is affected by a security bypass vulnerability.
Description
The Microsoft Office installed on the remote host is affected by a security bypass vulnerability due to a failure to use the Address Space Layout Randomization (ASLR) security feature. By convincing a user to open a specially crafted Office file, a remote attacker can use this flaw to predict the memory offsets of specific instructions in a given call stack. The attacker can then utilize this information to more easily exploit additional vulnerabilities.
See Also
Solution
Microsoft has released a set of patches for Office 2007, 2010, and 2013.
Risk Factor
Medium
VPR Score
2.7
EPSS Score
0.3235
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 72467
CVE CVE-2014-6362
MSKB 2910941
MSKB 2920748
MSKB 2920795
MSKB 3033857
XREF MSFT:MS15-013
XREF IAVB:2015-B-0018
Plugin Information
Published: 2015/02/10, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2920748
- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\msosec.dll has not been patched.
Remote version : 7.10.5077.0
Should be : 7.10.5078.0
56063 - Oracle Database Multiple Vulnerabilities (January 2009 CPU)
-
Synopsis
The remote database server is affected by multiple vulnerabilities.
Description
The remote Oracle database server is missing the January 2009 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :

- Job Queue

- Oracle OLAP

- Oracle Spatial

- Oracle Streams

- SQL*Plus Windows GUI
See Also
Solution
Apply the appropriate patch according to the January 2009 Oracle Critical Patch Update advisory.
Risk Factor
Medium
VPR Score
4.0
EPSS Score
0.516
CVSS v2.0 Base Score
6.5 (CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.1 (CVSS2#E:POC/RL:OF/RC:C)
References
Exploitable With
(true)
Plugin Information
Published: 2011/11/16, Modified: 2022/04/11
Plugin Output

tcp/445/cifs


The following vulnerable instance of Oracle Database is installed on the
remote host :

Ohome Name(s) : OraDb10g_home1
Ohome : c:\oracle\product\10.2.0\db_1
Missing DB Patches : 7584867
56061 - Oracle Database Multiple Vulnerabilities (July 2008 CPU)
-
Synopsis
The remote database server is affected by multiple vulnerabilities.
Description
The remote Oracle database server is missing the July 2008 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :

- Advanced Queuing

- Advanced Replication

- Authentication

- Core RDBMS

- Data Pump

- Database Scheduler

- Instance Management

- Oracle Spatial

- Oracle Database Vault

- Resource Manager
See Also
Solution
Apply the appropriate patch according to the July 2008 Oracle Critical Patch Update advisory.
Risk Factor
Medium
VPR Score
5.9
EPSS Score
0.053
CVSS v2.0 Base Score
6.5 (CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
4.8 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2011/11/16, Modified: 2022/04/11
Plugin Output

tcp/445/cifs


The following vulnerable instance of Oracle Database is installed on the
remote host :

Ohome Name(s) : OraDb10g_home1
Ohome : c:\oracle\product\10.2.0\db_1
Missing DB Patches : 7218677
56062 - Oracle Database Multiple Vulnerabilities (October 2008 CPU)
-
Synopsis
The remote database server is affected by multiple vulnerabilities.
Description
The remote Oracle database server is missing the October 2008 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :

- Core RDBMS

- Oracle Application Express

- Oracle Data Capture

- Oracle Data Mining

- Oracle OLAP

- Oracle Spatial

- Upgrade

- Workspace Manager
See Also
Solution
Apply the appropriate patch according to the October 2008 Oracle Critical Patch Update advisory.
Risk Factor
Medium
VPR Score
4.2
EPSS Score
0.6735
CVSS v2.0 Base Score
6.5 (CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.1 (CVSS2#E:POC/RL:OF/RC:C)
References
Plugin Information
Published: 2011/11/16, Modified: 2022/04/11
Plugin Output

tcp/445/cifs


The following vulnerable instance of Oracle Database is installed on the
remote host :

Ohome Name(s) : OraDb10g_home1
Ohome : c:\oracle\product\10.2.0\db_1
Missing DB Patches : 7386321
214532 - Oracle Java SE Multiple Vulnerabilities (January 2025 CPU)
-
Synopsis
The remote host is affected by multiple vulnerabilities
Description
The 8u431, 11.0.26, 17.0.14, 20.3.16, 21.0.5, 21.3.12, 23.0.2, and perf versions of Java installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2025 CPU advisory.

- Vulnerability in Oracle Java SE (component: Install (Sparkle)). The supported version that is affected is Oracle Java SE: 8u431. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Java SE executes to compromise Oracle Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Java SE. Note: Only applies to the macOS autoupdater. (CVE-2025-0509)

- Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.26, 17.0.14, 21.0.5, 23.0.2; Oracle GraalVM for JDK: 17.0.14, 21.0.5, 23.0.2; Oracle GraalVM Enterprise Edition: 20.3.16 and 21.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. (CVE-2025-21502)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply the appropriate patch according to the January 2025 Oracle Critical Patch Update advisory.
Risk Factor
High
CVSS v3.0 Base Score
6.8 (CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
5.9 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.0003
CVSS v2.0 Base Score
7.2 (CVSS2#AV:A/AC:L/Au:M/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2025-0509
CVE CVE-2025-21502
XREF IAVA:2025-A-0049-S
Plugin Information
Published: 2025/01/23, Modified: 2025/08/06
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Java\jdk-17\
Installed version : 17.0.12 / build 17.0.12
Fixed version : Upgrade to version 17.0.14 or greater
57608 - SMB Signing not required
-
Synopsis
Signing is not required on the remote SMB server.
Description
Signing is not required on the remote SMB server. An unauthenticated, remote attacker can exploit this to conduct man-in-the-middle attacks against the SMB server.
See Also
Solution
Enforce message signing in the host's configuration. On Windows, this is found in the policy setting 'Microsoft network server: Digitally sign communications (always)'. On Samba, the setting is called 'server signing'. See the 'see also' links for further details.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v3.0 Temporal Score
4.6 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
Plugin Information
Published: 2012/01/19, Modified: 2022/10/05
Plugin Output

tcp/445/cifs

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2025/06/16
Plugin Output

tcp/1433/mssql


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=SSL_Self_Signed_Fallback
|-Issuer : CN=SSL_Self_Signed_Fallback

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2025/06/16
Plugin Output

tcp/3389/msrdp


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=MUMPORTAL001
|-Issuer : CN=MUMPORTAL001

45411 - SSL Certificate with Wrong Hostname
-
Synopsis
The SSL certificate for this service is for a different host.
Description
The 'commonName' (CN) attribute of the SSL certificate presented for this service is for a different machine.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
Plugin Information
Published: 2010/04/03, Modified: 2020/04/27
Plugin Output

tcp/443/www


The identities known by Nessus are :

172.17.100.60
fe80::1c11:4296:7923:6a60
mumportal001
172.17.100.60

The Common Name in the certificate is :

www.lkp.net.in

The Subject Alternate Names in the certificate are :

admin.pennypal.in
aims.lkp.net.in
allocation.lkp.net.in
api.lkp.net.in
api.lkpconnect.net.in
backoffice.lkp.net.in
backoffice.lkpifsc.com
bo.lkp.net.in
closure.lkponline.com
dashboard.pennypal.in
demo.pennypal.in
devtrade.lkp.net.in
devtradekyc.lkp.net.in
druat.pennypal.in
ekyc.lkp.net.in
ekyc.lkponline.com
ekyc.pennypal.in
ekycuat.lkp.net.in
getsetgrow.lkponline.com
hrms.lkp.net.in
ia.lkp.net.in
ipo.lkp.net.in
lkp.net.in
lkpconnect.net.in
lkpifsc.com
lkpsec.com
lms.lkp.net.in
middleware.lkp.net.in
middlewareapi.lkp.net.in
notification.lkponline.com
notification.pennypal.in
pay.lkp.net.in
pennypal.in
ra.lkp.net.in
referral.pennypal.in
rekyc.lkponline.com
rekyc.pennypal.in
spip.lkp.net.in
spip.lkponline.com
trading.lkponline.com
trading.pennypal.in
trilogy.lkp.net.in
uat.lkp.net.in
uat.lkpsec.com
uat.pennypal.in
uatbackoffice.lkp.net.in
uatekyc.lkponline.com
uatgetsetgrow.lkponline.com
uatspip.lkponline.com
uattrading.lkponline.com
uatweb.pennypal.in
wealth.lkp.net.in
welcome.lkp.net.in
www.lkp.net.in
www.lkpfinance.com
www.lkpsec.com

45411 - SSL Certificate with Wrong Hostname
-
Synopsis
The SSL certificate for this service is for a different host.
Description
The 'commonName' (CN) attribute of the SSL certificate presented for this service is for a different machine.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
Plugin Information
Published: 2010/04/03, Modified: 2020/04/27
Plugin Output

tcp/1433/mssql


The identities known by Nessus are :

172.17.100.60
fe80::1c11:4296:7923:6a60
mumportal001
172.17.100.60

The Common Name in the certificate is :

SSL_Self_Signed_Fallback
57582 - SSL Self-Signed Certificate
-
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2012/01/17, Modified: 2022/06/14
Plugin Output

tcp/1433/mssql


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : CN=SSL_Self_Signed_Fallback

57582 - SSL Self-Signed Certificate
-
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2012/01/17, Modified: 2022/06/14
Plugin Output

tcp/3389/msrdp


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : CN=MUMPORTAL001

137272 - Security Feature Bypass Vulnerability for Word (June 2020)
-
Synopsis
The Microsoft Word Products are affected by security feature bypass vulnerability.
Description
The Microsoft Word Products is missing a security update, and Therefore is affected by a security feature bypass vulnerability. An attacker who exploited this vulnerability could cause a system to load remote images which could disclose the IP address of the targeted system to the attacker.
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4484380
-KB4484396
-KB4484361

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
Medium
CVSS v3.0 Base Score
4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)
CVSS v3.0 Temporal Score
3.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
2.2
EPSS Score
0.0905
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2020-1229
MSKB 4484380
MSKB 4484396
MSKB 4484361
XREF MSFT:MS20-4484380
XREF MSFT:MS20-4484396
XREF MSFT:MS20-4484361
XREF IAVA:2020-A-0255-S
Plugin Information
Published: 2020/06/09, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7252.5000
122154 - Security Update for .NET Core (February 2019)
-
Synopsis
The remote Windows host is affected by a .NET Core domain spoofing vulnerability.
Description
The remote Windows host has an installation of .NET Core with a version of 1.0.x < 1.0.14, 1.1.x < 1.1.11, 2.1.x < 2.1.8 or 2.2x < 2.2.2. Therefore, the host is affected by the following:

- A Domain spoofing vulnerability which causes the meaning of a URI to change when International Domain Name encoding is applied.
An attacker who successfully exploited the vulnerability could redirect a URI. (CVE-2019-0657)
See Also
Solution
Refer to vendor documentation.
Risk Factor
Medium
CVSS v3.0 Base Score
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVSS v3.0 Temporal Score
5.2 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.0284
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2019-0657
XREF IAVA:2019-A-0044-S
Plugin Information
Published: 2019/02/13, Modified: 2025/03/20
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\1.0.5\
Installed version : 1.0.5
Fixed version : 1.0.14 (1.0.14.5101)

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\1.1.2\
Installed version : 1.1.2
Fixed version : 1.1.11 (1.1.11.1791)
146328 - Security Update for .NET Core (February 2021)
-
Synopsis
The remote Windows host is affected by a .NET Core denial of service (DoS) vulnerability.
Description
The Microsoft .NET Core installation on the remote host is version 2.1.x prior to 2.1.25, 3.1.x prior to 3.1.126, or 5.x prior to 5.0.3. It is, therefore, affected by a denial of service vulnerability when creating HTTPS web requests during X509 certificate chain building. An unauthenticated, remote attacker can exploit this to cause the application to stop responding.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Update .NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
5.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.6
EPSS Score
0.0477
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-1721
XREF IAVA:2021-A-0091-S
Plugin Information
Published: 2021/02/09, Modified: 2021/06/11
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NetCore.App\3.1.3\
Installed version : 3.1.3.28628
Fixed version : 3.1.12
150708 - Security Update for .NET Core (June 2021)
-
Synopsis
The remote Windows host is affected by a .NET Core denial of service (DoS) vulnerability.
Description
The Microsoft .NET Core installation on the remote host is version 3.1.x prior to 3.1.16, 5.x prior to 5.0.7. It is, therefore, affected by a denial of service vulnerability. An unauthenticated, remote attacker can exploit this to cause the application to stop responding.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Update .NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
5.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.6
EPSS Score
0.0477
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2021/06/11, Modified: 2022/05/09
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NetCore.App\3.1.3\
Installed version : 3.1.3.28628
Fixed version : 3.1.16
122778 - Security Update for .NET Core SDK (March 2019)
-
Synopsis
The remote Windows host is affected by a tampering vulnerability.
Description
The remote Windows host has an installation of .NET Core SDK with a version of 1.x < 1.1.13 or 2.1.x < 2.1.505. Therefore, the host is affected by a tampering vulnerability with in the NuGet Package Manager. An authenticated, attacker can exploit this, via manipulating the folder contents prior to building or installing a application, to modify files and folders after unpacking.
See Also
Solution
Refer to vendor documentation.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)
CVSS v3.0 Temporal Score
5.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.1
EPSS Score
0.0489
CVSS v2.0 Base Score
4.0 (CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.0 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2019/03/12, Modified: 2020/01/17
Plugin Output

tcp/445/cifs


Path : C:\\program files\dotnet\\sdk\1.1.0
Installed version : 1.1.0
Fixed version : 1.1.13
205451 - Security Update for Microsoft .NET Core (August 2024)
-
Synopsis
The remote Windows host is affected by a .NET Core vulnerability
Description
The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the vendor advisory.

- .NET and Visual Studio Information Disclosure Vulnerability (CVE-2024-38167)

- .NET and Visual Studio Denial of Service Vulnerability (CVE-2024-38168)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Update .NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
High
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
5.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.0362
CVSS v2.0 Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N)
CVSS v2.0 Temporal Score
5.8 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-38167
CVE CVE-2024-38168
XREF IAVA:2024-A-0490-S
Plugin Information
Published: 2024/08/13, Modified: 2024/10/11
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.7\
Installed version : 8.0.7
Fixed version : 8.0.8
196990 - Security Update for Microsoft .NET Core (May 2024)
-
Synopsis
The remote Windows host is affected by a .NET Core vulnerability
Description
The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the vendor advisory.

- .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2024-30045)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Update .NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
High
CVSS v3.0 Base Score
6.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVSS v3.0 Temporal Score
5.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
4.2
EPSS Score
0.0153
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-30045
XREF IAVA:2024-A-0280
Plugin Information
Published: 2024/05/14, Modified: 2024/05/17
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.10\
Installed version : 7.0.10
Fixed version : 7.0.19
185886 - Security Update for Microsoft .NET Core (November 2023) (CVE-2023-36558)
-
Synopsis
The remote Windows host is affected by a .NET Core vulnerability
Description
The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by security feature bypass vulnerability as referenced in the vendor advisory.

- ASP.NET Core - Security Feature Bypass Vulnerability (CVE-2023-36558)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Update .NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
Medium
CVSS v3.0 Base Score
5.5 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
4.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.0062
CVSS v2.0 Base Score
4.6 (CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:N)
CVSS v2.0 Temporal Score
3.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36558
XREF IAVA:2023-A-0615-S
Plugin Information
Published: 2023/11/16, Modified: 2024/01/12
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.10\
Installed version : 7.0.10
Fixed version : 7.0.14
270711 - Security Update for Microsoft .NET Core (October 2025)
-
Synopsis
The remote Windows host is affected by a .NET Core vulnerability
Description
The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by information disclosure vulnerability as referenced in the vendor advisory.

- Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network. (CVE-2025-55248)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Update .NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
Medium
CVSS v3.0 Base Score
4.8 (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N)
VPR Score
3.6
EPSS Score
0.0003
CVSS v2.0 Base Score
4.9 (CVSS2#AV:N/AC:H/Au:S/C:C/I:N/A:N)
STIG Severity
I
References
CVE CVE-2025-55248
XREF IAVA:2025-A-0752
Plugin Information
Published: 2025/10/17, Modified: 2025/11/12
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.7\
Installed version : 8.0.7
Fixed version : 8.0.21
152528 - Security Update for Microsoft ASP.NET Core (August 2021)
-
Synopsis
The Microsoft ASP.NET Core installations on the remote host is affected by multiple vulnerabilities.
Description
The Microsoft ASP.NET Core installation on the remote host is version 2.1.x prior to 2.1.29, 3.1.x prior to 3.1.18, or 5.x prior to 5.0.9. It is, therefore, affected by multiple vulnerabilities:

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26423)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-34485, CVE-2021-34532)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Update ASP.NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
Low
CVSS v3.0 Base Score
5.5 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
4.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.6
EPSS Score
0.024
CVSS v2.0 Base Score
2.1 (CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
1.6 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-26423
CVE CVE-2021-34485
CVE CVE-2021-34532
XREF IAVA:2021-A-0378-S
Plugin Information
Published: 2021/08/12, Modified: 2023/10/13
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\dotnet\shared\Microsoft.AspNetCore.App\3.1.3
Installed version : 3.1.3
Fixed version : 3.1.18

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\3.1.3
Installed version : 3.1.3
Fixed version : 3.1.18
146344 - Security Update for Microsoft ASP.NET Core (February 2021)
-
Synopsis
The Microsoft ASP.NET Core installations on the remote host contain vulnerable packages.
Description
The Microsoft ASP.NET Core installation on the remote host is version 2.1.x prior to 2.1.25, 3.1.x prior to 3.1.126, or 5.x prior to 5.0.3. It is, therefore, affected by a denial of service vulnerability when creating HTTPS web requests during X509 certificate chain building. An unauthenticated, remote attacker can exploit this to cause the application to stop responding.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Update ASP.NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
5.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.6
EPSS Score
0.0477
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2021/02/09, Modified: 2022/04/11
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\dotnet\shared\Microsoft.AspNetCore.App\3.1.3
Installed version : 3.1.3
Fixed version : 3.1.12

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\3.1.3
Installed version : 3.1.3
Fixed version : 3.1.12
185884 - Security Update for Microsoft ASP.NET Core (November 2023) (CVE-2023-36558)
-
Synopsis
The remote Windows host is affected by a ASP.NET Core vulnerability
Description
The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by security feature bypass vulnerability as referenced in the vendor advisory.

- ASP.NET Core - Security Feature Bypass Vulnerability (CVE-2023-36558)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Update .NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
Medium
CVSS v3.0 Base Score
5.5 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
4.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.0062
CVSS v2.0 Base Score
4.6 (CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:N)
CVSS v2.0 Temporal Score
3.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36558
XREF IAVA:2023-A-0617-S
Plugin Information
Published: 2023/11/16, Modified: 2024/02/16
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\7.0.10
Installed version : 7.0.10
Fixed version : 7.0.14
163974 - Security Updates for Microsoft .NET Core (August 2022)
-
Synopsis
The Microsoft .NET core installations on the remote host are affected by a spoofing vulnerability.
Description
A spoofing vulnerability exists in .NET core 6.0 < 6.0.8 and .NET Core 3.1 < 3.1.28. An unauthenticated, remote attacker can exploit this, to perform actions with the privileges of another user.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Update .NET Core Runtime to version 3.1.28 or 6.0.8.
Risk Factor
Medium
CVSS v3.0 Base Score
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
5.3 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.0147
CVSS v2.0 Base Score
5.4 (CVSS2#AV:N/AC:H/Au:N/C:C/I:N/A:N)
CVSS v2.0 Temporal Score
4.2 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-34716
MSKB 5016987
MSKB 5016990
XREF MSFT:MS22-5016987
XREF MSFT:MS22-5016990
XREF IAVA:2022-A-0313-S
Plugin Information
Published: 2022/08/10, Modified: 2024/01/16
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NetCore.App\3.1.3\
Installed version : 3.1.3.28628
Fixed version : 3.1.28
162314 - Security Updates for Microsoft .NET core (June 2022)
-
Synopsis
The Microsoft .NET core installations on the remote host are affected by an information disclosure vulnerability.
Description
An information disclosure vulnerability exists in .NET core 6.0 < 6.0.6 and .NET Core 3.1 < 3.1.26. An unauthenticated, local attacker can exploit this, to disclose potentially sensitive information.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Update .NET Core Runtime to version 3.1.26 or 6.0.6.
Risk Factor
Medium
CVSS v3.0 Base Score
5.5 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
5.1 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.0048
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.6 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-30184
MSKB 5015424
MSKB 5015429
XREF MSFT:MS22-5015424
XREF MSFT:MS22-5015429
XREF IAVA:2022-A-0235-S
Plugin Information
Published: 2022/06/16, Modified: 2024/01/16
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NetCore.App\3.1.3\
Installed version : 3.1.3.28628
Fixed version : 3.1.26
158744 - Security Updates for Microsoft .NET core (March 2022)
-
Synopsis
The Microsoft .NET core installations on the remote host are affected by multiple vulnerabilities.
Description
The Microsoft .NET core installations on the remote host are missing security updates. It is, therefore, affected by multiple vulnerabilities:

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2022-24464)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2020-8927, CVE-2022-24512)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Update .NET Core Runtime to version 3.1.23, 5.0.15 or 6.0.3.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
CVSS v3.0 Temporal Score
5.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0074
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-8927
CVE CVE-2022-24464
CVE CVE-2022-24512
XREF IAVA:2022-A-0106-S
Plugin Information
Published: 2022/03/09, Modified: 2023/04/18
Plugin Output

tcp/445/cifs


Path : C:\Program Files\dotnet\shared\Microsoft.NetCore.App\3.1.3\
Installed version : 3.1.3.28628
Fixed version : 3.1.23
131935 - Security Updates for Microsoft Excel Products (December 2019)
-
Synopsis
The Microsoft Excel Products are missing a security update.
Description
The Microsoft Excel Products are missing a security update.
It is, therefore, affected by the following vulnerability :

- An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the users computer or data. (CVE-2019-1464)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4484196
-KB4484190
-KB4484179 For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
Medium
CVSS v3.0 Base Score
5.5 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
4.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.1177
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2019-1464
MSKB 4484196
MSKB 4484190
MSKB 4484179
XREF MSFT:MS19-4484196
XREF MSFT:MS19-4484190
XREF MSFT:MS19-4484179
Plugin Information
Published: 2019/12/10, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7243.5000
122128 - Security Updates for Microsoft Excel Products (February 2019)
-
Synopsis
The Microsoft Excel Products are affected by multiple vulnerabilities.
Description
The Microsoft Excel Products are missing security updates. They are, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user's computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.
(CVE-2019-0669)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4462186
-KB4461597
-KB4462115

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
5.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.1624
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
References
BID 106897
CVE CVE-2019-0669
MSKB 4462186
MSKB 4461597
MSKB 4462115
XREF MSFT:MS19-4462186
XREF MSFT:MS19-4461597
XREF MSFT:MS19-4462115
Plugin Information
Published: 2019/02/12, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7229.5000
110492 - Security Updates for Microsoft Excel Products (June 2018)
-
Synopsis
The Microsoft Excel Products are missing a security update.
Description
The Microsoft Excel Products are missing a security update.
It is, therefore, affected by the following vulnerability :

- An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the users computer or data. (CVE-2018-8246)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4022191
-KB4022209
-KB4022174
Risk Factor
Medium
CVSS v3.0 Base Score
5.5 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
4.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.1826
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2018-8246
MSKB 4022191
MSKB 4022209
MSKB 4022174
XREF MSFT:MS18-4022191
XREF MSFT:MS18-4022209
XREF MSFT:MS18-4022174
Plugin Information
Published: 2018/06/12, Modified: 2019/11/04
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7210.5000
117421 - Security Updates for Microsoft Excel Products (September 2018)
-
Synopsis
The Microsoft Excel Products are missing a security update.
Description
The Microsoft Excel Products are missing a security update.
It is, therefore, affected by the following vulnerability :

- An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could access information previously deleted from the active worksheet. (CVE-2018-8429)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4092460
-KB4227175
-KB4092479
Risk Factor
Medium
CVSS v3.0 Base Score
5.5 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
4.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.2296
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
References
BID 105219
CVE CVE-2018-8429
MSKB 4092460
MSKB 4227175
MSKB 4092479
XREF MSFT:MS18-4092460
XREF MSFT:MS18-4227175
XREF MSFT:MS18-4092479
Plugin Information
Published: 2018/09/11, Modified: 2019/11/01
Plugin Output

tcp/445/cifs



Product : Excel 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7213.5000
111696 - Security Updates for Microsoft Office Products (August 2018)
-
Synopsis
The Microsoft Office Products are missing a security update.
Description
The Microsoft Office Products are missing a security update.
It is, therefore, affected by the following vulnerability :

- An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. The security update addresses the vulnerability by properly initializing the affected variable. (CVE-2018-8378)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4022198
-KB3213636
-KB4032239
-KB4032233
Risk Factor
Medium
CVSS v3.0 Base Score
5.5 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
4.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.6
EPSS Score
0.2694
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2018-8378
MSKB 4022198
MSKB 3213636
MSKB 4032239
MSKB 4032233
XREF MSFT:MS18-4022198
XREF MSFT:MS18-3213636
XREF MSFT:MS18-4032239
XREF MSFT:MS18-4032233
Plugin Information
Published: 2018/08/14, Modified: 2019/11/04
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 3213636
- C:\Program Files (x86)\Microsoft Office\Office14\offowc.dll has not been patched.
Remote version : 14.0.7011.1000
Should be : 14.0.7212.5000
147218 - Security Updates for Microsoft Office Products (March 2021)
-
Synopsis
The Microsoft Office Products are affected by multiple vulnerabilities.
Description
The Microsoft Office Products are missing security updates.
They are affected by a remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-24108, CVE-2021-27054, CVE-2021-27057, CVE-2021-27059)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4493228
-KB4493203
-KB4504703
-KB4493225
-KB4493200
-KB4493214
Risk Factor
High
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.0 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.0487
CVSS v2.0 Base Score
8.5 (CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.0 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-24108
CVE CVE-2021-27054
CVE CVE-2021-27057
CVE CVE-2021-27059
MSKB 4493228
MSKB 4493203
MSKB 4504703
MSKB 4493225
MSKB 4493200
MSKB 4493214
XREF MSFT:MS21-4493228
XREF MSFT:MS21-4493203
XREF MSFT:MS21-4504703
XREF MSFT:MS21-4493225
XREF MSFT:MS21-4493200
XREF MSFT:MS21-4493214
XREF IAVA:2021-A-0132-S
XREF CISA-KNOWN-EXPLOITED:2021/11/17
Plugin Information
Published: 2021/03/09, Modified: 2025/10/31
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2010 SP2
KB : 4504703
- C:\Program Files (x86)\Common Files\Microsoft Shared\Office14\mso.dll has not been patched.
Remote version : 14.0.7265.5000
Should be : 14.0.7266.5000

Product : Microsoft Office 2010 SP2
KB : 4493214
- C:\Program Files (x86)\Microsoft Office\Office14\graph.exe has not been patched.
Remote version : 14.0.7012.1000
Should be : 14.0.7266.5000
108976 - Security Updates for Microsoft Word Products (April 2018)
-
Synopsis
The Microsoft Word Products are affected by an information disclosure vulnerability.
Description
The Microsoft Word Products are missing security updates. It is, therefore, affected by an information disclosure vulnerability when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed. This vulnerability could potentially result in the disclosure of sensitive information to a malicious site.

The security update addresses the vulnerability by correcting how Office processes OLE objects.
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4018339
-KB4018355
-KB4018347
-KB4018359
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
5.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.6
EPSS Score
0.1072
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2018-0950
MSKB 4018339
MSKB 4018355
MSKB 4018347
MSKB 4018359
XREF MSFT:MS18-4018339
XREF MSFT:MS18-4018355
XREF MSFT:MS18-4018347
XREF MSFT:MS18-4018359
Plugin Information
Published: 2018/04/10, Modified: 2019/11/08
Plugin Output

tcp/445/cifs



Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7197.5000
139507 - Security Updates for Microsoft Word Products (August 2020)
-
Synopsis
The Microsoft Word Products are affected by multiple vulnerabilities.
Description
The Microsoft Word Products are missing security updates. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. (CVE-2020-1502)

- An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the users computer or data. (CVE-2020-1503, CVE-2020-1583)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4484494
-KB4484484
-KB4484474

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
Medium
CVSS v3.0 Base Score
5.5 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
4.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.6
EPSS Score
0.2252
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-1502
CVE CVE-2020-1503
CVE CVE-2020-1583
MSKB 4484494
MSKB 4484484
MSKB 4484474
XREF MSFT:MS20-4484494
XREF MSFT:MS20-4484484
XREF MSFT:MS20-4484474
XREF IAVA:2020-A-0359-S
XREF CEA-ID:CEA-2020-0101
Plugin Information
Published: 2020/08/11, Modified: 2024/12/02
Plugin Output

tcp/445/cifs



Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7256.5000
131940 - Security Updates for Microsoft Word Products (December 2019)
-
Synopsis
The Microsoft Word Products are missing a security update.
Description
The Microsoft Word Products are missing a security update.
It is, therefore, affected by the following vulnerability :

- A denial of service vulnerability exists in Microsoft Word software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system. Exploitation of the vulnerability requires that a specially crafted document be sent to a vulnerable user. The security update addresses the vulnerability by correcting how Microsoft Word handles objects in memory. (CVE-2019-1461)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4475601
-KB4484094
-KB4484169 For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
5.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.1505
CVSS v2.0 Base Score
7.1 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2019-1461
MSKB 4475601
MSKB 4484094
MSKB 4484169
XREF MSFT:MS19-4475601
XREF MSFT:MS19-4484094
XREF MSFT:MS19-4484169
Plugin Information
Published: 2019/12/10, Modified: 2022/06/10
Plugin Output

tcp/445/cifs



Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7243.5000
139505 - Security Updates for Outlook (August 2020)
-
Synopsis
The Microsoft Outlook application installed on the remote host is affected by multiple vulnerabilities.
Description
The Microsoft Outlook application installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2020-1483)

- An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users.
(CVE-2020-1493)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4484486
-KB4484497
-KB4484475

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
5.5 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
5.0 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
6.3
EPSS Score
0.3033
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-1483
CVE CVE-2020-1493
MSKB 4484486
MSKB 4484497
MSKB 4484475
XREF MSFT:MS20-4484486
XREF MSFT:MS20-4484497
XREF MSFT:MS20-4484475
XREF IAVA:2020-A-0360-S
XREF CEA-ID:CEA-2020-0101
Plugin Information
Published: 2020/08/11, Modified: 2024/02/26
Plugin Output

tcp/445/cifs



Product : Outlook 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe has not been patched.
Remote version : 14.0.7012.1000
Fixed version : 14.0.7256.5000
133622 - Security Updates for Outlook (February 2020)
-
Synopsis
The Microsoft Outlook application installed on the remote host is affected by a Security Feature Bypass Vulnerability (CVE-2020-0696).
Description
An security feature bypass exists in Outlook due to improper the parsing of URI formats. An unauthenticated, remote attacker can exploit this via a specially crafted URI. This can provide opportunities for additional exploits.
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4484250
-KB4484163
-KB4484156
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVSS v3.0 Temporal Score
5.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.0497
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2020-0696
MSKB 4484250
MSKB 4484163
MSKB 4484156
XREF MSFT:MS20-4484250
XREF MSFT:MS20-4484163
XREF MSFT:MS20-4484156
Plugin Information
Published: 2020/02/11, Modified: 2020/04/17
Plugin Output

tcp/445/cifs



Product : Outlook 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe has not been patched.
Remote version : 14.0.7012.1000
Fixed version : 14.0.7245.5000
121027 - Security Updates for Outlook (January 2019)
-
Synopsis
The Microsoft Outlook application installed on the remote host is missing a security update.
Description
The Microsoft Outlook application installed on the remote host is missing a security update. It is, therefore, affected by the following vulnerability :

- An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages. An attacker who successfully exploited this vulnerability could gather information about the victim.
An attacker could exploit this vulnerability by sending a specially crafted email to the victim. The update addresses the vulnerability by correcting the way Microsoft Outlook handles these types of messages.
(CVE-2019-0559)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4461595
-KB4461601
-KB4461623

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
5.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.2237
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2019-0559
MSKB 4461595
MSKB 4461601
MSKB 4461623
XREF MSFT:MS19-4461595
XREF MSFT:MS19-4461601
XREF MSFT:MS19-4461623
Plugin Information
Published: 2019/01/08, Modified: 2019/10/31
Plugin Output

tcp/445/cifs



Product : Outlook 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe has not been patched.
Remote version : 14.0.7012.1000
Fixed version : 14.0.7227.5000
126585 - Security Updates for Outlook (July 2019)
-
Synopsis
The Microsoft Outlook application installed on the remote host is affected by a vulnerability.
Description
The Microsoft Outlook application installed on the remote host is missing security updates. It is, therefore, affected by a vulnerability:

- An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. (CVE-2019-1084)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4464592
-KB4475517
-KB4475509

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
5.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.6
EPSS Score
0.0796
CVSS v2.0 Base Score
4.0 (CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.0 (CVSS2#E:U/RL:OF/RC:C)
References
BID 108929
CVE CVE-2019-1084
MSKB 4464592
MSKB 4475509
MSKB 4475517
XREF MSFT:MS19-4464592
XREF MSFT:MS19-4475509
XREF MSFT:MS19-4475517
Plugin Information
Published: 2019/07/09, Modified: 2019/10/18
Plugin Output

tcp/445/cifs



Product : Outlook 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe has not been patched.
Remote version : 14.0.7012.1000
Fixed version : 14.0.7235.5000
110499 - Security Updates for Outlook (June 2018)
-
Synopsis
The Microsoft Outlook application installed on the remote host is missing a security update.
Description
The Microsoft Outlook application installed on the remote host is missing a security update. It is, therefore, affected by the following vulnerability :

- An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly. An attacker who successfully exploited the vulnerability could send an email with hidden attachments that would be opened or executed once a victim clicks a link within the email. Note that this does not bypass attachment filters, so blocked attachments will still be excluded. (CVE-2018-8244)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4022205
-KB4022169
-KB4022160
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVSS v3.0 Temporal Score
5.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.6
EPSS Score
0.104
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2018-8244
MSKB 4022205
MSKB 4022169
MSKB 4022160
XREF MSFT:MS18-4022205
XREF MSFT:MS18-4022169
XREF MSFT:MS18-4022160
Plugin Information
Published: 2018/06/12, Modified: 2019/11/04
Plugin Output

tcp/445/cifs



Product : Outlook 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe has not been patched.
Remote version : 14.0.7012.1000
Fixed version : 14.0.7210.5000
112116 - Security Updates for Windows 10 / Windows Server 2016 (August 2018) (Spectre) (Meltdown) (Foreshadow)
-
Synopsis
The remote Windows host is missing a microcode update.
Description
The remote Windows host is missing a security update. It is, therefore, missing microcode updates to address Rogue System Register Read (RSRE), Speculative Store Bypass (SSB), L1 Terminal Fault (L1TF), and Branch Target Injection vulnerabilities.
See Also
Solution
Microsoft has released security updates for Windows 10 and Windows Server 2016.
Risk Factor
Medium
CVSS v3.0 Base Score
6.4 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N)
CVSS v3.0 Temporal Score
5.8 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.3909
CVSS v2.0 Base Score
5.4 (CVSS2#AV:L/AC:M/Au:N/C:C/I:P/A:N)
CVSS v2.0 Temporal Score
4.2 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 104228
BID 104232
BID 105080
CVE CVE-2018-3615
CVE CVE-2018-3620
CVE CVE-2018-3639
CVE CVE-2018-3640
CVE CVE-2018-3646
MSKB 4346084
MSKB 4346085
MSKB 4346086
MSKB 4346087
MSKB 4346088
XREF MSFT:MS18-4346084
XREF MSFT:MS18-4346085
XREF MSFT:MS18-4346086
XREF MSFT:MS18-4346087
XREF MSFT:MS18-4346088
Plugin Information
Published: 2018/08/24, Modified: 2025/03/26
Plugin Output

tcp/445/cifs



KB : 4346087
- C:\Windows\system32\mcupdate_genuineintel.dll has not been patched.
Remote version : 10.0.14393.0
Should be : 10.0.14393.2453
121035 - Security Updates for Windows 10 / Windows Server 2016 (January 2019) (Spectre)
-
Synopsis
The remote Windows host is missing a microcode update.
Description
The remote Windows host is missing a security update. It is, therefore, missing microcode updates to address Spectre Variant 2 (CVE-2017-5715: Branch Target Injection) vulnerability.
See Also
Solution
Microsoft has released security updates for Windows 10 and Windows Server 2016.
Risk Factor
Low
CVSS v3.0 Base Score
5.6 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
5.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
7.6
EPSS Score
0.9159
CVSS v2.0 Base Score
1.9 (CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
1.7 (CVSS2#E:H/RL:OF/RC:C)
References
BID 102376
CVE CVE-2017-5715
MSKB 4090007
MSKB 4091663
MSKB 4091664
MSKB 4091666
MSKB 4100347
XREF MSFT:MS19-4090007
XREF MSFT:MS19-4091663
XREF MSFT:MS19-4091664
XREF MSFT:MS19-4091666
XREF MSFT:MS19-4100347
Plugin Information
Published: 2019/01/09, Modified: 2024/06/17
Plugin Output

tcp/445/cifs



KB : 4091664
- C:\Windows\system32\mcupdate_genuineintel.dll has not been patched.
Remote version : 10.0.14393.0
Should be : 10.0.14393.2544
119239 - Security Updates for Windows 10 / Windows Server 2016 (September 2018) (Spectre)
-
Synopsis
The remote Windows host is missing a microcode update.
Description
The remote Windows host is missing a security update. It is, therefore, missing microcode updates to address Spectre Variant 2 (CVE-2017-5715: Branch Target Injection) vulnerability.
See Also
Solution
Microsoft has released security updates for Windows 10 and Windows Server 2016.
Risk Factor
Low
CVSS v3.0 Base Score
5.6 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
5.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
7.6
EPSS Score
0.9159
CVSS v2.0 Base Score
1.9 (CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
1.7 (CVSS2#E:H/RL:OF/RC:C)
References
CVE CVE-2017-5715
MSKB 4091664
XREF MSFT:MS18-4091664
Plugin Information
Published: 2018/11/27, Modified: 2024/06/17
Plugin Output

tcp/445/cifs



KB : 4091664
- C:\Windows\system32\mcupdate_genuineintel.dll has not been patched.
Remote version : 10.0.14393.0
Should be : 10.0.14393.2516
169783 - Security Updates for Windows Malicious Software Removal Tool (January 2023)
-
Synopsis
The remote Windows host has an antimalware application that is affected by a privilege escalation vulnerability.
Description
The Windows Malicious Software Removal Tool installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability:

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2023-21725)
See Also
Solution
Microsoft has released version 5.109 to address this issue.
Risk Factor
Medium
CVSS v3.0 Base Score
6.3 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H)
CVSS v3.0 Temporal Score
5.9 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
7.7
EPSS Score
0.0009
CVSS v2.0 Base Score
5.5 (CVSS2#AV:L/AC:H/Au:S/C:N/I:C/A:C)
CVSS v2.0 Temporal Score
4.5 (CVSS2#E:F/RL:OF/RC:C)
References
Plugin Information
Published: 2023/01/10, Modified: 2023/09/08
Plugin Output

tcp/445/cifs


Product : Microsoft Malicious Software Removal Tool
Installed version : 5.86.17836.1
Fixed version : 5.109.19957.1

58453 - Terminal Services Doesn't Use Network Level Authentication (NLA) Only
-
Synopsis
The remote Terminal Services doesn't use Network Level Authentication only.
Description
The remote Terminal Services is not configured to use Network Level Authentication (NLA) only. NLA uses the Credential Security Support Provider (CredSSP) protocol to perform strong server authentication either through TLS/SSL or Kerberos mechanisms, which protect against man-in-the-middle attacks. In addition to improving authentication, NLA also helps protect the remote computer from malicious users and software by completing user authentication before a full RDP connection is established.
See Also
Solution
Enable Network Level Authentication (NLA) on the remote RDP server. This is generally done on the 'Remote' tab of the 'System' settings on Windows.
Risk Factor
Medium
CVSS v3.0 Base Score
4.0 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N)
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
Plugin Information
Published: 2012/03/23, Modified: 2025/09/29
Plugin Output

tcp/3389/msrdp

Nessus was able to negotiate non-NLA (Network Level Authentication) security.

236832 - VMware Tools 11.x / 12.x < 12.5.2 Insecure File Handling (VMSA-2025-0007)
-
Synopsis
The virtualization tool suite is installed on the remote host is affected by an insecure file handling vulnerability.
Description
The version of VMware Tools installed on the remote host is 11.x or 12.x prior to 12.5.2. It is, therefore, affected by an insecure file handling vulnerability:

- VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM. (CVE-2025-22247)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to VMware Tools version 12.5.2 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
6.1 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N)
VPR Score
5.0
EPSS Score
0.0001
CVSS v2.0 Base Score
5.2 (CVSS2#AV:L/AC:L/Au:S/C:P/I:C/A:N)
STIG Severity
I
References
CVE CVE-2025-22247
XREF VMSA:2025-0007
XREF IAVA:2025-A-0324-S
Plugin Information
Published: 2025/05/16, Modified: 2025/10/02
Plugin Output

tcp/445/cifs


Path : C:\Program Files\VMware\VMware Tools\
Installed version : 12.3.5.46049
Fixed version : 12.5.2
247827 - VMware Tools 11.x / 12.x < 12.5.3 / 13.x < 13.0.1.0 vSockets Information Disclosure (VMSA-2025-0013)
-
Synopsis
The virtualization tool suite is installed on the remote Windows host is affected by an information disclosure vulnerability.
Description
The version of VMware Tools installed on the remote Windows host is 11.x, 12.x prior to 12.5.3, or 13.x prior to 13.0.1.0. It is, therefore, affected by an information disclosure vulnerbility:

- VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets. A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to leak memory from processes communicating with vSockets. (CVE-2025-41239)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to VMware Tools version 12.5.3 or 13.0.1.0 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
6.2 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
VPR Score
4.4
EPSS Score
0.0001
CVSS v2.0 Base Score
4.9 (CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N)
References
CVE CVE-2025-41239
XREF VMSA:2025-0013
Plugin Information
Published: 2025/08/11, Modified: 2025/08/11
Plugin Output

tcp/445/cifs


Path : C:\Program Files\VMware\VMware Tools\
Installed version : 12.3.5.46049
Fixed version : 12.5.3
234002 - WinRAR < 7.11 Mark of the Web Bypass (CVE-2025-31334)
-
Synopsis
The remote Windows host has an application installed which is affected by a mark of the web bypass vulnerability.
Description
The remote host is running WinRAR, an archive manager for Windows, whose reported version is prior to 7.11. It is, therefore, affected by a vulnerability:

- Issue that bypasses the 'Mark of the Web' security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed. (CVE-2025-31334)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to WinRAR version 7.11 or later.
Risk Factor
High
CVSS v3.0 Base Score
6.8 (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)
VPR Score
6.7
EPSS Score
0.0007
CVSS v2.0 Base Score
8.5 (CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)
STIG Severity
II
References
CVE CVE-2025-31334
XREF IAVA:2025-A-0227
Plugin Information
Published: 2025/04/08, Modified: 2025/04/11
Plugin Output

tcp/445/cifs


Path : C:\Program Files\WinRAR\WinRAR.exe
Installed version : 6.0.0.0
Fixed version : 7.11
136946 - Windows 10 / Windows Server 2016 September 2017 Information Disclosure Vulnerability (CVE-2017-8529)
-
Synopsis
The remote Windows host is affected by an information disclosure vulnerability.
Description
The remote Windows host is missing a security update or a registry setting required to enable protections for CVE-2017-8529. It is, therefore, affected by an information disclosure vulnerability:

- An information disclosure vulnerability exists when affected Microsoft scripting engines do not properly handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer. In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability.
See Also
Solution
Refer to the Microsoft CVE article for additional information.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
5.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.2763
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
References
BID 98953
CVE CVE-2017-8529
MSKB 4038781
MSKB 4038783
MSKB 4038782
MSKB 4038788
XREF MSFT:MS17-4038781
XREF MSFT:MS17-4038783
XREF MSFT:MS17-4038782
XREF MSFT:MS17-4038788
Plugin Information
Published: 2020/05/28, Modified: 2024/06/17
Plugin Output

tcp/445/cifs



The following registry key is required to enable the fix for CVE-2017-8529 and is missing.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX\iexplore.exe

The following registry key is required to enable the fix for CVE-2017-8529 and is missing.
HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX\iexplore.exe
132101 - Windows Speculative Execution Configuration Check
-
Synopsis
The remote host has not properly mitigated a series of speculative execution vulnerabilities.
Description
The remote host has not properly mitigated a series of known speculative execution vulnerabilities. It, therefore, may be affected by :
- Branch Target Injection (BTI) (CVE-2017-5715)
- Bounds Check Bypass (BCB) (CVE-2017-5753)
- Rogue Data Cache Load (RDCL) (CVE-2017-5754)
- Rogue System Register Read (RSRE) (CVE-2018-3640)
- Speculative Store Bypass (SSB) (CVE-2018-3639)
- L1 Terminal Fault (L1TF) (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646)
- Microarchitectural Data Sampling Uncacheable Memory (MDSUM) (CVE-2019-11091)
- Microarchitectural Store Buffer Data Sampling (MSBDS) (CVE-2018-12126)
- Microarchitectural Load Port Data Sampling (MLPDS) (CVE-2018-12127)
- Microarchitectural Fill Buffer Data Sampling (MFBDS) (CVE-2018-12130)
- TSX Asynchronous Abort (TAA) (CVE-2019-11135)
- Intel Branch History Injection (BHI) (CVE-2022-0001)
See Also
Solution
Apply vendor recommended settings.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
6.2 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
7.9
EPSS Score
0.9433
CVSS v2.0 Base Score
5.4 (CVSS2#AV:L/AC:M/Au:N/C:C/I:P/A:N)
CVSS v2.0 Temporal Score
4.7 (CVSS2#E:H/RL:OF/RC:C)
References
BID 102371
BID 102378
BID 104232
BID 105080
BID 108330
CVE CVE-2017-5715
CVE CVE-2017-5753
CVE CVE-2017-5754
CVE CVE-2018-3615
CVE CVE-2018-3620
CVE CVE-2018-3639
CVE CVE-2018-3646
CVE CVE-2018-12126
CVE CVE-2018-12127
CVE CVE-2018-12130
CVE CVE-2019-11135
CVE CVE-2022-0001
XREF CEA-ID:CEA-2019-0547
XREF CEA-ID:CEA-2019-0324
Exploitable With
CANVAS (true)
Plugin Information
Published: 2019/12/18, Modified: 2025/08/27
Plugin Output

tcp/445/cifs

Current Settings:
- SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\
MinVmVersionForCpuBasedMitigations: Not Set
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: Not Set
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: Not Set

-----------------------------------

Recommended Settings 1:
- SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\
MinVmVersionForCpuBasedMitigations: 1.0
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: 0x00000003 (3)
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: 0x00000048 (72)
CVEs Covered:
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620,
CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11135
Note: Hyper-Threading enabled.

-----------------------------------

Recommended Settings 2:
- SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\
MinVmVersionForCpuBasedMitigations: 1.0
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: 0x00000003 (3)
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: 0x00002048 (8264)
CVEs Covered:
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620,
CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11135
Note: Hyper-Threading disabled.

-----------------------------------

Recommended Settings 3:
- SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\
MinVmVersionForCpuBasedMitigations: 1.0
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: 0x00000003 (3)
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: 0x00802048 (8396872)
CVEs Covered:
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620,
CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11135, CVE-2022-0001
Note: Hyper-Threading disabled.

-----------------------------------

Recommended Settings 4:
- SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\
MinVmVersionForCpuBasedMitigations: 1.0
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: 0x00000003 (3)
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: 0x00800048 (8388680)
CVEs Covered:
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620,
CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11135, CVE-2022-0001
Note: Hyper-Threading enabled.

10114 - ICMP Timestamp Request Remote Date Disclosure
-
Synopsis
It is possible to determine the exact time set on the remote host.
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authentication protocols.

Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, but usually within 1000 seconds of the actual system time.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
Low
VPR Score
2.2
EPSS Score
0.0037
CVSS v2.0 Base Score
2.1 (CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)
References
Plugin Information
Published: 1999/08/01, Modified: 2024/10/07
Plugin Output

icmp/0

The ICMP timestamps seem to be in little endian format (not in network format)
The remote clock is synchronized with the local clock.

142688 - Security Updates for Microsoft Word Products (November 2020)
-
Synopsis
The Microsoft Word Products are affected by multiple vulnerabilities.
Description
The Microsoft Office Word installation on the remote host is missing a security update. It is, therefore, affected by an unspecified remote code execution vulnerability. An attacker can exploit this vulnerability by tricking a user into opening a specially crafted Office file.
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4486730
-KB4486719
-KB4486740

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
Low
CVSS v3.0 Base Score
3.3 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)
CVSS v3.0 Temporal Score
2.9 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
1.4
EPSS Score
0.0101
CVSS v2.0 Base Score
2.1 (CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
1.6 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-17020
MSKB 4486730
MSKB 4486719
MSKB 4486740
XREF MSFT:MS20-4486730
XREF MSFT:MS20-4486719
XREF MSFT:MS20-4486740
XREF IAVA:2020-A-0563-S
Plugin Information
Published: 2020/11/10, Modified: 2024/02/09
Plugin Output

tcp/445/cifs



Product : Word 2010
- C:\Program Files (x86)\Microsoft Office\Office14\WinWord.exe has not been patched.
Remote version : 14.0.7015.1000
Fixed version : 14.0.7262.5000
111756 - Security Updates for Outlook (August 2018)
-
Synopsis
The Microsoft Outlook application installed on the remote host is affected by multiple vulnerabilities.
Description
The Microsoft Outlook application installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities.
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4032222
-KB4032235
-KB4032240
Risk Factor
Low
References
MSKB 4032222
MSKB 4032235
MSKB 4032240
XREF MSFT:MS18-4032222
XREF MSFT:MS18-4032235
XREF MSFT:MS18-4032240
Plugin Information
Published: 2018/08/15, Modified: 2018/08/15
Plugin Output

tcp/445/cifs



Product : Outlook 2010
- C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe has not been patched.
Remote version : 14.0.7012.1000
Fixed version : 14.0.7212.5000

46180 - Additional DNS Hostnames
-
Synopsis
Nessus has detected potential virtual hosts.
Description
Hostnames different from the current hostname have been collected by miscellaneous plugins. Nessus has generated a list of hostnames that point to the remote host. Note that these are only the alternate hostnames for vhosts discovered on a web server.

Different web servers may be hosted on name-based virtual hosts.
See Also
Solution
If you want to test them, re-scan using the special vhost syntax, such as :

www.example.com[192.0.32.10]
Risk Factor
None
Plugin Information
Published: 2010/04/29, Modified: 2022/08/15
Plugin Output

tcp/0

The following hostnames point to the remote host :
- mumportal001

16193 - Antivirus Software Check
-
Synopsis
An antivirus application is installed on the remote host.
Description
An antivirus application is installed on the remote host, and its engine and virus definitions are up to date.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/01/18, Modified: 2025/05/27
Plugin Output

tcp/445/cifs


Kaspersky :
Kaspersky Anti-Virus is installed on the remote host :

Product name : Kaspersky Endpoint Security for Windows
Version : 21.15.8.493
Installation path : C:\Program Files (x86)\Kaspersky Lab\KES.12.3.0
Virus signatures : 01/09/2026

156001 - Apache Log4j JAR Detection (Windows)
-
Synopsis
Apache Log4j is installed on the remote Windows host.
Description
One or more instances of Apache Log4j, a logging API, are installed on the remote Windows Host.

- Powershell version 5 or greater is required for this plugin.

- If the 'Perform thorough tests' setting is enabled, this plugin will inspect the manifest and properties files of the detected Java archive files.

- The plugin timeout can be set to a custom value other than the plugin's default of 60 minutes via the 'timeout.156001' scanner setting in Nessus 8.15.1 or later.

Please see https://docs.tenable.com/nessus/Content/SettingsAdvanced.htm#Custom for more information.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVA:0001-A-0650
XREF IAVT:0001-T-0941
Plugin Information
Published: 2021/12/10, Modified: 2025/12/15
Plugin Output

tcp/0


Nessus detected 4 installs of Apache Log4j:

Path : C:\oracle\product\10.2.0\db_1\oc4j\j2ee\oc4j_applications\applications\isqlplus\isqlplus.war
Version : 1.2.6
JMSAppender.class association : Found
JdbcAppender.class association : Found
JndiLookup.class association : Not Found
Library : WEB-INF/lib/log4j-1.2.6.jar
Method : log4j-core dependency search

Path : C:\oracle\product\10.2.0\db_1\oc4j\j2ee\oc4j_applications\applications\isqlplus\isqlplus\WEB-INF\lib\log4j-1.2.6.jar
Version : 1.2.6
JMSAppender.class association : Found
JdbcAppender.class association : Found
JndiLookup.class association : Not Found
Method : log4j-core file search

Path : C:\oracle\product\10.2.0\db_1\sysman\admin\emdrep\lib\log4j.jar
Version : unknown
JMSAppender.class association : Found
JdbcAppender.class association : Not Found
JndiLookup.class association : Not Found
Method : log4j-core file search

Path : C:\oracle\product\10.2.0\db_1\sysman\jlib\log4j-core.jar
Version : unknown
JMSAppender.class association : Not Found
JdbcAppender.class association : Not Found
JndiLookup.class association : Not Found
Method : log4j-core file search

709 Jar files successfully inspected.
92415 - Application Compatibility Cache
-
Synopsis
Nessus was able to gather application compatibility settings on the remote host.
Description
Nessus was able to generate a report on the application compatibility cache on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output

tcp/0

Application compatibility cache report attached.
34097 - BIOS Info (SMB)
-
Synopsis
BIOS info could be read.
Description
It is possible to get information about the BIOS via the host's SMB interface.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/08, Modified: 2024/06/11
Plugin Output

tcp/0


Version : 6.00
Release date : 20201112000000.000000+000
Secure boot : disabled
34096 - BIOS Info (WMI)
-
Synopsis
The BIOS info could be read.
Description
It is possible to get information about the BIOS via the host's WMI interface.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/05, Modified: 2025/12/15
Plugin Output

tcp/0


Vendor : Phoenix Technologies LTD
Version : 6.00
Release date : 20201112000000.000000+000
UUID : 24994D56-67F1-81BA-6AAD-E3C03B096BC1
Secure boot : disabled
92416 - BagMRU Folder History
-
Synopsis
Nessus was able to enumerate folders that were opened in Windows Explorer.
Description
Nessus was able to enumerate folders that were opened in Windows Explorer. Microsoft Windows maintains folder settings using a registry key known as shellbags or BagMRU. The generated folder list report contains folders local to the system, folders from past mounted network drives, and folders from mounted devices.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output

tcp/0

BagMRU report attached.
45590 - Common Platform Enumeration (CPE)
-
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.

Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/04/21, Modified: 2025/09/29
Plugin Output

tcp/0


The remote operating system matched the following CPE :

cpe:/o:microsoft:windows_server_2016:10.0.14393.4225:-:~~datacenter~~x64~ -> Microsoft Windows Server 2016

Following application CPE's matched on the remote system :

cpe:/a:apache:log4j -> Apache Software Foundation log4j
cpe:/a:apache:log4j:1.2.6 -> Apache Software Foundation log4j
cpe:/a:kaspersky:kaspersky_anti-virus:21.15.8.493 -> Kaspersky Anti-virus
cpe:/a:microsoft:.net_core:1.0.5 -> Microsoft .NET Core
cpe:/a:microsoft:.net_core:1.1.0 -> Microsoft .NET Core
cpe:/a:microsoft:.net_core:1.1.2 -> Microsoft .NET Core
cpe:/a:microsoft:.net_core:3.1.3.28628 -> Microsoft .NET Core
cpe:/a:microsoft:.net_core:7.0.10 -> Microsoft .NET Core
cpe:/a:microsoft:.net_core:7.0.400 -> Microsoft .NET Core
cpe:/a:microsoft:.net_core:8.0.22 -> Microsoft .NET Core
cpe:/a:microsoft:.net_core:8.0.303 -> Microsoft .NET Core
cpe:/a:microsoft:.net_core:8.0.7 -> Microsoft .NET Core
cpe:/a:microsoft:.net_framework:2.0.50727 -> Microsoft .NET Framework
cpe:/a:microsoft:.net_framework:2.0.50727.8953 -> Microsoft .NET Framework
cpe:/a:microsoft:.net_framework:3.0 -> Microsoft .NET Framework
cpe:/a:microsoft:.net_framework:3.5 -> Microsoft .NET Framework
cpe:/a:microsoft:.net_framework:4.7.2 -> Microsoft .NET Framework
cpe:/a:microsoft:.net_framework:4.7.3701.0 -> Microsoft .NET Framework
cpe:/a:microsoft:asp.net_core:3.1.3 -> Microsoft ASP.NET Core
cpe:/a:microsoft:asp.net_core:7.0.10 -> Microsoft ASP.NET Core
cpe:/a:microsoft:asp.net_core:8.0.22 -> Microsoft ASP.NET Core
cpe:/a:microsoft:asp.net_core:8.0.7 -> Microsoft ASP.NET Core
cpe:/a:microsoft:excel:14.0.7015.1000:2 -> Microsoft Excel
cpe:/a:microsoft:excelcnv:14.0.7015.1000:2
cpe:/a:microsoft:ie:11.4046.14393.0 -> Microsoft Internet Explorer
cpe:/a:microsoft:internet_explorer:11.0.14393.4225 -> Microsoft Internet Explorer
cpe:/a:microsoft:internet_information_services:10.0.14393.0 -> Microsoft Internet Information Server (IIS) -
cpe:/a:microsoft:office:2010:2 -> Microsoft Office
cpe:/a:microsoft:office_compatibility_pack -> Microsoft Office Compatibility Pack Service Pack 2
cpe:/a:microsoft:office_compatibility_pack:14.0.4762.1000 -> Microsoft Office Compatibility Pack Service Pack 2
cpe:/a:microsoft:office_compatibility_pack:14.0.7015.1000 -> Microsoft Office Compatibility Pack Service Pack 2
cpe:/a:microsoft:onenote:14.0.7015.1000 -> Microsoft OneNote
cpe:/a:microsoft:onenote:14.0.7015.1000:2 -> Microsoft OneNote
cpe:/a:microsoft:outlook:14.0.7012.1000:1 -> Microsoft Outlook
cpe:/a:microsoft:powerpoint:14.0.7015.1000:2 -> Microsoft PowerPoint
cpe:/a:microsoft:publisher:14.0.7011.1000:1 -> Microsoft Publisher
cpe:/a:microsoft:remote_desktop_connection:10.0.14393.4169 -> Microsoft Remote Desktop Connection
cpe:/a:microsoft:sql_server:10.0.2531.0 -> Microsoft SQLServer
cpe:/a:microsoft:sql_server:13.0.4001.0 -> Microsoft SQLServer
cpe:/a:microsoft:sql_server:15.0.4335.0 -> Microsoft SQLServer
cpe:/a:microsoft:sql_server:15.0.4335.1 -> Microsoft SQLServer
cpe:/a:microsoft:sql_server:2008:sp1 -> Microsoft SQLServer
cpe:/a:microsoft:visual_studio:10.0.40219.1 -> Microsoft Visual Studio
cpe:/a:microsoft:visual_studio:11.0.61219.0 -> Microsoft Visual Studio
cpe:/a:microsoft:visual_studio:14.0.25420.1 -> Microsoft Visual Studio
cpe:/a:microsoft:visual_studio_tools_for_applications:15.0.27520
cpe:/a:microsoft:visual_studio_tools_for_applications:16.0.31110
cpe:/a:microsoft:word:14.0.7015.1000:2 -> Microsoft Word
cpe:/a:microsoft:wordcnv:14.0.4762.1000:0
cpe:/a:notepad-plus-plus:notepad%2b%2b:8.3.3.0 -> notepad-plus-plus Notepad++
cpe:/a:oracle:database_server:10.2.0.4.0 -> Oracle Database Server
cpe:/a:oracle:global_lifecycle_management_opatch:10.2.0.4.2 -> Oracle Global Lifecycle Management OPatch
cpe:/a:oracle:jre:17.0.12 -> Oracle JRE
cpe:/a:oracle:mysql:5.1.13 -> Oracle MySQL -
cpe:/a:oracle:mysql:5.3.14 -> Oracle MySQL -
cpe:/a:postman:postman:10.24.26 -> Postman
cpe:/a:rarlab:winrar:6.0.0.0 -> RARLAB WinRAR
cpe:/a:smartbedded:meteobridge_firmware
cpe:/a:vmware:tools:12.3.5.46049 -> VMWare Tools
cpe:/a:vmware:vcenter_converter:6.1.1 -> Vmware Vcenter Converter
x-cpe:/a:hpe:smart_storage_administrator:2.60.18.0
x-cpe:/a:microsoft:azure_data_studio:1.41.2.0
x-cpe:/a:microsoft:odbc_driver_for_sql_server:17.10.5.1
x-cpe:/a:microsoft:ole_db_driver_for_sql_server:18.6.7.0
x-cpe:/a:microsoft:web_deploy:10.0.1981
24270 - Computer Manufacturer Information (WMI)
-
Synopsis
It is possible to obtain the name of the remote computer manufacturer.
Description
By making certain WMI queries, it is possible to obtain the model of the remote computer as well as the name of its manufacturer and its serial number.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/02/02, Modified: 2025/12/15
Plugin Output

tcp/0


Computer Manufacturer : VMware, Inc.
Computer Model : VMware Virtual Platform
Computer SerialNumber : VMware-56 4d 99 24 f1 67 ba 81-6a ad e3 c0 3b 09 6b c1
Computer Type : Other

Computer Physical CPU's : 40
Computer Logical CPU's : 40
CPU0
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU1
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU2
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU3
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU4
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU5
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU6
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU7
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU8
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU9
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU10
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU11
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU12
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU13
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU14
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU15
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU16
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU17
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU18
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU19
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU20
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU21
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU22
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU23
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU24
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU25
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU26
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU27
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU28
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU29
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU30
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU31
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU32
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU33
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU34
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU35
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU36
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU37
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU38
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU39
Architecture : x64
Physical Cores: 1
Logical Cores : 1

Computer Memory : 65535 MB
RAM slot #0
Form Factor: DIMM
Type : DRAM
Capacity : 16384 MB
RAM slot #1
Form Factor: DIMM
Type : DRAM
Capacity : 16384 MB
RAM slot #2
Form Factor: DIMM
Type : DRAM
Capacity : 16384 MB
RAM slot #3
Form Factor: DIMM
Type : DRAM
Capacity : 16384 MB

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/135/epmap


The following DCERPC services are available locally :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc08DC50

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc08DC50

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-48d67df745af7c9999

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : dabrpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : csebpub

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : d2716e94-25cb-4820-bc15-537866578562, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEA39F68FF3AA05603865124DA1043

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : d2716e94-25cb-4820-bc15-537866578562, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-f4dd3a0dda7b33a6dc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0c53aa2e-fb1c-49c5-bfb6-c54f8e5857cd, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEA39F68FF3AA05603865124DA1043

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0c53aa2e-fb1c-49c5-bfb6-c54f8e5857cd, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-f4dd3a0dda7b33a6dc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 923c9623-db7f-4b34-9e6d-e86580f8ca2a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEA39F68FF3AA05603865124DA1043

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 923c9623-db7f-4b34-9e6d-e86580f8ca2a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-f4dd3a0dda7b33a6dc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4b112204-0e19-11d3-b42b-0000f81feb9f, version 1.0
Description : SSDP service
Windows process : unknow
Type : Local RPC service
Named pipe : LRPC-ee932d287d9bfa296c

Object UUID : 5252504b-4950-534e-61f8-6a5dc01c0000
UUID : 9b3e3722-1740-6e1f-4b50-525250494453, version 169.111
Description : Unknown RPC service
Annotation : PRRUniversal#894755801B0EA622:7360
Type : Local RPC service
Named pipe : PRRUniversal#894755801B0EA622:7360

Object UUID : 9b3e3722-fb3c-0007-4b50-525250524944
UUID : 9b3e3722-d801-7233-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : PR_REMOTE_MANAGER_PROP
Type : Local RPC service
Named pipe : PRRNameService:7360

Object UUID : 9b3e3722-fb3c-0007-4b50-525250524944
UUID : 9b3e3722-d801-7233-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : PR_REMOTE_MANAGER_PROP
Type : Local RPC service
Named pipe : PRRUniversal#894755801B0EA622:7360

Object UUID : 9b3e3722-e72a-000f-4b50-525250524944
UUID : 9b3e3722-e474-f035-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : cpnPRAGUE_REMOTE_API
Type : Local RPC service
Named pipe : PRRNameService:7360

Object UUID : 9b3e3722-e72a-000f-4b50-525250524944
UUID : 9b3e3722-e474-f035-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : cpnPRAGUE_REMOTE_API
Type : Local RPC service
Named pipe : PRRUniversal#894755801B0EA622:7360

Object UUID : 07ead6d4-0000-0000-61f8-6a5dc01c0000
UUID : 9b3e3722-c75c-28ad-4b50-52524f424a53, version 169.111
Description : Unknown RPC service
Annotation : PRRoot
Type : Local RPC service
Named pipe : PRRNameService:7360

Object UUID : 07ead6d4-0000-0000-61f8-6a5dc01c0000
UUID : 9b3e3722-c75c-28ad-4b50-52524f424a53, version 169.111
Description : Unknown RPC service
Annotation : PRRoot
Type : Local RPC service
Named pipe : PRRUniversal#894755801B0EA622:7360

Object UUID : 00000002-0000-0000-0000-000000000000
UUID : 8ec21e98-b5ce-4916-a3d6-449fa428a007, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE5D2074D0D42DF5785FE039AE7BEF

Object UUID : 00000002-0000-0000-0000-000000000000
UUID : 8ec21e98-b5ce-4916-a3d6-449fa428a007, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-17afb25e35b27ff57c

Object UUID : 00000002-0000-0000-0000-000000000000
UUID : 0fc77b1a-95d8-4a2e-a0c0-cff54237462b, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE5D2074D0D42DF5785FE039AE7BEF

Object UUID : 00000002-0000-0000-0000-000000000000
UUID : 0fc77b1a-95d8-4a2e-a0c0-cff54237462b, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-17afb25e35b27ff57c

Object UUID : 00000002-0000-0000-0000-000000000000
UUID : b1ef227e-dfa5-421e-82bb-67a6a129c496, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE5D2074D0D42DF5785FE039AE7BEF

Object UUID : 00000002-0000-0000-0000-000000000000
UUID : b1ef227e-dfa5-421e-82bb-67a6a129c496, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-17afb25e35b27ff57c

Object UUID : 5252504b-4950-534e-5438-5fb41c1f0000
UUID : 9b3e3722-defe-f4e6-4b50-525250494453, version 169.111
Description : Unknown RPC service
Annotation : PRRUniversal#E03B957244B075CB:7964
Type : Local RPC service
Named pipe : PRRUniversal#E03B957244B075CB:7964

Object UUID : 9b3e3722-fb3c-0007-4b50-525250524944
UUID : 9b3e3722-d801-7233-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : PR_REMOTE_MANAGER_PROP
Type : Local RPC service
Named pipe : PRRNameService:7964

Object UUID : 9b3e3722-fb3c-0007-4b50-525250524944
UUID : 9b3e3722-d801-7233-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : PR_REMOTE_MANAGER_PROP
Type : Local RPC service
Named pipe : PRRUniversal#E03B957244B075CB:7964

Object UUID : 9b3e3722-e72a-000f-4b50-525250524944
UUID : 9b3e3722-e474-f035-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : cpnPRAGUE_REMOTE_API
Type : Local RPC service
Named pipe : PRRNameService:7964

Object UUID : 9b3e3722-e72a-000f-4b50-525250524944
UUID : 9b3e3722-e474-f035-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : cpnPRAGUE_REMOTE_API
Type : Local RPC service
Named pipe : PRRUniversal#E03B957244B075CB:7964

Object UUID : 00868554-0000-0000-5438-5fb41c1f0000
UUID : 9b3e3722-c75c-28ad-4b50-52524f424a53, version 169.111
Description : Unknown RPC service
Annotation : PRRoot
Type : Local RPC service
Named pipe : PRRNameService:7964

Object UUID : 00868554-0000-0000-5438-5fb41c1f0000
UUID : 9b3e3722-c75c-28ad-4b50-52524f424a53, version 169.111
Description : Unknown RPC service
Annotation : PRRoot
Type : Local RPC service
Named pipe : PRRUniversal#E03B957244B075CB:7964

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000002
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc0985582

Object UUID : 52ef130c-08fd-4388-86b3-6edf00000002
UUID : 12e65dd8-887f-41ef-91bf-8d816c42c2e7, version 1.0
Description : Unknown RPC service
Annotation : Secure Desktop LRPC interface
Type : Local RPC service
Named pipe : WMsgKRpc0985582

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e7a216af-1ec1-447f-8d3f-a87278db564d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-27daeddebfc6f5c3da

Object UUID : 7c05995d-f9be-43e3-b50e-7d2a6850cf35
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-39991c5d80cee71990

Object UUID : fb40bf0c-1056-45ad-8ae2-e1975146164f
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-39991c5d80cee71990

Object UUID : 943320c0-6c1f-4365-ae50-c1184f5ce62b
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-39991c5d80cee71990

Object UUID : dac33e11-6b99-4648-8f45-e5614a99bdc9
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : OLE4CF8F7118184BE8F277BBA67D4AD

Object UUID : dac33e11-6b99-4648-8f45-e5614a99bdc9
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-d09597d749b104d04c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1.0
Description : Unknown RPC service
Annotation : Remote Fw APIs
Type : Local RPC service
Named pipe : ipsec

Object UUID : 5252504b-4950-534e-beca-dbd4840a0000
UUID : 9b3e3722-363d-2f1a-4b50-525250494453, version 169.111
Description : Unknown RPC service
Annotation : PRRUniversal#00B827DD122CD6DE:2692
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 9b3e3722-fb3c-0007-4b50-525250524944
UUID : 9b3e3722-d801-7233-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : PR_REMOTE_MANAGER_PROP
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 9b3e3722-fb3c-0007-4b50-525250524944
UUID : 9b3e3722-d801-7233-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : PR_REMOTE_MANAGER_PROP
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 9b3e3722-e72a-000f-4b50-525250524944
UUID : 9b3e3722-e474-f035-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : cpnPRAGUE_REMOTE_API
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 9b3e3722-e72a-000f-4b50-525250524944
UUID : 9b3e3722-e474-f035-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : cpnPRAGUE_REMOTE_API
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 05c80f90-0000-0000-beca-dbd4840a0000
UUID : 9b3e3722-bab3-e001-4b50-52524f424a53, version 169.111
Description : Unknown RPC service
Annotation : ai_loader_remote_object
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 05c80f90-0000-0000-beca-dbd4840a0000
UUID : 9b3e3722-bab3-e001-4b50-52524f424a53, version 169.111
Description : Unknown RPC service
Annotation : ai_loader_remote_object
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 9b3e3722-abb6-0007-4b50-525250524944
UUID : 9b3e3722-7551-7dee-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : cpTEMPFILE_MEMMANAGER
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 9b3e3722-abb6-0007-4b50-525250524944
UUID : 9b3e3722-7551-7dee-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : cpTEMPFILE_MEMMANAGER
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 00000000-0000-0000-beca-dbd4840a0000
UUID : 9b3e3722-bab3-e001-4b50-52524f424a53, version 169.111
Description : Unknown RPC service
Annotation : ai_loader_remote_object
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 00000000-0000-0000-beca-dbd4840a0000
UUID : 9b3e3722-bab3-e001-4b50-52524f424a53, version 169.111
Description : Unknown RPC service
Annotation : ai_loader_remote_object
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 049307ec-0000-0000-beca-dbd4840a0000
UUID : 9b3e3722-c75c-28ad-4b50-52524f424a53, version 169.111
Description : Unknown RPC service
Annotation : PRRoot
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 049307ec-0000-0000-beca-dbd4840a0000
UUID : 9b3e3722-c75c-28ad-4b50-52524f424a53, version 169.111
Description : Unknown RPC service
Annotation : PRRoot
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 9b3e3722-8790-000c-4b50-525250524944
UUID : 9b3e3722-1441-c93d-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : cpTASK_MANAGER_TASK_TYPE_NAME
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 9b3e3722-8790-000c-4b50-525250524944
UUID : 9b3e3722-1441-c93d-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : cpTASK_MANAGER_TASK_TYPE_NAME
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 9b3e3722-a517-000d-4b50-525250524944
UUID : 9b3e3722-f9a8-d5cb-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : cpTASK_MANAGER_PROFILE_NAME
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 9b3e3722-a517-000d-4b50-525250524944
UUID : 9b3e3722-f9a8-d5cb-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : cpTASK_MANAGER_PROFILE_NAME
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 9b3e3722-b19c-0002-4b50-525250524944
UUID : 9b3e3722-050c-2b49-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : cpTASK_MANAGER_TASK_ID
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 9b3e3722-b19c-0002-4b50-525250524944
UUID : 9b3e3722-050c-2b49-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : cpTASK_MANAGER_TASK_ID
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 9b3e3722-1931-0005-4b50-525250524944
UUID : 9b3e3722-a39b-5baa-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : npAVS_HTTP_REQ
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 9b3e3722-1931-0005-4b50-525250524944
UUID : 9b3e3722-a39b-5baa-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : npAVS_HTTP_REQ
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 9b3e3722-4d95-0005-4b50-525250524944
UUID : 9b3e3722-f7aa-5ba3-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : npAVS_HTTP_RSP
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 9b3e3722-4d95-0005-4b50-525250524944
UUID : 9b3e3722-f7aa-5ba3-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : npAVS_HTTP_RSP
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 9b3e3722-b87a-0007-4b50-525250524944
UUID : 9b3e3722-86c2-73eb-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : MESSAGE_IS_INCOMING
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 9b3e3722-b87a-0007-4b50-525250524944
UUID : 9b3e3722-86c2-73eb-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : MESSAGE_IS_INCOMING
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 9b3e3722-5916-0003-4b50-525250524944
UUID : 9b3e3722-0276-35b6-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : MESSAGE_CHECK_ONLY
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 9b3e3722-5916-0003-4b50-525250524944
UUID : 9b3e3722-0276-35b6-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : MESSAGE_CHECK_ONLY
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 9b3e3722-20c7-000f-4b50-525250524944
UUID : 9b3e3722-c49b-fe45-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : PROTOCOL_TYPE
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 9b3e3722-20c7-000f-4b50-525250524944
UUID : 9b3e3722-c49b-fe45-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : PROTOCOL_TYPE
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 9b3e3722-c384-0000-4b50-525250524944
UUID : 9b3e3722-6122-0a2a-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : npENGINE_VIRTUAL_OBJECT_NAME
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 9b3e3722-c384-0000-4b50-525250524944
UUID : 9b3e3722-6122-0a2a-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : npENGINE_VIRTUAL_OBJECT_NAME
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 9b3e3722-7401-0008-4b50-525250524944
UUID : 9b3e3722-62c7-816c-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : npUserContext
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 9b3e3722-7401-0008-4b50-525250524944
UUID : 9b3e3722-62c7-816c-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : npUserContext
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 9b3e3722-0568-0001-4b50-525250524944
UUID : 9b3e3722-1d09-1186-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : npAVS_SCAN_AREA_ID
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 9b3e3722-0568-0001-4b50-525250524944
UUID : 9b3e3722-1d09-1186-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : npAVS_SCAN_AREA_ID
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 9b3e3722-618e-000d-4b50-525250524944
UUID : 9b3e3722-7819-d199-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : antimalware.am_core_dll.registered
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 9b3e3722-618e-000d-4b50-525250524944
UUID : 9b3e3722-7819-d199-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : antimalware.am_core_dll.registered
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 9b3e3722-4dfb-000b-4b50-525250524944
UUID : 9b3e3722-56be-b1b4-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : npSCAN_OBJECT_CONTEXT
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 9b3e3722-4dfb-000b-4b50-525250524944
UUID : 9b3e3722-56be-b1b4-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : npSCAN_OBJECT_CONTEXT
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 9b3e3722-5c94-000c-4b50-525250524944
UUID : 9b3e3722-7dc3-c215-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : npENGINE_OBJECT_READONLY_tERROR
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 9b3e3722-5c94-000c-4b50-525250524944
UUID : 9b3e3722-7dc3-c215-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : npENGINE_OBJECT_READONLY_tERROR
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 9b3e3722-66bb-0002-4b50-525250524944
UUID : 9b3e3722-b130-2d78-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : npENGINE_OBJECT_EXECUTABLE_PARENT_IO_hOBJECT
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 9b3e3722-66bb-0002-4b50-525250524944
UUID : 9b3e3722-b130-2d78-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : npENGINE_OBJECT_EXECUTABLE_PARENT_IO_hOBJECT
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 9b3e3722-0726-0007-4b50-525250524944
UUID : 9b3e3722-dfbb-7d89-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : npENGINE_OBJECT_SET_WRITE_ACCESS_tERROR
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 9b3e3722-0726-0007-4b50-525250524944
UUID : 9b3e3722-dfbb-7d89-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : npENGINE_OBJECT_SET_WRITE_ACCESS_tERROR
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 9b3e3722-21ab-0008-4b50-525250524944
UUID : 9b3e3722-da96-8fb3-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : npENGINE_INTEGRAL_PARENT_IO
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 9b3e3722-21ab-0008-4b50-525250524944
UUID : 9b3e3722-da96-8fb3-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : npENGINE_INTEGRAL_PARENT_IO
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 9b3e3722-554f-0006-4b50-525250524944
UUID : 9b3e3722-3fdc-66a9-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : npOBJECT_STARTUP
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 9b3e3722-554f-0006-4b50-525250524944
UUID : 9b3e3722-3fdc-66a9-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : npOBJECT_STARTUP
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 9b3e3722-ae59-0004-4b50-525250524944
UUID : 9b3e3722-49dd-4e78-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : antimalware.oas.PenderPtr
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 9b3e3722-ae59-0004-4b50-525250524944
UUID : 9b3e3722-49dd-4e78-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : antimalware.oas.PenderPtr
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 9b3e3722-e77b-0006-4b50-525250524944
UUID : 9b3e3722-d7d6-630a-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : native file io object is a stream really
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 9b3e3722-e77b-0006-4b50-525250524944
UUID : 9b3e3722-d7d6-630a-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : native file io object is a stream really
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 9b3e3722-54e6-0005-4b50-525250524944
UUID : 9b3e3722-97cf-5c32-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : native file io object streams
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 9b3e3722-54e6-0005-4b50-525250524944
UUID : 9b3e3722-97cf-5c32-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : native file io object streams
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 9b3e3722-c572-000b-4b50-525250524944
UUID : 9b3e3722-7d85-bb8f-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : npTM_PROFILE
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 9b3e3722-c572-000b-4b50-525250524944
UUID : 9b3e3722-7d85-bb8f-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : npTM_PROFILE
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 9b3e3722-2be7-0004-4b50-525250524944
UUID : 9b3e3722-2175-40a9-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : cpTEMPFILE_SYSCACHED
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 9b3e3722-2be7-0004-4b50-525250524944
UUID : 9b3e3722-2175-40a9-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : cpTEMPFILE_SYSCACHED
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 0698e010-0000-0000-beca-dbd4840a0000
UUID : 9b3e3722-b8eb-3e0b-4b50-52524f424a53, version 169.111
Description : Unknown RPC service
Annotation : TaskManager
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 0698e010-0000-0000-beca-dbd4840a0000
UUID : 9b3e3722-b8eb-3e0b-4b50-52524f424a53, version 169.111
Description : Unknown RPC service
Annotation : TaskManager
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 9b3e3722-aa75-0009-4b50-525250524944
UUID : 9b3e3722-b9de-913a-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : DEFER_THREAD_INIT
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 9b3e3722-aa75-0009-4b50-525250524944
UUID : 9b3e3722-b9de-913a-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : DEFER_THREAD_INIT
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 9b3e3722-1e7b-0004-4b50-525250524944
UUID : 9b3e3722-6afd-4748-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : MAILER_PID
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 9b3e3722-1e7b-0004-4b50-525250524944
UUID : 9b3e3722-6afd-4748-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : MAILER_PID
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 9b3e3722-487b-0006-4b50-525250524944
UUID : 9b3e3722-2a49-6623-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : npMESSAGE_IS_COMPLETE
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 9b3e3722-487b-0006-4b50-525250524944
UUID : 9b3e3722-2a49-6623-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : npMESSAGE_IS_COMPLETE
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 9b3e3722-cf60-000f-4b50-525250524944
UUID : 9b3e3722-93c9-f5ca-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : NO_NEED_TREATMENT
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 9b3e3722-cf60-000f-4b50-525250524944
UUID : 9b3e3722-93c9-f5ca-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : NO_NEED_TREATMENT
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 9b3e3722-7820-0006-4b50-525250524944
UUID : 9b3e3722-9839-6e01-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : MAILER_TID
Type : Local RPC service
Named pipe : PRRNameService:2692

Object UUID : 9b3e3722-7820-0006-4b50-525250524944
UUID : 9b3e3722-9839-6e01-4b50-525250524f50, version 169.111
Description : Unknown RPC service
Annotation : MAILER_TID
Type : Local RPC service
Named pipe : PRRUniversal#00B827DD122CD6DE:2692

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4c9dbf19-d39e-4bb9-90ee-8f7179b20283, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-0e70af92b124c7d4a6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e38f5360-8572-473e-b696-1b46873beeab, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-0e70af92b124c7d4a6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Local RPC service
Named pipe : LRPC-c82eb3330bd95cdb16

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0
Description : Unknown RPC service
Annotation : IdSegSrv service
Type : Local RPC service
Named pipe : LRPC-c82eb3330bd95cdb16

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : lsacap

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : LSA_IDPEXT_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : LSA_EAS_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : SidKey Local End Point

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsacap

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSA_IDPEXT_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSA_EAS_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : SidKey Local End Point

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsacap

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSA_IDPEXT_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSA_EAS_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : SidKey Local End Point

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsacap

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LSA_IDPEXT_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LSA_EAS_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : SidKey Local End Point

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f2c9b409-c1c9-4100-8639-d8ab1486694a, version 1.0
Description : Unknown RPC service
Annotation : Witness Client Upcall Server
Type : Local RPC service
Named pipe : nlaplg

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f2c9b409-c1c9-4100-8639-d8ab1486694a, version 1.0
Description : Unknown RPC service
Annotation : Witness Client Upcall Server
Type : Local RPC service
Named pipe : nlaapi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f2c9b409-c1c9-4100-8639-d8ab1486694a, version 1.0
Description : Unknown RPC service
Annotation : Witness Client Upcall Server
Type : Local RPC service
Named pipe : DNSResolver

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : eb081a0d-10ee-478a-a1dd-50995283e7a8, version 3.0
Description : Unknown RPC service
Annotation : Witness Client Test Interface
Type : Local RPC service
Named pipe : nlaplg

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : eb081a0d-10ee-478a-a1dd-50995283e7a8, version 3.0
Description : Unknown RPC service
Annotation : Witness Client Test Interface
Type : Local RPC service
Named pipe : nlaapi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : eb081a0d-10ee-478a-a1dd-50995283e7a8, version 3.0
Description : Unknown RPC service
Annotation : Witness Client Test Interface
Type : Local RPC service
Named pipe : DNSResolver

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0
Description : Unknown RPC service
Annotation : DfsDs service
Type : Local RPC service
Named pipe : nlaplg

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0
Description : Unknown RPC service
Annotation : DfsDs service
Type : Local RPC service
Named pipe : nlaapi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0
Description : Unknown RPC service
Annotation : DfsDs service
Type : Local RPC service
Named pipe : DNSResolver

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-608b586d9390b6e67b

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b37f900a-eae4-4304-a2ab-12bb668c0188, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-608b586d9390b6e67b

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b3781086-6a54-489b-91c8-51d067172ab7, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-608b586d9390b6e67b

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e7f76134-9ef5-4949-a2d6-3368cc0988f3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-608b586d9390b6e67b

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7aeb6705-3ae6-471a-882d-f39c109edc12, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-608b586d9390b6e67b

Object UUID : 666f7270-6c69-7365-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : OLECE2E0923BC724BB7401842B9BA32

Object UUID : 666f7270-6c69-7365-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 6c637067-6569-746e-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : OLECE2E0923BC724BB7401842B9BA32

Object UUID : 6c637067-6569-746e-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 24d1f7c7-76af-4f28-9ccd-7f6cb6468601
UUID : 2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0
Description : Unknown RPC service
Annotation : Group Policy RPC Interface
Type : Local RPC service
Named pipe : LRPC-b62b7a7d553963696a

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : OLECE2E0923BC724BB7401842B9BA32

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLECE2E0923BC724BB7401842B9BA32

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLECE2E0923BC724BB7401842B9BA32

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLECE2E0923BC724BB7401842B9BA32

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLECE2E0923BC724BB7401842B9BA32

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-c7b9db5c8b35613057

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLECE2E0923BC724BB7401842B9BA32

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-c7b9db5c8b35613057

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ef104879a9230fdc23

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLECE2E0923BC724BB7401842B9BA32

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-c7b9db5c8b35613057

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ef104879a9230fdc23

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLECE2E0923BC724BB7401842B9BA32

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-c7b9db5c8b35613057

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ef104879a9230fdc23

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : OLECE2E0923BC724BB7401842B9BA32

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : senssvc

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-c7b9db5c8b35613057

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-ef104879a9230fdc23

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : DeviceSetupManager

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLECE2E0923BC724BB7401842B9BA32

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-c7b9db5c8b35613057

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ef104879a9230fdc23

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : DeviceSetupManager

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : SessEnvPrivateRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : OLECE2E0923BC724BB7401842B9BA32

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : LRPC-c7b9db5c8b35613057

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : LRPC-ef104879a9230fdc23

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : DeviceSetupManager

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : SessEnvPrivateRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : LRPC-7f94b4ed0bbec9de7e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : OLECE2E0923BC724BB7401842B9BA32

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : LRPC-c7b9db5c8b35613057

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : LRPC-ef104879a9230fdc23

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : DeviceSetupManager

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : SessEnvPrivateRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : LRPC-7f94b4ed0bbec9de7e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : OLECE2E0923BC724BB7401842B9BA32

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : LRPC-c7b9db5c8b35613057

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : LRPC-ef104879a9230fdc23

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : DeviceSetupManager

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : SessEnvPrivateRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : LRPC-7f94b4ed0bbec9de7e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : OLECE2E0923BC724BB7401842B9BA32

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : LRPC-c7b9db5c8b35613057

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : LRPC-ef104879a9230fdc23

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : DeviceSetupManager

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : SessEnvPrivateRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : LRPC-7f94b4ed0bbec9de7e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Local RPC service
Named pipe : OLECE2E0923BC724BB7401842B9BA32

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Local RPC service
Named pipe : LRPC-c7b9db5c8b35613057

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Local RPC service
Named pipe : LRPC-ef104879a9230fdc23

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Local RPC service
Named pipe : DeviceSetupManager

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Local RPC service
Named pipe : SessEnvPrivateRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Local RPC service
Named pipe : LRPC-7f94b4ed0bbec9de7e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Local RPC service
Named pipe : OLECE2E0923BC724BB7401842B9BA32

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Local RPC service
Named pipe : LRPC-c7b9db5c8b35613057

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Local RPC service
Named pipe : LRPC-ef104879a9230fdc23

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Local RPC service
Named pipe : DeviceSetupManager

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Local RPC service
Named pipe : SessEnvPrivateRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Local RPC service
Named pipe : LRPC-7f94b4ed0bbec9de7e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : OLECE2E0923BC724BB7401842B9BA32

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : LRPC-c7b9db5c8b35613057

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : LRPC-ef104879a9230fdc23

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : DeviceSetupManager

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : SessEnvPrivateRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : LRPC-7f94b4ed0bbec9de7e

Object UUID : 582a47b2-bcd8-4d3c-8acb-fe09d5bd6eec
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLECE2E0923BC724BB7401842B9BA32

Object UUID : 582a47b2-bcd8-4d3c-8acb-fe09d5bd6eec
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 582a47b2-bcd8-4d3c-8acb-fe09d5bd6eec
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 582a47b2-bcd8-4d3c-8acb-fe09d5bd6eec
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 582a47b2-bcd8-4d3c-8acb-fe09d5bd6eec
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-c7b9db5c8b35613057

Object UUID : 582a47b2-bcd8-4d3c-8acb-fe09d5bd6eec
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ef104879a9230fdc23

Object UUID : 582a47b2-bcd8-4d3c-8acb-fe09d5bd6eec
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : DeviceSetupManager

Object UUID : 582a47b2-bcd8-4d3c-8acb-fe09d5bd6eec
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : SessEnvPrivateRpc

Object UUID : 582a47b2-bcd8-4d3c-8acb-fe09d5bd6eec
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-7f94b4ed0bbec9de7e

Object UUID : 582a47b2-bcd8-4d3c-8acb-fe09d5bd6eec
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-87570e048629de22e8

Object UUID : 582a47b2-bcd8-4d3c-8acb-fe09d5bd6eec
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : iscsisrvRpcEndpoint

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : df4df73a-c52d-4e3a-8003-8437fdf8302a, version 0.0
Description : Unknown RPC service
Annotation : WM_WindowManagerRPC\Server
Type : Local RPC service
Named pipe : LRPC-8b85f60d766795b375

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0
Description : Unknown RPC service
Annotation : Base Firewall Engine API
Type : Local RPC service
Named pipe : LRPC-8b85f60d766795b375

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0
Description : Unknown RPC service
Annotation : Base Firewall Engine API
Type : Local RPC service
Named pipe : LRPC-2591515aeb36030677

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-8b85f60d766795b375

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-2591515aeb36030677

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-2c802115b870477d04

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-8b85f60d766795b375

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-2591515aeb36030677

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-2c802115b870477d04

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-8b85f60d766795b375

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-2591515aeb36030677

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-2c802115b870477d04

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service
Annotation : NSI server endpoint
Type : Local RPC service
Named pipe : LRPC-6e3a25698580d27479

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : LRPC-6e3a25698580d27479

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : OLE469DD36064DCDF59D5496C2469E9

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a4b8d482-80ce-40d6-934d-b22a01a44fe7, version 1.0
Description : Unknown RPC service
Annotation : LicenseManager
Type : Local RPC service
Named pipe : LicenseServiceEndpoint

Object UUID : fdd099c6-df06-4904-83b4-a87a27903c70
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b9f566fba47b612ec5

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5222821f-d5e2-4885-84f1-5f6185a0ec41, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint for NCB Reset module
Type : Local RPC service
Named pipe : LRPC-b9f566fba47b612ec5

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5222821f-d5e2-4885-84f1-5f6185a0ec41, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint for NCB Reset module
Type : Local RPC service
Named pipe : LRPC-44fb8a6a24c5da5e13

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0
Description : Unknown RPC service
Annotation : KAPI Service endpoint
Type : Local RPC service
Named pipe : LRPC-b9f566fba47b612ec5

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0
Description : Unknown RPC service
Annotation : KAPI Service endpoint
Type : Local RPC service
Named pipe : LRPC-44fb8a6a24c5da5e13

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0
Description : Unknown RPC service
Annotation : KAPI Service endpoint
Type : Local RPC service
Named pipe : OLEC77FD90D6C4D0C1AD0AF04D55FCA

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0
Description : Unknown RPC service
Annotation : KAPI Service endpoint
Type : Local RPC service
Named pipe : TSUMRPD_PRINT_DRV_LPC_API

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0
Description : Unknown RPC service
Annotation : KAPI Service endpoint
Type : Local RPC service
Named pipe : LRPC-6a58e90982538e2cc6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint
Type : Local RPC service
Named pipe : LRPC-b9f566fba47b612ec5

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint
Type : Local RPC service
Named pipe : LRPC-44fb8a6a24c5da5e13

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint
Type : Local RPC service
Named pipe : OLEC77FD90D6C4D0C1AD0AF04D55FCA

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint
Type : Local RPC service
Named pipe : TSUMRPD_PRINT_DRV_LPC_API

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint
Type : Local RPC service
Named pipe : LRPC-6a58e90982538e2cc6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0
Description : Unknown RPC service
Annotation : PcaSvc
Type : Local RPC service
Named pipe : LRPC-b9f566fba47b612ec5

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0
Description : Unknown RPC service
Annotation : PcaSvc
Type : Local RPC service
Named pipe : LRPC-44fb8a6a24c5da5e13

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0
Description : Unknown RPC service
Annotation : PcaSvc
Type : Local RPC service
Named pipe : OLEC77FD90D6C4D0C1AD0AF04D55FCA

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0
Description : Unknown RPC service
Annotation : PcaSvc
Type : Local RPC service
Named pipe : TSUMRPD_PRINT_DRV_LPC_API

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0
Description : Unknown RPC service
Annotation : PcaSvc
Type : Local RPC service
Named pipe : LRPC-6a58e90982538e2cc6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0
Description : Unknown RPC service
Annotation : PcaSvc
Type : Local RPC service
Named pipe : trkwks

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : be7f785e-0e3a-4ab7-91de-7e46e443be29, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b9f566fba47b612ec5

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : be7f785e-0e3a-4ab7-91de-7e46e443be29, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-44fb8a6a24c5da5e13

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : be7f785e-0e3a-4ab7-91de-7e46e443be29, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEC77FD90D6C4D0C1AD0AF04D55FCA

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : be7f785e-0e3a-4ab7-91de-7e46e443be29, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : TSUMRPD_PRINT_DRV_LPC_API

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : be7f785e-0e3a-4ab7-91de-7e46e443be29, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-6a58e90982538e2cc6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : be7f785e-0e3a-4ab7-91de-7e46e443be29, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : trkwks

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 54b4c689-969a-476f-8dc2-990885e9f562, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b9f566fba47b612ec5

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 54b4c689-969a-476f-8dc2-990885e9f562, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-44fb8a6a24c5da5e13

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 54b4c689-969a-476f-8dc2-990885e9f562, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEC77FD90D6C4D0C1AD0AF04D55FCA

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 54b4c689-969a-476f-8dc2-990885e9f562, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : TSUMRPD_PRINT_DRV_LPC_API

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 54b4c689-969a-476f-8dc2-990885e9f562, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-6a58e90982538e2cc6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 54b4c689-969a-476f-8dc2-990885e9f562, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : trkwks

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bf4dc912-e52f-4904-8ebe-9317c1bdd497, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b9f566fba47b612ec5

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bf4dc912-e52f-4904-8ebe-9317c1bdd497, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-44fb8a6a24c5da5e13

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bf4dc912-e52f-4904-8ebe-9317c1bdd497, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEC77FD90D6C4D0C1AD0AF04D55FCA

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bf4dc912-e52f-4904-8ebe-9317c1bdd497, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : TSUMRPD_PRINT_DRV_LPC_API

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bf4dc912-e52f-4904-8ebe-9317c1bdd497, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-6a58e90982538e2cc6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bf4dc912-e52f-4904-8ebe-9317c1bdd497, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : trkwks

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bf4dc912-e52f-4904-8ebe-9317c1bdd497, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-a0e4d598695c6e230b

Object UUID : 3bdb59a0-d736-4d44-9074-c1ee00000001
UUID : f3f09ffd-fbcf-4291-944d-70ad6e0e73bb, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-9bd54778b85f9236f2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : LRPC-3a452faba15df164c4

Object UUID : b5ccd5ef-4238-440b-bba0-999f828f1cfe
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-3a452faba15df164c4

Object UUID : b5ccd5ef-4238-440b-bba0-999f828f1cfe
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-82add29e7c767c3ff3

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-3a452faba15df164c4

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-82add29e7c767c3ff3

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-199132d9801fce5764

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Local RPC service
Named pipe : LRPC-3a452faba15df164c4

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Local RPC service
Named pipe : LRPC-82add29e7c767c3ff3

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Local RPC service
Named pipe : LRPC-199132d9801fce5764

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : LRPC-3a452faba15df164c4

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : LRPC-82add29e7c767c3ff3

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : LRPC-199132d9801fce5764

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : LRPC-3a452faba15df164c4

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : LRPC-82add29e7c767c3ff3

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : LRPC-199132d9801fce5764

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000001
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc08FA41

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4bec6bb8-b5c2-4b6f-b2c1-5da5cf92d0d9, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4bec6bb8-b5c2-4b6f-b2c1-5da5cf92d0d9, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 085b0334-e454-4d91-9b8c-4134f9e793f3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 085b0334-e454-4d91-9b8c-4134f9e793f3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8782d3b9-ebbd-4644-a3d8-e8725381919b, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8782d3b9-ebbd-4644-a3d8-e8725381919b, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3b338d89-6cfa-44b8-847e-531531bc9992, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3b338d89-6cfa-44b8-847e-531531bc9992, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bdaa0970-413b-4a3e-9e5d-f6dc9d7e0760, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bdaa0970-413b-4a3e-9e5d-f6dc9d7e0760, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5824833b-3c1a-4ad2-bdfd-c31d19e23ed2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5824833b-3c1a-4ad2-bdfd-c31d19e23ed2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 6d726574-7273-0076-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : umpo

Object UUID : 6d726574-7273-0076-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : actkernel

Object UUID : 6d726574-7273-0076-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-e2ed0a389e011e769c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e2ed0a389e011e769c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e2ed0a389e011e769c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e2ed0a389e011e769c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e2ed0a389e011e769c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e2ed0a389e011e769c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2c7fd9ce-e706-4b40-b412-953107ef9bb0, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2c7fd9ce-e706-4b40-b412-953107ef9bb0, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2c7fd9ce-e706-4b40-b412-953107ef9bb0, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e2ed0a389e011e769c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2c7fd9ce-e706-4b40-b412-953107ef9bb0, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c521facf-09a9-42c5-b155-72388595cbf0, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c521facf-09a9-42c5-b155-72388595cbf0, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c521facf-09a9-42c5-b155-72388595cbf0, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e2ed0a389e011e769c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c521facf-09a9-42c5-b155-72388595cbf0, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1832bcf6-cab8-41d4-85d2-c9410764f75a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1832bcf6-cab8-41d4-85d2-c9410764f75a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1832bcf6-cab8-41d4-85d2-c9410764f75a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e2ed0a389e011e769c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1832bcf6-cab8-41d4-85d2-c9410764f75a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4dace966-a243-4450-ae3f-9b7bcb5315b8, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4dace966-a243-4450-ae3f-9b7bcb5315b8, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4dace966-a243-4450-ae3f-9b7bcb5315b8, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e2ed0a389e011e769c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4dace966-a243-4450-ae3f-9b7bcb5315b8, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e2ed0a389e011e769c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE553A7A70E1D5ECF554C2F0888FD6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-bba5ea9cb6b7cc3689

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e2ed0a389e011e769c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE553A7A70E1D5ECF554C2F0888FD6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-bba5ea9cb6b7cc3689

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e2ed0a389e011e769c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE553A7A70E1D5ECF554C2F0888FD6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-bba5ea9cb6b7cc3689

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e2ed0a389e011e769c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE553A7A70E1D5ECF554C2F0888FD6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-bba5ea9cb6b7cc3689

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e2ed0a389e011e769c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE553A7A70E1D5ECF554C2F0888FD6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-bba5ea9cb6b7cc3689

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b8cadbaf-e84b-46b9-84f2-6f71c03f9e55, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b8cadbaf-e84b-46b9-84f2-6f71c03f9e55, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b8cadbaf-e84b-46b9-84f2-6f71c03f9e55, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e2ed0a389e011e769c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b8cadbaf-e84b-46b9-84f2-6f71c03f9e55, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b8cadbaf-e84b-46b9-84f2-6f71c03f9e55, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE553A7A70E1D5ECF554C2F0888FD6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b8cadbaf-e84b-46b9-84f2-6f71c03f9e55, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-bba5ea9cb6b7cc3689

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e2ed0a389e011e769c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE553A7A70E1D5ECF554C2F0888FD6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-bba5ea9cb6b7cc3689

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e2ed0a389e011e769c

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE553A7A70E1D5ECF554C2F0888FD6

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-bba5ea9cb6b7cc3689

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-3ecf13dba00bcdae00

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e2ed0a389e011e769c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE553A7A70E1D5ECF554C2F0888FD6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-bba5ea9cb6b7cc3689

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-3ecf13dba00bcdae00

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-397748c61950bc6c6f

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e2ed0a389e011e769c

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE553A7A70E1D5ECF554C2F0888FD6

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-bba5ea9cb6b7cc3689

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-3ecf13dba00bcdae00

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-397748c61950bc6c6f

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : csebpub

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e2ed0a389e011e769c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE553A7A70E1D5ECF554C2F0888FD6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-bba5ea9cb6b7cc3689

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-3ecf13dba00bcdae00

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-397748c61950bc6c6f

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : csebpub

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : dabrpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-48d67df745af7c9999

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e2ed0a389e011e769c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE553A7A70E1D5ECF554C2F0888FD6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-bba5ea9cb6b7cc3689

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-3ecf13dba00bcdae00

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-397748c61950bc6c6f

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/445/cifs


The following DCERPC services are available remotely :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\InitShutdown
Netbios name : \\MUMPORTAL001

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\InitShutdown
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0
Description : Unknown RPC service
Annotation : DfsDs service
Type : Remote RPC service
Named pipe : \PIPE\wkssvc
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\MUMPORTAL001

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\SessEnvPublicRpc
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Remote RPC service
Named pipe : \pipe\SessEnvPublicRpc
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Remote RPC service
Named pipe : \pipe\SessEnvPublicRpc
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Remote RPC service
Named pipe : \pipe\SessEnvPublicRpc
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Remote RPC service
Named pipe : \pipe\SessEnvPublicRpc
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Remote RPC service
Named pipe : \pipe\SessEnvPublicRpc
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Remote RPC service
Named pipe : \pipe\SessEnvPublicRpc
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Remote RPC service
Named pipe : \pipe\SessEnvPublicRpc
Netbios name : \\MUMPORTAL001

Object UUID : 582a47b2-bcd8-4d3c-8acb-fe09d5bd6eec
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\MUMPORTAL001

Object UUID : 582a47b2-bcd8-4d3c-8acb-fe09d5bd6eec
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\SessEnvPublicRpc
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0
Description : Unknown RPC service
Annotation : PcaSvc
Type : Remote RPC service
Named pipe : \pipe\trkwks
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : be7f785e-0e3a-4ab7-91de-7e46e443be29, version 0.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\trkwks
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 54b4c689-969a-476f-8dc2-990885e9f562, version 0.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\trkwks
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bf4dc912-e52f-4904-8ebe-9317c1bdd497, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\trkwks
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\LSM_API_service
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\LSM_API_service
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\LSM_API_service
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\LSM_API_service
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\LSM_API_service
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2c7fd9ce-e706-4b40-b412-953107ef9bb0, version 0.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\LSM_API_service
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c521facf-09a9-42c5-b155-72388595cbf0, version 0.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\LSM_API_service
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1832bcf6-cab8-41d4-85d2-c9410764f75a, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\LSM_API_service
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4dace966-a243-4450-ae3f-9b7bcb5315b8, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\LSM_API_service
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\LSM_API_service
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\LSM_API_service
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\LSM_API_service
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\LSM_API_service
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\LSM_API_service
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b8cadbaf-e84b-46b9-84f2-6f71c03f9e55, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\LSM_API_service
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\LSM_API_service
Netbios name : \\MUMPORTAL001

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\LSM_API_service
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\LSM_API_service
Netbios name : \\MUMPORTAL001

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\LSM_API_service
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\LSM_API_service
Netbios name : \\MUMPORTAL001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\LSM_API_service
Netbios name : \\MUMPORTAL001

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49664/dce-rpc


The following DCERPC services are available on TCP port 49664 :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49664
IP : 172.17.100.60

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49665/dce-rpc


The following DCERPC services are available on TCP port 49665 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Remote RPC service
TCP Port : 49665
IP : 172.17.100.60

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Remote RPC service
TCP Port : 49665
IP : 172.17.100.60

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Remote RPC service
TCP Port : 49665
IP : 172.17.100.60

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49666/dce-rpc


The following DCERPC services are available on TCP port 49666 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49666
IP : 172.17.100.60

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49666
IP : 172.17.100.60

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Remote RPC service
TCP Port : 49666
IP : 172.17.100.60

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49666
IP : 172.17.100.60

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Remote RPC service
TCP Port : 49666
IP : 172.17.100.60

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Remote RPC service
TCP Port : 49666
IP : 172.17.100.60

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Remote RPC service
TCP Port : 49666
IP : 172.17.100.60

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Remote RPC service
TCP Port : 49666
IP : 172.17.100.60

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Remote RPC service
TCP Port : 49666
IP : 172.17.100.60

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Remote RPC service
TCP Port : 49666
IP : 172.17.100.60

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Remote RPC service
TCP Port : 49666
IP : 172.17.100.60

Object UUID : 582a47b2-bcd8-4d3c-8acb-fe09d5bd6eec
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49666
IP : 172.17.100.60

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49667/dce-rpc


The following DCERPC services are available on TCP port 49667 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1.0
Description : Unknown RPC service
Annotation : Remote Fw APIs
Type : Remote RPC service
TCP Port : 49667
IP : 172.17.100.60

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49669/dce-rpc


The following DCERPC services are available on TCP port 49669 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0
Description : Service Control Manager
Windows process : svchost.exe
Type : Remote RPC service
TCP Port : 49669
IP : 172.17.100.60

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49692/dce-rpc


The following DCERPC services are available on TCP port 49692 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
TCP Port : 49692
IP : 172.17.100.60

139785 - DISM Package List (Windows)
-
Synopsis
Use DISM to extract package info from the host.
Description
Using the Deployment Image Servicing Management tool, this plugin enumerates installed packages.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2020/08/25, Modified: 2025/12/15
Plugin Output

tcp/445/cifs

The following packages were enumerated using the Deployment Image Servicing and Management Tool:

Package : Microsoft-OneCore-Graphics-Tools-Package~31bf3856ad364e35~amd64~~10.0.14393.0
State : Installed
Release Type : OnDemand Pack
Install Time : 12/15/2020 7:35 AM

Package : Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~10.0.14393.0
State : Installed
Release Type : Foundation
Install Time : 7/16/2016 1:25 PM

Package : Microsoft-Windows-LanguageFeatures-Basic-en-gb-Package~31bf3856ad364e35~amd64~~10.0.14393.0
State : Installed
Release Type : OnDemand Pack
Install Time : 2/2/2018 6:40 PM

Package : Microsoft-Windows-LanguageFeatures-Basic-en-us-Package~31bf3856ad364e35~amd64~~10.0.14393.0
State : Installed
Release Type : OnDemand Pack
Install Time : 2/2/2018 6:41 PM

Package : Microsoft-Windows-LanguageFeatures-Handwriting-en-us-Package~31bf3856ad364e35~amd64~~10.0.14393.0
State : Installed
Release Type : OnDemand Pack
Install Time : 2/2/2018 6:46 PM

Package : Microsoft-Windows-LanguageFeatures-OCR-en-us-Package~31bf3856ad364e35~amd64~~10.0.14393.0
State : Installed
Release Type : OnDemand Pack
Install Time : 2/2/2018 6:47 PM

Package : Microsoft-Windows-LanguageFeatures-Speech-en-us-Package~31bf3856ad364e35~amd64~~10.0.14393.0
State : Installed
Release Type : OnDemand Pack
Install Time : 2/2/2018 6:47 PM

Package : Microsoft-Windows-LanguageFeatures-TextToSpeech-en-us-Package~31bf3856ad364e35~amd64~~10.0.14393.0
State : Installed
Release Type : OnDemand Pack
Install Time : 2/2/2018 6:47 PM

Package : Microsoft-Windows-NetFx3-OnDemand-Package~31bf3856ad364e35~amd64~~10.0.14393.0
State : Installed
Release Type : OnDemand Pack
Install Time : 12/6/2020 10:23 AM

Package : Microsoft-Windows-Security-SPP-Component-SKU-ServerDatacenter-GVLK-Package~31bf3856ad364e35~amd64~~10.0.14393.0
State : Installed
Release Type : Feature Pack
Install Time : 2/2/2018 7:27 PM

Package : Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~10.0.14393.0
State : Installed
Release Type : Language Pack
Install Time : 2/2/2018 6:13 PM

Package : Microsoft-Windows-ServerCore-Package~31bf3856ad364e35~amd64~~10.0.14393.0
State : Installed
Release Type : Feature Pack
Install Time : 7/16/2016 1:25 PM

Package : Microsoft-Windows-ServerCore-Server-Common-Package~31bf3856ad364e35~amd64~~10.0.14393.0
State : Installed
Release Type : Feature Pack
Install Time : 7/16/2016 1:25 PM

Package : Microsoft-Windows-ServerCore-SKU-Foundation-Package~31bf3856ad364e35~amd64~~10.0.14393.0
State : Installed
Release Type : Feature Pack
Install Time : 7/16/2016 1:25 PM

Package : Package_for_KB4049065~31bf3856ad364e35~amd64~~10.0.1.3
State : Installed
Release Type : Update
Install Time : 2/2/2018 7:21 PM

Package : Package_for_KB4054590~31bf3856ad364e35~amd64~~10.0.1.2072
State : Installed
Release Type : Update
Install Time : 12/7/2020 10:39 AM

Package : Package_for_KB4535680~31bf3856ad364e35~amd64~~10.0.1.2
State : Installed
Release Type : Security Update
Install Time : 2/27/2021 1:22 PM

Package : Package_for_KB4576750~31bf3856ad364e35~amd64~~14393.3926.1.3
State : Installed
Release Type : Security Update
Install Time : 2/27/2021 3:08 PM

Package : Package_for_KB5001078~31bf3856ad364e35~amd64~~14393.4227.1.0
State : Installed
Release Type : Security Update
Install Time : 2/27/2021 1:21 PM

Package : Package_for_RollupFix~31bf3856ad364e35~amd64~~14393.1884.1.3
State : Superseded
Release Type : Security Update
Install Time : 2/2/2018 7:21 PM

Package : Package_for_RollupFix~31bf3856ad364e35~amd64~~14393.4225.1.3
State : Installed
Release Type : Security Update
Install Time : 2/27/2021 6:23 PM

84239 - Debugging Log Report
-
Synopsis
This plugin gathers the logs written by other plugins and reports them.
Description
Logs generated by other plugins are reported by this plugin. Plugin debugging must be enabled in the policy in order for this plugin to run.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2015/06/17, Modified: 2025/07/14
Plugin Output

tcp/0

Plugin debug log(s) have been attached.
55472 - Device Hostname
-
Synopsis
It was possible to determine the remote system hostname.
Description
This plugin reports a device's hostname collected via SSH or WMI.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/06/30, Modified: 2025/12/15
Plugin Output

tcp/0


Hostname : MUMPORTAL001
MUMPORTAL001 (WMI)
54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2025/03/12
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 100

19689 - Embedded Web Server Detection
-
Synopsis
The remote web server is embedded.
Description
The remote web server cannot host user-supplied CGIs. CGI scanning will be disabled on this server.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/09/14, Modified: 2025/09/29
Plugin Output

tcp/5800/www

71246 - Enumerate Local Group Memberships
-
Synopsis
Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members.
Description
Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members.

Note: Unable to query local Domain Controllers during Agent scans.
Rendering Group data obtained by plugin 171956.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/12/06, Modified: 2025/12/15
Plugin Output

tcp/0

Group Name : Access Control Assistance Operators
Host Name : MUMPORTAL001
Group SID : S-1-5-32-579
Members :

Group Name : Administrators
Host Name : MUMPORTAL001
Group SID : S-1-5-32-544
Members :
Name : Production
Domain : MUMPORTAL001
Class : Win32_UserAccount
SID : S-1-5-21-3087833412-113499397-355877213-500
Name : Lkpadmin
Domain : MUMPORTAL001
Class : Win32_UserAccount
SID : S-1-5-21-3087833412-113499397-355877213-1000
Name : tidua
Domain : MUMPORTAL001
Class : Win32_UserAccount
SID : S-1-5-21-3087833412-113499397-355877213-1019
Name : mssqlserver_user$
Domain : MUMPORTAL001
Class : Win32_UserAccount
SID : S-1-5-21-3087833412-113499397-355877213-1020
Name : IIS_USERS
Domain : MUMPORTAL001
Class : Win32_UserAccount
SID : S-1-5-21-3087833412-113499397-355877213-1023
Name : admin
Domain : MUMPORTAL001
Class : Win32_UserAccount
SID : S-1-5-21-3087833412-113499397-355877213-1025

Group Name : Backup Operators
Host Name : MUMPORTAL001
Group SID : S-1-5-32-551
Members :

Group Name : Certificate Service DCOM Access
Host Name : MUMPORTAL001
Group SID : S-1-5-32-574
Members :

Group Name : Cryptographic Operators
Host Name : MUMPORTAL001
Group SID : S-1-5-32-569
Members :

Group Name : Distributed COM Users
Host Name : MUMPORTAL001
Group SID : S-1-5-32-562
Members :
Name : Production
Domain : MUMPORTAL001
Class : Win32_UserAccount
SID : S-1-5-21-3087833412-113499397-355877213-500

Group Name : Event Log Readers
Host Name : MUMPORTAL001
Group SID : S-1-5-32-573
Members :

Group Name : Guests
Host Name : MUMPORTAL001
Group SID : S-1-5-32-546
Members :
Name : Guest
Domain : MUMPORTAL001
Class : Win32_UserAccount
SID : S-1-5-21-3087833412-113499397-355877213-501

Group Name : Hyper-V Administrators
Host Name : MUMPORTAL001
Group SID : S-1-5-32-578
Members :

Group Name : IIS_IUSRS
Host Name : MUMPORTAL001
Group SID : S-1-5-32-568
Members :

Group Name : Network Configuration Operators
Host Name : MUMPORTAL001
Group SID : S-1-5-32-556
Members :

Group Name : Performance Log Users
Host Name : MUMPORTAL001
Group SID : S-1-5-32-559
Members :
Name : MSSQLServerOLAPService
Domain : NT SERVICE
Class : Win32_SystemAccount
SID :
Name : Production
Domain : MUMPORTAL001
Class : Win32_UserAccount
SID : S-1-5-21-3087833412-113499397-355877213-500
Name : INTERACTIVE
Domain : MUMPORTAL001
Class : Win32_SystemAccount
SID : S-1-5-4

Group Name : Performance Monitor Users
Host Name : MUMPORTAL001
Group SID : S-1-5-32-558
Members :
Name : MSSQLSERVER
Domain : NT SERVICE
Class : Win32_SystemAccount
SID :
Name : SQLSERVERAGENT
Domain : NT SERVICE
Class : Win32_SystemAccount
SID :

Group Name : Power Users
Host Name : MUMPORTAL001
Group SID : S-1-5-32-547
Members :
Name : Lkpadmin
Domain : MUMPORTAL001
Class : Win32_UserAccount
SID : S-1-5-21-3087833412-113499397-355877213-1000

Group Name : Print Operators
Host Name : MUMPORTAL001
Group SID : S-1-5-32-550
Members :

Group Name : RDS Endpoint Servers
Host Name : MUMPORTAL001
Group SID : S-1-5-32-576
Members :

Group Name : RDS Management Servers
Host Name : MUMPORTAL001
Group SID : S-1-5-32-577
Members :

Group Name : RDS Remote Access Servers
Host Name : MUMPORTAL001
Group SID : S-1-5-32-575
Members :

Group Name : Remote Desktop Users
Host Name : MUMPORTAL001
Group SID : S-1-5-32-555
Members :

Group Name : Remote Management Users
Host Name : MUMPORTAL001
Group SID : S-1-5-32-580
Members :

Group Name : Replicator
Host Name : MUMPORTAL001
Group SID : S-1-5-32-552
Members :

Group Name : Storage Replica Administrators
Host Name : MUMPORTAL001
Group SID : S-1-5-32-582
Members :

Group Name : System Managed Accounts Group
Host Name : MUMPORTAL001
Group SID : S-1-5-32-581
Members :
Name : DefaultAccount
Domain : MUMPORTAL001
Class : Win32_UserAccount
SID : S-1-5-21-3087833412-113499397-355877213-503

Group Name : Users
Host Name : MUMPORTAL001
Group SID : S-1-5-32-545
Members :
Name : INTERACTIVE
Domain : MUMPORTAL001
Class : Win32_SystemAccount
SID : S-1-5-4
Name : Authenticated Users
Domain : MUMPORTAL001
Class : Win32_SystemAccount
SID : S-1-5-11
Name : Lkpadmin
Domain : MUMPORTAL001
Class : Win32_UserAccount
SID : S-1-5-21-3087833412-113499397-355877213-1000
Name : sahil
Domain : MUMPORTAL001
Class : Win32_UserAccount
SID : S-1-5-21-3087833412-113499397-355877213-1015
Name : RMS
Domain : MUMPORTAL001
Class : Win32_UserAccount
SID : S-1-5-21-3087833412-113499397-355877213-1017
Name : Complaince
Domain : MUMPORTAL001
Class : Win32_UserAccount
SID : S-1-5-21-3087833412-113499397-355877213-1018
Name : tidua
Domain : MUMPORTAL001
Class : Win32_UserAccount
SID : S-1-5-21-3087833412-113499397-355877213-1019
Name : mssqlserver_user$
Domain : MUMPORTAL001
Class : Win32_UserAccount
SID : S-1-5-21-3087833412-113499397-355877213-1020
Name : commoniis
Domain : MUMPORTAL001
Class : Win32_UserAccount
SID : S-1-5-21-3087833412-113499397-355877213-1021
Name : CommonProduction
Domain : MUMPORTAL001
Class : Win32_UserAccount
SID : S-1-5-21-3087833412-113499397-355877213-1022
Name : compliance
Domain : MUMPORTAL001
Class : Win32_UserAccount
SID : S-1-5-21-3087833412-113499397-355877213-1024
Name : admin
Domain : MUMPORTAL001
Class : Win32_UserAccount
SID : S-1-5-21-3087833412-113499397-355877213-1025

Group Name : HelpLibraryUpdaters
Host Name : MUMPORTAL001
Group SID : S-1-5-21-3087833412-113499397-355877213-1004
Members :
Name : Production
Domain : MUMPORTAL001
Class : Win32_UserAccount
SID : S-1-5-21-3087833412-113499397-355877213-500

Group Name : KAVWSEE Administrators
Host Name : MUMPORTAL001
Group SID : S-1-5-21-3087833412-113499397-355877213-1003
Members :

Group Name : KLAdmins
Host Name : MUMPORTAL001
Group SID : S-1-5-21-3087833412-113499397-355877213-1001
Members :
Name : ksnproxy
Domain : NT SERVICE
Class : Win32_SystemAccount
SID :

Group Name : KLOperators
Host Name : MUMPORTAL001
Group SID : S-1-5-21-3087833412-113499397-355877213-1002
Members :

Group Name : ora_dba
Host Name : MUMPORTAL001
Group SID : S-1-5-21-3087833412-113499397-355877213-1009
Members :
Name : Production
Domain : MUMPORTAL001
Class : Win32_UserAccount
SID : S-1-5-21-3087833412-113499397-355877213-500

Group Name : SQLServer2005SQLBrowserUser$MUMPORTAL001
Host Name : MUMPORTAL001
Group SID : S-1-5-21-3087833412-113499397-355877213-1005
Members :
Name : SQLBrowser
Domain : NT SERVICE
Class : Win32_SystemAccount
SID :

Group Name : SQLServerMSASUser$MUMPORTAL001$MSSQLSERVER
Host Name : MUMPORTAL001
Group SID : S-1-5-21-3087833412-113499397-355877213-1006
Members :
Name : MSSQLServerOLAPService
Domain : NT SERVICE
Class : Win32_SystemAccount
SID :

Group Name : SQLServerMSSQLServerADHelperUser$MUMPORTAL001
Host Name : MUMPORTAL001
Group SID : S-1-5-21-3087833412-113499397-355877213-1010
Members :
Name : NETWORK SERVICE
Domain : MUMPORTAL001
Class : Win32_SystemAccount
SID : S-1-5-20
Name : SYSTEM
Domain : MUMPORTAL001
Class : Win32_SystemAccount
SID : S-1-5-18

Group Name : SQLServerMSSQLUser$MUMPORTAL001$SQLEXPRESS
Host Name : MUMPORTAL001
Group SID : S-1-5-21-3087833412-113499397-355877213-1011
Members :
Name : MSSQL$SQLEXPRESS
Domain : NT SERVICE
Class : Win32_SystemAccount
SID :

Group Name : SQLServerSQLAgentUser$MUMPORTAL001$SQLEXPRESS
Host Name : MUMPORTAL001
Group SID : S-1-5-21-3087833412-113499397-355877213-1012
Members :
Name : SQLAgent$SQLEXPRESS
Domain : NT SERVICE
Class : Win32_SystemAccount
SID :

Group Name : WSS_ADMIN_WPG
Host Name : MUMPORTAL001
Group SID : S-1-5-21-3087833412-113499397-355877213-1007
Members :

Group Name : WSS_WPG
Host Name : MUMPORTAL001
Group SID : S-1-5-21-3087833412-113499397-355877213-1008
Members :
72684 - Enumerate Users via WMI
-
Synopsis
Nessus was able to connect to a host via SMB to retrieve a list of users using WMI.
Description
Nessus was able to connect to a host via SMB to retrieve a list of users using WMI. Only identities that the authenticated SMB user has permissions to view will be retrieved by this plugin.

Note: Unable to query local Domain Controllers during Agent scans.
Rendering User data obtained by plugin 171956.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2014/02/25, Modified: 2025/12/15
Plugin Output

tcp/0


Name : admin
SID : S-1-5-21-3087833412-113499397-355877213-1025
Disabled : False
Lockout : False
Change password : True
Source : Local

Name : commoniis
SID : S-1-5-21-3087833412-113499397-355877213-1021
Disabled : False
Lockout : False
Change password : False
Source : Local

Name : CommonProduction
SID : S-1-5-21-3087833412-113499397-355877213-1022
Disabled : False
Lockout : False
Change password : False
Source : Local

Name : Complaince
SID : S-1-5-21-3087833412-113499397-355877213-1018
Disabled : False
Lockout : False
Change password : False
Source : Local

Name : compliance
SID : S-1-5-21-3087833412-113499397-355877213-1024
Disabled : False
Lockout : False
Change password : True
Source : Local

Name : DefaultAccount
SID : S-1-5-21-3087833412-113499397-355877213-503
Disabled : True
Lockout : False
Change password : True
Source : Local

Name : Guest
SID : S-1-5-21-3087833412-113499397-355877213-501
Disabled : True
Lockout : False
Change password : False
Source : Local

Name : IIS_USERS
SID : S-1-5-21-3087833412-113499397-355877213-1023
Disabled : False
Lockout : False
Change password : True
Source : Local

Name : Lkpadmin
SID : S-1-5-21-3087833412-113499397-355877213-1000
Disabled : False
Lockout : False
Change password : False
Source : Local

Name : mssqlserver_user$
SID : S-1-5-21-3087833412-113499397-355877213-1020
Disabled : False
Lockout : False
Change password : True
Source : Local

Name : Production
SID : S-1-5-21-3087833412-113499397-355877213-500
Disabled : False
Lockout : False
Change password : True
Source : Local

Name : RMS
SID : S-1-5-21-3087833412-113499397-355877213-1017
Disabled : False
Lockout : False
Change password : False
Source : Local

Name : sahil
SID : S-1-5-21-3087833412-113499397-355877213-1015
Disabled : False
Lockout : False
Change password : True
Source : Local

Name : tidua
SID : S-1-5-21-3087833412-113499397-355877213-1019
Disabled : False
Lockout : False
Change password : True
Source : Local

Name : ___VMware_Conv_SA___
SID : S-1-5-21-3087833412-113499397-355877213-1014
Disabled : False
Lockout : False
Change password : True
Source : Local

No. Of Users : 15
168980 - Enumerate the PATH Variables
-
Synopsis
Enumerates the PATH variable of the current scan user.
Description
Enumerates the PATH variables of the current scan user.
Solution
Ensure that directories listed here are in line with corporate policy.
Risk Factor
None
Plugin Information
Published: 2022/12/21, Modified: 2025/12/18
Plugin Output

tcp/0

Nessus has enumerated the path of the current scan user :

C:\Program Files\Common Files\Oracle\Java\javapath
C:\oracle\product\10.2.0\db_1\bin
C:\Windows\system32
C:\Windows
C:\Windows\System32\Wbem
C:\Windows\System32\WindowsPowerShell\v1.0\
C:\Program Files\Microsoft SQL Server\120\DTS\Binn\
C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\110\Tools\Binn\
C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\
C:\Program Files\Microsoft SQL Server\120\Tools\Binn\
C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\ManagementStudio\
C:\Program Files (x86)\Microsoft SQL Server\120\DTS\Binn\
C:\Program Files\Microsoft\Web Platform Installer\
C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\
C:\Program Files\Microsoft SQL Server\100\Tools\Binn\
C:\Program Files\Microsoft SQL Server\100\DTS\Binn\
C:\Program Files\Microsoft SQL Server\130\Tools\Binn\
C:\Program Files\dotnet\
C:\Program Files (x86)\dotnet\
C:\Program Files (x86)\Microsoft SQL Server\150\Tools\Binn\
C:\Program Files\Microsoft SQL Server\150\Tools\Binn\
C:\Program Files (x86)\Microsoft SQL Server\150\DTS\Binn\
C:\Program Files\Microsoft SQL Server\150\DTS\Binn\
C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn\
C:\Program Files (x86)\Microsoft SQL Server\160\DTS\Binn\
C:\Program Files\Azure Data Studio\bin
35716 - Ethernet Card Manufacturer Detection
-
Synopsis
The manufacturer can be identified from the Ethernet OUI.
Description
Each ethernet MAC address starts with a 24-bit Organizationally Unique Identifier (OUI). These OUIs are registered by IEEE.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/02/19, Modified: 2020/05/13
Plugin Output

tcp/0


The following card manufacturers were identified :

00:50:56:BC:47:5E : VMware, Inc.
86420 - Ethernet MAC Addresses
-
Synopsis
This plugin gathers MAC addresses from various sources and consolidates them into a list.
Description
This plugin gathers MAC addresses discovered from both remote probing of the host (e.g. SNMP and Netbios) and from running local checks (e.g. ifconfig). It then consolidates the MAC addresses into a single, unique, and uniform list.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2015/10/16, Modified: 2025/06/10
Plugin Output

tcp/0

The following is a consolidated list of detected MAC addresses:
- 00:50:56:BC:47:5E
92439 - Explorer Search History
-
Synopsis
Nessus was able to gather a list of items searched for in the Windows UI.
Description
Nessus was able to gather evidence of cached search results from Windows Explorer searches.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output

tcp/0


Explorer search history report attached.
56310 - Firewall Rule Enumeration
-
Synopsis
A firewall is configured on the remote host.
Description
Using the supplied credentials, Nessus was able to get a list of firewall rules from the remote host.

Note: The output for this plugin can be very long, and is not shown by default. To display it, enable verbose reporting in scan settings.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/09/28, Modified: 2020/09/11
Plugin Output

tcp/0

report output too big - ending list here

97860 - HPE Smart Storage Administrator Installed
-
Synopsis
An enterprise storage controller management application is installed on the remote Windows host.
Description
HPE Smart Storage Administrator, an enterprise storage controller management application, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0623
Plugin Information
Published: 2017/03/21, Modified: 2025/12/15
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Smart Storage Administrator\ssa\
Version : 2.60.18.0

84502 - HSTS Missing From HTTPS Server
-
Synopsis
The remote web server is not enforcing HSTS.
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
See Also
Solution
Configure the remote web server to use HSTS.
Risk Factor
None
Plugin Information
Published: 2015/07/02, Modified: 2024/08/09
Plugin Output

tcp/443/www


HTTP/1.1 404 Not Found

Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Fri, 09 Jan 2026 21:38:25 GMT
Connection: close
Content-Length: 315


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.
10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/443/www

The remote web server type is :

Microsoft-HTTPAPI/2.0

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/5800/www

The remote web server type is :

RealVNC/E4

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/5985/www

The remote web server type is :

Microsoft-HTTPAPI/2.0

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/47001/www

The remote web server type is :

Microsoft-HTTPAPI/2.0

12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2025/03/13
Plugin Output

tcp/0


172.17.100.60 resolves as MUMPORTAL001.

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2024/02/26
Plugin Output

tcp/80/www


Response Code : HTTP/1.1 301 Moved Permanently

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Type: text/html; charset=UTF-8
Location: http://lkp.net.in/
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000; preload
Content-Security-Policy: default-src=self
Referrer-Policy: strict-origin
Feature-Policy: geolocation 'self'
Access-Control-Allow-Methods: GET, POST
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex
Date: Fri, 09 Jan 2026 21:40:23 GMT
Content-Length: 141

Response Body :

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://lkp.net.in/">here</a></body>

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2024/02/26
Plugin Output

tcp/443/www


Response Code : HTTP/1.1 404 Not Found

Protocol version : HTTP/1.1
HTTP/2 TLS Support: Yes
HTTP/2 Cleartext Support: No
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Fri, 09 Jan 2026 21:40:16 GMT
Connection: close
Content-Length: 315

Response Body :

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2024/02/26
Plugin Output

tcp/5985/www


Response Code : HTTP/1.1 404 Not Found

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Fri, 09 Jan 2026 21:40:17 GMT
Connection: close
Content-Length: 315

Response Body :

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2024/02/26
Plugin Output

tcp/47001/www


Response Code : HTTP/1.1 404 Not Found

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Fri, 09 Jan 2026 21:40:17 GMT
Connection: close
Content-Length: 315

Response Body :

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2024/02/26
Plugin Output

tcp/49834/www


Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : no
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :

Content-Type: text/plain
Keep-Alive: timeout=5, max=100
Content-Length: 0

Response Body :

171410 - IP Assignment Method Detection
-
Synopsis
Enumerates the IP address assignment method(static/dynamic).
Description
Enumerates the IP address assignment method(static/dynamic).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/02/14, Modified: 2025/12/15
Plugin Output

tcp/0

+ Loopback Pseudo-Interface 1
+ IPv4
- Address : 127.0.0.1
Assign Method : static
+ IPv6
- Address : ::1
Assign Method : static
+ isatap.{7067690E-EA97-415D-B3CB-B712CDED4BD8}
+ IPv6
- Address : fe80::5efe:172.17.100.60%13
Assign Method : dynamic
+ Ethernet0
+ IPv4
- Address : 172.17.100.60
Assign Method : static
+ IPv6
- Address : fe80::1c11:4296:7923:6a60%11
Assign Method : dynamic
+ Teredo Tunneling Pseudo-Interface
+ IPv6
- Address : fe80::2492:83cf:cc5d:4f31%12
Assign Method : dynamic
- Address : 2001:0:2851:782c:2492:83cf:cc5d:4f31
Assign Method : dynamic

179947 - Intel CPUID detection
-
Synopsis
The processor CPUID was detected on the remote host.
Description
The CPUID of the Intel processor was detected on the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/08/18, Modified: 2025/12/15
Plugin Output

tcp/135/epmap

Nessus was able to extract the following cpuid: C06F2

92421 - Internet Explorer Typed URLs
-
Synopsis
Nessus was able to enumerate URLs that were manually typed into the Internet Explorer address bar.
Description
Nessus was able to generate a list URLs that were manually typed into the Internet Explorer address bar.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2024/05/08
Plugin Output

tcp/0

http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
https://download.microsoft.com/download/3/4/1/3415F3F9-5698-44FE-A072-D4AF09728390/ARRv2_setup_x64.EXE
https://lkp.net.in/
https://www.bseindia.com/help/Scrip.zip
https://api.telegram.org/bot5559022910:AAH9gwZDylg-AojAclKB1m91-A364dYLfjQ/sendMessage?chat_id=-1001631388131&text=Hello
http://api.telegram.org/bot5559022910:AAH9gwZDylg-AojAclKB1m91-A364dYLfjQ/sendMessage?chat_id=-1001631388131&text=Hello
http://middlewareapi.lkp.net.in/swagger
https://pay.lkp.net.in/fundtransfer
https://www.microsoft.com/en-us/software-download
https://www.google.co.in/
http://api.telegram.org/
http://whatsmyip.org/
http://spip/
http://lkp.net.in/
http://www.lkp.net.in/
https://core.telegram.org/bots
http://spip.lkp.net.in/
http://spip.lkp.net.in/SPIP_LandingPage.aspx
https://lkp.net.in/CTCL_Details.aspx
https://www.bseindia.com/downloads/Help/file
https://download.microsoft.com/
file:///C:/inetpub/logs/FailedReqLogFiles/W3SVC3/fr002912.xml
https://www.bseindia.com/downloads/Help/file/scrip.zip
https://www.microsoft.com/en-us/software-download/windows10
http://middlewareapi.lkp.net.in/swagger/index.html
https://pay.lkp.net.in/
https://pay.lkp.net.in/CoreAlerts/ClientDetail.html
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141

Internet Explorer typed URL report attached.

148499 - Java Detection and Identification (Windows)
-
Synopsis
Java is installed on the remote Windows host.
Description
One or more instances of Java are installed on the remote Windows host. This may include private JREs bundled with the Java Development Kit (JDK).

- This plugin attempts to detect Oracle and non-Oracle JRE instances such as Zulu Java, Amazon Corretto, AdoptOpenJDK, IBM Java, etc

- Additional instances of Java may be discovered if 'Perform thorough tests' is enabled.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0690
Plugin Information
Published: 2021/04/14, Modified: 2025/12/16
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Java\jdk-17\
Version : 17.0.12
Application : Oracle Java
Binary Location : C:\Program Files\Java\jdk-17\bin\java.exe
Details : This Java install appears to be Oracle Java, confirmed by associated
files (high confidence).
Detection Method : Found in Registry

65743 - Java JRE Enabled (Internet Explorer)
-
Synopsis
The remote host has Java JRE enabled for Internet Explorer.
Description
Java JRE is enabled in Internet Explorer. Internet Explorer is no longer supported by Microsoft.
See Also
Solution
Apply Microsoft 'Fix it' 50994 unless Java is needed.
Risk Factor
None
Plugin Information
Published: 2013/03/29, Modified: 2024/10/02
Plugin Output

tcp/445/cifs


Java is enabled for the following ActiveX controls and SIDs :
ActiveX CLSIDs :
{8AD9C840-044E-11D1-B3E9-00805F499D93}
{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-0017-0001-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-0017-0002-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-0017-0003-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-0017-0004-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-0017-0005-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-0017-0006-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}


Note that this check may be incomplete as Nessus can only check the
SIDs of logged on users.
65739 - Java JRE Universally Enabled
-
Synopsis
Java JRE has not been universally disabled on the remote host.
Description
Java JRE has not been universally disabled on the remote host via the Java control panel.
Note that while Java can be individually disabled for each browser, universally disabling Java prevents it from running for all users and browsers.
Functionality to disable Java universally in Windows may not be available in all versions of Java.
See Also
Solution
Disable Java universally unless it is needed.
Risk Factor
None
Plugin Information
Published: 2013/03/29, Modified: 2024/10/02
Plugin Output

tcp/445/cifs

53513 - Link-Local Multicast Name Resolution (LLMNR) Detection
-
Synopsis
The remote device supports LLMNR.
Description
The remote device answered to a Link-local Multicast Name Resolution (LLMNR) request. This protocol provides a name lookup service similar to NetBIOS or DNS. It is enabled by default on modern Windows versions.
See Also
Solution
Make sure that use of this software conforms to your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2011/04/21, Modified: 2023/10/17
Plugin Output

udp/5355/llmnr


According to LLMNR, the name of the remote host is 'MUMPORTAL001'.

160301 - Link-Local Multicast Name Resolution (LLMNR) Service Detection
-
Synopsis
Verify status of the LLMNR service on the remote host.
Description
The Link-Local Multicast Name Resolution (LLMNR) service allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link
See Also
Solution
Make sure that use of this software conforms to your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2022/04/28, Modified: 2022/12/29
Plugin Output

tcp/445/cifs


LLMNR Key SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableMulticast not found.

108761 - MSSQL Host Information in NTLM SSP
-
Synopsis
Nessus can obtain information about the host by examining the NTLM SSP message.
Description
Nessus can obtain information about the host by examining the NTLM SSP challenge issued during NTLM authentication, over MSSQL.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2018/03/30, Modified: 2025/12/15
Plugin Output

tcp/1433/mssql

Nessus was able to obtain the following information about the host, by
parsing the MSSQL server's NTLM SSP message:

Target Name: MUMPORTAL001
NetBIOS Domain Name: MUMPORTAL001
NetBIOS Computer Name: MUMPORTAL001
DNS Domain Name: MUMPORTAL001
DNS Computer Name: MUMPORTAL001
DNS Tree Name: unknown
Product Version: 10.0.14393

92424 - MUICache Program Execution History
-
Synopsis
Nessus was able to enumerate recently executed programs on the remote host.
Description
Nessus was able to query the MUIcache registry key to find evidence of program execution.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/16
Plugin Output

tcp/0

@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption
@%systemroot%\system32\wuaueng.dll,-400 : Windows Update
@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust
languagelist : en-US

108712 - Microsoft .NET Core SDK for Windows
-
Synopsis
.NET Core SDK is installed on the remote Windows host.
Description
.NET Core SDK, a managed software framework, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0654
Plugin Information
Published: 2018/03/29, Modified: 2025/12/15
Plugin Output

tcp/445/cifs


Nessus detected 3 installs of .NET Core SDK Windows:

Path : C:\\program files\dotnet\\sdk\1.1.0
Version : 1.1.0
File Version : 1.1.0.0

Path : C:\\program files\dotnet\\sdk\7.0.400
Version : 7.0.400
File Version : 7.4.23.36916

Path : C:\\program files\dotnet\\sdk\8.0.303
Version : 8.0.303
File Version : 8.3.324.31708
104668 - Microsoft .NET Core for Windows
-
Synopsis
.NET Core runtime is installed on the remote Windows host.
Description
.NET Core, a managed software framework, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0653
Plugin Information
Published: 2017/11/17, Modified: 2025/12/15
Plugin Output

tcp/445/cifs


Nessus detected 7 installs of .NET Core Windows:

Path : C:\Program Files\dotnet\shared\Microsoft.NetCore.App\3.1.3\
Version : 3.1.3.28628

Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\1.0.5\
Version : 1.0.5

Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\1.1.2\
Version : 1.1.2

Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.10\
Version : 7.0.10

Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.22\
Version : 8.0.22

Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.7\
Version : 8.0.7

Path : C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\8.0.22\
Version : 8.0.22
51351 - Microsoft .NET Framework Detection
-
Synopsis
A software framework is installed on the remote host.
Description
Microsoft .NET Framework, a software framework for Microsoft Windows operating systems, is installed on the remote host.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0655
Plugin Information
Published: 2010/12/20, Modified: 2025/10/15
Plugin Output

tcp/445/cifs


Nessus detected 5 installs of Microsoft .NET Framework:

Path : C:\Windows\Microsoft.NET\Framework64\v2.0.50727
Version : 2.0.50727
Full Version : 2.0.50727.4927
SP : 2

Path : C:\Windows\Microsoft.NET\Framework64\v3.0
Version : 3.0
Full Version : 3.0.30729.4926
SP : 2

Path : C:\Windows\Microsoft.NET\Framework64\v3.5\
Version : 3.5
Full Version : 3.5.30729.4926
SP : 1

Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Version : 4.7.2
Full Version : 4.7.03062
Install Type : Full
Release : 461814

Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Version : 4.7.2
Full Version : 4.7.03062
Install Type : Client
Release : 461814
99364 - Microsoft .NET Security Rollup Enumeration
-
Synopsis
This plugin enumerates installed Microsoft .NET security rollups.
Description
Nessus was able to enumerate the Microsoft .NET security rollups installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2017/04/14, Modified: 2025/10/23
Plugin Output

tcp/445/cifs


Nessus detected 2 installs of Microsoft .NET Framework:

Path : C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.security.dll
Version : 4.7.3701.0
.NET Version : 4.7.2
Associated KB : 4571694
Latest effective update level : 10_2020

Path : C:\Windows\Microsoft.NET\Framework\v2.0.50727\system.security.dll
Version : 2.0.50727.8953
.NET Version : 3.5
Associated KB : 4580346
Latest effective update level : 10_2020
104667 - Microsoft ASP .NET Core for Windows
-
Synopsis
ASP .NET Core runtime packages are installed on the remote Windows host.
Description
ASP .NET Core runtime, web application server side components, are installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0657
Plugin Information
Published: 2017/11/17, Modified: 2025/12/15
Plugin Output

tcp/445/cifs


Nessus detected 6 installs of ASP .NET Core Windows:

Path : C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\8.0.7
Version : 8.0.7

Path : C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\7.0.10
Version : 7.0.10

Path : C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\8.0.22
Version : 8.0.22

Path : C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\3.1.3
Version : 3.1.3

Path : C:\Program Files (x86)\dotnet\shared\Microsoft.AspNetCore.App\8.0.22
Version : 8.0.22

Path : C:\Program Files (x86)\dotnet\shared\Microsoft.AspNetCore.App\3.1.3
Version : 3.1.3

192148 - Microsoft Azure Data Studio Installed (Windows)
-
Synopsis
Microsoft Azure Data Studio is installed on the remote Windows host.
Description
Microsoft Azure Data Studio is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2024/03/15, Modified: 2025/12/15
Plugin Output

tcp/0


Path : C:\Program Files\Azure Data Studio\
Version : 1.41.2.0

72879 - Microsoft Internet Explorer Enhanced Security Configuration Detection
-
Synopsis
The remote host supports IE Enhanced Security Configuration.
Description
Nessus detects if the remote Windows host supports IE Enhanced Security Configuration (ESC) and if IE ESC features are enabled or disabled.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2014/03/07, Modified: 2025/12/15
Plugin Output

tcp/445/cifs


Type : Admin Groups
Is Enabled : True

Type : User Groups
Is Enabled : True

162560 - Microsoft Internet Explorer Installed
-
Synopsis
A web browser is installed on the remote Windows host.
Description
Microsoft Internet Explorer, a web browser bundled with Microsoft Windows, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2022/06/28, Modified: 2025/12/15
Plugin Output

tcp/0


Path : C:\Windows\system32\mshtml.dll
Version : 11.0.14393.4225

72367 - Microsoft Internet Explorer Version Detection
-
Synopsis
Internet Explorer is installed on the remote host.
Description
The remote Windows host contains Internet Explorer, a web browser created by Microsoft.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0509
Plugin Information
Published: 2014/02/06, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


Version : 11.4046.14393.0

139615 - Microsoft Internet Information Services (IIS) Installed
-
Synopsis
Checks Windows registry keys and executables for a Microsoft Internet Information Services (IIS) installation.
Description
Microsoft Internet Information Services installation (IIS) has been detected on the remote Windows host.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0030
XREF IAVT:0001-T-0944
Plugin Information
Published: 2020/08/17, Modified: 2025/12/15
Plugin Output

tcp/0


Path : C:\Windows\system32\inetsrv
Version : 10.0.14393.0

140655 - Microsoft Internet Information Services (IIS) Sites Enumeration
-
Synopsis
Checks IIS configuration file for configured sites and their bound addresses.
Description
Microsoft Internet Information Services configuration file has been parsed to extract information about the existing sites, their protocols, domains and IP addresses.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2020/09/18, Modified: 2025/12/15
Plugin Output

tcp/445/cifs

Nessus found the following sites configured on the remote host:
+ site name: uat.lkpconnect.net.in
+ binding 0
- IP address : *
- port : 80
- domain : uat.lkpconnect.net.in
- protocol : http
+ site name: lkpwealth
+ binding 0
- IP address : *
- port : 80
- domain : www.lkpwealth.com
- protocol : http
+ binding 1
- IP address : *
- port : 80
- domain : lkpwealth.com
- protocol : http
+ binding 2
- IP address : *
- port : 443
- domain : lkpwealth.com
- protocol : https
+ binding 3
- IP address : *
- port : 443
- domain : www.lkpwealth.com
- protocol : https
+ site name: new.lkp.net.in
+ binding 0
- IP address : *
- port : 80
- domain : new.lkp.net.in
- protocol : http
+ site name: trilogy.lkp.net.in
+ binding 0
- IP address : *
- port : 80
- domain : trilogy.lkp.net.in
- protocol : http
+ binding 1
- IP address : *
- port : 443
- domain : trilogy.lkp.net.in
- protocol : https
+ site name: www.avior.in
+ binding 0
- IP address : *
- port : 80
- domain : www.avior.in
- protocol : http
+ site name: lkpsecinfo
+ binding 0
- IP address : *
- port : 80
- domain : lkpsecinfo.com
- protocol : http
+ binding 1
- IP address : *
- port : 80
- domain : www.lkpsecinfo.com
- protocol : http
+ site name: spip.lkp.net.in
+ binding 0
- IP address : *
- port : 80
- domain : spip.lkp.net.in
- protocol : http
+ binding 1
- IP address : *
- port : 443
- domain : spip.lkp.net.in
- protocol : https
+ site name: lkpInsurance
+ binding 0
- IP address : *
- port : 80
- domain : test.lkp.net.in
- protocol : http
+ binding 1
- IP address : *
- port : 80
- domain : www.test.lkp.net.in
- protocol : http
+ site name: api.lkp.net.in
+ binding 0
- IP address : *
- port : 80
- domain : api.lkp.net.in
- protocol : http
+ binding 1
- IP address : *
- port : 443
- domain : api.lkp.net.in
- protocol : https
+ site name: www.lkponline.com
+ binding 0
- IP address : *
- port : 80
- domain : www.lkponline.com
- protocol : http
+ binding 1
- IP address : *
- port : 443
- domain : www.lkponline.com
- protocol : https
+ site name: MF_BackOffice
+ binding 0
- IP address : *
- port : 80
- domain : mf.lkp.net.in
- protocol : http
+ binding 1
- IP address : *
- port : 443
- domain : mf.lkp.net.in
- protocol : https
+ site name: test.lkp.net.in
+ binding 0
- IP address : *
- port : 80
- domain : test.lkp.net.in
- protocol : http
+ site name: ipo.lkp.net.in
+ binding 0
- IP address : *
- port : 80
- domain : ipo.lkp.net.in
- protocol : http
+ binding 1
- IP address : *
- port : 443
- domain : ipo.lkp.net.in
- protocol : https
+ site name: www.cashcow.asia
+ binding 0
- IP address : *
- port : 80
- domain : www.cashcow.asia
- protocol : http
+ site name: alphacommodities
+ binding 0
- IP address : *
- port : 80
- domain : www.alphacommodities.co.in
- protocol : http
+ site name: lkpconnect.net.in
+ binding 0
- IP address : *
- port : 80
- domain : lkpconnect.net.in
- protocol : http
+ binding 1
- IP address : *
- port : 443
- domain : lkpconnect.net.in
- protocol : https
+ site name: HREmployeeKit
+ binding 0
- IP address : *
- port : 80
- domain : welcome.lkp.net.in
- protocol : http
+ binding 1
- IP address : *
- port : 443
- domain : welcome.lkp.net.in
- protocol : https
+ site name: old.lkp.net.in
+ binding 0
- IP address : *
- port : 80
- domain : old.lkp.net.in
- protocol : http
+ site name: www.lkpfinance.com
+ binding 0
- IP address : *
- port : 80
- domain : lkpfinance.com
- protocol : http
+ binding 1
- IP address : *
- port : 80
- domain : www.lkpfinance.com
- protocol : http
+ binding 2
- IP address : *
- port : 443
- domain : www.lkpfinance.com
- protocol : https
+ binding 3
- IP address : *
- port : 443
- domain : lkpfinance.com
- protocol : https
+ site name: Dhansalahkar
+ binding 0
- IP address : *
- port : 80
- domain : dhansalahkar.com
- protocol : http
+ binding 1
- IP address : *
- port : 80
- domain : www.dhansalahkar.com
- protocol : http
+ site name: lkp.net.in
+ binding 0
- IP address : 172.17.100.60
- port : 80
- domain :
- protocol : http
+ binding 1
- IP address : 172.17.100.60
- port : 80
- domain : lkp.net.in
- protocol : http
+ binding 2
- IP address : localhost
- port :
- domain :
- protocol : net.msmq
+ binding 3
- IP address : localhost
- port :
- domain :
- protocol : msmq.formatname
+ binding 4
- IP address : *
- port : 443
- domain : www.lkp.net.in
- protocol : https
+ binding 5
- IP address : *
- port : 443
- domain : lkp.net.in
- protocol : https
+ site name: api.lkpconnect.net.in
+ binding 0
- IP address : *
- port : 80
- domain : api.lkpconnect.net.in
- protocol : http
+ binding 1
- IP address : *
- port : 443
- domain : api.lkpconnect.net.in
- protocol : https
+ site name: hrms.lkpsecinfo.com
+ binding 0
- IP address : *
- port : 80
- domain : hrms.lkpsecinfo.com
- protocol : http
+ site name: ia.lkp.net.in
+ binding 0
- IP address : *
- port : 80
- domain : ia.lkp.net.in
- protocol : http
+ binding 1
- IP address : *
- port : 443
- domain : ia.lkp.net.in
- protocol : https
66424 - Microsoft Malicious Software Removal Tool Installed
-
Synopsis
An antimalware application is installed on the remote Windows host.
Description
The Microsoft Malicious Software Removal Tool is installed on the remote host. This tool is an application that attempts to detect and remove known malware from Windows systems.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/05/15, Modified: 2023/01/10
Plugin Output

tcp/445/cifs


File : C:\Windows\system32\MRT.exe
Version : 5.86.17836.1
Release at last run : February 2021
Report infection information to Microsoft : Yes
174413 - Microsoft ODBC Driver for SQL Server Installed (Windows)
-
Synopsis
Microsoft ODBC Driver for SQL Server is installed on the remote Windows host.
Description
Microsoft ODBC Driver for SQL Server is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/04/17, Modified: 2025/12/15
Plugin Output

tcp/445/cifs


Path : C:\Windows\System32\msodbcsql17.dll
Version : 17.10.5.1
174405 - Microsoft OLE DB Driver for SQL Server Installed (Windows)
-
Synopsis
Microsoft OLE DB Driver for SQL Server is installed on the remote Windows host.
Description
Microsoft OLE DB Driver for SQL Server is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/04/17, Modified: 2025/12/15
Plugin Output

tcp/445/cifs


Path : C:\Windows\System32\msoledbsql.dll
Version : 18.6.7.0
93232 - Microsoft Office Compatibility Pack Installed (credentialed check)
-
Synopsis
A compatibility application is installed on the remote host.
Description
Microsoft Office Compatibility Pack, used to enable older versions of Microsoft Office applications to view and edit files created with newer versions of Microsoft Office applications, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0663
Plugin Information
Published: 2016/08/30, Modified: 2025/09/29
Plugin Output

tcp/445/cifs


Office Compatibility Pack is installed with the following components:

Component : Excel Converter
Version : 14.0.7015.1000
Path : C:\Program Files (x86)\Microsoft Office\Office14\Excelcnv.exe

Component : Word Converter
Version : 14.0.4762.1000
Path : C:\Program Files (x86)\Microsoft Office\Office14\Wordconv.exe
27524 - Microsoft Office Detection
-
Synopsis
The remote Windows host contains an office suite.
Description
Microsoft Office is installed on the remote host.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0505
Plugin Information
Published: 2007/10/23, Modified: 2025/10/14
Plugin Output

tcp/445/cifs


The remote host has the following Microsoft Office 2010 Service Pack 2 components installed :

- WordCnv : 14.0.4762.1000
- ExcelCnv : 14.0.7015.1000
- OneNote : 14.0.7015.1000
- Word : 14.0.7015.1000
- PowerPoint : 14.0.7015.1000
- Outlook : 14.0.7012.1000
- Excel : 14.0.7015.1000
- Publisher : 14.0.7011.1000

92425 - Microsoft Office File History
-
Synopsis
Nessus was able to enumerate files opened in Microsoft Office on the remote host.
Description
Nessus was able to gather evidence of files that were opened using any Microsoft Office application. The report was extracted from Office MRU (Most Recently Used) registry keys.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output

tcp/0

item 1
item 2
item 3
item 4
item 6
item 5
item 12
item 9
item 8
item 11
max display
item 10
item 7
item 37
item 32
item 28
item 15
item 4
item 16
item 48
item 42
item 19
item 10
item 27
item 21
max display
item 34
item 24
item 6
item 50
item 40
item 35
item 31
item 18
item 45
item 49
item 29
item 8
item 2
item 41
item 3
item 43
item 13
item 1
item 38
item 36
item 17
item 11
item 26
item 5
item 20
item 46
item 39
item 30
item 7
item 12
item 23
item 22
item 47
item 44
item 14
item 25
item 9
item 33
item 1
item 2
item 3
item 4
item 6
item 5
item 12
item 9
item 8
item 11
max display
item 10
item 7
item 37
item 32
item 28
item 15
item 4
item 16
item 48
item 42
item 19
item 10
item 27
item 21
max display
item 34
item 24
item 6
item 50
item 40
item 35
item 31
item 18
item 45
item 49
item 29
item 8
item 2
item 41
item 3
item 43
item 13
item 1
item 38
item 36
item 17
item 11
item 26
item 5
item 20
item 46
item 39
item 30
item 7
item 12
item 23
item 22
item 47
item 44
item 14
item 25
item 9
item 33
item 1
item 2
item 3
item 4
item 6
item 5
item 12
item 9
item 8
item 11
max display
item 10
item 7
item 37
item 32
item 28
item 15
item 4
item 16
item 48
item 42
item 19
item 10
item 27
item 21
max display
item 34
item 24
item 6
item 50
item 40
item 35
item 31
item 18
item 45
item 49
item 29
item 8
item 2
item 41
item 3
item 43
item 13
item 1
item 38
item 36
item 17
item 11
item 26
item 5
item 20
item 46
item 39
item 30
item 7
item 12
item 23
item 22
item 47
item 44
item 14
item 25
item 9
item 33
item 1
item 2
item 3
item 4
item 6
item 5
item 12
item 9
item 8
item 11
max display
item 10
item 7
item 37
item 32
item 28
item 15
item 4
item 16
item 48
item 42
item 19
item 10
item 27
item 21
max display
item 34
item 24
item 6
item 50
item 40
item 35
item 31
item 18
item 45
item 49
item 29
item 8
item 2
item 41
item 3
item 43
item 13
item 1
item 38
item 36
item 17
item 11
item 26
item 5
item 20
item 46
item 39
item 30
item 7
item 12
item 23
item 22
item 47
item 44
item 14
item 25
item 9
item 33
item 1
item 2
item 3
item 4
item 6
item 5
item 12
item 9
item 8
item 11
max display
item 10
item 7
item 37
item 32
item 28
item 15
item 4
item 16
item 48
item 42
item 19
item 10
item 27
item 21
max display
item 34
item 24
item 6
item 50
item 40
item 35
item 31
item 18
item 45
item 49
item 29
item 8
item 2
item 41
item 3
item 43
item 13
item 1
item 38
item 36
item 17
item 11
item 26
item 5
item 20
item 46
item 39
item 30
item 7
item 12
item 23
item 22
item 47
item 44
item 14
item 25
item 9
item 33
item 1
item 2
item 3
item 4
item 6
item 5
item 12
item 9
item 8
item 11
max display
item 10
item 7
item 37
item 32
item 28
item 15
item 4
item 16
item 48
item 42
item 19
item 10
item 27
item 21
max display
item 34
item 24
item 6
item 50
item 40
item 35
item 31
item 18
item 45
item 49
item 29
item 8
item 2
item 41
item 3
item 43
item 13
item 1
item 38
item 36
item 17
item 11
item 26
item 5
item 20
item 46
item 39
item 30
item 7
item 12
item 23
item 22
item 47
item 44
item 14
item 25
item 9
item 33
item 1
item 2
item 3
item 4
item 6
item 5
item 12
item 9
item 8
item 11
max display
item 10
item 7
item 37
item 32
item 28
item 15
item 4
item 16
item 48
item 42
item 19
item 10
item 27
item 21
max display
item 34
item 24
item 6
item 50
item 40
item 35
item 31
item 18
item 45
item 49
item 29
item 8
item 2
item 41
item 3
item 43
item 13
item 1
item 38
item 36
item 17
item 11
item 26
item 5
item 20
item 46
item 39
item 30
item 7
item 12
item 23
item 22
item 47
item 44
item 14
item 25
item 9
item 33
item 1
item 2
item 3
item 4
item 6
item 5
item 12
item 9
item 8
item 11
max display
item 10
item 7
item 37
item 32
item 28
item 15
item 4
item 16
item 48
item 42
item 19
item 10
item 27
item 21
max display
item 34
item 24
item 6
item 50
item 40
item 35
item 31
item 18
item 45
item 49
item 29
item 8
item 2
item 41
item 3
item 43
item 13
item 1
item 38
item 36
item 17
item 11
item 26
item 5
item 20
item 46
item 39
item 30
item 7
item 12
item 23
item 22
item 47
item 44
item 14
item 25
item 9
item 33
item 1
item 2
item 3
item 4
item 6
item 5
item 12
item 9
item 8
item 11
max display
item 10
item 7
item 37
item 32
item 28
item 15
item 4
item 16
item 48
item 42
item 19
item 10
item 27
item 21
max display
item 34
item 24
item 6
item 50
item 40
item 35
item 31
item 18
item 45
item 49
item 29
item 8
item 2
item 41
item 3
item 43
item 13
item 1
item 38
item 36
item 17
item 11
item 26
item 5
item 20
item 46
item 39
item 30
item 7
item 12
item 23
item 22
item 47
item 44
item 14
item 25
item 9
item 33
item 1
item 2
item 3
item 4
item 6
item 5
item 12
item 9
item 8
item 11
max display
item 10
item 7
item 37
item 32
item 28
item 15
item 4
item 16
item 48
item 42
item 19
item 10
item 27
item 21
max display
item 34
item 24
item 6
item 50
item 40
item 35
item 31
item 18
item 45
item 49
item 29
item 8
item 2
item 41
item 3
item 43
item 13
item 1
item 38
item 36
item 17
item 11
item 26
item 5
item 20
item 46
item 39
item 30
item 7
item 12
item 23
item 22
item 47
item 44
item 14
item 25
item 9
item 33
item 1
item 2
item 3
item 4
item 6
item 5
item 12
item 9
item 8
item 11
max display
item 10
item 7
item 37
item 32
item 28
item 15
item 4
item 16
item 48
item 42
item 19
item 10
item 27
item 21
max display
item 34
item 24
item 6
item 50
item 40
item 35
item 31
item 18
item 45
item 49
item 29
item 8
item 2
item 41
item 3
item 43
item 13
item 1
item 38
item 36
item 17
item 11
item 26
item 5
item 20
item 46
item 39
item 30
item 7
item 12
item 23
item 22
item 47
item 44
item 14
item 25
item 9
item 33
item 1
item 2
item 3
item 4
item 6
item 5
item 12
item 9
item 8
item 11
max display
item 10
item 7
item 37
item 32
item 28
item 15
item 4
item 16
item 48
item 42
item 19
item 10
item 27
item 21
max display
item 34
item 24
item 6
item 50
item 40
item 35
item 31
item 18
item 45
item 49
item 29
item 8
item 2
item 41
item 3
item 43
item 13
item 1
item 38
item 36
item 17
item 11
item 26
item 5
item 20
item 46
item 39
item 30
item 7
item 12
item 23
item 22
item 47
item 44
item 14
item 25
item 9
item 33
item 1
item 2
item 3
item 4
item 6
item 5
item 12
item 9
item 8
item 11
max display
item 10
item 7
item 37
item 32
item 28
item 15
item 4
item 16
item 48
item 42
item 19
item 10
item 27
item 21
max display
item 34
item 24
item 6
item 50
item 40
item 35
item 31
item 18
item 45
item 49
item 29
item 8
item 2
item 41
item 3
item 43
item 13
item 1
item 38
item 36
item 17
item 11
item 26
item 5
item 20
item 46
item 39
item 30
item 7
item 12
item 23
item 22
item 47
item 44
item 14
item 25
item 9
item 33
item 1
item 2
item 3
item 4
item 6
item 5
item 12
item 9
item 8
item 11
max display
item 10
item 7
item 37
item 32
item 28
item 15
item 4
item 16
item 48
item 42
item 19
item 10
item 27
item 21
max display
item 34
item 24
item 6
item 50
item 40
item 35
item 31
item 18
item 45
item 49
item 29
item 8
item 2
item 41
item 3
item 43
item 13
item 1
item 38
item 36
item 17
item 11
item 26
item 5
item 20
item 46
item 39
item 30
item 7
item 12
item 23
item 22
item 47
item 44
item 14
item 25
item 9
item 33
item 1
item 2
item 3
item 4
item 6
item 5
item 12
item 9
item 8
item 11
max display
item 10
item 7
item 37
item 32
item 28
item 15
item 4
item 16
item 48
item 42
item 19
item 10
item 27
item 21
max display
item 34
item 24
item 6
item 50
item 40
item 35
item 31
item 18
item 45
item 49
item 29
item 8
item 2
item 41
item 3
item 43
item 13
item 1
item 38
item 36
item 17
item 11
item 26
item 5
item 20
item 46
item 39
item 30
item 7
item 12
item 23
item 22
item 47
item 44
item 14
item 25
item 9
item 33
item 1
item 2
item 3
item 4
item 6
item 5
item 12
item 9
item 8
item 11
max display
item 10
item 7
item 37
item 32
item 28
item 15
item 4
item 16
item 48
item 42
item 19
item 10
item 27
item 21
max display
item 34
item 24
item 6
item 50
item 40
item 35
item 31
item 18
item 45
item 49
item 29
item 8
item 2
item 41
item 3
item 43
item 13
item 1
item 38
item 36
item 17
item 11
item 26
item 5
item 20
item 46
item 39
item 30
item 7
item 12
item 23
item 22
item 47
item 44
item 14
item 25
item 9
item 33
item 1
item 2
item 3
item 4
item 6
item 5
item 12
item 9
item 8
item 11
max display
item 10
item 7
item 37
item 32
item 28
item 15
item 4
item 16
item 48
item 42
item 19
item 10
item 27
item 21
max display
item 34
item 24
item 6
item 50
item 40
item 35
item 31
item 18
item 45
item 49
item 29
item 8
item 2
item 41
item 3
item 43
item 13
item 1
item 38
item 36
item 17
item 11
item 26
item 5
item 20
item 46
item 39
item 30
item 7
item 12
item 23
item 22
item 47
item 44
item 14
item 25
item 9
item 33
item 1
item 2
item 3
item 4
item 6
item 5
item 12
item 9
item 8
item 11
max display
item 10
item 7
item 37
item 32
item 28
item 15
item 4
item 16
item 48
item 42
item 19
item 10
item 27
item 21
max display
item 34
item 24
item 6
item 50
item 40
item 35
item 31
item 18
item 45
item 49
item 29
item 8
item 2
item 41
item 3
item 43
item 13
item 1
item 38
item 36
item 17
item 11
item 26
item 5
item 20
item 46
item 39
item 30
item 7
item 12
item 23
item 22
item 47
item 44
item 14
item 25
item 9
item 33
item 1
item 2
item 3
item 4
item 6
item 5
item 12
item 9
item 8
item 11
max display
item 10
item 7
item 37
item 32
item 28
item 15
item 4
item 16
item 48
item 42
item 19
item 10
item 27
item 21
max display
item 34
item 24
item 6
item 50
item 40
item 35
item 31
item 18
item 45
item 49
item 29
item 8
item 2
item 41
item 3
item 43
item 13
item 1
item 38
item 36
item 17
item 11
item 26
item 5
item 20
item 46
item 39
item 30
item 7
item 12
item 23
item 22
item 47
item 44
item 14
item 25
item 9
item 33
item 1
item 2
item 3
item 4
item 6
item 5
item 12
item 9
item 8
item 11
max display
item 10
item 7
item 37
item 32
item 28
item 15
item 4
item 16
item 48
item 42
item 19
item 10
item 27
item 21
max display
item 34
item 24
item 6
item 50
item 40
item 35
item 31
item 18
item 45
item 49
item 29
item 8
item 2
item 41
item 3
item 43
item 13
item 1
item 38
item 36
item 17
item 11
item 26
item 5
item 20
item 46
item 39
item 30
item 7
item 12
item 23
item 22
item 47
item 44
item 14
item 25
item 9
item 33
item 1
item 2
item 3
item 4
item 6
item 5
item 12
item 9
item 8
item 11
max display
item 10
item 7
item 37
item 32
item 28
item 15
item 4
item 16
item 48
item 42
item 19
item 10
item 27
item 21
max display
item 34
item 24
item 6
item 50
item 40
item 35
item 31
item 18
item 45
item 49
item 29
item 8
item 2
item 41
item 3
item 43
item 13
item 1
item 38
item 36
item 17
item 11
item 26
item 5
item 20
item 46
item 39
item 30
item 7
item 12
item 23
item 22
item 47
item 44
item 14
item 25
item 9
item 33
C:\\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\Account Opening report.docx.LNK
C:\\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\BSEBhav_07122023.CSV.LNK
C:\\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\BSEVar_06012026.csv.LNK
C:\\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\Circuit_06012026_075328.csv.LNK
C:\\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\Client_Master_List.csv.LNK
C:\\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\cm19JUL2023bhav.csv.LNK
C:\\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
C:\\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\Documents.LNK
C:\\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\file.xlsx.LNK
C:\\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\index.dat
C:\\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\MCX AP as on 08.08.2019.xlsx.LNK
C:\\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\NIFTY 500_Historical_PR_20092025to04122025.csv.LNK
C:\\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\NIFTY 50_Historical_PR_20092025to04122025.csv.LNK
C:\\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\OTB_20240328_02.csv.LNK
C:\\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\To run or create the CKYC Integration Service on a Windows Server 2019.docx.LNK
C:\\Users\IIS_USERS\AppData\Roaming\Microsoft\Office\Recent\DP_Client_Master_List.LNK
C:\\Users\IIS_USERS\AppData\Roaming\Microsoft\Office\Recent\file.LNK
C:\\Users\IIS_USERS\AppData\Roaming\Microsoft\Office\Recent\index.dat
C:\\Users\mssqlserver_user$\AppData\Roaming\Microsoft\Office\Recent\index.dat
C:\\Users\mssqlserver_user$\AppData\Roaming\Microsoft\Office\Recent\Password Change Process in Outlook.LNK
C:\\Users\mssqlserver_user$\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK

User AppData recent used file report attached
Office MRU registry report attached.
92361 - Microsoft Office Macros Configuration
-
Synopsis
Nessus was able to collect and report Office macro configuration data for active accounts on the remote host.
Description
Nessus was able to collect Office macro configuration information for active accounts on the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/16
Plugin Output

tcp/0

Office macros information attached.
77605 - Microsoft OneNote Detection
-
Synopsis
The remote Windows host contains Microsoft OneNote.
Description
Microsoft OneNote is installed on the remote host.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0664
Plugin Information
Published: 2014/09/10, Modified: 2025/09/29
Plugin Output

tcp/0


Path : C:\Program Files (x86)\Microsoft Office\Office14\OneNote.exe
Version : 14.0.7015.1000
124120 - Microsoft Outlook Attachment Previewing Enabled
-
Synopsis
Microsoft Outlook application that is installed on the remote host has attachment previewing enabled.
Description
Microsoft Outlook application that is installed on the remote host has attachment previewing enabled.
Solution
Disable attachment previewing settings.
Risk Factor
None
Plugin Information
Published: 2019/04/17, Modified: 2019/04/17
Plugin Output

tcp/0

Outlook application in Microsoft Office 2010 has attachment previewing enabled.
92427 - Microsoft Paint Recent File History
-
Synopsis
Nessus was able to enumerate files opened in Microsoft Paint on the remote host.
Description
Nessus was able to generate a list of files opened using the Microsoft Paint program.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output

tcp/0

Production
- C:\Users\Administrator\Desktop\Untitled.png
- C:\Users\Administrator\Desktop\Untitled1.png
- C:\Users\Administrator\Desktop\Untitled3.png
- C:\Users\Administrator\Desktop\Untitled4.png
- D:\WebPortal\Intranet_New\Images\lkp.ico
- C:\Users\Administrator\Desktop\new_In.jpg
- C:\Users\Administrator\Desktop\Untitled5.png
- \\192.168.10.235\lkpsoft\Reported Issue\Kaspersky\Portal_19062024\Untitled.png

57033 - Microsoft Patch Bulletin Feasibility Check
-
Synopsis
Nessus is able to check for Microsoft patch bulletins.
Description
Using credentials supplied in the scan policy, Nessus is able to collect information about the software and patches installed on the remote Windows host and will use that information to check for missing Microsoft security updates.

Note that this plugin is purely informational.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/06, Modified: 2021/07/12
Plugin Output

tcp/445/cifs



Nessus is able to test for missing patches using :
Nessus

125835 - Microsoft Remote Desktop Connection Installed
-
Synopsis
A graphical interface connection utility is installed on the remote Windows host
Description
Microsoft Remote Desktop Connection (also known as Remote Desktop Protocol or Terminal Services Client) is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2019/06/12, Modified: 2022/10/10
Plugin Output

tcp/0


Path : C:\Windows\\System32\\mstsc.exe
Version : 10.0.14393.4169

11217 - Microsoft SQL Server Detection (credentialed check)
-
Synopsis
The remote host has a database server installed.
Description
Nessus has detected one or more installs of Microsoft SQL server by examining the registry and file systems on the remote host.
See Also
Solution
Ensure the latest service pack and hotfixes are installed.
Risk Factor
None
References
XREF IAVT:0001-T-0800
Plugin Information
Published: 2003/01/26, Modified: 2025/09/24
Plugin Output

tcp/445/cifs


Nessus detected 3 installs of Microsoft SQL Server:

Path : C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn
Version : 10.0.2531.0
arch : x64
instance_name : SQLEXPRESS
is_accessible_share : 1
local_db : 0
localdb : 0

Path : C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn
Version : 15.0.4335.1
arch : x64
instance_name : MSSQLSERVER
is_accessible_share : 1
local_db : 0
localdb : 0

Path : C:\Program Files\Microsoft SQL Server\130\LocalDB\Binn\
Version : 13.0.4001.0
arch : x64
instance_name : MSSQL13E.LOCALDB
is_accessible_share : 1
local_db : 1
localdb : 1


Nessus detected 4 installs of Microsoft SQL Server:

Version : 10.0.2531.0 (2008 SP1)
Edition : Express Edition
Path : C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn
Named Instance : SQLEXPRESS
Recommended Version : 10.0.6556 (2008 SP4 Meltdown/Spectre GDR (KB4057114)).

Version : 15.0.4335.1
Edition : Standard Edition
Path : C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn
Named Instance : MSSQLSERVER

Version : 13.0.4001.0
Edition : Express Edition
Path : C:\Program Files\Microsoft SQL Server\130\LocalDB\Binn\
Named Instance : MSSQL13E.LOCALDB
Recommended Version : 13.0.6419.1 (2016 GDR (KB5014355)).

69482 - Microsoft SQL Server STARTTLS Support
-
Synopsis
The remote service supports encrypting traffic.
Description
The remote Microsoft SQL Server service supports the use of encryption initiated during pre-login to switch from a cleartext to an encrypted communications channel.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/07/04, Modified: 2022/04/11
Plugin Output

tcp/1433/mssql


Here is the Microsoft SQL Server's SSL certificate that Nessus
was able to collect after sending a pre-login packet :

------------------------------ snip ------------------------------
Subject Name:

Common Name: SSL_Self_Signed_Fallback

Issuer Name:

Common Name: SSL_Self_Signed_Fallback

Serial Number: 51 2C 17 C3 3F 21 C4 92 42 19 4C 87 A1 DB AD F5

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Jan 09 14:12:15 2026 GMT
Not Valid After: Jan 09 14:12:15 2056 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 AF B5 E4 30 73 28 E4 E0 19 05 F4 4B 53 E1 0C 72 15 AD 84
E7 76 45 B5 AF 2C EB 67 AF 34 41 D1 05 A2 37 D3 B0 87 6F 26
46 A6 49 6A C6 43 39 03 69 37 18 3E 9C 71 93 B8 61 DE D3 1E
72 83 63 69 25 57 E9 61 69 CA C3 17 7A EA 00 6E 32 C9 D9 2E
2B CD E2 65 67 81 36 DB AB CE 42 F5 C7 2D D8 94 85 39 35 4E
0A EB 32 7A 88 6B 85 80 88 B9 60 B7 33 14 DA AC 28 3E 8A FB
75 6E 6F 94 6F EB 2B 79 43 39 1C 0C D8 B8 99 C4 83 5E 67 A0
52 BB 51 21 D6 98 71 B8 D8 FB 35 F6 57 84 B4 C8 05 C2 36 A7
1A 6F E3 E2 D9 EB 87 00 9C D5 63 C8 50 B5 A1 24 49 22 16 3B
EE 71 5B 6E 56 12 89 77 32 57 4C 8B A4 70 43 29 00 33 A5 95
7E D5 33 97 71 74 84 F8 0F F4 FA F0 4D A9 49 4B 5F 59 FE CC
89 82 3A 54 C8 01 9D 4E EF 6D E2 54 2E DA DC B6 5D 6C 4B 9D
2D 16 FB EC 28 3E 12 6B DA 5D 13 D1 1B 04 67 9B 79
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 0D C6 BD 26 43 37 E3 71 2A 0C 73 FB 8B 57 C9 40 6F 13 57
8A 79 E0 46 01 37 13 F2 8F C5 AC 61 74 6E 90 58 69 0E FA 07
08 74 A4 D3 23 66 D4 48 F7 D0 11 14 68 75 A2 4D EB 57 A0 44
A7 C3 16 2D F9 12 56 ED 91 9D 17 AA 71 FF 03 6F B9 77 67 85
54 CB 66 E4 50 AC 4C 58 89 B7 BF 1E 76 91 6C 20 A2 EF AC 95
0D 35 E8 18 EA F4 78 8D 0F 06 50 1D B4 93 84 0D 1A 4E 79 89
9D 39 44 68 8D 17 82 28 4E EB AC 5C 6D 85 23 7B 74 DF 2D 85
32 46 09 D9 51 BC 8D A7 26 5C 68 5D 82 6C EC B7 27 E9 DC 03
44 7C 3C D5 B8 40 F7 42 89 EF 04 DC 29 59 0F A2 C5 3C 0A F6
EE 7A CD 79 A5 01 07 90 97 C4 CF 63 49 D6 7E 38 3A 60 6A F3
90 44 71 44 1A 5A BD 87 EE 56 E8 74 E5 4D E1 A8 A8 7E 4C DC
BE DA AE 6E AF 8C 4A 7A 25 53 22 47 CB 6A 56 7E EB 48 6E EE
AA 21 39 EA 60 1E 47 A4 47 3A 5E 12 E9 3B 58 38 B5


------------------------------ snip ------------------------------


SQL Server Version : 15.0.4335.0
SQL Server Instance : MSSQLSERVER
10144 - Microsoft SQL Server TCP/IP Listener Detection
-
Synopsis
A database server is listening on the remote port.
Description
The remote host is running MSSQL, a database server from Microsoft. It is possible to extract the version number of the remote installation from the server pre-login response.
Solution
Restrict access to the database to allowed IPs only.
Risk Factor
None
References
XREF IAVT:0001-T-0800
Plugin Information
Published: 1999/10/12, Modified: 2024/07/29
Plugin Output

tcp/1433/mssql


Service : mssql-MSSQLSERVER
Version : 15.0.4335.0
InstanceName : MSSQLSERVER
Note : The remote MSSQL server accepts cleartext logins.

10674 - Microsoft SQL Server UDP Query Remote Version Disclosure
-
Synopsis
It is possible to determine the remote SQL server version.
Description
Microsoft SQL server has a function wherein remote users can query the database server for the version that is being run. The query takes place over the same UDP port that handles the mapping of multiple SQL server instances on the same machine.

It is important to note that, after Version 8.00.194, Microsoft decided not to update this function. This means that the data returned by the SQL ping is inaccurate for newer releases of SQL Server.
Solution
If there is only a single SQL instance installed on the remote host, consider filter incoming traffic to this port.
Risk Factor
None
Plugin Information
Published: 2001/05/25, Modified: 2018/03/13
Plugin Output

udp/1434


A 'ping' request returned the following information about the remote
SQL instances :

ServerName : MUMPORTAL001
InstanceName : MSSQLSERVER
IsClustered : No
Version : 15.0.2000.5
tcp : 1433
np : \\MUMPORTAL001\pipe\sql\query

ServerName : MUMPORTAL001
InstanceName : SQLEXPRESS
IsClustered : No
Version : 10.0.2531.0

93962 - Microsoft Security Rollup Enumeration
-
Synopsis
This plugin enumerates installed Microsoft security rollups.
Description
Nessus was able to enumerate the Microsoft security rollups installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/10/11, Modified: 2025/11/18
Plugin Output

tcp/445/cifs


Cumulative Rollup : 02_2021 [KB4601318]
Cumulative Rollup : 01_2021
Cumulative Rollup : 12_2020
Cumulative Rollup : 11_2020
Cumulative Rollup : 10_2020
Cumulative Rollup : 09_2020
Cumulative Rollup : 08_2020
Cumulative Rollup : 07_2020
Cumulative Rollup : 06_2020
Cumulative Rollup : 05_2020
Cumulative Rollup : 04_2020
Cumulative Rollup : 03_2020
Cumulative Rollup : 02_2020
Cumulative Rollup : 01_2020
Cumulative Rollup : 12_2019
Cumulative Rollup : 11_2019
Cumulative Rollup : 10_2019
Cumulative Rollup : 09_2019
Cumulative Rollup : 08_2019
Cumulative Rollup : 07_2019
Cumulative Rollup : 06_2019
Cumulative Rollup : 05_2019
Cumulative Rollup : 04_2019
Cumulative Rollup : 03_2019
Cumulative Rollup : 02_2019
Cumulative Rollup : 01_2019
Cumulative Rollup : 13_2018
Cumulative Rollup : 12_2018
Cumulative Rollup : 11_2018
Cumulative Rollup : 10_2018
Cumulative Rollup : 09_2018
Cumulative Rollup : 08_2018
Cumulative Rollup : 07_2018
Cumulative Rollup : 06_2018
Cumulative Rollup : 05_2018
Cumulative Rollup : 04_2018
Cumulative Rollup : 03_2018_2
Cumulative Rollup : 02_2018
Cumulative Rollup : 01_2018
Cumulative Rollup : 12_2017
Cumulative Rollup : 11_2017 [KB4048953]
Cumulative Rollup : 10_2017
Cumulative Rollup : 09_2017
Cumulative Rollup : 08_2017
Cumulative Rollup : 07_2017
Cumulative Rollup : 06_2017
Cumulative Rollup : 05_2017
Cumulative Rollup : 04_2017
Cumulative Rollup : 03_2017
Cumulative Rollup : 01_2017
Cumulative Rollup : 12_2016
Cumulative Rollup : 11_2016
Cumulative Rollup : 10_2016

Latest effective update level : 02_2021
File checked : C:\Windows\system32\ntoskrnl.exe
File version : 10.0.14393.4225
Associated KB : 4601318
50346 - Microsoft Update Installed
-
Synopsis
A software updating service is installed.
Description
Microsoft Update, an expanded version of Windows Update, is installed on the remote Windows host. This service provides updates for the operating system and Internet Explorer as well as other Windows software such as Microsoft Office, Exchange, and SQL Server.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/10/26, Modified: 2022/02/01
Plugin Output

tcp/445/cifs

131186 - Microsoft Visual Studio Integrated Shell Installed
-
Synopsis
The remote Windows host has one or more applications built on top of Microsoft Visual Studio Integrated Shell.
Description
Microsoft Visual Studio Integrated Shell, a base IDE to build tools and applications on top of Visual Studio, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2019/11/22, Modified: 2025/12/15
Plugin Output

tcp/445/cifs


Nessus detected 2 installs of Visual Studio Integrated Shell:

Path : C:\Program Files (x86)\Microsoft Visual Studio 14.0\
Version : 14.0.25420.1
Product : 2015

Path : C:\Program Files (x86)\Microsoft Visual Studio 11.0\
Version : 11.0.61219.0
Product : 2012
122546 - Microsoft Visual Studio Isolated Shell Installed
-
Synopsis
The remote Windows host has one or more applications built on top of Microsoft Visual Studio Isolated Shell.
Description
Microsoft Visual Studio Isolated Shell, a base IDE to build tools and applications on top of Visual Studio, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2019/03/04, Modified: 2025/12/15
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Microsoft Visual Studio 10.0\
Version : 10.0.40219.1
Product : 2010

265694 - Microsoft Visual Studio Tools for Applications Installed (Windows)
-
Synopsis
The remote Windows host has an integrated development environment installed.
Description
Microsoft Visual Studio Tools for Applications (VSTA) is a set of tools that independent software vendors (ISVs) can use to build customization abilities into their applications for both automation and extensibility, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/09/22, Modified: 2025/12/15
Plugin Output

tcp/0


Nessus detected 2 installs of Microsoft Visual Studio Tools for Applications:

Path : C:\Program Files\Common Files\Microsoft Shared\VSTA\15.0\Bin\VstaCore.dll
Version : 15.0.27520
product_version : 2017

Path : C:\Program Files\Common Files\Microsoft Shared\VSTA\16.0\Bin\VstaCore.dll
Version : 16.0.31110
product_version : 2019
249136 - Microsoft Web Deploy Installed (Windows)
-
Synopsis
Microsoft Web Deploy is installed on the remote Windows host.
Description
Microsoft Web Deploy is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/08/12, Modified: 2025/12/15
Plugin Output

tcp/0


Path : C:\Program Files\IIS\Microsoft Web Deploy V3\
Version : 10.0.1981

10902 - Microsoft Windows 'Administrators' Group User List
-
Synopsis
There is at least one user in the 'Administrators' group.
Description
Using the supplied credentials, it is possible to extract the member list of the 'Administrators' group. Members of this group have complete access to the remote system.
Solution
Verify that each member of the group should have this type of access.
Risk Factor
None
Plugin Information
Published: 2002/03/15, Modified: 2018/05/16
Plugin Output

tcp/445/cifs


The following users are members of the 'Administrators' group :

- MUMPORTAL001\Production (User)
- MUMPORTAL001\Lkpadmin (User)
- MUMPORTAL001\tidua (User)
- MUMPORTAL001\mssqlserver_user$ (User)
- MUMPORTAL001\IIS_USERS (User)
- MUMPORTAL001\admin (User)
48763 - Microsoft Windows 'CWDIllegalInDllSearch' Registry Setting
-
Synopsis
CWDIllegalInDllSearch Settings: Improper settings could allow code execution attacks.
Description
Windows Hosts can be hardened against DLL hijacking attacks by setting the The 'CWDIllegalInDllSearch' registry entry in to one of the following settings:

- 0xFFFFFFFF (Removes the current working directory from the default DLL search order)

- 1 (Blocks a DLL Load from the current working directory if the current working directory is set to a WebDAV folder)

- 2 (Blocks a DLL Load from the current working directory if the current working directory is set to a remote folder)
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/08/26, Modified: 2019/12/20
Plugin Output

tcp/445/cifs


Name : SYSTEM\CurrentControlSet\Control\Session Manager\CWDIllegalInDllSearch
Value : Registry Key Empty or Missing

92370 - Microsoft Windows ARP Table
-
Synopsis
Nessus was able to collect and report ARP table information from the remote host.
Description
Nessus was able to collect ARP table information from the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2025/12/15
Plugin Output

tcp/0

172.17.100.10 : 78-64-a0-ba-d1-47
172.17.100.31 : d4-f5-ef-60-4d-20
172.17.100.32 : d4-f5-ef-60-46-14
172.17.100.38 : 00-50-56-88-a7-ac
172.17.100.39 : 00-50-56-bc-4f-46
172.17.100.67 : 00-50-56-bc-cf-90
172.17.100.68 : 00-50-56-93-38-d4
172.17.100.70 : 00-50-56-bc-c1-4d
172.17.100.72 : 00-50-56-bc-09-f9
172.17.100.73 : 40-a8-f0-20-84-35
172.17.100.76 : 00-50-56-bc-ca-ab
172.17.100.79 : 00-50-56-bc-fe-be
172.17.100.83 : 00-50-56-bc-b4-9f
172.17.100.89 : 00-50-56-bc-78-62
172.17.100.101 : 78-64-a0-eb-7c-47
172.17.100.112 : 00-50-56-bc-7d-2b
172.17.100.120 : 00-50-56-bc-29-b3
172.17.100.137 : 00-50-56-bc-37-2c
172.17.100.145 : 00-50-56-93-ad-03
172.17.100.149 : 00-50-56-93-04-7f
172.17.100.154 : 00-50-56-bc-f3-c3
172.17.100.160 : 00-50-56-88-49-b4
172.17.100.164 : 00-50-56-88-81-ac
172.17.100.183 : 00-50-56-bc-ed-d0
172.17.100.184 : 00-50-56-bc-a7-99
172.17.100.186 : 00-50-56-bc-ad-94
172.17.100.207 : 00-50-56-bc-40-9f
172.17.100.222 : 24-5e-be-5c-14-77
172.17.100.223 : 24-5e-be-5c-14-76
172.17.100.241 : 00-50-56-bc-9f-6a
172.17.100.252 : b0-33-a6-3d-dd-81
172.17.100.254 : 1a-c2-41-87-f6-3d
172.17.100.255 : ff-ff-ff-ff-ff-ff
224.0.0.22 : 01-00-5e-00-00-16
224.0.0.251 : 01-00-5e-00-00-fb
224.0.0.252 : 01-00-5e-00-00-fc
224.0.0.253 : 01-00-5e-00-00-fd
239.255.255.250 : 01-00-5e-7f-ff-fa
255.255.255.255 : ff-ff-ff-ff-ff-ff

Extended ARP table information attached.
70615 - Microsoft Windows AutoRuns Boot Execute
-
Synopsis
Report programs that startup associates with session manager subsystem.
Description
Report registry startup locations associated with the session manager subsystem during boot time.

These registry keys start-up with the smss.exe service during boot time and perform system tasks that cannot be performed while Windows is running.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output

tcp/0

+ HKLM\System\CurrentControlSet\Control\Session Manager\bootexecute
- autocheck autochk /m /P \Device\HarddiskVolume6
70616 - Microsoft Windows AutoRuns Codecs
-
Synopsis
Report programs set to normally start with multimedia.
Description
Codecs are encoders and decoders for digital data streams commonly associated with video and audio playback.

The following keys are codecs that are set to start automatically to control different types of digital media encoding and decoding.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output

tcp/0


+ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
- vidc.yvu9 : tsbyuv.dll
- vidc.mrle : msrle32.dll
- vidc.iyuv : iyuv_32.dll
- wavemapper : msacm32.drv
- msacm.msadpcm : msadp32.acm
- vidc.yuy2 : msyuv.dll
- vidc.uyvy : msyuv.dll
- vidc.msvc : msvidc32.dll
- msacm.imaadpcm : imaadp32.acm
- msacm.msg711 : msg711.acm
- msacm.msgsm610 : msgsm32.acm
- msacm.l3acm : C:\Windows\System32\l3codeca.acm
- vidc.yvyu : msyuv.dll
- midimapper : midimap.dll
- vidc.i420 : iyuv_32.dll


+ HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
- vidc.yvu9 : tsbyuv.dll
- vidc.mrle : msrle32.dll
- vidc.iyuv : iyuv_32.dll
- wavemapper : msacm32.drv
- msacm.msadpcm : msadp32.acm
- vidc.yuy2 : msyuv.dll
- vidc.uyvy : msyuv.dll
- vidc.msvc : msvidc32.dll
- msacm.imaadpcm : imaadp32.acm
- msacm.msg711 : msg711.acm
- msacm.msgsm610 : msgsm32.acm
- msacm.l3acm : C:\Windows\SysWOW64\l3codeca.acm
- vidc.cvid : iccvid.dll
- vidc.yvyu : msyuv.dll
- midimapper : midimap.dll
- vidc.i420 : iyuv_32.dll


+ HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance
+ CLSID : {129D7E40-C10D-11D0-AFB9-00AA00B67A42}
- Name : DV Muxer
- Value : C:\Windows\System32\qdv.dll

+ CLSID : {1643E180-90F5-11CE-97D5-00AA0055595A}
- Name : Color Space Converter
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {187463A0-5BB7-11D3-ACBE-0080C75E246E}
- Name : WM ASF Reader
- Value : C:\Windows\System32\qasf.dll

+ CLSID : {1B544C20-FD0B-11CE-8C63-00AA0044B51E}
- Name : AVI Splitter
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {1DA08500-9EDC-11CF-BC10-00AA00AC74F6}
- Name : VGA 16 Color Ditherer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {1f26a602-2b5c-4b63-b8e8-9ea5c1a7dc2e}
- Name : SBE2MediaTypeProfile
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {212690FB-83E5-4526-8FD7-74478B7939CD}
- Name : Microsoft DTV-DVD Video Decoder
- Value : C:\Windows\System32\msmpeg2vdec.dll

+ CLSID : {280A3020-86CF-11D1-ABE6-00A0C905F375}
- Name : AC3 Parser Filter
- Value : C:\Windows\System32\mpg2splt.ax

+ CLSID : {2DB47AE5-CF39-43C2-B4D6-0CD8D90946F4}
- Name : StreamBufferSink
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {301056D0-6DFF-11D2-9EEB-006008039E37}
- Name : MJPEG Decompressor
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {336475D0-942A-11CE-A870-00AA002FEAB5}
- Name : MPEG-I Stream Splitter
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {33FACFE0-A9BE-11D0-A520-00A0D10129C0}
- Name : SAMI (CC) Parser
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {370A1D5D-DDEB-418C-81CD-189E0D4FA443}
- Name : VBI Codec
- Value : C:\Windows\System32\VBICodec.ax

+ CLSID : {3AE86B20-7BE8-11D1-ABE6-00A0C905F375}
- Name : MPEG-2 Splitter
- Value : C:\Windows\System32\mpg2splt.ax

+ CLSID : {3D07A539-35CA-447C-9B05-8D85CE924F9E}
- Name : Closed Captions Analysis Filter
- Value : C:\Windows\System32\cca.dll

+ CLSID : {3E458037-0CA6-41aa-A594-2AA6C02D709B}
- Name : SBE2FileScan
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {42150CD9-CA9A-4EA5-9939-30EE037F6E74}
- Name : Microsoft MPEG-2 Video Encoder
- Value : C:\Windows\System32\msmpeg2enc.dll

+ CLSID : {48025243-2D39-11CE-875D-00608CB78066}
- Name : Internal Script Command Renderer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {4A2286E0-7BEF-11CE-9BD9-0000E202599C}
- Name : MPEG Audio Decoder
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {4EB31670-9FC6-11CF-AF6E-00AA00B67A42}
- Name : DV Splitter
- Value : C:\Windows\System32\qdv.dll

+ CLSID : {51B4ABF3-748F-4E3B-A276-C828330E926A}
- Name : Video Mixing Renderer 9
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {5F5AFF4A-2F7F-4279-88C2-CD88EB39D144}
- Name : Microsoft MPEG-2 Encoder
- Value : C:\Windows\System32\msmpeg2enc.dll

+ CLSID : {6A08CF80-0E18-11CF-A24D-0020AFD79767}
- Name : ACM Wrapper
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}
- Name : Video Renderer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {6CFAD761-735D-4AA5-8AFC-AF91A7D61EBA}
- Name : MPEG-2 Video Stream Analyzer
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {6E8D4A20-310C-11D0-B79A-00AA003767A7}
- Name : Line 21 Decoder
- Value : CLSID is not set in HKCR\CLSID\

+ CLSID : {6F26A6CD-967B-47FD-874A-7AED2C9D25A2}
- Name : Video Port Manager
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {70E102B0-5556-11CE-97C0-00AA0055595A}
- Name : Video Renderer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {7B3BC2A0-AA50-4ae7-BD44-B03649EC87C2}
- Name : VPS Decoder
- Value : C:\Windows\System32\WSTPager.ax

+ CLSID : {7C23220E-55BB-11D3-8B16-00C04FB6BD3D}
- Name : WM ASF Writer
- Value : C:\Windows\System32\qasf.dll

+ CLSID : {814B9800-1C88-11D1-BAD9-00609744111A}
- Name : VBI Surface Allocator
- Value : %SystemRoot%\System32\vbisurf.ax

+ CLSID : {8596E5F0-0DA5-11D0-BD21-00A0C911CE86}
- Name : File writer
- Value : C:\Windows\System32\qcap.dll

+ CLSID : {9B8C4620-2C1A-11D0-8493-00A02438AD48}
- Name : DVD Navigator
- Value : C:\Windows\System32\qdvd.dll

+ CLSID : {A0025E90-E45B-11D1-ABE9-00A0C905F375}
- Name : Overlay Mixer2
- Value : CLSID is not set in HKCR\CLSID\

+ CLSID : {ACD453BC-C58A-44D1-BBF5-BFB325BE2D78}
- Name : Microsoft MPEG-2 Audio Encoder
- Value : C:\Windows\System32\msmpeg2enc.dll

+ CLSID : {AD6C8934-F31B-4F43-B5E4-0541C1452F6F}
- Name : WST Pager
- Value : C:\Windows\System32\WSTPager.ax

+ CLSID : {AFB6C280-2C41-11D3-8A60-0000F81E0E4A}
- Name : MPEG-2 Demultiplexer
- Value : C:\Windows\System32\mpg2splt.ax

+ CLSID : {B1B77C00-C3E4-11CF-AF79-00AA00B67A42}
- Name : DV Video Decoder
- Value : C:\Windows\System32\qdv.dll

+ CLSID : {C1F400A0-3F08-11D3-9F0B-006008039E37}
- Name : SampleGrabber
- Value : C:\Windows\System32\qedit.dll

+ CLSID : {C1F400A4-3F08-11D3-9F0B-006008039E37}
- Name : Null Renderer
- Value : C:\Windows\System32\qedit.dll

+ CLSID : {C666E115-BB62-4027-A113-82D643FE2D99}
- Name : MPEG-2 Sections and Tables
- Value : C:\Windows\System32\Mpeg2Data.ax

+ CLSID : {C9F5FE02-F851-4EB5-99EE-AD602AF1E619}
- Name : StreamBufferSource
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {CC58E280-8AA1-11D1-B3F1-00AA003761C5}
- Name : Smart Tee
- Value : C:\Windows\System32\qcap.dll

+ CLSID : {CD8743A1-3736-11D0-9E69-00C04FD7C15B}
- Name : Overlay Mixer
- Value : CLSID is not set in HKCR\CLSID\

+ CLSID : {CF49D4E0-1115-11CE-B03A-0020AF0BA770}
- Name : AVI Decompressor
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D3588AB0-0781-11CE-B03A-0020AF0BA770}
- Name : AVI/WAV File Source
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D51BD5A1-7548-11CF-A520-0080C77EF58A}
- Name : Wave Parser
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D51BD5A2-7548-11CF-A520-0080C77EF58A}
- Name : MIDI Parser
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D51BD5A3-7548-11CF-A520-0080C77EF58A}
- Name : Multi-file Parser
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D51BD5A5-7548-11CF-A520-0080C77EF58A}
- Name : File stream renderer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {E2448508-95DA-4205-9A27-7EC81E723B1A}
- Name : StreamBufferSink2
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {E2510970-F137-11CE-8B67-00AA00A3F1A6}
- Name : AVI Mux
- Value : C:\Windows\System32\qcap.dll

+ CLSID : {E4206432-01A1-4BEE-B3E1-3702C8EDC574}
- Name : Line 21 Decoder 2
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {E436EBB5-524F-11CE-9F53-0020AF0BA770}
- Name : File Source (Async.)
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {E436EBB6-524F-11CE-9F53-0020AF0BA770}
- Name : File Source (URL)
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {F8388A40-D5BB-11D0-BE5A-0080C706568E}
- Name : Infinite Pin Tee Filter
- Value : C:\Windows\System32\qcap.dll

+ CLSID : {FA10746C-9B63-4B6C-BC49-FC300EA5F256}
- Name : Enhanced Video Renderer
- Value : C:\Windows\System32\evr.dll

+ CLSID : {FC772AB0-0C7F-11D3-8FF2-00A0C9224CF4}
- Name : BDA MPEG2 Transport Information Filter
- Value : C:\Windows\System32\psisrndr.ax

+ CLSID : {FEB50740-7BEF-11CE-9BD9-0000E202599C}
- Name : MPEG Video Decoder
- Value : C:\Windows\System32\quartz.dll


+ HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance
+ CLSID : {129D7E40-C10D-11D0-AFB9-00AA00B67A42}
- Name : DV Muxer
- Value : C:\Windows\System32\qdv.dll

+ CLSID : {1643E180-90F5-11CE-97D5-00AA0055595A}
- Name : Color Space Converter
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {187463A0-5BB7-11D3-ACBE-0080C75E246E}
- Name : WM ASF Reader
- Value : C:\Windows\System32\qasf.dll

+ CLSID : {1B544C20-FD0B-11CE-8C63-00AA0044B51E}
- Name : AVI Splitter
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {1DA08500-9EDC-11CF-BC10-00AA00AC74F6}
- Name : VGA 16 Color Ditherer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {1f26a602-2b5c-4b63-b8e8-9ea5c1a7dc2e}
- Name : SBE2MediaTypeProfile
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {212690FB-83E5-4526-8FD7-74478B7939CD}
- Name : Microsoft DTV-DVD Video Decoder
- Value : C:\Windows\System32\msmpeg2vdec.dll

+ CLSID : {280A3020-86CF-11D1-ABE6-00A0C905F375}
- Name : AC3 Parser Filter
- Value : C:\Windows\System32\mpg2splt.ax

+ CLSID : {2DB47AE5-CF39-43C2-B4D6-0CD8D90946F4}
- Name : StreamBufferSink
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {301056D0-6DFF-11D2-9EEB-006008039E37}
- Name : MJPEG Decompressor
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {336475D0-942A-11CE-A870-00AA002FEAB5}
- Name : MPEG-I Stream Splitter
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {33FACFE0-A9BE-11D0-A520-00A0D10129C0}
- Name : SAMI (CC) Parser
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {370A1D5D-DDEB-418C-81CD-189E0D4FA443}
- Name : VBI Codec
- Value : C:\Windows\System32\VBICodec.ax

+ CLSID : {3AE86B20-7BE8-11D1-ABE6-00A0C905F375}
- Name : MPEG-2 Splitter
- Value : C:\Windows\System32\mpg2splt.ax

+ CLSID : {3D07A539-35CA-447C-9B05-8D85CE924F9E}
- Name : Closed Captions Analysis Filter
- Value : C:\Windows\System32\cca.dll

+ CLSID : {3E458037-0CA6-41aa-A594-2AA6C02D709B}
- Name : SBE2FileScan
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {42150CD9-CA9A-4EA5-9939-30EE037F6E74}
- Name : Microsoft MPEG-2 Video Encoder
- Value : C:\Windows\System32\msmpeg2enc.dll

+ CLSID : {48025243-2D39-11CE-875D-00608CB78066}
- Name : Internal Script Command Renderer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {4A2286E0-7BEF-11CE-9BD9-0000E202599C}
- Name : MPEG Audio Decoder
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {4EB31670-9FC6-11CF-AF6E-00AA00B67A42}
- Name : DV Splitter
- Value : C:\Windows\System32\qdv.dll

+ CLSID : {51B4ABF3-748F-4E3B-A276-C828330E926A}
- Name : Video Mixing Renderer 9
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {5F5AFF4A-2F7F-4279-88C2-CD88EB39D144}
- Name : Microsoft MPEG-2 Encoder
- Value : C:\Windows\System32\msmpeg2enc.dll

+ CLSID : {6A08CF80-0E18-11CF-A24D-0020AFD79767}
- Name : ACM Wrapper
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}
- Name : Video Renderer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {6CFAD761-735D-4AA5-8AFC-AF91A7D61EBA}
- Name : MPEG-2 Video Stream Analyzer
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {6E8D4A20-310C-11D0-B79A-00AA003767A7}
- Name : Line 21 Decoder
- Value : CLSID is not set in HKCR\CLSID\

+ CLSID : {6F26A6CD-967B-47FD-874A-7AED2C9D25A2}
- Name : Video Port Manager
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {70E102B0-5556-11CE-97C0-00AA0055595A}
- Name : Video Renderer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {7B3BC2A0-AA50-4ae7-BD44-B03649EC87C2}
- Name : VPS Decoder
- Value : C:\Windows\System32\WSTPager.ax

+ CLSID : {7C23220E-55BB-11D3-8B16-00C04FB6BD3D}
- Name : WM ASF Writer
- Value : C:\Windows\System32\qasf.dll

+ CLSID : {814B9800-1C88-11D1-BAD9-00609744111A}
- Name : VBI Surface Allocator
- Value : %SystemRoot%\System32\vbisurf.ax

+ CLSID : {8596E5F0-0DA5-11D0-BD21-00A0C911CE86}
- Name : File writer
- Value : C:\Windows\System32\qcap.dll

+ CLSID : {9B8C4620-2C1A-11D0-8493-00A02438AD48}
- Name : DVD Navigator
- Value : C:\Windows\System32\qdvd.dll

+ CLSID : {A0025E90-E45B-11D1-ABE9-00A0C905F375}
- Name : Overlay Mixer2
- Value : CLSID is not set in HKCR\CLSID\

+ CLSID : {A888DF60-1E90-11CF-AC98-00AA004C0FA9}
- Name : AVI Draw
- Value : CLSID is not set in HKCR\CLSID\

+ CLSID : {ACD453BC-C58A-44D1-BBF5-BFB325BE2D78}
- Name : Microsoft MPEG-2 Audio Encoder
- Value : C:\Windows\System32\msmpeg2enc.dll

+ CLSID : {AD6C8934-F31B-4F43-B5E4-0541C1452F6F}
- Name : WST Pager
- Value : C:\Windows\System32\WSTPager.ax

+ CLSID : {AFB6C280-2C41-11D3-8A60-0000F81E0E4A}
- Name : MPEG-2 Demultiplexer
- Value : C:\Windows\System32\mpg2splt.ax

+ CLSID : {B1B77C00-C3E4-11CF-AF79-00AA00B67A42}
- Name : DV Video Decoder
- Value : C:\Windows\System32\qdv.dll

+ CLSID : {C1F400A0-3F08-11D3-9F0B-006008039E37}
- Name : SampleGrabber
- Value : C:\Windows\System32\qedit.dll

+ CLSID : {C1F400A4-3F08-11D3-9F0B-006008039E37}
- Name : Null Renderer
- Value : C:\Windows\System32\qedit.dll

+ CLSID : {C666E115-BB62-4027-A113-82D643FE2D99}
- Name : MPEG-2 Sections and Tables
- Value : C:\Windows\System32\Mpeg2Data.ax

+ CLSID : {C9F5FE02-F851-4EB5-99EE-AD602AF1E619}
- Name : StreamBufferSource
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {CC58E280-8AA1-11D1-B3F1-00AA003761C5}
- Name : Smart Tee
- Value : C:\Windows\System32\qcap.dll

+ CLSID : {CD8743A1-3736-11D0-9E69-00C04FD7C15B}
- Name : Overlay Mixer
- Value : CLSID is not set in HKCR\CLSID\

+ CLSID : {CF49D4E0-1115-11CE-B03A-0020AF0BA770}
- Name : AVI Decompressor
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D3588AB0-0781-11CE-B03A-0020AF0BA770}
- Name : AVI/WAV File Source
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D51BD5A1-7548-11CF-A520-0080C77EF58A}
- Name : Wave Parser
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D51BD5A2-7548-11CF-A520-0080C77EF58A}
- Name : MIDI Parser
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D51BD5A3-7548-11CF-A520-0080C77EF58A}
- Name : Multi-file Parser
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D51BD5A5-7548-11CF-A520-0080C77EF58A}
- Name : File stream renderer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {E2448508-95DA-4205-9A27-7EC81E723B1A}
- Name : StreamBufferSink2
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {E2510970-F137-11CE-8B67-00AA00A3F1A6}
- Name : AVI Mux
- Value : C:\Windows\System32\qcap.dll

+ CLSID : {E4206432-01A1-4BEE-B3E1-3702C8EDC574}
- Name : Line 21 Decoder 2
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {E436EBB5-524F-11CE-9F53-0020AF0BA770}
- Name : File Source (Async.)
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {E436EBB6-524F-11CE-9F53-0020AF0BA770}
- Name : File Source (URL)
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {F8388A40-D5BB-11D0-BE5A-0080C706568E}
- Name : Infinite Pin Tee Filter
- Value : C:\Windows\System32\qcap.dll

+ CLSID : {FA10746C-9B63-4B6C-BC49-FC300EA5F256}
- Name : Enhanced Video Renderer
- Value : C:\Windows\System32\evr.dll

+ CLSID : {FC772AB0-0C7F-11D3-8FF2-00A0C9224CF4}
- Name : BDA MPEG2 Transport Information Filter
- Value : C:\Windows\System32\psisrndr.ax

+ CLSID : {FEB50740-7BEF-11CE-9BD9-0000E202599C}
- Name : MPEG Video Decoder
- Value : C:\Windows\System32\quartz.dll


+ HKLM\Software\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance
+ CLSID : {5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}
- Name : Microsoft Camera Raw Decoder
- Value : C:\Windows\System32\WindowsCodecsRaw.dll


+ HKLM\Software\Wow6432Node\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance
+ CLSID : {5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}
- Name : Microsoft Camera Raw Decoder
- Value : C:\Windows\System32\WindowsCodecsRaw.dll


70617 - Microsoft Windows AutoRuns Explorer
-
Synopsis
Reports programs that startup associates with the explorer process.
Description
Report the startup locations associated with the explorer.exe process.

These items could add controls to menus, add extensions for common protocols such as HTTP or FTP, or set control user activity with the desktop and control panels.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output

tcp/0


+ HKLM\SOFTWARE\Classes\Protocols\Filter
+ CLSID : {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
- Name : application/octet-stream
- Value : C:\Windows\System32\mscoree.dll

+ CLSID : {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
- Name : application/x-complus
- Value : C:\Windows\System32\mscoree.dll

+ CLSID : {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
- Name : application/x-msdownload
- Value : C:\Windows\System32\mscoree.dll

+ CLSID : {807573E5-5146-11D5-A672-00B0D022E945}
- Name : text/xml
- Value : C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL


+ HKLM\SOFTWARE\Classes\Protocols\Handler
+ CLSID : {3050F406-98B5-11CF-BB82-00AA00BDCE0B}
- Name : about
- Value : C:\Windows\System32\mshtml.dll

+ CLSID : {3dd53d40-7b8b-11D0-b013-00aa0059ce02}
- Name : cdl
- Value : C:\Windows\System32\urlmon.dll

+ CLSID : {12D51199-0DB5-46FE-A120-47A3D7D937CC}
- Name : dvd
- Value : C:\Windows\System32\msvidctl.dll

+ CLSID : {79eac9e7-baf9-11ce-8c82-00aa004ba90b}
- Name : file
- Value : C:\Windows\System32\urlmon.dll

+ CLSID : {79eac9e3-baf9-11ce-8c82-00aa004ba90b}
- Name : ftp
- Value : C:\Windows\System32\urlmon.dll

+ CLSID : {24F45006-5BD9-41B7-9BD9-5F8921C8EBD1}
- Name : hpapp
- Value : C:\Program Files\Compaq\Cpqacuxe\Bin\hpapp.dll

+ CLSID : {79eac9e2-baf9-11ce-8c82-00aa004ba90b}
- Name : http
- Value : C:\Windows\System32\urlmon.dll

+ CLSID : {79eac9e5-baf9-11ce-8c82-00aa004ba90b}
- Name : https
- Value : C:\Windows\System32\urlmon.dll

+ CLSID : {9D148291-B9C8-11D0-A4CC-0000F80149F6}
- Name : its
- Value : C:\Windows\System32\itss.dll

+ CLSID : {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}
- Name : javascript
- Value : C:\Windows\System32\mshtml.dll

+ CLSID : {79eac9e7-baf9-11ce-8c82-00aa004ba90b}
- Name : local
- Value : C:\Windows\System32\urlmon.dll

+ CLSID : {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}
- Name : mailto
- Value : C:\Windows\System32\mshtml.dll

+ CLSID : {05300401-BCBC-11d0-85E3-00C04FD85AB4}
- Name : mhtml
- Value : C:\Windows\System32\inetcomm.dll

+ CLSID : {79eac9e6-baf9-11ce-8c82-00aa004ba90b}
- Name : mk
- Value : C:\Windows\System32\urlmon.dll

+ CLSID : {314111c7-a502-11d2-bbca-00c04f8ec294}
- Name : ms-help
- Value :

+ CLSID : {9D148291-B9C8-11D0-A4CC-0000F80149F6}
- Name : ms-its
- Value : C:\Windows\System32\itss.dll

+ CLSID : {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}
- Name : res
- Value : C:\Windows\System32\mshtml.dll

+ CLSID : {14654CA6-5711-491D-B89A-58E571679951}
- Name : tbauth
- Value : C:\Windows\System32\tbauth.dll

+ CLSID : {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}
- Name : tv
- Value : C:\Windows\System32\msvidctl.dll

+ CLSID : {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}
- Name : vbscript
- Value : C:\Windows\System32\mshtml.dll

+ CLSID : {14654CA6-5711-491D-B89A-58E571679951}
- Name : windows.tbauth
- Value : C:\Windows\System32\tbauth.dll


+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
+ CLSID : {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
- Name : webcheck
- Value :


+ HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
+ CLSID : {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
- Name : webcheck
- Value :


+ HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
+ CLSID : {B298D29A-A6ED-11DE-BA8C-A68E55D89593}
- Name : ANotepad++64
- Value : C:\Program Files (x86)\Notepad++\NppShell_06.dll

+ CLSID : {85BBD920-42A0-1069-A2E4-08002B30309D}
- Name : BriefcaseMenu
- Value : %SystemRoot%\system32\syncui.dll

+ CLSID : {AE81D5A2-A34B-4D93-8DF8-540DBCE48043}
- Name : Kaspersky Anti-Virus 21.15
- Value : C:\Program Files (x86)\Kaspersky Lab\KES.12.3.0\x64\shellex.dll

+ CLSID : {09799AFB-AD67-11d1-ABCD-00C04FC30936}
- Name : Open With
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {A470F8CF-A1E8-4f65-8335-227475AA5C46}
- Name : Open With EncryptionMenu
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
- Name : Sharing
- Value : %SystemRoot%\system32\ntshrui.dll

+ CLSID : {B41DB860-64E4-11D2-9906-E49FADC173CA}
- Name : WinRAR
- Value : C:\Program Files\WinRAR\rarext.dll

+ CLSID : {B41DB860-8EE4-11D2-9906-E49FADC173CA}
- Name : WinRAR32
- Value :

+ CLSID : {90AA3A4E-1CBA-4233-B8BB-535773D48449}
- Name : Taskband Pin
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
- Name : Start Menu Pin
- Value : %SystemRoot%\system32\shell32.dll


+ HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers
+ CLSID : {85BBD920-42A0-1069-A2E4-08002B30309D}
- Name : BriefcasePage
- Value : %SystemRoot%\system32\syncui.dll

+ CLSID : {7444C719-39BF-11D1-8CD9-00C04FC29D45}
- Name : CryptoSignMenu
- Value : %SystemRoot%\system32\cryptext.dll

+ CLSID : {1f2e5c40-9550-11ce-99d2-00aa006e086c}
- Name :
- Value : %SystemRoot%\system32\rshx32.dll

+ CLSID : {3EA48300-8CF6-101B-84FB-666CCB9BCD32}
- Name : OLE DocFile Property Page
- Value : %SystemRoot%\system32\docprop.dll

+ CLSID : {883373C3-BF89-11D1-BE35-080036B11A03}
- Name : Summary Properties Page
- Value : %SystemRoot%\system32\shell32.dll


+ HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
+ CLSID : {f3d06e7c-1e45-4a26-847e-f9fcdee59be0}
- Name : CopyAsPathMenu
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {7BA4C740-9E81-11CF-99D3-00AA004AE837}
- Name : SendTo
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {474C98EE-CF3D-41f5-80E3-4AAB0AB04301}
- Name :
- Value : %SystemRoot%\System32\cscui.dll

+ CLSID : {596AB062-B4D2-4215-9F74-E9109B0A8153}
- Name :
- Value : %SystemRoot%\system32\twext.dll

+ CLSID : {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
- Name : Start Menu Pin
- Value : %SystemRoot%\system32\shell32.dll


+ HKLM\Software\Classes\AllFileSystemObjects\ShellEx\PropertySheetHandlers
+ CLSID : {596AB062-B4D2-4215-9F74-E9109B0A8153}
- Name :
- Value : %SystemRoot%\system32\twext.dll

+ CLSID : {7EFA68C6-086B-43e1-A2D2-55A113531240}
- Name :
- Value : %SystemRoot%\System32\cscui.dll


+ HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
+ CLSID : {A470F8CF-A1E8-4f65-8335-227475AA5C46}
- Name : EncryptionMenu
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {AE81D5A2-A34B-4D93-8DF8-540DBCE48043}
- Name : Kaspersky Anti-Virus 21.15
- Value : C:\Program Files (x86)\Kaspersky Lab\KES.12.3.0\x64\shellex.dll

+ CLSID : {474C98EE-CF3D-41f5-80E3-4AAB0AB04301}
- Name : Offline Files
- Value : %SystemRoot%\System32\cscui.dll

+ CLSID : {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
- Name : Sharing
- Value : %SystemRoot%\system32\ntshrui.dll

+ CLSID : {596AB062-B4D2-4215-9F74-E9109B0A8153}
- Name :
- Value : %SystemRoot%\system32\twext.dll


+ HKLM\Software\Classes\Directory\Shellex\PropertySheetHandlers
+ CLSID : {7EFA68C6-086B-43e1-A2D2-55A113531240}
- Name : Offline Files
- Value : %SystemRoot%\System32\cscui.dll

+ CLSID : {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
- Name : Sharing
- Value : %SystemRoot%\system32\ntshrui.dll

+ CLSID : {1f2e5c40-9550-11ce-99d2-00aa006e086c}
- Name :
- Value : %SystemRoot%\system32\rshx32.dll

+ CLSID : {4a7ded0a-ad25-11d0-98a8-0800361b1103}
- Name :
- Value : %SystemRoot%\system32\mydocs.dll

+ CLSID : {596AB062-B4D2-4215-9F74-E9109B0A8153}
- Name :
- Value : %SystemRoot%\system32\twext.dll

+ CLSID : {ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}
- Name :
- Value : C:\Windows\System32\DfsShlEx.dll

+ CLSID : {ef43ecfe-2ab9-4632-bf21-58909dd177f0}
- Name :
- Value : %SystemRoot%\system32\shell32.dll


+ HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers
+ CLSID : {217FC9C0-3AEA-1069-A2DB-08002B30309D}
- Name : FileSystem
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {40dd6e20-7c17-11ce-a804-00aa003ca9f6}
- Name : Sharing
- Value : %SystemRoot%\system32\ntshrui.dll


+ HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
+ CLSID : {D969A300-E7FF-11d0-A93B-00A0C90F2719}
- Name : New
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
- Name : Sharing
- Value : %SystemRoot%\system32\ntshrui.dll


+ HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
+ CLSID : {85BBD920-42A0-1069-A2E4-08002B30309D}
- Name : BriefcaseMenu
- Value : %SystemRoot%\system32\syncui.dll

+ CLSID : {AE81D5A2-A34B-4D93-8DF8-540DBCE48043}
- Name : Kaspersky Anti-Virus 21.15
- Value : C:\Program Files (x86)\Kaspersky Lab\KES.12.3.0\x64\shellex.dll

+ CLSID : {3dad6c5d-2167-4cae-9914-f99e41c12cfa}
- Name : Library Location
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {474C98EE-CF3D-41f5-80E3-4AAB0AB04301}
- Name : Offline Files
- Value : %SystemRoot%\System32\cscui.dll

+ CLSID : {470C0EBD-5D73-4d58-9CED-E91E22E23282}
- Name : PintoStartScreen
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {B41DB860-64E4-11D2-9906-E49FADC173CA}
- Name : WinRAR
- Value : C:\Program Files\WinRAR\rarext.dll

+ CLSID : {B41DB860-8EE4-11D2-9906-E49FADC173CA}
- Name : WinRAR32
- Value :

+ CLSID : {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
- Name : Start Menu Pin
- Value : %SystemRoot%\system32\shell32.dll


+ HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers
+ CLSID : {B41DB860-64E4-11D2-9906-E49FADC173CA}
- Name : WinRAR
- Value : C:\Program Files\WinRAR\rarext.dll

+ CLSID : {B41DB860-8EE4-11D2-9906-E49FADC173CA}
- Name : WinRAR32
- Value :

+ CLSID : {BD472F60-27FA-11cf-B8B4-444553540000}
- Name :
- Value : %SystemRoot%\system32\zipfldr.dll


+ HKLM\Software\Classes\Folder\ShellEx\PropertySheetHandlers
+ CLSID : {85BBD920-42A0-1069-A2E4-08002B30309D}
- Name : BriefcasePage
- Value : %SystemRoot%\system32\syncui.dll

+ CLSID : {7EFA68C6-086B-43e1-A2D2-55A113531240}
- Name : Offline Files
- Value : %SystemRoot%\System32\cscui.dll


+ HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
+ CLSID : {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}
- Name : EnhancedStorageShell
- Value : C:\Windows\System32\EhStorShell.dll

+ CLSID : {4E77131D-3629-431c-9818-C5679DC83E81}
- Name : Offline Files
- Value : %SystemRoot%\System32\cscui.dll


70619 - Microsoft Windows AutoRuns Internet Explorer
-
Synopsis
Report programs that startup associates with Internet Explorer.
Description
Report registry startup locations associated with the Internet Explorer (IE) application.

The startup values include Internet Explorer plugins to extend the functionality of IE, browser toolbars, hooks into browser controls, and settings.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output

tcp/0


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ CLSID : {B4F3A835-0E21-4959-BA22-42B3008E02FF}
- Name : URLRedirectionBHO
- Value : C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL


HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ CLSID : {B4F3A835-0E21-4959-BA22-42B3008E02FF}
- Name : URLRedirectionBHO
- Value : C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL


HKLM\Software\Microsoft\Internet Explorer\Extensions
+ CLSID : {2670000A-7350-4f3c-8081-5663EE0C6C49}
- Value : CLSID is not set in HKCR\CLSID\

+ CLSID : {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
- Value : CLSID is not set in HKCR\CLSID\


HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions
+ CLSID : {2670000A-7350-4f3c-8081-5663EE0C6C49}
- Value : CLSID is not set in HKCR\CLSID\

+ CLSID : {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
- Value : CLSID is not set in HKCR\CLSID\


70620 - Microsoft Windows AutoRuns Known DLLs
-
Synopsis
DLLs listed to be shared by processes.
Description
The known DLLs registry setting is used to define DLLs that are shared between processes without a process having to search for the DLL location.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output

tcp/0

+ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs
- imagehlp : IMAGEHLP.dll
- _wow64win : Wow64win.dll
- oleaut32 : OLEAUT32.dll
- normaliz : NORMALIZ.dll
- msvcrt : MSVCRT.dll
- shell32 : SHELL32.dll
- msctf : MSCTF.dll
- gdi32 : gdi32.dll
- nsi : NSI.dll
- advapi32 : advapi32.dll
- coml2 : coml2.dll
- clbcatq : clbcatq.dll
- shlwapi : SHLWAPI.dll
- psapi : PSAPI.DLL
- lpk : LPK.dll
- imm32 : IMM32.dll
- combase : combase.dll
- _wow64 : Wow64.dll
- user32 : user32.dll
- sechost : sechost.dll
- _wow64cpu : Wow64cpu.dll
- rpcrt4 : rpcrt4.dll
- kernel32 : kernel32.dll
- ws2_32 : WS2_32.dll
- wldap32 : WLDAP32.dll
- ole32 : ole32.dll
- difxapi : difxapi.dll
- setupapi : Setupapi.dll
- comdlg32 : COMDLG32.dll
- gdiplus : gdiplus.dll
70613 - Microsoft Windows AutoRuns LSA Providers
-
Synopsis
Programs set to start as Local Security Authority.
Description
An LSA (Local Security Authority) is an application that can be used to authorize users to their systems. The reported autoruns are available to provide this service or features to this service.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output

tcp/0



+ HKLM\SYSTEM\CurrentControlSet\Control\Lsa\authentication packages
- msv1_0


+ HKLM\SYSTEM\CurrentControlSet\Control\Lsa\notification packages
- rassfm
- scecli


+ HKLM\SYSTEM\CurrentControlSet\Control\Lsa\security packages
- ""
70621 - Microsoft Windows AutoRuns Logon
-
Synopsis
Report programs that start-up from the most common registry locations.
Description
Report the most common startup locations used by programs. These are commonly associated with programs that start automatically when the computer is turned on, users log in, users log off, or remote sessions are started.

Such keys can be set from a program install, GPO, or through a malicious process to maintain persistence.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output

tcp/0


+ HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd
- rdpclip


+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit
- C:\Windows\system32\userinit.exe


+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\vmapplet
- SystemPropertiesPerformance.exe /pagefile


+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell
- explorer.exe


+ HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot
- AlternateShell : cmd.exe


+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- Name : vmware user process
- Value : "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe" -n vmusr


+ HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
- Name : wscheduler
- Value : D:\LKPSOFT\SystemScheduler\WScheduler.exe /LOGON


+ HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
+ CLSID : >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
- Name : Microsoft Windows Media Player
- Value : %SystemRoot%\system32\unregmp2.exe /ShowWMP

+ CLSID : {2C7339CF-2B09-4501-B3F3-F3508C9228ED}
- Name : Themes Setup
- Value : /UserInstall

+ CLSID : {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
- Name : Microsoft Windows
- Value : "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

+ CLSID : {6BF52A52-394A-11d3-B153-00C04F79FAA6}
- Name : Microsoft Windows Media Player
- Value : %SystemRoot%\system32\unregmp2.exe /FirstLogon

+ CLSID : {89820200-ECBD-11cf-8B85-00AA005B4340}
- Name : Windows Desktop Update
- Value : U

+ CLSID : {89820200-ECBD-11cf-8B85-00AA005B4383}
- Name : Web Platform Customizations
- Value : C:\Windows\System32\ie4uinit.exe -UserConfig

+ CLSID : {89B4C1CD-B018-4511-B0A1-5476DBF70820}
- Name :
- Value : C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install

+ CLSID : {A509B1A7-37EF-4b3f-8CFC-4F3A74704073}
- Name : Applying Enhanced Security Configuration
- Value : "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iesetup.dll",IEHardenAdmin

+ CLSID : {A509B1A8-37EF-4b3f-8CFC-4F3A74704073}
- Name : Applying Enhanced Security Configuration
- Value : "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iesetup.dll",IEHardenUser


+ HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components
+ CLSID : >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
- Name : Microsoft Windows Media Player
- Value : %SystemRoot%\system32\unregmp2.exe /ShowWMP

+ CLSID : {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
- Name : Microsoft Windows
- Value : "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

+ CLSID : {6BF52A52-394A-11d3-B153-00C04F79FAA6}
- Name : Microsoft Windows Media Player
- Value : %SystemRoot%\system32\unregmp2.exe /FirstLogon

+ CLSID : {89B4C1CD-B018-4511-B0A1-5476DBF70820}
- Name :
- Value : C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install


+ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
- iconservicelib : IconCodecService.dll
- Load :


70622 - Microsoft Windows AutoRuns Network Providers
-
Synopsis
Report programs set to automatically start-up as a Network Provider.
Description
The DLLs listed under the registry key are used to provide network services for new protocols.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output

tcp/0


+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order\ProviderOrder
- LanmanWorkstation : %SystemRoot%\System32\ntlanman.dll
- RDPNP : %SystemRoot%\System32\drprov.dll

+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\HwOrder\ProviderOrder
- LanmanWorkstation : %SystemRoot%\System32\ntlanman.dll
- RDPNP : %SystemRoot%\System32\drprov.dll
70623 - Microsoft Windows AutoRuns Print Monitor
-
Synopsis
Report programs set to start automatically as a print monitor.
Description
Report the DLLs that control print monitor functions for multiple programs and systems.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output

tcp/0

+ HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
- Local Port : localspl.dll
- Standard TCP/IP Port : tcpmon.dll
- USB Monitor : usbmon.dll
- WSD Port : WSDMon.dll
70618 - Microsoft Windows AutoRuns Registry Hijack Possible Locations
-
Synopsis
Report common registry keys used to hijack execution.
Description
Report common registry keys that can be used to hijack system process execution.

These registry keys can be used to either replace execution or shim a process in the middle of execution to hijack control. Confirm that everything listed here is set to the appropriate settings and that it doesn't look like another process is taking control of the process's execution.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output

tcp/0


+ HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command
- Command : "%1" %*


+ HKLM\Software\Classes\.exe : exefile
- open : "%1" %*
- runas : "%1" %*
- runasuser :


+ HKLM\Software\Classes\.cmd : cmdfile
- edit : %SystemRoot%\System32\NOTEPAD.EXE %1
- open : "%1" %*
- print : %SystemRoot%\System32\NOTEPAD.EXE /p %1
- runas : %SystemRoot%\System32\cmd.exe /C "%1" %*
- runasuser :


+ HKLM\Software\Classes\.htm : htmlfile
- Edit : "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1
- open : "C:\Program Files\Internet Explorer\iexplore.exe" %1
- Print : "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1
- printto : "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4"


+ HKLM\Software\Classes\.html : htmlfile
- Edit : "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1
- open : "C:\Program Files\Internet Explorer\iexplore.exe" %1
- Print : "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1
- printto : "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4"


+ HKLM\Software\Classes\.doc : Word.Document.8
- Edit : "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /vu "%1"
- New : "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n /f "%1"
- OnenotePrintto : "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /j "%1" "%2"
- Open : "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "%1"
- OpenAsReadOnly : "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /h /n "%1"
- Print : "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /i "%1"
- Printto : "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /j "%1" "%2"
- ViewProtected : "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /vp "%1"


+ HKLM\Software\Classes\.docx : Word.Document.12
- Edit : "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /vu "%1"
- New : "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n /f "%1"
- OnenotePrintto : "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /j "%1" "%2"
- Open : "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "%1"
- OpenAsReadOnly : "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /h /n "%1"
- Print : "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /i "%1"
- Printto : "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /j "%1" "%2"
- ViewProtected : "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /vp "%1"


+ HKLM\Software\Classes\.vbs : VBSFile
- Edit : "%SystemRoot%\System32\Notepad.exe" %1
- Open : "%SystemRoot%\System32\WScript.exe" "%1" %*
- Open2 : "%SystemRoot%\System32\CScript.exe" "%1" %*
- Print : "%SystemRoot%\System32\Notepad.exe" /p %1


+ HKLM\Software\Classes\.txt : txtfile
- open : %SystemRoot%\system32\NOTEPAD.EXE %1
- print : %SystemRoot%\system32\NOTEPAD.EXE /p %1
- printto : %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"


+ HKLM\Software\Classes\.xls : Excel.Sheet.8
- Edit : "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde
- New : "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde /n
- Open : "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde
- OpenAsReadOnly : "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /h /dde
- Print : "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde
- Printto : "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde
- ViewProtected : "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde


+ HKLM\Software\Classes\.xml : xmlfile
- edit : "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb edit "%1"
- open : "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "%1"


+ HKLM\Software\Classes\.pif : piffile
- open : "%1" %*


+ HKLM\Software\Classes\.txt : txtfile
- open : %SystemRoot%\system32\NOTEPAD.EXE %1
- print : %SystemRoot%\system32\NOTEPAD.EXE /p %1
- printto : %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"



70624 - Microsoft Windows AutoRuns Report
-
Synopsis
Generate a CSV report of all autoruns.
Description
Collect all autoruns listed in the Windows autoruns plugins and report the primary content in a CSV report.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output

tcp/0


+Enabled Autoruns Detection Types
- LSA Provider
- Boot Execute
- WinLogon
- Known DLLs
- Winsock Provider
- Service
- Explorer
- Logon
- Codecs
- Driver
- Image Hijack
- Network Provider
- Scheduled Tasks
- Print Monitor
- Internet Explorer


The attached CSV contains information about Windows autoruns.
70625 - Microsoft Windows AutoRuns Scheduled Tasks
-
Synopsis
Report processes that start-up via the scheduled task manager.
Description
This plugin lists the scheduled tasks for the system. The scheduled tasks are often used to update software, for systems administrators to run processes, and can be used by malware to spread on systems.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output

tcp/0


+ Task
+ RegistrationInfo
- Date : 2023-11-30T10:34:09.1012641
- Author : MUMPORTAL001\Production
- URI : \AUTO_Archieve
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2023-12-01T04:00:00
+ ScheduleByWeek
- WeeksInterval : 1
+ DaysOfWeek
+ Monday
+ Tuesday
+ Wednesday
+ Thursday
+ Friday
+ Saturday
+ Actions
+ Exec
- Command : D:\Schedular\AUTO_BACKUPP\AUTO_BACKUPP\bin\Debug\netcoreapp3.1\AUTO_BACKUPP.exe

+ Task
+ RegistrationInfo
- Date : 2023-12-19T18:47:17.0483962
- Author : MUMPORTAL001\Production
- URI : \Check Scripmaster DB job
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2023-12-19T08:15:31
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : D:\Schedular\ScriptMasterPennyPALCHECK\ScriptMasterPennyPALCHECK\bin\Debug\ScriptMasterPennyPALCHECK.exe

+ Task
+ RegistrationInfo
- Date : 2023-11-06T10:32:04.9825845
- Author : MUMPORTAL001\Production
- URI : \CheckJamoonTradeFileOnServer
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2023-11-06T10:32:00
+ Repetition
- Interval : PT5M
- Duration : P1D
- StopAtDurationEnd : true
+ ScheduleByWeek
- WeeksInterval : 1
+ DaysOfWeek
+ Monday
+ Tuesday
+ Wednesday
+ Thursday
+ Friday
+ Actions
+ Exec
- Command : D:\Schedular\CheckJamoonTradeFileOnServer\CheckJamoonTradeFileOnServer\bin\Debug\netcoreapp3.1\CheckJamoonTradeFileOnServer.exe

+ Task
+ RegistrationInfo
- Date : 2023-03-08T19:30:52.8473825
- Author : MUMPORTAL001\Production
- URI : \CorporateActionFiles
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2023-03-08T18:13:28
+ Repetition
- Interval : PT30M
- Duration : PT12H
+ ScheduleByWeek
- WeeksInterval : 1
+ DaysOfWeek
+ Monday
+ Tuesday
+ Wednesday
+ Thursday
+ Friday
+ Actions
+ Exec
- Command : D:\Schedular\CorporateactionFileSchedular\CorporateactionFileSchedular\bin\Debug\CorporateactionFileSchedular.exe

+ Task
+ RegistrationInfo
- Date : 2023-09-01T10:35:15.4533817
- Author : MUMPORTAL001\Production
- Description : Create Zoho Contacts LKP (Incremental)
- URI : \Create Zoho Contacts LKP (Incremental)
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2023-09-02T11:15:00
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : D:\Schedular\CreateZohoContact\ZohoCreateContact.exe

+ Task
+ RegistrationInfo
- Date : 2023-09-18T17:36:22.0293165
- Author : MUMPORTAL001\Production
- Description : Create Zoho Contacts Pennypal (Incremental)
- URI : \Create Zoho Contacts Pennypal (Incremental)
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2023-09-19T07:30:00
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : D:\Schedular\CreateZohoContacts_Pennypal\ZohoCreateContact.exe

+ Task
+ RegistrationInfo
- Date : 2023-11-02T15:20:01.0899064
- Author : MUMPORTAL001\Production
- URI : \CTCL_Expiry_AutoMail_Reminder
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2023-11-06T06:00:00
+ ScheduleByWeek
- WeeksInterval : 1
+ DaysOfWeek
+ Monday
+ Actions
+ Exec
- Command : D:\Schedular\CTCL_CertificateExpiryReminderMailer\CTCL_CertificateExpiry_AutoMailer\bin\Debug\CTCL_CertificateExpiry_AutoMailer.exe

+ Task
+ RegistrationInfo
- Date : 2021-12-31T11:42:01.1776126
- Author : MUMPORTAL001\Production
- URI : \DAAK EscalationOnTAT
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2021-12-31T08:00:00
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : D:\WebPortal\Schedulers\DAAK\DocumentManagement_Scheduler.exe

+ Task
+ RegistrationInfo
- Author : WORKGROUP\MUMPORTAL001$
- Description : This scheduled task is created by Desktop Central Agent
- URI : \DCAgentUpdater
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Priority : 5
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2021-02-27T00:09:00
+ Repetition
- Interval : PT1H
- Duration : P1D
- StopAtDurationEnd : true
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : C:\Program Files (x86)\UEMS_Agent\bin\dcagentupgrader.exe
- Arguments : Task

+ Task
+ RegistrationInfo
- Date : 2023-11-06T20:42:37.7045643
- Author : MUMPORTAL001\Production
- URI : \E-Kyc Summary mail
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2023-11-07T08:00:00
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : D:\Schedular\KycSummaryMail\KycSummaryMail.exe

+ Task
+ RegistrationInfo
- Date : 2023-08-24T14:44:40.2779055
- Author : MUMPORTAL001\Production
- URI : \Fund Payout Request Failed 10 PM
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2023-08-24T22:00:00
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : "D:\Schedular\Fund Payout Request Failed\PayoutfailReminder.exe"

+ Task
+ RegistrationInfo
- Date : 2023-08-24T14:41:22.7173627
- Author : MUMPORTAL001\Production
- URI : \Fund Payout Request Failed 3.15 PM
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2023-08-24T15:15:00
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : "D:\Schedular\Fund Payout Request Failed\PayoutfailReminder.exe"

+ Task
+ RegistrationInfo
- Date : 2024-02-14T12:00:21.7771943
- Author : MUMPORTAL001\Production
- Description : This job will send the mails to the clients on their birthdays.
- URI : \HappyBirthdayMailShooter
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2024-02-15T08:00:00
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : D:\Schedular\HappyBirthdayMail\bin\Debug\net6.0\HappyBirthdayMail.exe

+ Task
+ RegistrationInfo
- Date : 2023-09-18T11:20:52.344781
- Author : MUMPORTAL001\Production
- URI : \Index File Upload NSE
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2023-09-18T05:43:46
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : D:\Schedular\ConsoleApp\ConsoleApp\bin\Debug\net47\ConsoleApp.exe

+ Task
+ RegistrationInfo
- Date : 2023-12-12T12:02:14.6073798
- Author : MUMPORTAL001\Production
- URI : \IPO Allotment
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2023-12-12T10:00:23
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : D:\Schedular\IPOAllotment\IPOAllotment\bin\Debug\IPOAllotment.exe

+ Task
+ RegistrationInfo
- Date : 2024-01-09T18:19:55.3533965
- Author : MUMPORTAL001\Production
- URI : \IPO_Advance
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2024-01-09T10:30:42
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : D:\Schedular\Advance_IPOApply\Advance_IPOApply\bin\Debug\Advance_IPOApply.exe

+ Task
+ RegistrationInfo
- Date : 2023-09-12T15:45:51.914846
- Author : MUMPORTAL001\Production
- Description : KRA Status By PAN
- URI : \KRA Status By PAN
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ TimeTrigger
- StartBoundary : 2023-09-13T08:00:00
+ Actions
+ Exec
- Command : D:\Schedular\KRAStatus\KRAPanStatus.exe

+ Task
+ RegistrationInfo
- Date : 2024-01-19T19:33:00.7501401
- Author : MUMPORTAL001\Production
- URI : \Liquiloans transaction
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2024-01-19T19:20:30
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : D:\Schedular\Liquiloans_transaction\Liquiloans_transaction\bin\Debug\Liquiloans_transaction.exe

+ Task
+ RegistrationInfo
- Date : 2024-07-19T17:38:07.0924923
- Author : MUMPORTAL001\Production
- Description : Author : Hritik, Assigned By : Haresh Sir
- URI : \Liquiloans_Revenue_Transaction_New
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : InteractiveToken
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2024-07-19T20:00:00
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : D:\Schedular\Liquiloans_Revenue_New\Liquiloans_Revenue_New\bin\Debug\Liquiloans_Revenue_New.exe

+ Task
+ RegistrationInfo
- Date : 2024-03-11T13:22:13.2172621
- Author : MUMPORTAL001\Production
- URI : \LKP_meonData
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2024-03-12T19:00:13
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : "D:\Schedular\BondKYCData\Referral Schedular\bin\Debug\Referral Schedular.exe"

+ Task
+ RegistrationInfo
- Date : 2023-12-20T17:22:30.6545998
- Author : MUMPORTAL001\Production
- URI : \Meon Add ClientRM
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2023-12-20T10:21:49
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : D:\Schedular\Meon_Rm_Add_Schedular\ConsoleApp1\bin\Debug\ConsoleApp1.exe

+ Task
+ RegistrationInfo
- Date : 2024-02-22T13:22:56.8241363
- Author : MUMPORTAL001\Production
- Description : For penny pal eKYC
- URI : \Meon Kyc Data update
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2024-02-22T20:01:51
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : "D:\Schedular\Referral Schedular\Referral Schedular\bin\Debug\Referral Schedular.exe"

+ Task
+ RegistrationInfo
- Date : 2019-09-16T11:27:52.5909514
- Author : MUMPORTAL001\production
- URI : \NRE ExcelFile
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ CalendarTrigger
- StartBoundary : 2019-09-16T07:00:00+05:30
- ExecutionTimeLimit : P3D
+ Repetition
- Interval : PT1H
- Duration : PT4H
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : D:\ExportExcel_OnlineNREFile\ExportToExcel.exe

+ Task
+ RegistrationInfo
- Date : 2023-06-07T19:27:46.1618454
- Author : MUMPORTAL001\Production
- URI : \NSE FTP API
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2023-06-07T22:30:22
+ ScheduleByWeek
- WeeksInterval : 1
+ DaysOfWeek
+ Monday
+ Tuesday
+ Wednesday
+ Thursday
+ Friday
+ Actions
+ Exec
- Command : "D:\Schedular\NSE FTP API\NSE_FTP_API\NSE_FTP_API\bin\Debug\NSE_FTP_API.exe"

+ Task
+ RegistrationInfo
- Date : 2023-09-18T12:19:24.3563037
- Author : MUMPORTAL001\Production
- URI : \NSEFTPALLFILES
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2023-09-18T12:18:33
+ Repetition
- Interval : PT1H
- Duration : P1D
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : D:\Schedular\ALLNSEFTP\NSEFTPALLFILES\NSEFTPALLFILES\bin\Debug\NSEFTPALLFILES.exe

+ Task
+ RegistrationInfo
- Date : 2023-02-24T11:53:43.7688533
- Author : MUMPORTAL001\Production
- URI : \NSEFTPRM
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2023-02-24T11:52:43
+ Repetition
- Interval : PT1H
- Duration : P1D
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : D:\Sahil\NSERMSFILES\NSERMSFILES\bin\Debug\NSERMSFILES.exe

+ Task
+ RegistrationInfo
- Date : 2023-06-07T19:28:49.4275893
- Author : MUMPORTAL001\Production
- URI : \NSENarnoliaFILES
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2023-06-07T21:28:12
+ Repetition
- Interval : PT10M
- Duration : PT1H
+ ScheduleByWeek
- WeeksInterval : 1
+ DaysOfWeek
+ Monday
+ Tuesday
+ Wednesday
+ Thursday
+ Friday
+ Actions
+ Exec
- Command : D:\Schedular\NSEAPINARNOLIA\NSEAPINARNOLIA\NSEAPINARNOLIA\bin\Debug\NSEAPINARNOLIA.exe

+ Task
+ RegistrationInfo
- Date : 2025-05-23T19:33:15.1535111
- Author : MUMPORTAL001\Production
- URI : \PNL FileDownload
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : InteractiveToken
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ TimeTrigger
- StartBoundary : 2025-05-27T20:30:00
+ Actions
+ Exec
- Command : D:\Schedular\PNLScheduler\bin\Release\PNLScheduler.exe

+ Task
+ RegistrationInfo
- Date : 2023-12-19T11:45:46.5246357
- Author : MUMPORTAL001\Production
- URI : \ScripMasterDB
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2023-12-19T07:04:22
+ Repetition
- Interval : PT30M
- Duration : PT1H
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : D:\Schedular\Scrip_master_job\Scrip_Master\bin\Debug\net46\Scrip_Master.exe

+ Task
+ RegistrationInfo
- Date : 2024-08-20T19:29:06.8438666
- Author : MUMPORTAL001\Production
- Description : ScripMasterDB New
- URI : \ScripMasterDB New
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2024-08-21T07:15:28
+ Repetition
- Interval : PT30M
- Duration : PT12H
+ ScheduleByWeek
- WeeksInterval : 1
+ DaysOfWeek
+ Monday
+ Tuesday
+ Wednesday
+ Thursday
+ Friday
+ Actions
+ Exec
- Command : D:\Schedular\Scrip_master_job_New\Scrip_Master\bin\Debug\net46\Scrip_Master.exe

+ Task
+ RegistrationInfo
- Date : 2023-12-28T15:01:27.5573242
- Author : MUMPORTAL001\Production
- URI : \Shrigoda_insurance_Daily_data
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2023-12-28T19:00:49
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : D:\Schedular\shrigoda_insurance_API\shrigoda_insurance_API\bin\Debug\shrigoda_insurance_API.exe

+ Task
+ RegistrationInfo
- Date : 2023-09-15T15:21:17.3722618
- Author : MUMPORTAL001\Production
- URI : \Symphony BO Schedular
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2023-09-15T16:00:45
+ Repetition
- Interval : PT5M
- Duration : PT30M
+ ScheduleByWeek
- WeeksInterval : 1
+ DaysOfWeek
+ Monday
+ Tuesday
+ Wednesday
+ Thursday
+ Friday
+ Actions
+ Exec
- Command : D:\Schedular\Symphony_BO_Schedular\Symphony_BO_Schedular\bin\Debug\Symphony_BO_Schedular.exe

+ Task
+ RegistrationInfo
- Date : 2024-12-07T11:48:03.9383321
- Author : MUMPORTAL001\Production
- Description : Author: Hritik, Assignee: Haresh Sir
- URI : \Trade_File
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2024-12-07T09:30:00
- ExecutionTimeLimit : P3D
+ Repetition
- Interval : PT5M
- Duration : P1D
+ ScheduleByWeek
- WeeksInterval : 1
+ DaysOfWeek
+ Monday
+ Tuesday
+ Wednesday
+ Thursday
+ Friday
+ Saturday
+ Actions
+ Exec
- Command : D:\Schedular\Trade_File_Scheduler\Trade_File_Scheduler\bin\Debug\Trade_File_Scheduler.exe

+ Task
+ RegistrationInfo
- Date : 2023-11-06T10:33:43.7096033
- Author : MUMPORTAL001\Production
- Description : Old Code
- URI : \Trade_File_Scheduler
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2023-11-06T09:30:00
+ Repetition
- Interval : PT5M
- Duration : P1D
+ ScheduleByWeek
- WeeksInterval : 1
+ DaysOfWeek
+ Monday
+ Tuesday
+ Wednesday
+ Thursday
+ Friday
+ Actions
+ Exec
- Command : D:\Trade_File_Scheduler\Trade_File_Scheduler\bin\Debug\Trade_File_Scheduler.exe

+ Task
+ RegistrationInfo
- Date : 2019-09-09T11:51:14.3210911
- Author : MUMPORTAL001\production
- Description : UpdateCurrency
- URI : \UpdateCurrency
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2019-09-09T11:50:14+05:30
+ Repetition
- Interval : PT2H
- Duration : P1D
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : D:\WebPortal\UpdateCurrency.bat

+ Task
+ RegistrationInfo
- Date : 2019-09-09T12:01:00.2142676
- Author : MUMPORTAL001\production
- Description : UpdateWorldIndicesData
- URI : \UpdateWorldIndicesData
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2019-09-09T08:00:13+05:30
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : D:\WebPortal\UpdateWorldIndicesData.bat

+ Task
+ RegistrationInfo
- Author : MUMPORTAL001\IIS_USERS
- Description : Updates out-of-date system feeds.
- URI : \User_Feed_Synchronization-{1F17F454-FFA3-4A9B-8CDF-F159ED8E4880}
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-1023
- LogonType : InteractiveToken
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ CalendarTrigger
- StartBoundary : 2025-09-16T01:05:36+05:30
- EndBoundary : 2035-09-16T01:05:36+05:30
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : C:\Windows\system32\msfeedssync.exe
- Arguments : sync

+ Task
+ RegistrationInfo
- Author : MUMPORTAL001\Lkpadmin
- Description : Updates out-of-date system feeds.
- URI : \User_Feed_Synchronization-{2CB63057-E3E0-4049-80B8-654A0EDEBAFE}
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-1000
- LogonType : InteractiveToken
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ CalendarTrigger
- StartBoundary : 2025-07-07T02:45:19+05:30
- EndBoundary : 2035-07-07T02:45:19+05:30
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : C:\Windows\system32\msfeedssync.exe
- Arguments : sync

+ Task
+ RegistrationInfo
- Author : MUMPORTAL001\mssqlserver_user$
- Description : Updates out-of-date system feeds.
- URI : \User_Feed_Synchronization-{83ABF89E-B83F-4549-9E7B-635E6653B6D4}
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-1020
- LogonType : InteractiveToken
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ CalendarTrigger
- StartBoundary : 2025-07-29T23:00:14+05:30
- EndBoundary : 2035-07-29T23:00:14+05:30
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : C:\Windows\system32\msfeedssync.exe
- Arguments : sync

+ Task
+ RegistrationInfo
- Author : MUMPORTAL001\Production
- Description : Updates out-of-date system feeds.
- URI : \User_Feed_Synchronization-{E82338AC-E7E7-442A-910A-22A939190DE7}
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : InteractiveToken
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ CalendarTrigger
- StartBoundary : 2026-01-10T05:56:01+05:30
- EndBoundary : 2036-01-10T05:56:01+05:30
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : C:\Windows\system32\msfeedssync.exe
- Arguments : sync

+ Task
+ RegistrationInfo
- Date : 2025-11-18T18:42:42.0664096
- Author : MUMPORTAL001\Production
- Description : Copy Client master and DP Client Master for Reporting
- URI : \Zentech Client File
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : Password
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- MultipleInstancesPolicy : Parallel
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2025-11-18T06:00:00
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : D:\ftp_script_client.bat
- Arguments : D:\
- WorkingDirectory : D:\

+ Task
+ RegistrationInfo
- Date : 2021-03-12T18:48:29.7685743
- Author : MUMPORTAL001\Production
- Description : Insurence Scheduler
- URI : \insurence scheduler\Insurence Scheduler
+ Principals
+ Principal
- UserId : S-1-5-21-3087833412-113499397-355877213-500
- LogonType : InteractiveToken
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ CalendarTrigger
- StartBoundary : 2021-03-13T07:30:00
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : "D:\MFBackOffice\insurence scheduler\LKP_Insurance_Scheduler.exe"

+ Task
+ RegistrationInfo
- Date : 2010-09-30T14:53:37.9516706
- SecurityDescriptor : D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)(A;;FRFX;;;LS)
- URI : \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT2H
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P2D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {84F0FAE1-C27B-4F6F-807B-28CF6F96287D}
- Data : /RuntimeWide

+ Task
+ RegistrationInfo
- Date : 2010-09-30T14:53:37.9516706
- SecurityDescriptor : D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)(A;;FRFX;;;LS)
- URI : \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT2H
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P2D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {429BC048-379E-45E0-80E4-EB1977941B5C}
- Data : /RuntimeWide

+ Task
+ RegistrationInfo
- Date : 2010-09-30T14:53:37.9516706
- SecurityDescriptor : D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)(A;;FRFX;;;LS)
- URI : \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT2H
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- WakeToRun : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P2D
+ Triggers
+ IdleTrigger
+ Actions
+ ComHandler
- ClassId : {613FBA38-A3DF-4AB8-9674-5604984A299A}
- Data : /RuntimeWide

+ Task
+ RegistrationInfo
- Date : 2010-09-30T14:53:37.9516706
- SecurityDescriptor : D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)(A;;FRFX;;;LS)
- URI : \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT2H
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- WakeToRun : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P2D
+ Triggers
+ IdleTrigger
+ Actions
+ ComHandler
- ClassId : {DE434264-8FE9-4C0B-A83B-89EBEEBFF78E}
- Data : /RuntimeWide

+ Task
+ RegistrationInfo
- Date : 2006-11-10T14:29:55.5851926
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)
- Author : $(@%systemRoot%\System32\msdrm.dll,-6001)
- Description : $(@%systemRoot%\System32\msdrm.dll,-6002)
- URI : \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
+ Principals
+ Principal
- GroupId : S-1-1-0
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : Parallel
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ CalendarTrigger
- StartBoundary : 2006-11-09T03:00:00
- RandomDelay : PT1H
+ ScheduleByDay
- DaysInterval : 1
+ LogonTrigger
- Delay : PT1H
+ Actions
+ ComHandler
- ClassId : {CF2CF428-325B-48D3-8CA8-7633E36E5A32}

+ Task
+ RegistrationInfo
- Date : 2006-11-10T14:29:55.5851926
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)
- Author : $(@%systemRoot%\System32\msdrm.dll,-6001)
- Description : $(@%systemRoot%\System32\msdrm.dll,-6003)
- URI : \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
+ Principals
+ Principal
- GroupId : S-1-1-0
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : Parallel
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
- Enabled : false
- Delay : PT1H
+ Actions
+ ComHandler
- ClassId : {BF5CB148-7C77-4D8A-A53E-D81C70CF743C}

+ Task
+ RegistrationInfo
- Date : 2015-02-09T10:54:13.9629482
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;S-1-5-87-2978287140-3787137133-1749738600-1988163579-2060695581)
- Source : $(@%SystemRoot%\system32\ApplockerCsp.dll,-101)
- Author : $(@%SystemRoot%\system32\ApplockerCsp.dll,-100)
- Description : $(@%SystemRoot%\system32\ApplockerCsp.dll,-102)
- URI : \Microsoft\Windows\AppID\EDP Policy Manager
+ Principals
+ Principal
- UserId : S-1-5-19
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7588BCA328009213
+ WnfStateChangeTrigger
- StateName : 75E0BCA328009213
+ Actions
+ ComHandler
- ClassId : {DECA92E0-AF85-439E-9204-86679978DA08}
- Data : EdpPolicyManager

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)
- Source : $(@%systemroot%\system32\appidsvc.dll,-300)
- Author : $(@%systemroot%\system32\appidsvc.dll,-301)
- Description : $(@%systemroot%\system32\appidsvc.dll,-302)
- URI : \Microsoft\Windows\AppID\PolicyConverter
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- MultipleInstancesPolicy : Queue
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ Exec
- Command : %windir%\system32\appidpolicyconverter.exe

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FRFX;;;AU)
- Source : $(@%systemroot%\system32\apprepsync.dll,-701)
- Author : $(@%systemroot%\system32\apprepsync.dll,-700)
- Description : $(@%systemroot%\system32\apprepsync.dll,-702)
- URI : \Microsoft\Windows\AppID\SmartScreenSpecific
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : Parallel
- RunOnlyIfNetworkAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- WaitTimeout : PT1H
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P7D
- Deadline : P1M
+ Triggers
+ LogonTrigger
- Delay : PT30M
+ Actions
+ ComHandler
- ClassId : {9F2B0085-9218-42A1-88B0-9F0E65851666}
- Data : U

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)
- Source : $(@%systemroot%\system32\appidsvc.dll,-200)
- Author : $(@%systemroot%\system32\appidsvc.dll,-201)
- Description : $(@%systemroot%\system32\appidsvc.dll,-202)
- URI : \Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
+ Principals
+ Principal
- UserId : S-1-5-19
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- MultipleInstancesPolicy : Queue
- Priority : 10
- StartWhenAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- Duration : PT3M
- WaitTimeout : PT23H
- StopOnIdleEnd : true
- RestartOnIdle : true
- UseUnifiedSchedulingEngine : true
+ Triggers
+ BootTrigger
- Delay : PT30M
+ Repetition
- Interval : P1D
+ Actions
+ Exec
- Command : %windir%\system32\appidcertstorecheck.exe

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FRFX;;;LS)
- Source : $(@%SystemRoot%\system32\appraiser.dll,-500)
- Author : $(@%SystemRoot%\system32\appraiser.dll,-501)
- Description : $(@%SystemRoot%\system32\appraiser.dll,-502)
- URI : \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : P4D
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2008-09-01T03:00:00
+ Repetition
- Interval : P1D
- RandomDelay : PT2H
+ WnfStateChangeTrigger
- StateName : 750CBCA3290B9641
- Data : 01
+ WnfStateChangeTrigger
- Enabled : false
- StateName : 7510BCA323028B41
- Data : 01
+ Actions
+ Exec
- Command : %windir%\system32\compattelrunner.exe

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FRFX;;;LS)
- Source : $(@%SystemRoot%\system32\invagent.dll,-701)
- Author : $(@%SystemRoot%\system32\invagent.dll,-701)
- Description : $(@%SystemRoot%\system32\invagent.dll,-702)
- URI : \Microsoft\Windows\Application Experience\ProgramDataUpdater
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
- Priority : 4
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P1DT12H
+ Triggers
+ Actions
+ Exec
- Command : %windir%\system32\compattelrunner.exe
- Arguments : -maintenance

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;OICI;FA;;;BA)(A;OICI;FA;;;LA)(A;OICI;FA;;;SY)(A;OICI;FRFX;;;AU)(A;;FRFX;;;LS)
- Source : $(@%SystemRoot%\system32\Startupscan.dll,-701)
- Author : $(@%SystemRoot%\system32\Startupscan.dll,-701)
- Description : $(@%SystemRoot%\system32\Startupscan.dll,-702)
- URI : \Microsoft\Windows\Application Experience\StartupAppTask
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : Parallel
- Priority : 4
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P2D
- Deadline : P3D
+ Triggers
+ Actions
+ Exec
- Command : %windir%\system32\rundll32.exe
- Arguments : Startupscan.dll,SusRunTask

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;SY)(A;;FRFX;;;BA)(A;;FRFX;;;AU)(A;;FRFX;;;IU)
- Source : $(@%systemroot%\system32\AppHostRegistrationVerifier.exe,-10005)
- Author : $(@%systemroot%\system32\AppHostRegistrationVerifier.exe,-10004)
- Description : $(@%systemroot%\system32\AppHostRegistrationVerifier.exe,-10002)
- URI : \Microsoft\Windows\ApplicationData\appuriverifierdaily
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT15M
- MultipleInstancesPolicy : IgnoreNew
- RunOnlyIfNetworkAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ CalendarTrigger
- StartBoundary : 2016-04-11T03:00:00
- ExecutionTimeLimit : PT5M
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : %windir%\system32\AppHostRegistrationVerifier.exe

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;SY)(A;;FRFX;;;BA)(A;;FRFX;;;AU)(A;;FRFX;;;IU)
- Source : $(@%systemroot%\system32\AppHostRegistrationVerifier.exe,-10005)
- Author : $(@%systemroot%\system32\AppHostRegistrationVerifier.exe,-10004)
- Description : $(@%systemroot%\system32\AppHostRegistrationVerifier.exe,-10002)
- URI : \Microsoft\Windows\ApplicationData\appuriverifierinstall
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT15M
- MultipleInstancesPolicy : IgnoreNew
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ CalendarTrigger
- StartBoundary : 2016-04-11T03:00:00
- ExecutionTimeLimit : PT5M
+ ScheduleByWeek
- WeeksInterval : 1
+ DaysOfWeek
+ Saturday
+ WnfStateChangeTrigger
- Delay : PT3M
- StateName : 7508BCA32C7C8741
+ Actions
+ Exec
- Command : %windir%\system32\AppHostRegistrationVerifier.exe

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FRFX;;;BA)(A;;FA;;;SY)
- Source : $(@%systemroot%\system32\Windows.Storage.ApplicationData.dll,-5001)
- Author : $(@%systemroot%\system32\Windows.Storage.ApplicationData.dll,-5002)
- Description : $(@%systemroot%\system32\Windows.Storage.ApplicationData.dll,-5003)
- URI : \Microsoft\Windows\ApplicationData\CleanupTemporaryState
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P7D
- Deadline : P1M
+ Triggers
+ Actions
+ Exec
- Command : %windir%\system32\rundll32.exe
- Arguments : Windows.Storage.ApplicationData.dll,CleanupTemporaryState

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FRFX;;;BA)(A;;FA;;;SY)
- Source : $(@%systemroot%\system32\dssvc.dll,-10005)
- Author : $(@%systemroot%\system32\dssvc.dll,-10004)
- Description : $(@%systemroot%\system32\dssvc.dll,-10006)
- URI : \Microsoft\Windows\ApplicationData\DsSvcCleanup
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P1M
+ Triggers
+ Actions
+ Exec
- Command : %windir%\system32\dstokenclean.exe

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;GA;;;SY)(A;;FRFX;;;LS)(A;;FA;;;BA)
- URI : \Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- RunOnlyIfIdle : true
+ IdleSettings
- Duration : PT15M
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P7D
+ Triggers
+ LogonTrigger
- Delay : PT1H
+ Actions
+ Exec
- Command : %windir%\system32\rundll32.exe
- Arguments : %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask

+ Task
+ RegistrationInfo
- Source : $(@%systemroot%\system32\acproxy.dll,-100)
- Author : $(@%systemroot%\system32\acproxy.dll,-101)
- Description : $(@%systemroot%\system32\acproxy.dll,-102)
- URI : \Microsoft\Windows\Autochk\Proxy
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : P365D
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ BootTrigger
- Delay : PT30M
+ Actions
+ Exec
- Command : %windir%\system32\rundll32.exe
- Arguments : /d acproxy.dll,PerformAutochkOperations

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)
- Author : $(@%SystemRoot%\system32\BthUdTask.exe,-1002)
- Description : $(@%SystemRoot%\system32\BthUdTask.exe,-1001)
- URI : \Microsoft\Windows\Bluetooth\UninstallDeviceTask
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : Parallel
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ Exec
- Command : BthUdTask.exe
- Arguments : $(Arg0)

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FRFX;;;NS)
- Source : $(@%SystemRoot%\system32\ngctasks.dll,-101)
- Author : $(@%SystemRoot%\system32\ngctasks.dll,-100)
- Description : $(@%SystemRoot%\system32\ngctasks.dll,-103)
- URI : \Microsoft\Windows\CertificateServicesClient\AikCertEnrollTask
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : Queue
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7510BCA323098541
+ Actions
+ ComHandler
- ClassId : {47E30D54-DAC1-473A-AFF7-2355BF78881F}
- Data : AIKCertEnroll

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FRFX;;;NS)
- Source : $(@%SystemRoot%\system32\ngctasks.dll,-101)
- Author : $(@%SystemRoot%\system32\ngctasks.dll,-100)
- Description : $(@%SystemRoot%\system32\ngctasks.dll,-104)
- URI : \Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : Queue
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7530BCA323098541
+ Actions
+ ComHandler
- ClassId : {47E30D54-DAC1-473A-AFF7-2355BF78881F}
- Data : CryptoPolicy

+ Task
+ RegistrationInfo
- URI : \Microsoft\Windows\CertificateServicesClient\IIS-AutoCertRebind
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : Queue
+ RestartOnFailure
- Count : 3
- Interval : PT10M
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ EventTrigger
- Subscription : <QueryList><Query Id='0'><Select Path='Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational'>*[System[EventID=1001]]</Select></Query></QueryList>
- ValueQueries
- Value : Event/UserData/CertNotificationData/NewCertificateDetails/@Thumbprint : Event/UserData/CertNotificationData/OldCertificateDetails/@Thumbprint
+ Actions
+ Exec
- Command : %SystemRoot%\System32\inetsrv\appcmd.exe
- Arguments : renew binding /oldcert:$(OldCertHash) /newcert:$(NewCertHash)

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FRFX;;;NS)
- Source : $(@%SystemRoot%\system32\ngctasks.dll,-101)
- Author : $(@%SystemRoot%\system32\ngctasks.dll,-100)
- Description : $(@%SystemRoot%\system32\ngctasks.dll,-102)
- URI : \Microsoft\Windows\CertificateServicesClient\KeyPreGenTask
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : Queue
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7508BCA323098541
+ WnfStateChangeTrigger
- Delay : PT10M
- StateName : 7520BCA323098541
+ WnfStateChangeTrigger
- StateName : 75C0BCA33E06830D
+ LogonTrigger
- Enabled : false
+ SessionStateChangeTrigger
- Enabled : false
- StateChange : ConsoleConnect
+ Actions
+ ComHandler
- ClassId : {47E30D54-DAC1-473A-AFF7-2355BF78881F}
- Data : NGCKeyPregen

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)
- Source : $(@%SystemRoot%\system32\dimsjob.dll,-100)
- Author : $(@%SystemRoot%\system32\dimsjob.dll,-101)
- Description : $(@%SystemRoot%\system32\dimsjob.dll,-102)
- URI : \Microsoft\Windows\CertificateServicesClient\SystemTask
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : Parallel
+ RestartOnFailure
- Count : 5
- Interval : PT1M
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7508BCA32A1E890D
+ RegistrationTrigger
+ BootTrigger
- Delay : PT10S
+ Repetition
- Interval : PT8H
+ Actions
+ ComHandler
- ClassId : {58FB76B9-AC85-4E55-AC04-427593B1D060}
- Data : SYSTEM

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)
- Source : $(@%SystemRoot%\system32\dimsjob.dll,-100)
- Author : $(@%SystemRoot%\system32\dimsjob.dll,-101)
- Description : $(@%SystemRoot%\system32\dimsjob.dll,-102)
- URI : \Microsoft\Windows\CertificateServicesClient\UserTask
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : Parallel
+ RestartOnFailure
- Count : 5
- Interval : PT1M
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : F510BCA32A1E890D
+ RegistrationTrigger
+ LogonTrigger
+ Repetition
- Interval : PT8H
+ Actions
+ ComHandler
- ClassId : {58FB76B9-AC85-4E55-AC04-427593B1D060}
- Data : USER

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFW;;;IU)
- Source : $(@%SystemRoot%\system32\dimsjob.dll,-100)
- Author : $(@%SystemRoot%\system32\dimsjob.dll,-101)
- Description : $(@%SystemRoot%\system32\dimsjob.dll,-102)
- URI : \Microsoft\Windows\CertificateServicesClient\UserTask-Roam
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : Parallel
+ RestartOnFailure
- Count : 5
- Interval : PT1M
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ SessionStateChangeTrigger
- StateChange : SessionLock
+ SessionStateChangeTrigger
- StateChange : SessionUnlock
+ Actions
+ ComHandler
- ClassId : {58FB76B9-AC85-4E55-AC04-427593B1D060}
- Data : KEYROAMING

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:AI(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FR;;;AU)
- Source : $(@%systemroot%\system32\pstask.dll,-100)
- Author : $(@%systemroot%\system32\pstask.dll,-101)
- Description : $(@%systemroot%\system32\pstask.dll,-102)
- URI : \Microsoft\Windows\Chkdsk\ProactiveScan
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P7D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {CF4270F5-2E43-4468-83B3-A8C45BB33EA1}

+ Task
+ RegistrationInfo
- Date : 2014-01-01T00:00:00
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;GRGX;;;SU)(A;;FA;;;S-1-5-80-65843127-2189646064-2697706863-2125155322-3141006483)(A;;FR;;;S-1-5-87-1452649159-2109950929-2856838567-3638795029-1283063528)
- Source : $(@%SystemRoot%\system32\ClipUp.exe,-102)
- Author : $(@%SystemRoot%\system32\ClipUp.exe,-100)
- Description : $(@%SystemRoot%\system32\ClipUp.exe,-101)
- URI : \Microsoft\Windows\Clip\License Validation
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ BootTrigger
- Enabled : false
+ Actions
+ Exec
- Command : %SystemRoot%\system32\ClipUp.exe
- Arguments : -p -s -o

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;FA;;;SY)(A;;FRFX;;;IU)
- URI : \Microsoft\Windows\CloudExperienceHost\CreateObjectTask
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT30S
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ ComHandler
- ClassId : {E4544ABA-62BF-4C54-AAB2-EC246342626C}

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)
- Source : $(@%systemRoot%\system32\wsqmcons.exe,-106)
- Author : $(@%systemRoot%\system32\wsqmcons.exe,-108)
- Description : $(@%systemRoot%\system32\wsqmcons.exe,-107)
- URI : \Microsoft\Windows\Customer Experience Improvement Program\Consolidator
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2004-01-02T00:00:00
+ Repetition
- Interval : PT6H
+ Actions
+ Exec
- Command : %SystemRoot%\System32\wsqmcons.exe

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SDFRFX;;;LS)
- Source : $(@%SystemRoot%\system32\kernelceip.dll,-601)
- Author : $(@%SystemRoot%\system32\kernelceip.dll,-600)
- Description : $(@%SystemRoot%\system32\kernelceip.dll,-602)
- URI : \Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask
+ Principals
+ Principal
- UserId : S-1-5-19
+ RequiredPrivileges
- Privilege : SeChangeNotifyPrivilege
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : false
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
+ RestartOnFailure
- Count : 1
- Interval : PT45M
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P7D
- Deadline : P14D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {E7ED314F-2816-4C26-AEB5-54A34D02404C}

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;S-1-5-87-1060603329-121822201-3452730971-4292368946-61207722)(A;;FRFX;;;LS)
- Source : $(@%SystemRoot%\system32\usbceip.dll,-601)
- Author : $(@%SystemRoot%\system32\usbceip.dll,-600)
- Description : $(@%SystemRoot%\system32\usbceip.dll,-602)
- URI : \Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P7D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {C27F6B1D-FE0B-45E4-9257-38799FA69BC8}
- Data : SYSTEM

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:AI(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FR;;;AU)
- Source : $(@%systemroot%\system32\discan.dll,-601)
- Author : $(@%systemroot%\system32\discan.dll,-600)
- Description : $(@%systemroot%\system32\discan.dll,-602)
- URI : \Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ CalendarTrigger
- StartBoundary : 2011-01-01T23:00:00
- RandomDelay : P7D
+ ScheduleByWeek
- WeeksInterval : 4
+ DaysOfWeek
+ Saturday
+ BootTrigger
- Enabled : false
- Delay : PT1H
+ Actions
+ ComHandler
- ClassId : {DCFD3EA8-D960-4719-8206-490AE315F94F}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:AI(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FR;;;AU)
- Source : $(@%systemroot%\system32\discan.dll,-601)
- Author : $(@%systemroot%\system32\discan.dll,-600)
- Description : $(@%systemroot%\system32\discan.dll,-603)
- URI : \Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- Priority : 5
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- Delay : PT5M
- StateName : 7508BCA32907950A
+ Actions
+ ComHandler
- ClassId : {DCFD3EA8-D960-4719-8206-490AE315F94F}
- Data : -CrashRecovery

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:AI(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FR;;;AU)
- Source : $(@%systemroot%\system32\defragsvc.dll,-800)
- Author : $(@%systemroot%\system32\defragsvc.dll,-801)
- Description : $(@%systemroot%\system32\defragsvc.dll,-802)
- URI : \Microsoft\Windows\Defrag\ScheduledDefrag
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P7D
- Deadline : P1M
+ Triggers
+ Actions
+ Exec
- Command : %windir%\system32\defrag.exe
- Arguments : -c -h -k -g -$

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FRFX;;;LS)
- URI : \Microsoft\Windows\Device Information\Device
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : P4D
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2008-09-01T03:00:00
+ Repetition
- Interval : P1D
- RandomDelay : PT2H
+ WnfStateChangeTrigger
- Enabled : false
- StateName : 750CBCA3290B9641
- Data : 01
+ Actions
+ Exec
- Command : %windir%\system32\devicecensus.exe

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FRFX;;;BA)(A;;FA;;;SY)
- Source : $(@%SystemRoot%\System32\DeviceSetupManager.dll,-601)
- Author : $(@%SystemRoot%\System32\DeviceSetupManager.dll,-600)
- Description : $(@%SystemRoot%\System32\DeviceSetupManager.dll,-602)
- URI : \Microsoft\Windows\Device Setup\Metadata Refresh
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Hidden : true
- MultipleInstancesPolicy : Parallel
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P10D
- Deadline : P14D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {23C1F3CF-C110-4512-ACA9-7B6174ECE888}

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)(A;;FRFX;;;LS)
- Source : $(@%systemroot%\system32\sdiagschd.dll,-102)
- Author : $(@%systemroot%\system32\sdiagschd.dll,-101)
- Description : $(@%systemroot%\system32\sdiagschd.dll,-103)
- URI : \Microsoft\Windows\Diagnosis\Scheduled
+ Principals
+ Principal
- GroupId : S-1-5-4
- RunLevel : HighestAvailable
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P7D
- Deadline : P1M
+ Triggers
+ Actions
+ ComHandler
- ClassId : {C1F85EF8-BCC2-4606-BB39-70C523715EB3}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:AI(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)
- Source : $(@%systemroot%\system32\cleanmgr.exe,-1300)
- Author : $(@%systemroot%\system32\cleanmgr.exe,-1300)
- Description : $(@%systemroot%\system32\cleanmgr.exe,-1301)
- URI : \Microsoft\Windows\DiskCleanup\SilentCleanup
+ Principals
+ Principal
- GroupId : S-1-5-32-545
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : true
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P1M
+ Triggers
+ Actions
+ Exec
- Command : %windir%\system32\cleanmgr.exe
- Arguments : /autoclean /d %systemdrive%

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FRFX;;;LS)
- Source : $(@%SystemRoot%\System32\DFDTS.dll,-100)
- Author : $(@%SystemRoot%\System32\DFDTS.dll,-101)
- Description : $(@%SystemRoot%\System32\DFDTS.dll,-119)
- URI : \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : false
- Enabled : false
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P14D
- Deadline : P1M
+ Triggers
+ Actions
+ Exec
- Command : %windir%\system32\rundll32.exe
- Arguments : dfdts.dll,DfdGetDefaultPolicyAndSMART

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FR;;;BU)
- Source : $(@%SystemRoot%\System32\DFDTS.dll,-100)
- Author : $(@%SystemRoot%\System32\DFDTS.dll,-101)
- Description : $(@%SystemRoot%\System32\DFDTS.dll,-118)
- URI : \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
+ Principals
+ Principal
- GroupId : S-1-5-32-545
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- Hidden : true
- MultipleInstancesPolicy : Parallel
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
+ Actions
+ Exec
- Command : %windir%\system32\DFDWiz.exe

+ Task
+ RegistrationInfo
- URI : \Microsoft\Windows\DiskFootprint\Diagnostics
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : IgnoreNew
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P7D
+ Triggers
+ Actions
+ Exec
- Command : %windir%\system32\disksnapshot.exe
- Arguments : -z

+ Task
+ RegistrationInfo
- URI : \Microsoft\Windows\DiskFootprint\StorageSense
+ Principals
+ Principal
- GroupId : S-1-5-32-545
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : IgnoreNew
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P7D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {AB2A519B-03B0-43CE-940A-A73DF850B49A}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FRFX;;;AU)(A;;FA;;;SY)
- URI : \Microsoft\Windows\EDP\EDP App Launch Task
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 3508BCA3280A9641
+ Actions
+ ComHandler
- ClassId : {35EF4182-F900-4632-B072-8639E4478A61}
- Data : AppLaunch

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FRFX;;;AU)(A;;FA;;;SY)
- URI : \Microsoft\Windows\EDP\EDP Auth Task
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 3538BCA3280A9641
+ Actions
+ ComHandler
- ClassId : {35EF4182-F900-4632-B072-8639E4478A61}
- Data : ReAuth

+ Task
+ RegistrationInfo
- Author : $(@%SystemRoot%\system32\ErrorDetailsUpdate.dll,-600)
- Description : $(@%SystemRoot%\system32\ErrorDetailsUpdate.dll,-601)
- URI : \Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- AllowHardTerminate : false
- AllowStartOnDemand : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT1M
- MultipleInstancesPolicy : IgnoreNew
- Priority : 6
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7508BCA33E1B9611
+ Actions
+ ComHandler
- ClassId : {FE285C8C-5360-41C1-A700-045501C740DE}

+ Task
+ RegistrationInfo
- Author : $(@%systemroot%\system32\ErrorDetailsUpdate.dll,-600)
- Description : $(@%SystemRoot%\system32\ErrorDetailsUpdate.dll,-601)
- URI : \Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate
+ Principals
+ Principal
- UserId : S-1-5-20
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- ExecutionTimeLimit : PT5M
- MultipleInstancesPolicy : IgnoreNew
+ RestartOnFailure
- Count : 3
- Interval : PT2H
- RunOnlyIfNetworkAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P14D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {9CDA66BE-3271-4723-8D35-DD834C58AD92}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;IU)
- Source : $(@%systemRoot%\System32\LanguageComponentsInstaller.Dll,-601)
- Author : $(@%systemRoot%\System32\LanguageComponentsInstaller.Dll,-600)
- Description : $(@%systemRoot%\System32\LanguageComponentsInstaller.Dll,-602)
- URI : \Microsoft\Windows\LanguageComponentsInstaller\Installation
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : Queue
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
- Delay : PT15M
+ Repetition
- Interval : P1D
+ IdleTrigger
+ Repetition
- Interval : P1D
+ Actions
+ ComHandler
- ClassId : {6F58F65F-EC0E-4ACA-99FE-FC5A1A25E4BE}
- Data : Install $(Arg0)

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)
- Source : $(@%systemRoot%\System32\LanguageComponentsInstaller.Dll,-601)
- Author : $(@%systemRoot%\System32\LanguageComponentsInstaller.Dll,-600)
- Description : $(@%systemRoot%\System32\LanguageComponentsInstaller.Dll,-603)
- URI : \Microsoft\Windows\LanguageComponentsInstaller\Uninstallation
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : Queue
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P7D
- Deadline : P14D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {6F58F65F-EC0E-4ACA-99FE-FC5A1A25E4BE}
- Data : Uninstall

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;GRGX;;;SU)
- Source : $(@%SystemRoot%\system32\TempSignedLicenseExchangeTask.dll,-601)
- Author : $(@%SystemRoot%\system32\TempSignedLicenseExchangeTask.dll,-600)
- Description : $(@%SystemRoot%\system32\TempSignedLicenseExchangeTask.dll,-602)
- URI : \Microsoft\Windows\License Manager\TempSignedLicenseExchange
+ Principals
+ Principal
- GroupId : S-1-5-4
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P7D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {77646A68-AD14-4D53-897D-7BE4DDE5F929}

+ Task
+ RegistrationInfo
- Version : 1.3
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)
- Description : $(@%systemRoot%\system32\LocationNotificationWindows.exe,-102)
- URI : \Microsoft\Windows\Location\Notifications
+ Principals
+ Principal
- GroupId : S-1-5-11
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : Parallel
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7508BCA321089541
- Data : 01
+ Actions
+ Exec
- Command : %windir%\System32\LocationNotificationWindows.exe

+ Task
+ RegistrationInfo
- Version : 1.3
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)
- Description : $(@%systemRoot%\System32\WindowsActionDialog.exe,-102)
- URI : \Microsoft\Windows\Location\WindowsActionDialog
+ Principals
+ Principal
- GroupId : S-1-5-11
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : Parallel
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7548BCA321089541
+ Actions
+ Exec
- Command : %windir%\System32\WindowsActionDialog.exe

+ Task
+ RegistrationInfo
- Date : 2008-02-25T19:15:00
- SecurityDescriptor : D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FRFX;;;LS)
- Source : $(@%systemroot%\system32\winsatapi.dll,-113)
- Author : $(@%systemroot%\system32\winsatapi.dll,-112)
- Description : $(@%systemroot%\system32\winsatapi.dll,-114)
- URI : \Microsoft\Windows\Maintenance\WinSAT
+ Principals
+ Principal
- GroupId : S-1-5-32-544
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT30M
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P7D
- Deadline : P1M
- Exclusive : true
+ Triggers
+ Actions
+ ComHandler
- ClassId : {A9A33436-678B-4C9C-A211-7CC38785E79D}

+ Task
+ RegistrationInfo
- Date : 2014-11-05T00:00:00
- SecurityDescriptor : D:(A;;0x111FFFFF;;;SY)(A;;0x111FFFFF;;;BA)(A;;0x111FFFFF;;;S-1-5-80-3028837079-3186095147-955107200-3701964851-1150726376)(A;;FRFX;;;AU)
- Author : $(@%SystemRoot%\system32\mapstoasttask.dll,-600)
- Description : $(@%SystemRoot%\system32\mapstoasttask.dll,-602)
- URI : \Microsoft\Windows\Maps\MapsToastTask
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT5S
- Hidden : true
- MultipleInstancesPolicy : Queue
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ ComHandler
- ClassId : {9885AEF2-BD9F-41E0-B15E-B3141395E803}
- Data : $(Arg0);$(Arg1);$(Arg2);$(Arg3)

+ Task
+ RegistrationInfo
- Date : 2014-11-05T00:00:00
- SecurityDescriptor : D:(A;;0x111FFFFF;;;SY)(A;;0x111FFFFF;;;BA)(A;;0x111FFFFF;;;S-1-5-80-3028837079-3186095147-955107200-3701964851-1150726376)(A;;FRFX;;;NS)(A;;FRFX;;;AU)
- Author : $(@%SystemRoot%\system32\mapsupdatetask.dll,-600)
- Description : $(@%SystemRoot%\system32\mapsupdatetask.dll,-602)
- URI : \Microsoft\Windows\Maps\MapsUpdateTask
+ Principals
+ Principal
- UserId : S-1-5-20
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- ExecutionTimeLimit : PT40S
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2014-10-21T00:00:00
+ Repetition
- Interval : P1D
- RandomDelay : PT2H
+ Actions
+ ComHandler
- ClassId : {B9033E87-33CF-4D77-BC9B-895AFBBA72E4}

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;AU)
- Source : $(@%SystemRoot%\system32\MemoryDiagnostic.dll,-601)
- Author : $(@%SystemRoot%\system32\MemoryDiagnostic.dll,-600)
- Description : $(@%SystemRoot%\system32\MemoryDiagnostic.dll,-603)
- URI : \Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
+ Principals
+ Principal
- GroupId : S-1-5-32-544
- RunLevel : HighestAvailable
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- ExecutionTimeLimit : PT2H
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : true
- UseUnifiedSchedulingEngine : true
+ Triggers
+ EventTrigger
- Subscription : <QueryList><Query Id="0" Path="System"><Select Path="System">*[System[Provider[@Name='Microsoft-Windows-WER-SystemErrorReporting'] and (EventID=1000 or EventID=1001 or EventID=1006)]]</Select></Query></QueryList>
+ EventTrigger
- Subscription : <QueryList><Query Id="0" Path="Application"><Select Path="Application">*[System[Provider[@Name='Application Error'] and EventID=1000]]</Select></Query></QueryList>
+ EventTrigger
- Subscription : <QueryList><Query Id="0" Path="System"><Select Path="System">*[System[Provider[@Name='Application Popup'] and EventID=1801]]</Select></Query></QueryList>
+ EventTrigger
- Subscription : <QueryList><Query Id="0" Path="Microsoft-Windows-Kernel-StoreMgr/Operational"><Select Path="Microsoft-Windows-Kernel-StoreMgr/Operational">*[System[Provider[@Name='Microsoft-Windows-Kernel-StoreMgr'] and EventID=6]]</Select></Query></QueryList>
+ Actions
+ ComHandler
- ClassId : {8168E74A-B39F-46D8-ADCD-7BED477B80A3}
- Data : Event

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;AU)(A;;FRFX;;;LS)
- Source : $(@%SystemRoot%\system32\MemoryDiagnostic.dll,-601)
- Author : $(@%SystemRoot%\system32\MemoryDiagnostic.dll,-600)
- Description : $(@%SystemRoot%\system32\MemoryDiagnostic.dll,-602)
- URI : \Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
+ Principals
+ Principal
- GroupId : S-1-5-32-544
- RunLevel : HighestAvailable
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- ExecutionTimeLimit : PT2H
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : true
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P7D
- Deadline : P2M
+ Triggers
+ Actions
+ ComHandler
- ClassId : {8168E74A-B39F-46D8-ADCD-7BED477B80A3}
- Data : Time

+ Task
+ RegistrationInfo
- Version : 1.3
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)
- Source : $(@%SystemRoot%\system32\MbaeParserTask.exe,-1901)
- Author : $(@%SystemRoot%\system32\MbaeParserTask.exe,-1902)
- Description : $(@%SystemRoot%\system32\MbaeParserTask.exe,-1903)
- URI : \Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT3M
- MultipleInstancesPolicy : Queue
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ EventTrigger
- Subscription : <QueryList>
<Query Id='1'>
<Select Path='Microsoft-Windows-DeviceSetupManager/Operational'>*[System/EventID=302] and *[EventData/Data[@Name='Prop_ServiceInfoNamespace']='http://schemas.microsoft.com/windows/2010/12/DeviceMetadata/MobileBroadBandInfo']</Select>
</Query>
</QueryList>
+ Actions
+ Exec
- Command : %SystemRoot%\System32\MbaeParserTask.exe

+ Task
+ RegistrationInfo
- Source : $(@%systemRoot%\System32\lpremove.exe,-100)
- Author : $(@%systemRoot%\System32\lpremove.exe,-100)
- Description : $(@%systemRoot%\System32\lpremove.exe,-101)
- URI : \Microsoft\Windows\MUI\LPRemove
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT9H
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P3D
- Deadline : P4D
- Exclusive : true
+ Triggers
+ Actions
+ Exec
- Command : %windir%\system32\lpremove.exe

+ Task
+ RegistrationInfo
- Date : 2005-06-23T13:48:00-08:00
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;AU)
- Source : $(@%systemRoot%\System32\PlaySndSrv.Dll,-106)
- Description : $(@%systemRoot%\System32\PlaySndSrv.Dll,-105)
- URI : \Microsoft\Windows\Multimedia\SystemSoundsService
+ Principals
+ Principal
- GroupId : S-1-5-32-545
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : Parallel
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
+ Actions
+ ComHandler
- ClassId : {2DEA658F-54C1-4227-AF9B-260AB5FC3543}

+ Task
+ RegistrationInfo
- Source : $(@%SystemRoot%\system32\nettrace.dll,-6910)
- Author : $(@%SystemRoot%\system32\nettrace.dll,-6911)
- Description : $(@%SystemRoot%\system32\nettrace.dll,-6912)
- URI : \Microsoft\Windows\NetTrace\GatherNetworkInfo
+ Principals
+ Principal
- GroupId : S-1-5-32-545
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : Parallel
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ Exec
- Command : %windir%\system32\gatherNetworkInfo.vbs
- WorkingDirectory : $(Arg1)

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)
- Source : $(@%SystemRoot%\system32\wbem\SDNDiagnosticsProvider.dll,-500)
- Author : $(@%SystemRoot%\system32\wbem\SDNDiagnosticsProvider.dll,-500)
- Description : $(@%SystemRoot%\system32\wbem\SDNDiagnosticsProvider.dll,-501)
- URI : \Microsoft\Windows\Network Controller\SDN Diagnostics Task
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- Enabled : false
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2015-08-21T00:00:00
+ Repetition
- Interval : PT30M
+ BootTrigger
+ Actions
+ ComHandler
- ClassId : {C8B67F54-D1CB-44BF-9103-A1AB9A9ED8AD}

+ Task
+ RegistrationInfo
- Version : 1.0
- Source : $(@%systemroot%\system32\cscui.dll,-5000)
- Author : $(@%systemroot%\system32\cscui.dll,-5001)
- Description : $(@%systemroot%\system32\cscui.dll,-5003)
- URI : \Microsoft\Windows\Offline Files\Background Synchronization
+ Principals
+ Principal
- GroupId : S-1-5-11
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : P1D
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2008-01-01T00:00:00
+ Repetition
- Interval : PT2H
- RandomDelay : PT20M
+ Actions
+ ComHandler
- ClassId : {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}

+ Task
+ RegistrationInfo
- Version : 1.0
- Source : $(@%systemroot%\system32\cscui.dll,-5000)
- Author : $(@%systemroot%\system32\cscui.dll,-5001)
- Description : $(@%systemroot%\system32\cscui.dll,-5002)
- URI : \Microsoft\Windows\Offline Files\Logon Synchronization
+ Principals
+ Principal
- GroupId : S-1-5-11
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- ExecutionTimeLimit : P1D
- MultipleInstancesPolicy : IgnoreNew
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
- Delay : PT4M
+ Actions
+ ComHandler
- ClassId : {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}
- Data : Logon

+ Task
+ RegistrationInfo
- Date : 2012-02-07T16:39:20
- SecurityDescriptor : O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)
- Source : $(@%SystemRoot%\system32\TpmTasks.dll,-601)
- Author : $(@%SystemRoot%\system32\TpmTasks.dll,-600)
- Description : $(@%SystemRoot%\system32\TpmTasks.dll,-604)
- URI : \Microsoft\Windows\PI\Secure-Boot-Update
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7508BCA33E0C9541
+ Actions
+ ComHandler
- ClassId : {5014B7C8-934E-4262-9816-887FA745A6C4}
- Data : SBServicing

+ Task
+ RegistrationInfo
- Date : 2011-07-22T00:00:00.8844064
- SecurityDescriptor : O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)
- Source : $(@%SystemRoot%\system32\TpmTasks.dll,-601)
- Author : $(@%SystemRoot%\system32\TpmTasks.dll,-600)
- Description : $(@%SystemRoot%\system32\TpmTasks.dll,-603)
- URI : \Microsoft\Windows\PI\Sqm-Tasks
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1M
+ Triggers
+ Actions
+ ComHandler
- ClassId : {5014B7C8-934E-4262-9816-887FA745A6C4}
- Data : PiSqmTasks

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;FA;;;SY)(A;;FA;;;BA)(A;;0x1301ff;;;S-1-5-80-2661322625-712705077-2999183737-3043590567-590698655)(A;;FRFX;;;LU)
- Source : $(@%systemroot%\system32\wbem\mgmtprovider.dll,-101)
- Author : $(@%systemroot%\system32\wbem\mgmtprovider.dll,-102)
- URI : \Microsoft\Windows\PLA\Server Manager Performance Monitor
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- Priority : 2
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Data
+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)
- Author : $(@%SystemRoot%\system32\pnppolicy.dll,-600)
- Description : $(@%SystemRoot%\system32\pnppolicy.dll,-602)
- URI : \Microsoft\Windows\Plug and Play\Device Install Group Policy
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : P1D
- Hidden : true
- MultipleInstancesPolicy : Queue
- Priority : 6
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7508BCA32A1E890D
+ Actions
+ ComHandler
- ClassId : {60400283-B242-4FA8-8C25-CAF695B88209}

+ Task
+ RegistrationInfo
- SecurityDescriptor : O:BAG:BAD:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;;FR;;;IU)
- Author : $(@%SystemRoot%\system32\pnpui.dll,-600)
- Description : $(@%SystemRoot%\system32\pnpui.dll,-602)
- URI : \Microsoft\Windows\Plug and Play\Device Install Reboot Required
+ Principals
+ Principal
- GroupId : S-1-5-4
- RunLevel : HighestAvailable
+ Settings
- AllowHardTerminate : false
- AllowStartOnDemand : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- Priority : 6
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7508BCA33D009602
+ Actions
+ ComHandler
- ClassId : {48794782-6A1F-47B9-BD52-1D5F95D49C1B}

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)
- Source : $(@%SystemRoot%\system32\pnpclean.dll,-201)
- Author : $(@%SystemRoot%\system32\pnpclean.dll,-201)
- Description : $(@%SystemRoot%\system32\pnpclean.dll,-202)
- URI : \Microsoft\Windows\Plug and Play\Plug and Play Cleanup
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1M
- Deadline : P2M
+ Triggers
+ Actions
+ ComHandler
- ClassId : {DEF03232-9688-11E2-BE7F-B4B52FD966FF}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)
- Author : $(@%SystemRoot%\System32\sppnp.dll,-2000)
- Description : $(@%SystemRoot%\System32\sppnp.dll,-2001)
- URI : \Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ Exec
- Command : %SystemRoot%\System32\drvinst.exe
- Arguments : 6

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)(A;;FRFX;;;LS)
- Source : $(@%systemRoot%\system32\energytask.dll,-601)
- Author : $(@%systemRoot%\system32\energytask.dll,-600)
- Description : $(@%systemRoot%\system32\energytask.dll,-602)
- URI : \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT5M
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P2D
- Exclusive : true
+ Triggers
+ Actions
+ ComHandler
- ClassId : {927EA2AF-1C54-43D5-825E-0074CE028EEE}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)
- Author : $(@%SystemRoot%\system32\rasmbmgr.dll,-201)
- Description : $(@%SystemRoot%\system32\rasmbmgr.dll,-202)
- URI : \Microsoft\Windows\Ras\MobilityManager
+ Principals
+ Principal
- UserId : S-1-5-19
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : Parallel
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ EventTrigger
- Subscription : <QueryList>







<Query







Id="0"







Path="Application"







>







<Select Path="Application">*[System[Provider[@Name='RasClient'] and (Level=4 or Level=0) and (EventID=20281)]]</Select>







</Query>







</QueryList>
+ Actions
+ ComHandler
- ClassId : {C463A0FC-794F-4FDF-9201-01938CEACAFA}

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;AU)(A;;FRFX;;;LS)
- Source : $(@%SystemRoot%\system32\ReAgentTask.dll,-602)
- Author : $(@%SystemRoot%\system32\ReAgentTask.dll,-601)
- Description : $(@%SystemRoot%\system32\ReAgentTask.dll,-603)
- URI : \Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
+ Principals
+ Principal
- GroupId : S-1-5-32-544
- RunLevel : HighestAvailable
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT1H
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P14D
- Deadline : P1M
+ Triggers
+ Actions
+ ComHandler
- ClassId : {89D1D0C2-A3CF-490C-ABE3-B86CDE34B047}
- Data : VerifyWinRE

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)(A;;FRFX;;;LS)
- Source : $(@%systemroot%\system32\regidle.dll,-601)
- Author : $(@%systemroot%\system32\regidle.dll,-600)
- Description : $(@%systemroot%\system32\regidle.dll,-602)
- URI : \Microsoft\Windows\Registry\RegIdleBackup
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- Priority : 5
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P10D
- Deadline : P14D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {CA767AA8-9157-4604-B64B-40747123D5F2}

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : O:SYD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)(A;;FRFX;;;LU)
- Source : $(@%systemroot%\system32\wbem\mgmtprovider.dll,-101)
- Author : $(@%systemroot%\system32\wbem\mgmtprovider.dll,-102)
- URI : \Microsoft\Windows\Server Manager\CleanupOldPerfLogs
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT2M
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ Exec
- Command : %systemroot%\system32\cscript.exe
- Arguments : /B /nologo %systemroot%\system32\calluxxprovider.vbs $(Arg0) $(Arg1) $(Arg2)

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)
- Source : $(@%SystemRoot%\system32\svrmgrnc.dll,-101)
- Author : $(@%SystemRoot%\system32\svrmgrnc.dll,-103)
- Description : $(@%SystemRoot%\system32\svrmgrnc.dll,-104)
- URI : \Microsoft\Windows\Server Manager\ServerManager
+ Principals
+ Principal
- GroupId : S-1-5-32-544
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : IgnoreNew
- Priority : 4
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
+ Actions
+ Exec
- Command : %windir%\system32\ServerManagerLauncher.exe

+ Task
+ RegistrationInfo
- URI : \Microsoft\Windows\Servicing\StartComponentCleanup
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P7D
- Deadline : P14D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {752073A1-23F2-4396-85F0-8FDB879ED0ED}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FRFX;;;AU)(A;;FA;;;SY)
- URI : \Microsoft\Windows\SettingSync\BackgroundUploadTask
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Hidden : true
- MultipleInstancesPolicy : Parallel
- StartWhenAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- WaitTimeout : PT3H
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P2D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {59B9640B-3F70-4D1C-B159-F26EEB8A4C87}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FRFX;;;AU)(A;;FA;;;BA)(A;;FA;;;SY)
- URI : \Microsoft\Windows\SettingSync\BackupTask
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Hidden : true
- MultipleInstancesPolicy : Parallel
- RunOnlyIfNetworkAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- WaitTimeout : PT3H
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P2D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {60A4C78C-E2B8-4E6E-876F-DA203B02C05E}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FRFX;;;AU)(A;;FA;;;BA)(A;;FA;;;SY)
- URI : \Microsoft\Windows\SettingSync\NetworkStateChangeTask
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : Queue
- Priority : 6
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7508BCA33E0B8441
- Data : 03
+ WnfStateChangeTrigger
- StateName : 7510BCA33E0B8441
- Data : 03
+ Actions
+ ComHandler
- ClassId : {A4173A49-F373-4475-9A0F-2D615204DC20}

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;FA;;;SY)(A;;FRFX;;;IU)
- Source : $(@%SystemRoot%\system32\shell32.dll,-14349)
- Author : $(@%SystemRoot%\system32\shell32.dll,-14349)
- Description : $(@%SystemRoot%\system32\shell32.dll,-14350)
- URI : \Microsoft\Windows\Shell\CreateObjectTask
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT30S
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ ComHandler
- ClassId : {990A9F8F-301F-45F7-8D0E-68C5952DBA43}

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;FA;;;SY)(A;;FA;;;LS)(A;;FR;;;BA)
- Source : $(@%systemroot%\system32\srchadmin.dll,-1901)
- Author : $(@%systemroot%\system32\srchadmin.dll,-1901)
- Description : $(@%systemroot%\system32\srchadmin.dll,-1902)
- URI : \Microsoft\Windows\Shell\IndexerAutomaticMaintenance
+ Principals
+ Principal
- UserId : S-1-5-19
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P2D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {3FBA60A6-7BF5-4868-A2CA-6623B3DFFEA6}

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)
- URI : \Microsoft\Windows\Software Inventory Logging\Collection
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- AllowStartOnDemand : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- ExecutionTimeLimit : PT10M
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2000-01-01T03:00:00
+ Repetition
- Interval : PT1H
- RandomDelay : PT30M
+ Actions
+ Exec
- Command : %systemroot%\system32\cmd.exe
- Arguments : /d /c %systemroot%\system32\silcollector.cmd publish

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)
- URI : \Microsoft\Windows\Software Inventory Logging\Configuration
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- AllowStartOnDemand : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT2M
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ BootTrigger
- Delay : PT1M
+ Actions
+ Exec
- Command : %systemroot%\system32\cmd.exe
- Arguments : /d /c %systemroot%\system32\silcollector.cmd configure

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628)(A;;FR;;;S-1-5-87-2912274048-3994893941-1669128114-1310430903-1263774323)
- Source : $(@%systemroot%\system32\sppc.dll,-200)
- Author : $(@%systemroot%\system32\sppc.dll,-200)
- Description : $(@%systemroot%\system32\sppc.dll,-201)
- URI : \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
+ Principals
+ Principal
- UserId : S-1-5-20
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
+ RestartOnFailure
- Count : 3
- Interval : PT1M
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ CalendarTrigger
- StartBoundary : 2125-12-16T19:53:14+05:30
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ ComHandler
- ClassId : {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC}
- Data : timer

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FRFW;;;S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628)(A;;FR;;;S-1-5-4)
- Source : $(@%systemroot%\system32\sppc.dll,-200)
- Author : $(@%systemroot%\system32\sppc.dll,-200)
- Description : $(@%systemroot%\system32\sppc.dll,-202)
- URI : \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
+ RestartOnFailure
- Count : 3
- Interval : PT1M
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
+ Actions
+ ComHandler
- ClassId : {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC}
- Data : logon

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FRFW;;;S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628)(A;;FR;;;S-1-5-87-431836887-2321537645-4075769387-3393595759-2187231311)
- Source : $(@%systemroot%\system32\sppc.dll,-200)
- Author : $(@%systemroot%\system32\sppc.dll,-200)
- Description : $(@%systemroot%\system32\sppc.dll,-203)
- URI : \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
+ Principals
+ Principal
- UserId : S-1-5-20
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
+ RestartOnFailure
- Count : 3
- Interval : PT1M
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ EventTrigger
- Subscription : <QueryList><Query Id="0" Path="Microsoft-Windows-NetworkProfile/Operational"><Select Path="Microsoft-Windows-NetworkProfile/Operational">*[System[EventID=10000]]</Select></Query></QueryList>
+ Actions
+ ComHandler
- ClassId : {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC}
- Data : network

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)
- Source : $(@%SystemRoot%\system32\SpaceAgent.exe,-1)
- Author : $(@%SystemRoot%\system32\SpaceAgent.exe,-2)
- Description : $(@%SystemRoot%\system32\SpaceAgent.exe,-3)
- URI : \Microsoft\Windows\SpacePort\SpaceAgentTask
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT6H
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ BootTrigger
- Enabled : false
- Delay : PT2M
+ WnfStateChangeTrigger
- StateName : 7508BCA33E1E8702
+ Actions
+ Exec
- Command : %windir%\system32\SpaceAgent.exe

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)
- Source : $(@%SystemRoot%\system32\spaceman.exe,-1)
- Author : $(@%SystemRoot%\system32\spaceman.exe,-2)
- Description : $(@%SystemRoot%\system32\spaceman.exe,-3)
- URI : \Microsoft\Windows\SpacePort\SpaceManagerTask
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ BootTrigger
- Enabled : false
- Delay : PT2M
+ WnfStateChangeTrigger
- StateName : 7510BCA33E1E8702
+ Actions
+ Exec
- Command : %windir%\system32\spaceman.exe
- Arguments : /Work

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;GA;;;NU)
- URI : \Microsoft\Windows\Speech\SpeechModelDownloadTask
+ Principals
+ Principal
- UserId : S-1-5-20
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT10M
- MultipleInstancesPolicy : IgnoreNew
+ RestartOnFailure
- Count : 3
- Interval : PT1M
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- Duration : PT10M
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ CalendarTrigger
- StartBoundary : 2004-01-01T00:00:00
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : %windir%\system32\speech_onecore\common\SpeechModelDownload.exe

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:AI(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FR;;;AU)
- Source : $(@%systemroot%\system32\TieringEngineService.exe,-601)
- Author : $(@%systemroot%\system32\TieringEngineService.exe,-600)
- Description : $(@%systemroot%\system32\TieringEngineService.exe,-602)
- URI : \Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7508BCA32B1D940D
+ Actions
+ ComHandler
- ClassId : {5C9AB547-345D-4175-9AF6-65133463A100}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:AI(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FR;;;AU)
- Source : $(@%systemroot%\system32\TieringEngineService.exe,-601)
- Author : $(@%systemroot%\system32\TieringEngineService.exe,-600)
- Description : $(@%systemroot%\system32\TieringEngineService.exe,-603)
- URI : \Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2013-01-01T01:00:00
+ Repetition
- Interval : PT4H
+ Actions
+ Exec
- Command : %windir%\system32\defrag.exe
- Arguments : -c -h -g -# -m 8 -i 13500

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)
- Source : $(@%systemroot%\system32\wdc.dll,-10042)
- Author : $(@%systemroot%\system32\wdc.dll,-10041)
- Description : $(@%systemroot%\system32\wdc.dll,-10043)
- URI : \Microsoft\Windows\Task Manager\Interactive
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : Parallel
- Priority : 5
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ ComHandler
- ClassId : {855FEC53-D2E4-4999-9E87-3414E9CF0FF4}
- Data : $(Arg0)

+ Task
+ RegistrationInfo
- URI : \Microsoft\Windows\termsrv\RemoteFX\RemoteFXvGPUDisableTask
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT5M
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ BootTrigger
+ Actions
+ Exec
- Command : %windir%\System32\RemoteFXvGPUDisablement.exe
- Arguments : Disable

+ Task
+ RegistrationInfo
- Author : $(@%SystemRoot%\system32\RemoteFXvGPUDisablement.exe,-1)
- Description : $(@%SystemRoot%\system32\RemoteFXvGPUDisablement.exe,-2)
- URI : \Microsoft\Windows\termsrv\RemoteFX\RemoteFXWarningTask
+ Principals
+ Principal
- GroupId : S-1-5-32-544
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT5M
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ CalendarTrigger
- StartBoundary : 2014-01-01T13:00:00
+ ScheduleByDay
- DaysInterval : 30
+ Actions
+ Exec
- Command : %windir%\System32\RemoteFXvGPUDisablement.exe
- Arguments : Warning

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)
- Source : $(@%systemRoot%\system32\MsCtfMonitor.dll,-1000)
- Description : $(@%systemRoot%\system32\MsCtfMonitor.dll,-1001)
- URI : \Microsoft\Windows\TextServicesFramework\MsCtfMonitor
+ Principals
+ Principal
- GroupId : S-1-5-32-545
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : Parallel
- Priority : 5
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
+ Actions
+ ComHandler
- ClassId : {01575CFE-9A55-4003-A5E1-F38D1EBDCBE1}

+ Task
+ RegistrationInfo
- Source : $(@%SystemRoot%\system32\TimeSyncTask.dll,-601)
- Author : $(@%SystemRoot%\system32\TimeSyncTask.dll,-600)
- Description : $(@%SystemRoot%\system32\TimeSyncTask.dll,-602)
- URI : \Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
+ Principals
+ Principal
- UserId : S-1-5-19
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- Delay : PT1M
- StateName : 7510BCA32F018915
+ Actions
+ ComHandler
- ClassId : {A31AD6C2-FF4C-43D4-8E90-7101023096F9}
- Data : TimeSyncTask

+ Task
+ RegistrationInfo
- Date : 2013-01-10T16:32:04.2837388
- Author : $(@%SystemRoot%\system32\tzsyncres.dll,-101)
- Description : $(@%SystemRoot%\system32\tzsyncres.dll,-102)
- URI : \Microsoft\Windows\Time Zone\SynchronizeTimeZone
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P7D
- Deadline : P14D
+ Triggers
+ Actions
+ Exec
- Command : %windir%\system32\tzsync.exe

+ Task
+ RegistrationInfo
- Date : 2015-02-16T17:49:20.8844064
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)
- Source : $(@%SystemRoot%\system32\TpmTasks.dll,-601)
- Author : $(@%SystemRoot%\system32\TpmTasks.dll,-600)
- Description : $(@%SystemRoot%\system32\TpmTasks.dll,-605)
- URI : \Microsoft\Windows\TPM\Tpm-HASCertRetr
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : Queue
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7508BCA3250F9541
+ Actions
+ ComHandler
- ClassId : {5014B7C8-934E-4262-9816-887FA745A6C4}
- Data : HASCertRetr

+ Task
+ RegistrationInfo
- Date : 2010-06-10T17:49:20.8844064
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;S-1-5-87-1469317444-2401623638-2778953283-1691679301-3481717153)
- Source : $(@%SystemRoot%\system32\TpmTasks.dll,-601)
- Author : $(@%SystemRoot%\system32\TpmTasks.dll,-600)
- Description : $(@%SystemRoot%\system32\TpmTasks.dll,-602)
- URI : \Microsoft\Windows\TPM\Tpm-Maintenance
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : Queue
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7518BCA3391E8B41
+ WnfStateChangeTrigger
- StateName : 7508BCA32A1E890D
+ WnfStateChangeTrigger
- StateName : 750CBCA3290B9641
+ WnfStateChangeTrigger
- StateName : 7510BCA3391E8B41
+ Actions
+ ComHandler
- ClassId : {5014B7C8-934E-4262-9816-887FA745A6C4}
- Data : TpmTasks

+ Task
+ RegistrationInfo
- URI : \Microsoft\Windows\UpdateOrchestrator\Maintenance Install
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
+ Triggers
+ Actions
+ Exec
- Command : %systemroot%\system32\usoclient.exe
- Arguments : StartInstall

+ Task
+ RegistrationInfo
- URI : \Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ LogonTrigger
- Delay : PT40S
+ Actions
+ Exec
- Command : %systemroot%\system32\MusNotification.exe
- Arguments : LogonDisplay

+ Task
+ RegistrationInfo
- URI : \Microsoft\Windows\UpdateOrchestrator\Policy Install
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ TimeTrigger
- StartBoundary : 2018-02-03T01:11:17+05:30
+ Actions
+ Exec
- Command : %systemroot%\system32\usoclient.exe
- Arguments : StartInstall

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FA;;;BA)
- Source : $(@%systemRoot%\system32\usocore.dll,-104)
- Author : $(@%systemRoot%\system32\usocore.dll,-103)
- Description : $(@%systemRoot%\system32\usocore.dll,-106)
- URI : \Microsoft\Windows\UpdateOrchestrator\Reboot
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- AllowStartOnDemand : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : Queue
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2000-01-01T03:00:00
+ Actions
+ Exec
- Command : %systemroot%\system32\MusNotification.exe

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FA;;;BA)
- Source : $(@%systemRoot%\system32\usocore.dll,-104)
- Author : $(@%systemRoot%\system32\usocore.dll,-103)
- Description : $(@%systemRoot%\system32\usocore.dll,-107)
- URI : \Microsoft\Windows\UpdateOrchestrator\Refresh Settings
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2000-01-01T03:00:00
+ Repetition
- Interval : PT22H
- RandomDelay : PT4H
+ Actions
+ Exec
- Command : %systemroot%\system32\usoclient.exe
- Arguments : RefreshSettings

+ Task
+ RegistrationInfo
- URI : \Microsoft\Windows\UpdateOrchestrator\Resume On Boot
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ BootTrigger
- Delay : PT5M
+ Actions
+ Exec
- Command : %systemroot%\system32\usoclient.exe
- Arguments : ResumeUpdate

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FA;;;BA)
- Source : $(@%systemRoot%\system32\usocore.dll,-104)
- Author : $(@%systemRoot%\system32\usocore.dll,-103)
- Description : $(@%systemRoot%\system32\usocore.dll,-105)
- URI : \Microsoft\Windows\UpdateOrchestrator\Schedule Scan
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2026-01-09T19:46:14+05:30
+ Repetition
- Interval : PT22H
- RandomDelay : PT4H
+ WnfStateChangeTrigger
- Delay : PT2H5M
- StateName : 750CBCA3290B9641
- Data : 01
+ WnfStateChangeTrigger
- Delay : PT5M
- StateName : 7524BCA33E06830D
- Data : 01
+ EventTrigger
- Subscription : <QueryList><Query Id="0" Path="System"><Select Path="System">*[System[EventID=8202]]</Select></Query></QueryList>
+ Actions
+ Exec
- Command : %systemroot%\system32\usoclient.exe
- Arguments : StartScan

+ Task
+ RegistrationInfo
- URI : \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7510BCA3381D8941
+ Actions
+ Exec
- Command : %systemroot%\system32\MusNotification.exe
- Arguments : Display

+ Task
+ RegistrationInfo
- URI : \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7520BCA3381D8941
- Data : 01
+ Actions
+ Exec
- Command : %systemroot%\system32\MusNotification.exe
- Arguments : ReadyToReboot

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)
- Author : $(@%systemroot%\system32\upnphost.dll,-215)
- Description : $(@%systemroot%\system32\upnphost.dll,-216)
- URI : \Microsoft\Windows\UPnP\UPnPHostConfig
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ Exec
- Command : sc.exe
- Arguments : config upnphost start= auto

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)
- Source : $(@%SystemRoot%\system32\profsvc,-500)
- Author : $(@%SystemRoot%\system32\profsvc,-500)
- Description : $(@%SystemRoot%\system32\profsvc,-501)
- URI : \Microsoft\Windows\User Profile Service\HiveUploadTask
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- Enabled : false
- MultipleInstancesPolicy : IgnoreNew
+ RestartOnFailure
- Count : 3
- Interval : PT2M
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT2H
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2007-08-28T00:00:00
+ Repetition
- Interval : PT12H
- RandomDelay : PT1H
+ Actions
+ ComHandler
- ClassId : {BA677074-762C-444B-94C8-8C83F93F6605}

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)
- Source : $(@%systemroot%\system32\dps.dll,-601)
- Author : $(@%systemroot%\system32\dps.dll,-600)
- Description : $(@%systemroot%\system32\dps.dll,-602)
- URI : \Microsoft\Windows\WDI\ResolutionHost
+ Principals
+ Principal
- GroupId : S-1-5-4
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : Parallel
- Priority : 10
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ ComHandler
- ClassId : {900BE39D-6BE8-461A-BC4D-B0FA71F5ECB1}

+ Task
+ RegistrationInfo
- Version : 1.5
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)
- Source : $(@%SystemRoot%\system32\wer.dll,-292)
- Author : $(@%SystemRoot%\system32\wer.dll,-293)
- Description : $(@%SystemRoot%\system32\wer.dll,-294)
- URI : \Microsoft\Windows\Windows Error Reporting\QueueReporting
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT4H
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ BootTrigger
- Delay : PT3M
+ WnfStateChangeTrigger
- StateName : 7510BCA33A0B9441
- Data : 01
+ TimeTrigger
- StartBoundary : 2015-01-01T05:30:00+05:30
+ Repetition
- Interval : PT4H
- RandomDelay : PT4H
+ Actions
+ Exec
- Command : %windir%\system32\wermgr.exe
- Arguments : -upload

+ Task
+ RegistrationInfo
- Author : $(@%SystemRoot%\system32\bfe.dll,-2001)
- Description : $(@%SystemRoot%\system32\bfe.dll,-2002)
- URI : \Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- AllowHardTerminate : false
- AllowStartOnDemand : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Hidden : true
- MultipleInstancesPolicy : Queue
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ EventTrigger
- Subscription : <QueryList><Query Id="0" Path="System"><Select Path="System">*/System/Provider[@Name='Service Control Manager'] and */System/EventID='7040' and */EventData/Data[@Name='param4']='BFE'</Select></Query></QueryList>
+ Actions
+ Exec
- Command : %windir%\system32\rundll32.exe
- Arguments : bfe.dll,BfeOnServiceStartTypeChange

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FWFR;;;BU)
- Source : $(@%SystemRoot%\system32\mscms.dll,-200)
- Author : $(@%SystemRoot%\system32\mscms.dll,-201)
- Description : $(@%SystemRoot%\system32\mscms.dll,-202)
- URI : \Microsoft\Windows\WindowsColorSystem\Calibration Loader
+ Principals
+ Principal
- GroupId : S-1-5-32-545
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : Queue
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
+ SessionStateChangeTrigger
- StateChange : ConsoleConnect
+ Actions
+ ComHandler
- ClassId : {B210D694-C8DF-490D-9576-9E20CDBC20BD}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;SY)(A;;FA;;;BA)(A;;FRFX;;;IU)
- Source : $(@%SystemRoot%\System32\wuautoappupdate.dll,-601)
- Author : $(@%SystemRoot%\System32\wuautoappupdate.dll,-601)
- Description : $(@%SystemRoot%\System32\wuautoappupdate.dll,-603)
- URI : \Microsoft\Windows\WindowsUpdate\Automatic App Update
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT4H
- MultipleInstancesPolicy : Parallel
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2014-01-01T05:30:00+05:30
+ Repetition
- Interval : PT4H
- RandomDelay : PT4H
+ LogonTrigger
- Delay : PT5M
+ Actions
+ ComHandler
- ClassId : {A6BA00FE-40E8-477C-B713-C64A14F18ADB}

+ Task
+ RegistrationInfo
- Source : Microsoft Corporation.
- Author : Microsoft Corporation.
- Description : This task is used to start the Windows Update service when needed to perform scheduled operations such as scans.
- URI : \Microsoft\Windows\WindowsUpdate\Scheduled Start
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- AllowStartOnDemand : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2026-01-10T23:35:47+05:30
- RandomDelay : PT1M
+ SessionStateChangeTrigger
- Enabled : false
- StateChange : ConsoleDisconnect
+ SessionStateChangeTrigger
- Enabled : false
- StateChange : RemoteDisconnect
+ WnfStateChangeTrigger
- Enabled : false
- StateName : 7508BCA3380C960C
- Data : 01
+ Actions
+ Exec
- Command : C:\Windows\system32\sc.exe
- Arguments : start wuauserv

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FAFRFX;;;SY)(A;;FAFRFX;;;LS)
- Source : $(@%SystemRoot%\System32\sihclient.exe,-101)
- Author : $(@%SystemRoot%\System32\sihclient.exe,-101)
- Description : $(@%SystemRoot%\System32\sihclient.exe,-102)
- URI : \Microsoft\Windows\WindowsUpdate\sih
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- DisallowStartOnRemoteAppSession : true
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2014-01-01T05:30:00+05:30
+ Repetition
- Interval : PT20H
- RandomDelay : PT4H
+ Actions
+ Exec
- Command : %systemroot%\System32\sihclient.exe

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FAFRFX;;;SY)(A;;FAFRFX;;;LS)
- Source : $(@%SystemRoot%\System32\sihclient.exe,-101)
- Author : $(@%SystemRoot%\System32\sihclient.exe,-101)
- Description : $(@%SystemRoot%\System32\sihclient.exe,-103)
- URI : \Microsoft\Windows\WindowsUpdate\sihboot
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT2M
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- DisallowStartOnRemoteAppSession : true
- UseUnifiedSchedulingEngine : true
+ Triggers
+ BootTrigger
- Enabled : false
+ Actions
+ Exec
- Command : %systemroot%\System32\sihclient.exe
- Arguments : /boot

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;0x001200a9;;;BU)(A;;0x001200a9;;;WD)(A;;0x001200a9;;;LW)
- Author : $(@%systemroot%\system32\wininet.dll,-16000)
- Description : $(@%systemroot%\system32\wininet.dll,-16001)
- URI : \Microsoft\Windows\Wininet\CacheTask
+ Principals
+ Principal
- GroupId : S-1-5-32-545
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : Parallel
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
+ Actions
+ ComHandler
- ClassId : {0358B920-0AC7-461F-98F4-58E32CD89148}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:AI(A;;FA;;;NS)(A;;GA;;;SY)(A;ID;FA;;;BA)(A;ID;GRGX;;;AU)
- Description : $(@%SystemRoot%\system32\dsregcmd.exe,-101)
- URI : \Microsoft\Windows\Workplace Join\Automatic-Device-Join
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT5M
- MultipleInstancesPolicy : Queue
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
- Delay : PT1M
+ Actions
+ Exec
- Command : %SystemRoot%\System32\dsregcmd.exe

+ Task
+ RegistrationInfo
- Author : Microsoft
- Description : XblGameSave Standby Task
- URI : \Microsoft\XblGameSave\XblGameSaveTask
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT2H
- MultipleInstancesPolicy : IgnoreNew
- RunOnlyIfNetworkAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ IdleTrigger
+ Actions
+ Exec
- Command : %windir%\System32\XblGameSaveTask.exe
- Arguments : standby

+ Task
+ RegistrationInfo
- Author : Microsoft
- Description : XblGameSave Logon Task
- URI : \Microsoft\XblGameSave\XblGameSaveTaskLogon
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT2H
- MultipleInstancesPolicy : IgnoreNew
- RunOnlyIfNetworkAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
+ Actions
+ Exec
- Command : %windir%\System32\XblGameSaveTask.exe
- Arguments : logon

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-20)
- Source : $(@%systemroot%\system32\osppc.dll,-200)
- Author : $(@%systemroot%\system32\osppc.dll,-200)
- Description : $(@%systemroot%\system32\osppc.dll,-201)
- URI : \OfficeSoftwareProtectionPlatform\SvcRestartTask
+ Principals
+ Principal
- UserId : S-1-5-20
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
+ RestartOnFailure
- Count : 3
- Interval : PT1M
- StartWhenAvailable : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ CalendarTrigger
- StartBoundary : 2004-01-01T00:00:00
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : %systemroot%\system32\sc.exe
- Arguments : start osppsvc
70626 - Microsoft Windows AutoRuns Services and Drivers
-
Synopsis
Report programs that are set to start automatically on boot as a service or driver.
Description
Report the registry keys that track programs that are set to start on boot as a service.

These programs can start as a system wide service or be loaded as a driver.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output

tcp/0


+ HKLM\System\CurrentControlSet\Services
Drivers :
+ @%SystemRoot%\system32\AJRouter.dll,-2
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\AJRouter.dll,-1

+ @%SystemRoot%\system32\Alg.exe,-112
- %SystemRoot%\System32\alg.exe
- Load on Demand
- @%SystemRoot%\system32\Alg.exe,-113

+ @%windir%\system32\inetsrv\iisres.dll,-30011
- %windir%\system32\svchost.exe -k apphost
- Auto Load
- @%windir%\system32\inetsrv\iisres.dll,-30012

+ @%systemroot%\system32\appidsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
- Load on Demand
- @%systemroot%\system32\appidsvc.dll,-101

+ @%systemroot%\system32\appinfo.dll,-100
- %SystemRoot%\system32\svchost.exe -k netsvcs
- Load on Demand
- @%systemroot%\system32\appinfo.dll,-101

+ AppinfoMaSvc
- c:\Windows\System32\AppinfoMaSvc.exe
- Auto Load
- AppinfoMaSvc Manager

+ @appmgmts.dll,-3250
- %SystemRoot%\system32\svchost.exe -k netsvcs
- Load on Demand
- @appmgmts.dll,-3251

+ @%SystemRoot%\System32\AppReadiness.dll,-1000
- %SystemRoot%\System32\svchost.exe -k AppReadiness
- Load on Demand
- @%SystemRoot%\System32\AppReadiness.dll,-1001

+ @%systemroot%\system32\AppVClient.exe,-102
- %systemroot%\system32\AppVClient.exe
- disabled
- @%systemroot%\system32\AppVClient.exe,-101

+ @%SystemRoot%\system32\appxdeploymentserver.dll,-1
- %systemroot%\system32\svchost.exe -k wsappx
- Load on Demand
- @%SystemRoot%\system32\appxdeploymentserver.dll,-2

+ ASP.NET State Service
- %systemroot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
- Auto Load
- @%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-2

+ @%SystemRoot%\system32\AudioEndpointBuilder.dll,-204
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\System32\AudioEndpointBuilder.dll,-205

+ @%SystemRoot%\system32\audiosrv.dll,-200
- %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
- Load on Demand
- @%SystemRoot%\System32\audiosrv.dll,-201

+ Kaspersky Endpoint Security Service (KES.21.15)
- "C:\Program Files (x86)\Kaspersky Lab\KES.12.3.0\avp.exe" -r
- Auto Load
- Provides computer protection against viruses, other malicious applications, and network attacks.

+ Kaspersky Seamless Update Service (KES.21.15)
- "C:\Program Files (x86)\Kaspersky Lab\KES.12.3.0\avpsus.exe"
- Auto Load
- Lets you install and roll back critical and approved updates of application modules.

+ @%SystemRoot%\system32\AxInstSV.dll,-103
- %SystemRoot%\system32\svchost.exe -k AxInstSVGroup
- Load on Demand
- @%SystemRoot%\system32\AxInstSV.dll,-104

+ @%SystemRoot%\system32\bfe.dll,-1001
- %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
- Auto Load
- @%SystemRoot%\system32\bfe.dll,-1002

+ Background Intelligent Transfer Service
- %SystemRoot%\System32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\system32\qmgr.dll,-1001

+ @%windir%\system32\bisrv.dll,-100
- %SystemRoot%\system32\svchost.exe -k DcomLaunch
- Auto Load
- @%windir%\system32\bisrv.dll,-101

+ @%systemroot%\system32\browser.dll,-100
- %SystemRoot%\System32\svchost.exe -k smbsvcs
- disabled
- @%systemroot%\system32\browser.dll,-101

+ Bluetooth Support Service
- %SystemRoot%\system32\svchost.exe -k LocalService
- disabled
- @%SystemRoot%\System32\bthserv.dll,-102

+ @%SystemRoot%\system32\cdpsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalService
- Auto Load
- @%SystemRoot%\system32\cdpsvc.dll,-101

+ @%SystemRoot%\System32\certprop.dll,-11
- %SystemRoot%\system32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\System32\certprop.dll,-12

+ @%SystemRoot%\system32\ClipSVC.dll,-103
- %SystemRoot%\System32\svchost.exe -k wsappx
- Load on Demand
- @%SystemRoot%\system32\ClipSVC.dll,-104

+ @comres.dll,-947
- %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
- Load on Demand
- @comres.dll,-948

+ @%SystemRoot%\system32\coremessaging.dll,-1
- %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
- Auto Load
- @%SystemRoot%\system32\coremessaging.dll,-2

+ @%SystemRoot%\system32\cryptsvc.dll,-1001
- %SystemRoot%\system32\svchost.exe -k NetworkService
- Auto Load
- @%SystemRoot%\system32\cryptsvc.dll,-1002

+ @%systemroot%\system32\cscsvc.dll,-200
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
- disabled
- @%systemroot%\system32\cscsvc.dll,-201

+ @combase.dll,-5012
- %SystemRoot%\system32\svchost.exe -k DcomLaunch
- Auto Load
- @combase.dll,-5013

+ @%SystemRoot%\system32\dcpsvc.dll,-3001
- %SystemRoot%\System32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\system32\dcpsvc.dll,-3002

+ @%SystemRoot%\system32\defragsvc.dll,-101
- %SystemRoot%\system32\svchost.exe -k defragsvc
- Load on Demand
- @%SystemRoot%\system32\defragsvc.dll,-102

+ @%SystemRoot%\system32\das.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\das.dll,-101

+ @%SystemRoot%\system32\umpnpmgr.dll,-100
- %SystemRoot%\system32\svchost.exe -k DcomLaunch
- Load on Demand
- @%SystemRoot%\system32\umpnpmgr.dll,-101

+ @%SystemRoot%\system32\DevQueryBroker.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\DevQueryBroker.dll,-101

+ @%SystemRoot%\system32\dhcpcore.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
- Auto Load
- @%SystemRoot%\system32\dhcpcore.dll,-101

+ @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000
- %SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
- Load on Demand
- @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1001

+ @%SystemRoot%\system32\diagtrack.dll,-3001
- %SystemRoot%\System32\svchost.exe -k utcsvc
- Auto Load
- @%SystemRoot%\system32\diagtrack.dll,-3002

+ @%systemroot%\system32\Windows.Internal.Management.dll,-100
- %systemroot%\system32\svchost.exe -k netsvcs
- Load on Demand
- @%systemroot%\system32\Windows.Internal.Management.dll,-101

+ @%SystemRoot%\system32\dmwappushsvc.dll,-200
- %SystemRoot%\system32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\system32\dmwappushsvc.dll,-201

+ @%SystemRoot%\System32\dnsapi.dll,-101
- %SystemRoot%\system32\svchost.exe -k NetworkService
- Auto Load
- @%SystemRoot%\System32\dnsapi.dll,-102

+ @%systemroot%\system32\dot3svc.dll,-1102
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%systemroot%\system32\dot3svc.dll,-1103

+ @%systemroot%\system32\dps.dll,-500
- %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
- Auto Load
- @%systemroot%\system32\dps.dll,-501

+ @%SystemRoot%\system32\DeviceSetupManager.dll,-1000
- %SystemRoot%\system32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\system32\DeviceSetupManager.dll,-1001

+ @%SystemRoot%\system32\dssvc.dll,-10003
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\dssvc.dll,-10002

+ @%systemroot%\system32\eapsvc.dll,-1
- %SystemRoot%\System32\svchost.exe -k netsvcs
- Load on Demand
- @%systemroot%\system32\eapsvc.dll,-2

+ @%SystemRoot%\system32\efssvc.dll,-100
- %SystemRoot%\System32\lsass.exe
- Load on Demand
- @%SystemRoot%\system32\efssvc.dll,-101

+ @%SystemRoot%\system32\embeddedmodesvc.dll,-201
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\embeddedmodesvc.dll,-202

+ @EnterpriseAppMgmtSvc.dll,-1
- %systemroot%\system32\svchost.exe -k appmodel
- Load on Demand
- @EnterpriseAppMgmtSvc.dll,-2

+ @%SystemRoot%\system32\wevtsvc.dll,-200
- %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
- Auto Load
- @%SystemRoot%\system32\wevtsvc.dll,-201

+ @comres.dll,-2450
- %SystemRoot%\system32\svchost.exe -k LocalService
- Auto Load
- @comres.dll,-2451

+ @%systemroot%\system32\fdPHost.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalService
- Load on Demand
- @%systemroot%\system32\fdPHost.dll,-101

+ @%systemroot%\system32\fdrespub.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
- Load on Demand
- @%systemroot%\system32\fdrespub.dll,-101

+ @%systemroot%\system32\FntCache.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalService
- Auto Load
- @%systemroot%\system32\FntCache.dll,-101

+ @%SystemRoot%\system32\PresentationHost.exe,-3309
- %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
- Load on Demand
- @%SystemRoot%\system32\PresentationHost.exe,-3310

+ @%systemroot%\system32\FrameServer.dll,-100
- %SystemRoot%\System32\svchost.exe -k Camera
- Load on Demand
- @%systemroot%\system32\FrameServer.dll,-101

+ @gpapi.dll,-112
- %systemroot%\system32\svchost.exe -k netsvcs
- Auto Load
- @gpapi.dll,-113

+ @%SystemRoot%\System32\hidserv.dll,-101
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\System32\hidserv.dll,-102

+ @%systemroot%\system32\HostNetSvc.dll,-100
- %systemroot%\system32\svchost.exe -k NetSvcs
- Load on Demand
- @%systemroot%\system32\HostNetSvc.dll,-101

+ @%SystemRoot%\system32\hvhostsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\hvhostsvc.dll,-101

+ @%SystemRoot%\System32\tetheringservice.dll,-4097
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
- Load on Demand
- @%SystemRoot%\System32\tetheringservice.dll,-4098

+ @%windir%\system32\inetsrv\iisres.dll,-30007
- %windir%\system32\inetsrv\inetinfo.exe
- Auto Load
- @%windir%\system32\inetsrv\iisres.dll,-30008

+ @%SystemRoot%\system32\ikeext.dll,-501
- %systemroot%\system32\svchost.exe -k netsvcs
- Auto Load
- @%SystemRoot%\system32\ikeext.dll,-502

+ @%SystemRoot%\system32\iphlpsvc.dll,-500
- %SystemRoot%\System32\svchost.exe -k NetSvcs
- Auto Load
- @%SystemRoot%\system32\iphlpsvc.dll,-501

+ @keyiso.dll,-100
- %SystemRoot%\system32\lsass.exe
- Load on Demand
- @keyiso.dll,-101

+ Kaspersky Security Center Network Agent
- "C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe"
- Auto Load
- Network Agent coordinates interaction between the Administration Server and Kaspersky applications installed on devices.

+ @%systemroot%\system32\kpssvc.dll,-100
- %systemroot%\system32\svchost.exe -k KpsSvcGroup
- Load on Demand
- @%systemroot%\system32\kpssvc.dll,-101

+ Kaspersky Security Network proxy server
- "C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\ksnproxy.exe"
- Load on Demand
- The KSN proxy service retranslates requests to Kaspersky Security Network and caches the responses.

+ @comres.dll,-2946
- %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation
- Load on Demand
- @comres.dll,-2947

+ @%systemroot%\system32\srvsvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k smbsvcs
- Auto Load
- @%systemroot%\system32\srvsvc.dll,-101

+ @%systemroot%\system32\wkssvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k NetworkService
- Auto Load
- @%systemroot%\system32\wkssvc.dll,-101

+ @%SystemRoot%\System32\lfsvc.dll,-1
- %SystemRoot%\system32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\System32\lfsvc.dll,-2

+ @%SystemRoot%\system32\licensemanagersvc.dll,-200
- %SystemRoot%\System32\svchost.exe -k LocalService
- Load on Demand
- @%SystemRoot%\system32\licensemanagersvc.dll,-201

+ @%SystemRoot%\system32\lltdres.dll,-1
- %SystemRoot%\System32\svchost.exe -k LocalService
- Load on Demand
- @%SystemRoot%\system32\lltdres.dll,-2

+ @%SystemRoot%\system32\lmhsvc.dll,-101
- %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\lmhsvc.dll,-102

+ @%windir%\system32\lsm.dll,-1001
- %SystemRoot%\system32\svchost.exe -k DcomLaunch
- Auto Load
- @%windir%\system32\lsm.dll,-1002

+ ManageEngine UEMS -Agent
- "C:\Program Files (x86)\UEMS_Agent\bin\dcagentservice.exe"
- disabled
- ManageEngine UEMS -Agent

+ @%SystemRoot%\System32\moshost.dll,-100
- %SystemRoot%\System32\svchost.exe -k NetworkService
- Auto Load
- @%SystemRoot%\System32\moshost.dll,-101

+ @%SystemRoot%\system32\FirewallAPI.dll,-23090
- %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
- Auto Load
- @%SystemRoot%\system32\FirewallAPI.dll,-23091

+ @comres.dll,-2797
- %SystemRoot%\System32\msdtc.exe
- Auto Load
- @comres.dll,-2798

+ SQL Server Integration Services 12.0
- "C:\Program Files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe"
- Auto Load
- Provides management support for SSIS package storage and execution.

+ SQL Server Integration Services 15.0
- "C:\Program Files\Microsoft SQL Server\150\DTS\Binn\MsDtsSrvr.exe"
- Auto Load
- Provides management support for SSIS package storage and execution.

+ @%SystemRoot%\system32\iscsidsc.dll,-5000
- %systemroot%\system32\svchost.exe -k netsvcs
- Auto Load
- @%SystemRoot%\system32\iscsidsc.dll,-5001

+ @%SystemRoot%\system32\msimsg.dll,-27
- %systemroot%\system32\msiexec.exe /V
- Load on Demand
- @%SystemRoot%\system32\msimsg.dll,-32

+ SQL Server (SQLEXPRESS)
- "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
- Load on Demand
- Provides storage, processing and controlled access of data, and rapid transaction processing.

+ SQL Full-text Filter Daemon Launcher (MSSQLSERVER)
- "C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe" -s MSSQL15.MSSQLSERVER
- Load on Demand
- Service to launch full-text filter daemon process which will perform document filtering and word breaking for SQL Server full-text search. Disabling this service will make full-text search features of SQL Server unavailable.

+ SQL Server (MSSQLSERVER)
- "C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
- Auto Load
- Provides storage, processing and controlled access of data, and rapid transaction processing.

+ SQL Active Directory Helper Service
- "C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE"
- disabled
- Enables integration with Active Directories

+ SQL Server Analysis Services (MSSQLSERVER)
- "C:\Program Files\Microsoft SQL Server\MSAS15.MSSQLSERVER\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSAS12.MSSQLSERVER\OLAP\Config"
- Auto Load
- Supplies online analytical processing (OLAP) and data mining functionality for business intelligence applications.

+ @%SystemRoot%\system32\ncasvc.dll,-3009
- %SystemRoot%\System32\svchost.exe -k NetSvcs
- Load on Demand
- @%SystemRoot%\system32\ncasvc.dll,-3008

+ @%SystemRoot%\system32\ncbservice.dll,-500
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\ncbservice.dll,-501

+ @%SystemRoot%\System32\netlogon.dll,-102
- %systemroot%\system32\lsass.exe
- Load on Demand
- @%SystemRoot%\System32\netlogon.dll,-103

+ @%SystemRoot%\system32\netman.dll,-109
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\netman.dll,-110

+ @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8195
- "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" -NetMsmqActivator
- Auto Load
- @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8194

+ @%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8197
- %systemroot%\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
- Auto Load
- @%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8196

+ @%SystemRoot%\system32\netprofmsvc.dll,-202
- %SystemRoot%\System32\svchost.exe -k LocalService
- Load on Demand
- @%SystemRoot%\system32\netprofmsvc.dll,-203

+ @%SystemRoot%\system32\NetSetupSvc.dll,-3
- %SystemRoot%\System32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\system32\NetSetupSvc.dll,-4

+ @%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8199
- %systemroot%\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
- Auto Load
- @%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8198

+ @%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8201
- %systemroot%\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
- Load on Demand
- @%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8200

+ @%SystemRoot%\System32\NgcCtnrSvc.dll,-1
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
- Load on Demand
- @%SystemRoot%\System32\NgcCtnrSvc.dll,-2

+ @%SystemRoot%\System32\ngcsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\System32\ngcsvc.dll,-101

+ @%SystemRoot%\System32\nlasvc.dll,-1
- %SystemRoot%\System32\svchost.exe -k NetworkService
- Auto Load
- @%SystemRoot%\System32\nlasvc.dll,-2

+ @%SystemRoot%\system32\nsisvc.dll,-200
- %systemroot%\system32\svchost.exe -k LocalService
- Auto Load
- @%SystemRoot%\system32\nsisvc.dll,-201

+ NXLog
- "C:\Program Files\nxlog\nxlog.exe" -c "C:\Program Files\nxlog\conf\nxlog.conf"
- Auto Load
- This service is responsible for running the NXLog agent. See www.nxlog.co.

+ Office Source Engine
- "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
- Load on Demand
- Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.

+ Office Software Protection Platform
- "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
- Load on Demand
- Office Software Protection Platform Service (unlocalized description)

+ @%SystemRoot%\system32\pcasvc.dll,-1
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Auto Load
- @%SystemRoot%\system32\pcasvc.dll,-2

+ @%systemroot%\sysWow64\perfhost.exe,-2
- %SystemRoot%\SysWow64\perfhost.exe
- Load on Demand
- @%systemroot%\SysWow64\perfhost.exe,-1

+ @%SystemRoot%\system32\PhoneserviceRes.dll,-10000
- %SystemRoot%\system32\svchost.exe -k LocalService
- Load on Demand
- @%SystemRoot%\system32\PhoneserviceRes.dll,-10001

+ @%systemroot%\system32\pla.dll,-500
- %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
- Load on Demand
- @%systemroot%\system32\pla.dll,-501

+ @%SystemRoot%\system32\umpnpmgr.dll,-200
- %SystemRoot%\system32\svchost.exe -k DcomLaunch
- Load on Demand
- @%SystemRoot%\system32\umpnpmgr.dll,-101

+ @%SystemRoot%\System32\polstore.dll,-5010
- %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\polstore.dll,-5011

+ @%SystemRoot%\system32\umpo.dll,-100
- %SystemRoot%\system32\svchost.exe -k DcomLaunch
- Auto Load
- @%SystemRoot%\system32\umpo.dll,-101

+ @%systemroot%\system32\profsvc.dll,-300
- %systemroot%\system32\svchost.exe -k netsvcs
- Auto Load
- @%systemroot%\system32\profsvc.dll,-301

+ @%SystemRoot%\system32\qwave.dll,-1
- %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation
- Load on Demand
- @%SystemRoot%\system32\qwave.dll,-2

+ @%Systemroot%\system32\rasauto.dll,-200
- %SystemRoot%\System32\svchost.exe -k netsvcs
- Load on Demand
- @%Systemroot%\system32\rasauto.dll,-201

+ @%Systemroot%\system32\rasmans.dll,-200
- %SystemRoot%\System32\svchost.exe -k netsvcs
- Load on Demand
- @%Systemroot%\system32\rasmans.dll,-201

+ @%Systemroot%\system32\mprdim.dll,-200
- %SystemRoot%\System32\svchost.exe -k netsvcs
- disabled
- @%Systemroot%\system32\mprdim.dll,-201

+ Remote Registry
- %SystemRoot%\system32\svchost.exe -k localService
- Load on Demand
- @regsvc.dll,-2

+ @%SystemRoot%\system32\RMapi.dll,-1001
- %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\RMapi.dll,-1002

+ @%windir%\system32\RpcEpMap.dll,-1001
- %SystemRoot%\system32\svchost.exe -k RPCSS
- Auto Load
- @%windir%\system32\RpcEpMap.dll,-1002

+ @%systemroot%\system32\Locator.exe,-2
- %SystemRoot%\system32\locator.exe
- Load on Demand
- @%systemroot%\system32\Locator.exe,-3

+ @combase.dll,-5010
- %SystemRoot%\system32\svchost.exe -k rpcss
- Auto Load
- @combase.dll,-5011

+ @gpapi.dll,-114
- %SystemRoot%\system32\RSoPProv.exe
- Load on Demand
- @gpapi.dll,-115

+ @%systemroot%\system32\sacsvr.dll,-500
- %SystemRoot%\System32\svchost.exe -k netsvcs
- Load on Demand
- @%systemroot%\system32\sacsvr.dll,-501

+ @%SystemRoot%\system32\samsrv.dll,-1
- %SystemRoot%\system32\lsass.exe
- Auto Load
- @%SystemRoot%\system32\samsrv.dll,-2

+ @%SystemRoot%\System32\SCardSvr.dll,-1
- %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
- disabled
- @%SystemRoot%\System32\SCardSvr.dll,-5

+ @%SystemRoot%\System32\ScDeviceEnum.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\System32\ScDeviceEnum.dll,-101

+ @%SystemRoot%\system32\schedsvc.dll,-100
- %systemroot%\system32\svchost.exe -k netsvcs
- Auto Load
- @%SystemRoot%\system32\schedsvc.dll,-101

+ @%SystemRoot%\System32\certprop.dll,-13
- %SystemRoot%\system32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\System32\certprop.dll,-14

+ @%SystemRoot%\system32\seclogon.dll,-7001
- %windir%\system32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\system32\seclogon.dll,-7000

+ SecPod Saner Upgrade Controller v2
- "C:\Program Files (x86)\SecPod Saner\Upgrader\bin\spupgradecontroller.exe"
- Load on Demand
- Controller for monitoring SecPod's SanerNow agent upgrade.

+ @%SystemRoot%\system32\Sens.dll,-200
- %SystemRoot%\system32\svchost.exe -k netsvcs
- Auto Load
- @%SystemRoot%\system32\Sens.dll,-201

+ @%SystemRoot%\system32\SensorDataService.exe,-101
- %SystemRoot%\System32\SensorDataService.exe
- Load on Demand
- @%SystemRoot%\system32\SensorDataService.exe,-102

+ @%SystemRoot%\System32\sensorservice.dll,-1000
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\System32\sensorservice.dll,-1001

+ @%SystemRoot%\System32\sensrsvc.dll,-1000
- %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
- Load on Demand
- @%SystemRoot%\System32\sensrsvc.dll,-1001

+ @%SystemRoot%\System32\SessEnv.dll,-1026
- %SystemRoot%\System32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\System32\SessEnv.dll,-1027

+ @%SystemRoot%\system32\ipnathlp.dll,-106
- %SystemRoot%\System32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\system32\ipnathlp.dll,-107

+ @%SystemRoot%\System32\shsvcs.dll,-12288
- %SystemRoot%\System32\svchost.exe -k netsvcs
- Auto Load
- @%SystemRoot%\System32\shsvcs.dll,-12289

+ @%SystemRoot%\System32\smphost.dll,-102
- %SystemRoot%\System32\svchost.exe -k smphost
- Load on Demand
- @%SystemRoot%\System32\smphost.dll,-101

+ @%SystemRoot%\system32\snmptrap.exe,-3
- %SystemRoot%\System32\snmptrap.exe
- Load on Demand
- @%SystemRoot%\system32\snmptrap.exe,-4

+ @%SystemRoot%\system32\sppsvc.exe,-101
- %SystemRoot%\system32\sppsvc.exe
- Auto Load
- @%SystemRoot%\system32\sppsvc.exe,-100

+ SQL Server Distributed Replay Client
- "C:\Program Files (x86)\Microsoft SQL Server\150\Tools\DReplayClient\DReplayClient.exe"
- Load on Demand
- One or more Distributed Replay client computers that work together with a Distributed Replay controller to simulate concurrent workloads against an instance of SQL Server.

+ SQL Server Distributed Replay Controller
- "C:\Program Files (x86)\Microsoft SQL Server\150\Tools\DReplayController\DReplayController.exe"
- Load on Demand
- Provides trace replay orchestration across multiple Distributed Replay client computers.

+ SQL Server Agent (SQLEXPRESS)
- "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS
- disabled
- Executes jobs, monitors SQL Server, fires alerts, and allows automation of some administrative tasks.

+ SQL Server Browser
- "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
- Auto Load
- Provides SQL Server connection information to client computers.

+ SQL Server Agent (MSSQLSERVER)
- "C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -i MSSQLSERVER
- Auto Load
- Executes jobs, monitors SQL Server, fires alerts, and allows automation of some administrative tasks.

+ SQL Server CEIP service (MSSQLSERVER)
- "C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlceip.exe" -Service
- Auto Load
- CEIP service for Sql server

+ SQL Server VSS Writer
- "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
- Auto Load
- Provides the interface to backup/restore Microsoft SQL server through the Windows VSS infrastructure.

+ SQL Server Analysis Services CEIP (MSSQLSERVER)
- "C:\Program Files\Microsoft SQL Server\MSAS15.MSSQLSERVER\OLAP\Bin\sqlceip.exe" -Service MSSQLSERVER MSAS
- Auto Load
- CEIP service for Sql Server Analysis Services

+ @%systemroot%\system32\ssdpsrv.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
- Load on Demand
- @%systemroot%\system32\ssdpsrv.dll,-101

+ SQL Server Integration Services CEIP service 15.0
- "C:\Program Files\Microsoft SQL Server\150\DTS\Binn\sqlceip.exe" -Service default MSIS
- Auto Load
- CEIP service for Sql server Integration Services

+ @%SystemRoot%\system32\sstpsvc.dll,-200
- %SystemRoot%\system32\svchost.exe -k LocalService
- Load on Demand
- @%SystemRoot%\system32\sstpsvc.dll,-201

+ @%SystemRoot%\system32\windows.staterepository.dll,-1
- %SystemRoot%\system32\svchost.exe -k appmodel
- Load on Demand
- @%SystemRoot%\system32\windows.staterepository.dll,-2

+ @%SystemRoot%\system32\wiaservc.dll,-9
- %SystemRoot%\system32\svchost.exe -k imgsvc
- Load on Demand
- @%SystemRoot%\system32\wiaservc.dll,-10

+ @%SystemRoot%\System32\StorSvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\System32\StorSvc.dll,-101

+ @%SystemRoot%\system32\svsvc.dll,-101
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\svsvc.dll,-102

+ @%SystemRoot%\System32\swprv.dll,-103
- %SystemRoot%\System32\svchost.exe -k swprv
- Load on Demand
- @%SystemRoot%\System32\swprv.dll,-102

+ @%SystemRoot%\system32\sysmain.dll,-1000
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\sysmain.dll,-1001

+ @%windir%\system32\SystemEventsBrokerServer.dll,-1001
- %SystemRoot%\system32\svchost.exe -k DcomLaunch
- Auto Load
- @%windir%\system32\SystemEventsBrokerServer.dll,-1002

+ @%SystemRoot%\system32\TabSvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\TabSvc.dll,-101

+ @%SystemRoot%\system32\tapisrv.dll,-10100
- %SystemRoot%\System32\svchost.exe -k NetworkService
- Load on Demand
- @%SystemRoot%\system32\tapisrv.dll,-10101

+ Remote Desktop Services
- %SystemRoot%\System32\svchost.exe -k termsvcs
- Auto Load
- @%SystemRoot%\System32\termsrv.dll,-267

+ @%SystemRoot%\System32\themeservice.dll,-8192
- %SystemRoot%\System32\svchost.exe -k netsvcs
- Auto Load
- @%SystemRoot%\System32\themeservice.dll,-8193

+ @%SystemRoot%\system32\TieringEngineService.exe,-702
- %SystemRoot%\system32\TieringEngineService.exe
- Load on Demand
- @%SystemRoot%\system32\TieringEngineService.exe,-701

+ @%SystemRoot%\system32\tileobjserver.dll,-1
- %systemroot%\system32\svchost.exe -k appmodel
- Auto Load
- @%SystemRoot%\system32\tileobjserver.dll,-2

+ @%windir%\system32\TimeBrokerServer.dll,-1001
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
- Load on Demand
- @%windir%\system32\TimeBrokerServer.dll,-1002

+ @%SystemRoot%\system32\trkwks.dll,-1
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
- Auto Load
- @%SystemRoot%\system32\trkwks.dll,-2

+ @%SystemRoot%\servicing\TrustedInstaller.exe,-100
- %SystemRoot%\servicing\TrustedInstaller.exe
- Load on Demand
- @%SystemRoot%\servicing\TrustedInstaller.exe,-101

+ @%SystemRoot%\system32\tzautoupdate.dll,-200
- %SystemRoot%\system32\svchost.exe -k LocalService
- disabled
- @%SystemRoot%\system32\tzautoupdate.dll,-201

+ @%systemroot%\system32\ualsvc.dll,-102
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Auto Load
- @%systemroot%\system32\ualsvc.dll,-101

+ @%systemroot%\system32\AgentService.exe,-102
- %systemroot%\system32\AgentService.exe
- disabled
- @%systemroot%\system32\AgentService.exe,-101

+ @%SystemRoot%\system32\umrdp.dll,-1000
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\umrdp.dll,-1001

+ @%systemroot%\system32\upnphost.dll,-213
- %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
- Load on Demand
- @%systemroot%\system32\upnphost.dll,-214

+ @%systemroot%\system32\usermgr.dll,-100
- %SystemRoot%\system32\svchost.exe -k netsvcs
- Auto Load
- @%systemroot%\system32\usermgr.dll,-101

+ @%systemroot%\system32\usocore.dll,-102
- %systemroot%\system32\svchost.exe -k netsvcs
- Load on Demand
- @%systemroot%\system32\usocore.dll,-101

+ @%SystemRoot%\system32\vaultsvc.dll,-1003
- %SystemRoot%\system32\lsass.exe
- Load on Demand
- @%SystemRoot%\system32\vaultsvc.dll,-1004

+ @%SystemRoot%\system32\vds.exe,-100
- %SystemRoot%\System32\vds.exe
- Load on Demand
- @%SystemRoot%\system32\vds.exe,-112

+ VMware Alias Manager and Ticket Service
- "C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe"
- Auto Load
- Alias Manager and Ticket Service

+ @oem9.inf,%VM3DSERVICE_DISPLAYNAME%;VMware SVGA Helper Service
- %SystemRoot%\system32\vm3dservice.exe
- Auto Load
- @oem9.inf,%VM3DSERVICE_DESCRIPTION%;Helps VMware SVGA driver by collecting and conveying user mode information

+ @%systemroot%\system32\vmcompute.exe,-100
- %systemroot%\system32\vmcompute.exe
- Load on Demand
- @%systemroot%\system32\vmcompute.exe,-101

+ @%systemroot%\system32\icsvc.dll,-801
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-802

+ @%systemroot%\system32\icsvc.dll,-101
- %systemroot%\system32\svchost.exe -k ICService
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-102

+ @%systemroot%\system32\icsvc.dll,-201
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-202

+ @%systemroot%\system32\icsvcext.dll,-601
- %systemroot%\system32\svchost.exe -k ICService
- Load on Demand
- @%systemroot%\system32\icsvcext.dll,-602

+ @%systemroot%\system32\icsvc.dll,-301
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-302

+ @%systemroot%\system32\icsvc.dll,-401
- %systemroot%\system32\svchost.exe -k LocalServiceNetworkRestricted
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-402

+ @%systemroot%\system32\icsvc.dll,-901
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-902

+ @%systemroot%\system32\icsvcext.dll,-501
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%systemroot%\system32\icsvcext.dll,-502

+ @%systemroot%\system32\vmms.exe,-10
- %systemroot%\system32\vmms.exe
- Auto Load
- @%systemroot%\system32\vmms.exe,-11

+ VMware Tools
- "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe"
- Auto Load
- Provides support for synchronizing objects between the host and guest operating systems.

+ VMware Snapshot Provider
- C:\Windows\system32\dllhost.exe /Processid:{E7F00531-E54F-40EF-A90B-DB9382073EA7}
- Load on Demand
- VMware Snapshot Provider

+ VMware vCenter Converter Standalone Agent
- "C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe" -s "C:\ProgramData\VMware\VMware vCenter Converter Standalone\converter-agent.xml"
- Auto Load
- VMware vCenter Converter Standalone Agent provides virtual machine conversion and reconfiguration services.

+ VMware vCenter Converter Standalone Server
- "C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe" -s "C:\ProgramData\VMware\VMware vCenter Converter Standalone\converter-server.xml"
- Auto Load
- VMware vCenter Converter Standalone Server provides centralized management of Converter Stadalone agents and tasks.

+ VMware vCenter Converter Standalone Worker
- "C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe" -s "C:\ProgramData\VMware\VMware vCenter Converter Standalone\converter-worker.xml"
- Auto Load
- VMware vCenter Converter Standalone Worker helps VMware vCenter Converter Standalone Server to create virtual machines and to orchestrate conversion tasks.

+ @%systemroot%\system32\vssvc.exe,-102
- %systemroot%\system32\vssvc.exe
- Load on Demand
- @%systemroot%\system32\vssvc.exe,-101

+ @%SystemRoot%\system32\w32time.dll,-200
- %SystemRoot%\system32\svchost.exe -k LocalService
- disabled
- @%SystemRoot%\system32\w32time.dll,-201

+ @%windir%\system32\inetsrv\iisres.dll,-30014
- %windir%\system32\svchost.exe -k apphost
- Load on Demand
- @%windir%\system32\inetsrv\iisres.dll,-30015

+ @%windir%\system32\inetsrv\iisres.dll,-30003
- %windir%\system32\svchost.exe -k iissvcs
- Auto Load
- @%windir%\system32\inetsrv\iisres.dll,-30004

+ @%SystemRoot%\System32\WalletService.dll,-1000
- %SystemRoot%\System32\svchost.exe -k appmodel
- Load on Demand
- @%SystemRoot%\System32\WalletService.dll,-1001

+ @%windir%\system32\inetsrv\iisres.dll,-30001
- %windir%\system32\svchost.exe -k iissvcs
- Load on Demand
- @%windir%\system32\inetsrv\iisres.dll,-30002

+ @%systemroot%\system32\wbiosrvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k WbioSvcGroup
- Auto Load
- @%systemroot%\system32\wbiosrvc.dll,-101

+ @%SystemRoot%\System32\wcmsvc.dll,-4097
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
- Auto Load
- @%SystemRoot%\System32\wcmsvc.dll,-4098

+ @%systemroot%\system32\wdi.dll,-502
- %SystemRoot%\System32\svchost.exe -k LocalService
- Load on Demand
- @%systemroot%\system32\wdi.dll,-503

+ @%systemroot%\system32\wdi.dll,-500
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%systemroot%\system32\wdi.dll,-501

+ @%SystemRoot%\system32\wecsvc.dll,-200
- %SystemRoot%\system32\svchost.exe -k NetworkService
- Load on Demand
- @%SystemRoot%\system32\wecsvc.dll,-201

+ @%systemroot%\system32\wephostsvc.dll,-100
- %systemroot%\system32\svchost.exe -k WepHostSvcGroup
- Load on Demand
- @%systemroot%\system32\wephostsvc.dll,-101

+ @%SystemRoot%\System32\wercplsupport.dll,-101
- %SystemRoot%\System32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\System32\wercplsupport.dll,-100

+ @%SystemRoot%\System32\wersvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k WerSvcGroup
- Load on Demand
- @%SystemRoot%\System32\wersvc.dll,-101

+ @%SystemRoot%\system32\wiarpc.dll,-2
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\wiarpc.dll,-1

+ @%SystemRoot%\system32\winhttp.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalService
- Load on Demand
- @%SystemRoot%\system32\winhttp.dll,-101

+ @%Systemroot%\system32\wbem\wmisvc.dll,-205
- %systemroot%\system32\svchost.exe -k netsvcs
- Auto Load
- @%Systemroot%\system32\wbem\wmisvc.dll,-204

+ @%Systemroot%\system32\wsmsvc.dll,-101
- %SystemRoot%\System32\svchost.exe -k NetworkService
- Auto Load
- @%Systemroot%\system32\wsmsvc.dll,-102

+ VNC Server Version 4
- "C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service
- Auto Load
-

+ @%SystemRoot%\system32\flightsettings.dll,-104
- %systemroot%\system32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\system32\flightsettings.dll,-103

+ @%SystemRoot%\system32\wlidsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\system32\wlidsvc.dll,-101

+ @%Systemroot%\system32\wbem\wmiapsrv.exe,-110
- %systemroot%\system32\wbem\WmiApSrv.exe
- Load on Demand
- @%Systemroot%\system32\wbem\wmiapsrv.exe,-111

+ @%windir%\system32\inetsrv\iisres.dll,-20001
- %windir%\system32\inetsrv\wmsvc.exe
- Load on Demand
- @%windir%\system32\inetsrv\iisres.dll,-20002

+ @%SystemRoot%\system32\wpdbusenum.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\wpdbusenum.dll,-101

+ @%SystemRoot%\system32\wpnservice.dll,-1
- %systemroot%\system32\svchost.exe -k netsvcs
- Auto Load
- @%SystemRoot%\system32\wpnservice.dll,-2

+ @%systemroot%\system32\SearchIndexer.exe,-103
- %systemroot%\system32\SearchIndexer.exe /Embedding
- Auto Load
- @%systemroot%\system32\SearchIndexer.exe,-104

+ Windows Update
- %systemroot%\system32\svchost.exe -k wuausvcs
- Load on Demand
- @%systemroot%\system32\wuaueng.dll,-106

+ @%SystemRoot%\system32\wudfsvc.dll,-1000
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\wudfsvc.dll,-1001

+ Xbox Live Auth Manager
- %SystemRoot%\system32\svchost.exe -k netsvcs
- disabled
- @%systemroot%\system32\XblAuthManager.dll,-101

+ Xbox Live Game Save
- %SystemRoot%\system32\svchost.exe -k netsvcs
- disabled
- @%systemroot%\system32\XblGameSave.dll,-101

+ @xinputhid.inf,%xinputhid.SvcDesc%;XINPUT HID Filter Driver
- \SystemRoot\System32\drivers\xinputhid.sys
- Load on Demand
-


Services :
+ @%SystemRoot%\system32\AJRouter.dll,-2
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\AJRouter.dll,-1

+ @%SystemRoot%\system32\Alg.exe,-112
- %SystemRoot%\System32\alg.exe
- Load on Demand
- @%SystemRoot%\system32\Alg.exe,-113

+ @%windir%\system32\inetsrv\iisres.dll,-30011
- %windir%\system32\svchost.exe -k apphost
- Auto Load
- @%windir%\system32\inetsrv\iisres.dll,-30012

+ @%systemroot%\system32\appidsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
- Load on Demand
- @%systemroot%\system32\appidsvc.dll,-101

+ @%systemroot%\system32\appinfo.dll,-100
- %SystemRoot%\system32\svchost.exe -k netsvcs
- Load on Demand
- @%systemroot%\system32\appinfo.dll,-101

+ AppinfoMaSvc
- c:\Windows\System32\AppinfoMaSvc.exe
- Auto Load
- AppinfoMaSvc Manager

+ @appmgmts.dll,-3250
- %SystemRoot%\system32\svchost.exe -k netsvcs
- Load on Demand
- @appmgmts.dll,-3251

+ @%SystemRoot%\System32\AppReadiness.dll,-1000
- %SystemRoot%\System32\svchost.exe -k AppReadiness
- Load on Demand
- @%SystemRoot%\System32\AppReadiness.dll,-1001

+ @%systemroot%\system32\AppVClient.exe,-102
- %systemroot%\system32\AppVClient.exe
- disabled
- @%systemroot%\system32\AppVClient.exe,-101

+ @%SystemRoot%\system32\appxdeploymentserver.dll,-1
- %systemroot%\system32\svchost.exe -k wsappx
- Load on Demand
- @%SystemRoot%\system32\appxdeploymentserver.dll,-2

+ ASP.NET State Service
- %systemroot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
- Auto Load
- @%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-2

+ @%SystemRoot%\system32\AudioEndpointBuilder.dll,-204
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\System32\AudioEndpointBuilder.dll,-205

+ @%SystemRoot%\system32\audiosrv.dll,-200
- %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
- Load on Demand
- @%SystemRoot%\System32\audiosrv.dll,-201

+ Kaspersky Endpoint Security Service (KES.21.15)
- "C:\Program Files (x86)\Kaspersky Lab\KES.12.3.0\avp.exe" -r
- Auto Load
- Provides computer protection against viruses, other malicious applications, and network attacks.

+ Kaspersky Seamless Update Service (KES.21.15)
- "C:\Program Files (x86)\Kaspersky Lab\KES.12.3.0\avpsus.exe"
- Auto Load
- Lets you install and roll back critical and approved updates of application modules.

+ @%SystemRoot%\system32\AxInstSV.dll,-103
- %SystemRoot%\system32\svchost.exe -k AxInstSVGroup
- Load on Demand
- @%SystemRoot%\system32\AxInstSV.dll,-104

+ @%SystemRoot%\system32\bfe.dll,-1001
- %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
- Auto Load
- @%SystemRoot%\system32\bfe.dll,-1002

+ Background Intelligent Transfer Service
- %SystemRoot%\System32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\system32\qmgr.dll,-1001

+ @%windir%\system32\bisrv.dll,-100
- %SystemRoot%\system32\svchost.exe -k DcomLaunch
- Auto Load
- @%windir%\system32\bisrv.dll,-101

+ @%systemroot%\system32\browser.dll,-100
- %SystemRoot%\System32\svchost.exe -k smbsvcs
- disabled
- @%systemroot%\system32\browser.dll,-101

+ Bluetooth Support Service
- %SystemRoot%\system32\svchost.exe -k LocalService
- disabled
- @%SystemRoot%\System32\bthserv.dll,-102

+ @%SystemRoot%\system32\cdpsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalService
- Auto Load
- @%SystemRoot%\system32\cdpsvc.dll,-101

+ @%SystemRoot%\System32\certprop.dll,-11
- %SystemRoot%\system32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\System32\certprop.dll,-12

+ @%SystemRoot%\system32\ClipSVC.dll,-103
- %SystemRoot%\System32\svchost.exe -k wsappx
- Load on Demand
- @%SystemRoot%\system32\ClipSVC.dll,-104

+ @comres.dll,-947
- %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
- Load on Demand
- @comres.dll,-948

+ @%SystemRoot%\system32\coremessaging.dll,-1
- %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
- Auto Load
- @%SystemRoot%\system32\coremessaging.dll,-2

+ @%SystemRoot%\system32\cryptsvc.dll,-1001
- %SystemRoot%\system32\svchost.exe -k NetworkService
- Auto Load
- @%SystemRoot%\system32\cryptsvc.dll,-1002

+ @%systemroot%\system32\cscsvc.dll,-200
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
- disabled
- @%systemroot%\system32\cscsvc.dll,-201

+ @combase.dll,-5012
- %SystemRoot%\system32\svchost.exe -k DcomLaunch
- Auto Load
- @combase.dll,-5013

+ @%SystemRoot%\system32\dcpsvc.dll,-3001
- %SystemRoot%\System32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\system32\dcpsvc.dll,-3002

+ @%SystemRoot%\system32\defragsvc.dll,-101
- %SystemRoot%\system32\svchost.exe -k defragsvc
- Load on Demand
- @%SystemRoot%\system32\defragsvc.dll,-102

+ @%SystemRoot%\system32\das.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\das.dll,-101

+ @%SystemRoot%\system32\umpnpmgr.dll,-100
- %SystemRoot%\system32\svchost.exe -k DcomLaunch
- Load on Demand
- @%SystemRoot%\system32\umpnpmgr.dll,-101

+ @%SystemRoot%\system32\DevQueryBroker.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\DevQueryBroker.dll,-101

+ @%SystemRoot%\system32\dhcpcore.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
- Auto Load
- @%SystemRoot%\system32\dhcpcore.dll,-101

+ @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000
- %SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
- Load on Demand
- @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1001

+ @%SystemRoot%\system32\diagtrack.dll,-3001
- %SystemRoot%\System32\svchost.exe -k utcsvc
- Auto Load
- @%SystemRoot%\system32\diagtrack.dll,-3002

+ @%systemroot%\system32\Windows.Internal.Management.dll,-100
- %systemroot%\system32\svchost.exe -k netsvcs
- Load on Demand
- @%systemroot%\system32\Windows.Internal.Management.dll,-101

+ @%SystemRoot%\system32\dmwappushsvc.dll,-200
- %SystemRoot%\system32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\system32\dmwappushsvc.dll,-201

+ @%SystemRoot%\System32\dnsapi.dll,-101
- %SystemRoot%\system32\svchost.exe -k NetworkService
- Auto Load
- @%SystemRoot%\System32\dnsapi.dll,-102

+ @%systemroot%\system32\dot3svc.dll,-1102
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%systemroot%\system32\dot3svc.dll,-1103

+ @%systemroot%\system32\dps.dll,-500
- %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
- Auto Load
- @%systemroot%\system32\dps.dll,-501

+ @%SystemRoot%\system32\DeviceSetupManager.dll,-1000
- %SystemRoot%\system32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\system32\DeviceSetupManager.dll,-1001

+ @%SystemRoot%\system32\dssvc.dll,-10003
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\dssvc.dll,-10002

+ @%systemroot%\system32\eapsvc.dll,-1
- %SystemRoot%\System32\svchost.exe -k netsvcs
- Load on Demand
- @%systemroot%\system32\eapsvc.dll,-2

+ @%SystemRoot%\system32\efssvc.dll,-100
- %SystemRoot%\System32\lsass.exe
- Load on Demand
- @%SystemRoot%\system32\efssvc.dll,-101

+ @%SystemRoot%\system32\embeddedmodesvc.dll,-201
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\embeddedmodesvc.dll,-202

+ @EnterpriseAppMgmtSvc.dll,-1
- %systemroot%\system32\svchost.exe -k appmodel
- Load on Demand
- @EnterpriseAppMgmtSvc.dll,-2

+ @%SystemRoot%\system32\wevtsvc.dll,-200
- %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
- Auto Load
- @%SystemRoot%\system32\wevtsvc.dll,-201

+ @comres.dll,-2450
- %SystemRoot%\system32\svchost.exe -k LocalService
- Auto Load
- @comres.dll,-2451

+ @%systemroot%\system32\fdPHost.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalService
- Load on Demand
- @%systemroot%\system32\fdPHost.dll,-101

+ @%systemroot%\system32\fdrespub.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
- Load on Demand
- @%systemroot%\system32\fdrespub.dll,-101

+ @%systemroot%\system32\FntCache.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalService
- Auto Load
- @%systemroot%\system32\FntCache.dll,-101

+ @%SystemRoot%\system32\PresentationHost.exe,-3309
- %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
- Load on Demand
- @%SystemRoot%\system32\PresentationHost.exe,-3310

+ @%systemroot%\system32\FrameServer.dll,-100
- %SystemRoot%\System32\svchost.exe -k Camera
- Load on Demand
- @%systemroot%\system32\FrameServer.dll,-101

+ @gpapi.dll,-112
- %systemroot%\system32\svchost.exe -k netsvcs
- Auto Load
- @gpapi.dll,-113

+ @%SystemRoot%\System32\hidserv.dll,-101
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\System32\hidserv.dll,-102

+ @%systemroot%\system32\HostNetSvc.dll,-100
- %systemroot%\system32\svchost.exe -k NetSvcs
- Load on Demand
- @%systemroot%\system32\HostNetSvc.dll,-101

+ @%SystemRoot%\system32\hvhostsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\hvhostsvc.dll,-101

+ @%SystemRoot%\System32\tetheringservice.dll,-4097
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
- Load on Demand
- @%SystemRoot%\System32\tetheringservice.dll,-4098

+ @%windir%\system32\inetsrv\iisres.dll,-30007
- %windir%\system32\inetsrv\inetinfo.exe
- Auto Load
- @%windir%\system32\inetsrv\iisres.dll,-30008

+ @%SystemRoot%\system32\ikeext.dll,-501
- %systemroot%\system32\svchost.exe -k netsvcs
- Auto Load
- @%SystemRoot%\system32\ikeext.dll,-502

+ @%SystemRoot%\system32\iphlpsvc.dll,-500
- %SystemRoot%\System32\svchost.exe -k NetSvcs
- Auto Load
- @%SystemRoot%\system32\iphlpsvc.dll,-501

+ @keyiso.dll,-100
- %SystemRoot%\system32\lsass.exe
- Load on Demand
- @keyiso.dll,-101

+ Kaspersky Security Center Network Agent
- "C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe"
- Auto Load
- Network Agent coordinates interaction between the Administration Server and Kaspersky applications installed on devices.

+ @%systemroot%\system32\kpssvc.dll,-100
- %systemroot%\system32\svchost.exe -k KpsSvcGroup
- Load on Demand
- @%systemroot%\system32\kpssvc.dll,-101

+ Kaspersky Security Network proxy server
- "C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\ksnproxy.exe"
- Load on Demand
- The KSN proxy service retranslates requests to Kaspersky Security Network and caches the responses.

+ @comres.dll,-2946
- %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation
- Load on Demand
- @comres.dll,-2947

+ @%systemroot%\system32\srvsvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k smbsvcs
- Auto Load
- @%systemroot%\system32\srvsvc.dll,-101

+ @%systemroot%\system32\wkssvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k NetworkService
- Auto Load
- @%systemroot%\system32\wkssvc.dll,-101

+ @%SystemRoot%\System32\lfsvc.dll,-1
- %SystemRoot%\system32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\System32\lfsvc.dll,-2

+ @%SystemRoot%\system32\licensemanagersvc.dll,-200
- %SystemRoot%\System32\svchost.exe -k LocalService
- Load on Demand
- @%SystemRoot%\system32\licensemanagersvc.dll,-201

+ @%SystemRoot%\system32\lltdres.dll,-1
- %SystemRoot%\System32\svchost.exe -k LocalService
- Load on Demand
- @%SystemRoot%\system32\lltdres.dll,-2

+ @%SystemRoot%\system32\lmhsvc.dll,-101
- %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\lmhsvc.dll,-102

+ @%windir%\system32\lsm.dll,-1001
- %SystemRoot%\system32\svchost.exe -k DcomLaunch
- Auto Load
- @%windir%\system32\lsm.dll,-1002

+ ManageEngine UEMS -Agent
- "C:\Program Files (x86)\UEMS_Agent\bin\dcagentservice.exe"
- disabled
- ManageEngine UEMS -Agent

+ @%SystemRoot%\System32\moshost.dll,-100
- %SystemRoot%\System32\svchost.exe -k NetworkService
- Auto Load
- @%SystemRoot%\System32\moshost.dll,-101

+ @%SystemRoot%\system32\FirewallAPI.dll,-23090
- %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
- Auto Load
- @%SystemRoot%\system32\FirewallAPI.dll,-23091

+ @comres.dll,-2797
- %SystemRoot%\System32\msdtc.exe
- Auto Load
- @comres.dll,-2798

+ SQL Server Integration Services 12.0
- "C:\Program Files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe"
- Auto Load
- Provides management support for SSIS package storage and execution.

+ SQL Server Integration Services 15.0
- "C:\Program Files\Microsoft SQL Server\150\DTS\Binn\MsDtsSrvr.exe"
- Auto Load
- Provides management support for SSIS package storage and execution.

+ @%SystemRoot%\system32\iscsidsc.dll,-5000
- %systemroot%\system32\svchost.exe -k netsvcs
- Auto Load
- @%SystemRoot%\system32\iscsidsc.dll,-5001

+ @%SystemRoot%\system32\msimsg.dll,-27
- %systemroot%\system32\msiexec.exe /V
- Load on Demand
- @%SystemRoot%\system32\msimsg.dll,-32

+ SQL Server (SQLEXPRESS)
- "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
- Load on Demand
- Provides storage, processing and controlled access of data, and rapid transaction processing.

+ SQL Full-text Filter Daemon Launcher (MSSQLSERVER)
- "C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe" -s MSSQL15.MSSQLSERVER
- Load on Demand
- Service to launch full-text filter daemon process which will perform document filtering and word breaking for SQL Server full-text search. Disabling this service will make full-text search features of SQL Server unavailable.

+ SQL Server (MSSQLSERVER)
- "C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
- Auto Load
- Provides storage, processing and controlled access of data, and rapid transaction processing.

+ SQL Active Directory Helper Service
- "C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE"
- disabled
- Enables integration with Active Directories

+ SQL Server Analysis Services (MSSQLSERVER)
- "C:\Program Files\Microsoft SQL Server\MSAS15.MSSQLSERVER\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSAS12.MSSQLSERVER\OLAP\Config"
- Auto Load
- Supplies online analytical processing (OLAP) and data mining functionality for business intelligence applications.

+ @%SystemRoot%\system32\ncasvc.dll,-3009
- %SystemRoot%\System32\svchost.exe -k NetSvcs
- Load on Demand
- @%SystemRoot%\system32\ncasvc.dll,-3008

+ @%SystemRoot%\system32\ncbservice.dll,-500
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\ncbservice.dll,-501

+ @%SystemRoot%\System32\netlogon.dll,-102
- %systemroot%\system32\lsass.exe
- Load on Demand
- @%SystemRoot%\System32\netlogon.dll,-103

+ @%SystemRoot%\system32\netman.dll,-109
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\netman.dll,-110

+ @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8195
- "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" -NetMsmqActivator
- Auto Load
- @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8194

+ @%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8197
- %systemroot%\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
- Auto Load
- @%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8196

+ @%SystemRoot%\system32\netprofmsvc.dll,-202
- %SystemRoot%\System32\svchost.exe -k LocalService
- Load on Demand
- @%SystemRoot%\system32\netprofmsvc.dll,-203

+ @%SystemRoot%\system32\NetSetupSvc.dll,-3
- %SystemRoot%\System32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\system32\NetSetupSvc.dll,-4

+ @%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8199
- %systemroot%\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
- Auto Load
- @%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8198

+ @%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8201
- %systemroot%\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
- Load on Demand
- @%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8200

+ @%SystemRoot%\System32\NgcCtnrSvc.dll,-1
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
- Load on Demand
- @%SystemRoot%\System32\NgcCtnrSvc.dll,-2

+ @%SystemRoot%\System32\ngcsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\System32\ngcsvc.dll,-101

+ @%SystemRoot%\System32\nlasvc.dll,-1
- %SystemRoot%\System32\svchost.exe -k NetworkService
- Auto Load
- @%SystemRoot%\System32\nlasvc.dll,-2

+ @%SystemRoot%\system32\nsisvc.dll,-200
- %systemroot%\system32\svchost.exe -k LocalService
- Auto Load
- @%SystemRoot%\system32\nsisvc.dll,-201

+ NXLog
- "C:\Program Files\nxlog\nxlog.exe" -c "C:\Program Files\nxlog\conf\nxlog.conf"
- Auto Load
- This service is responsible for running the NXLog agent. See www.nxlog.co.

+ Office Source Engine
- "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
- Load on Demand
- Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.

+ Office Software Protection Platform
- "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
- Load on Demand
- Office Software Protection Platform Service (unlocalized description)

+ @%SystemRoot%\system32\pcasvc.dll,-1
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Auto Load
- @%SystemRoot%\system32\pcasvc.dll,-2

+ @%systemroot%\sysWow64\perfhost.exe,-2
- %SystemRoot%\SysWow64\perfhost.exe
- Load on Demand
- @%systemroot%\SysWow64\perfhost.exe,-1

+ @%SystemRoot%\system32\PhoneserviceRes.dll,-10000
- %SystemRoot%\system32\svchost.exe -k LocalService
- Load on Demand
- @%SystemRoot%\system32\PhoneserviceRes.dll,-10001

+ @%systemroot%\system32\pla.dll,-500
- %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
- Load on Demand
- @%systemroot%\system32\pla.dll,-501

+ @%SystemRoot%\system32\umpnpmgr.dll,-200
- %SystemRoot%\system32\svchost.exe -k DcomLaunch
- Load on Demand
- @%SystemRoot%\system32\umpnpmgr.dll,-101

+ @%SystemRoot%\System32\polstore.dll,-5010
- %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\polstore.dll,-5011

+ @%SystemRoot%\system32\umpo.dll,-100
- %SystemRoot%\system32\svchost.exe -k DcomLaunch
- Auto Load
- @%SystemRoot%\system32\umpo.dll,-101

+ @%systemroot%\system32\profsvc.dll,-300
- %systemroot%\system32\svchost.exe -k netsvcs
- Auto Load
- @%systemroot%\system32\profsvc.dll,-301

+ @%SystemRoot%\system32\qwave.dll,-1
- %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation
- Load on Demand
- @%SystemRoot%\system32\qwave.dll,-2

+ @%Systemroot%\system32\rasauto.dll,-200
- %SystemRoot%\System32\svchost.exe -k netsvcs
- Load on Demand
- @%Systemroot%\system32\rasauto.dll,-201

+ @%Systemroot%\system32\rasmans.dll,-200
- %SystemRoot%\System32\svchost.exe -k netsvcs
- Load on Demand
- @%Systemroot%\system32\rasmans.dll,-201

+ @%Systemroot%\system32\mprdim.dll,-200
- %SystemRoot%\System32\svchost.exe -k netsvcs
- disabled
- @%Systemroot%\system32\mprdim.dll,-201

+ Remote Registry
- %SystemRoot%\system32\svchost.exe -k localService
- Load on Demand
- @regsvc.dll,-2

+ @%SystemRoot%\system32\RMapi.dll,-1001
- %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\RMapi.dll,-1002

+ @%windir%\system32\RpcEpMap.dll,-1001
- %SystemRoot%\system32\svchost.exe -k RPCSS
- Auto Load
- @%windir%\system32\RpcEpMap.dll,-1002

+ @%systemroot%\system32\Locator.exe,-2
- %SystemRoot%\system32\locator.exe
- Load on Demand
- @%systemroot%\system32\Locator.exe,-3

+ @combase.dll,-5010
- %SystemRoot%\system32\svchost.exe -k rpcss
- Auto Load
- @combase.dll,-5011

+ @gpapi.dll,-114
- %SystemRoot%\system32\RSoPProv.exe
- Load on Demand
- @gpapi.dll,-115

+ @%systemroot%\system32\sacsvr.dll,-500
- %SystemRoot%\System32\svchost.exe -k netsvcs
- Load on Demand
- @%systemroot%\system32\sacsvr.dll,-501

+ @%SystemRoot%\system32\samsrv.dll,-1
- %SystemRoot%\system32\lsass.exe
- Auto Load
- @%SystemRoot%\system32\samsrv.dll,-2

+ @%SystemRoot%\System32\SCardSvr.dll,-1
- %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
- disabled
- @%SystemRoot%\System32\SCardSvr.dll,-5

+ @%SystemRoot%\System32\ScDeviceEnum.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\System32\ScDeviceEnum.dll,-101

+ @%SystemRoot%\system32\schedsvc.dll,-100
- %systemroot%\system32\svchost.exe -k netsvcs
- Auto Load
- @%SystemRoot%\system32\schedsvc.dll,-101

+ @%SystemRoot%\System32\certprop.dll,-13
- %SystemRoot%\system32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\System32\certprop.dll,-14

+ @%SystemRoot%\system32\seclogon.dll,-7001
- %windir%\system32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\system32\seclogon.dll,-7000

+ SecPod Saner Upgrade Controller v2
- "C:\Program Files (x86)\SecPod Saner\Upgrader\bin\spupgradecontroller.exe"
- Load on Demand
- Controller for monitoring SecPod's SanerNow agent upgrade.

+ @%SystemRoot%\system32\Sens.dll,-200
- %SystemRoot%\system32\svchost.exe -k netsvcs
- Auto Load
- @%SystemRoot%\system32\Sens.dll,-201

+ @%SystemRoot%\system32\SensorDataService.exe,-101
- %SystemRoot%\System32\SensorDataService.exe
- Load on Demand
- @%SystemRoot%\system32\SensorDataService.exe,-102

+ @%SystemRoot%\System32\sensorservice.dll,-1000
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\System32\sensorservice.dll,-1001

+ @%SystemRoot%\System32\sensrsvc.dll,-1000
- %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
- Load on Demand
- @%SystemRoot%\System32\sensrsvc.dll,-1001

+ @%SystemRoot%\System32\SessEnv.dll,-1026
- %SystemRoot%\System32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\System32\SessEnv.dll,-1027

+ @%SystemRoot%\system32\ipnathlp.dll,-106
- %SystemRoot%\System32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\system32\ipnathlp.dll,-107

+ @%SystemRoot%\System32\shsvcs.dll,-12288
- %SystemRoot%\System32\svchost.exe -k netsvcs
- Auto Load
- @%SystemRoot%\System32\shsvcs.dll,-12289

+ @%SystemRoot%\System32\smphost.dll,-102
- %SystemRoot%\System32\svchost.exe -k smphost
- Load on Demand
- @%SystemRoot%\System32\smphost.dll,-101

+ @%SystemRoot%\system32\snmptrap.exe,-3
- %SystemRoot%\System32\snmptrap.exe
- Load on Demand
- @%SystemRoot%\system32\snmptrap.exe,-4

+ @%SystemRoot%\system32\sppsvc.exe,-101
- %SystemRoot%\system32\sppsvc.exe
- Auto Load
- @%SystemRoot%\system32\sppsvc.exe,-100

+ SQL Server Distributed Replay Client
- "C:\Program Files (x86)\Microsoft SQL Server\150\Tools\DReplayClient\DReplayClient.exe"
- Load on Demand
- One or more Distributed Replay client computers that work together with a Distributed Replay controller to simulate concurrent workloads against an instance of SQL Server.

+ SQL Server Distributed Replay Controller
- "C:\Program Files (x86)\Microsoft SQL Server\150\Tools\DReplayController\DReplayController.exe"
- Load on Demand
- Provides trace replay orchestration across multiple Distributed Replay client computers.

+ SQL Server Agent (SQLEXPRESS)
- "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS
- disabled
- Executes jobs, monitors SQL Server, fires alerts, and allows automation of some administrative tasks.

+ SQL Server Browser
- "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
- Auto Load
- Provides SQL Server connection information to client computers.

+ SQL Server Agent (MSSQLSERVER)
- "C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -i MSSQLSERVER
- Auto Load
- Executes jobs, monitors SQL Server, fires alerts, and allows automation of some administrative tasks.

+ SQL Server CEIP service (MSSQLSERVER)
- "C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlceip.exe" -Service
- Auto Load
- CEIP service for Sql server

+ SQL Server VSS Writer
- "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
- Auto Load
- Provides the interface to backup/restore Microsoft SQL server through the Windows VSS infrastructure.

+ SQL Server Analysis Services CEIP (MSSQLSERVER)
- "C:\Program Files\Microsoft SQL Server\MSAS15.MSSQLSERVER\OLAP\Bin\sqlceip.exe" -Service MSSQLSERVER MSAS
- Auto Load
- CEIP service for Sql Server Analysis Services

+ @%systemroot%\system32\ssdpsrv.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
- Load on Demand
- @%systemroot%\system32\ssdpsrv.dll,-101

+ SQL Server Integration Services CEIP service 15.0
- "C:\Program Files\Microsoft SQL Server\150\DTS\Binn\sqlceip.exe" -Service default MSIS
- Auto Load
- CEIP service for Sql server Integration Services

+ @%SystemRoot%\system32\sstpsvc.dll,-200
- %SystemRoot%\system32\svchost.exe -k LocalService
- Load on Demand
- @%SystemRoot%\system32\sstpsvc.dll,-201

+ @%SystemRoot%\system32\windows.staterepository.dll,-1
- %SystemRoot%\system32\svchost.exe -k appmodel
- Load on Demand
- @%SystemRoot%\system32\windows.staterepository.dll,-2

+ @%SystemRoot%\system32\wiaservc.dll,-9
- %SystemRoot%\system32\svchost.exe -k imgsvc
- Load on Demand
- @%SystemRoot%\system32\wiaservc.dll,-10

+ @%SystemRoot%\System32\StorSvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\System32\StorSvc.dll,-101

+ @%SystemRoot%\system32\svsvc.dll,-101
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\svsvc.dll,-102

+ @%SystemRoot%\System32\swprv.dll,-103
- %SystemRoot%\System32\svchost.exe -k swprv
- Load on Demand
- @%SystemRoot%\System32\swprv.dll,-102

+ @%SystemRoot%\system32\sysmain.dll,-1000
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\sysmain.dll,-1001

+ @%windir%\system32\SystemEventsBrokerServer.dll,-1001
- %SystemRoot%\system32\svchost.exe -k DcomLaunch
- Auto Load
- @%windir%\system32\SystemEventsBrokerServer.dll,-1002

+ @%SystemRoot%\system32\TabSvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\TabSvc.dll,-101

+ @%SystemRoot%\system32\tapisrv.dll,-10100
- %SystemRoot%\System32\svchost.exe -k NetworkService
- Load on Demand
- @%SystemRoot%\system32\tapisrv.dll,-10101

+ Remote Desktop Services
- %SystemRoot%\System32\svchost.exe -k termsvcs
- Auto Load
- @%SystemRoot%\System32\termsrv.dll,-267

+ @%SystemRoot%\System32\themeservice.dll,-8192
- %SystemRoot%\System32\svchost.exe -k netsvcs
- Auto Load
- @%SystemRoot%\System32\themeservice.dll,-8193

+ @%SystemRoot%\system32\TieringEngineService.exe,-702
- %SystemRoot%\system32\TieringEngineService.exe
- Load on Demand
- @%SystemRoot%\system32\TieringEngineService.exe,-701

+ @%SystemRoot%\system32\tileobjserver.dll,-1
- %systemroot%\system32\svchost.exe -k appmodel
- Auto Load
- @%SystemRoot%\system32\tileobjserver.dll,-2

+ @%windir%\system32\TimeBrokerServer.dll,-1001
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
- Load on Demand
- @%windir%\system32\TimeBrokerServer.dll,-1002

+ @%SystemRoot%\system32\trkwks.dll,-1
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
- Auto Load
- @%SystemRoot%\system32\trkwks.dll,-2

+ @%SystemRoot%\servicing\TrustedInstaller.exe,-100
- %SystemRoot%\servicing\TrustedInstaller.exe
- Load on Demand
- @%SystemRoot%\servicing\TrustedInstaller.exe,-101

+ @%SystemRoot%\system32\tzautoupdate.dll,-200
- %SystemRoot%\system32\svchost.exe -k LocalService
- disabled
- @%SystemRoot%\system32\tzautoupdate.dll,-201

+ @%systemroot%\system32\ualsvc.dll,-102
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Auto Load
- @%systemroot%\system32\ualsvc.dll,-101

+ @%systemroot%\system32\AgentService.exe,-102
- %systemroot%\system32\AgentService.exe
- disabled
- @%systemroot%\system32\AgentService.exe,-101

+ @%SystemRoot%\system32\umrdp.dll,-1000
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\umrdp.dll,-1001

+ @%systemroot%\system32\upnphost.dll,-213
- %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
- Load on Demand
- @%systemroot%\system32\upnphost.dll,-214

+ @%systemroot%\system32\usermgr.dll,-100
- %SystemRoot%\system32\svchost.exe -k netsvcs
- Auto Load
- @%systemroot%\system32\usermgr.dll,-101

+ @%systemroot%\system32\usocore.dll,-102
- %systemroot%\system32\svchost.exe -k netsvcs
- Load on Demand
- @%systemroot%\system32\usocore.dll,-101

+ @%SystemRoot%\system32\vaultsvc.dll,-1003
- %SystemRoot%\system32\lsass.exe
- Load on Demand
- @%SystemRoot%\system32\vaultsvc.dll,-1004

+ @%SystemRoot%\system32\vds.exe,-100
- %SystemRoot%\System32\vds.exe
- Load on Demand
- @%SystemRoot%\system32\vds.exe,-112

+ VMware Alias Manager and Ticket Service
- "C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe"
- Auto Load
- Alias Manager and Ticket Service

+ @oem9.inf,%VM3DSERVICE_DISPLAYNAME%;VMware SVGA Helper Service
- %SystemRoot%\system32\vm3dservice.exe
- Auto Load
- @oem9.inf,%VM3DSERVICE_DESCRIPTION%;Helps VMware SVGA driver by collecting and conveying user mode information

+ @%systemroot%\system32\vmcompute.exe,-100
- %systemroot%\system32\vmcompute.exe
- Load on Demand
- @%systemroot%\system32\vmcompute.exe,-101

+ @%systemroot%\system32\icsvc.dll,-801
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-802

+ @%systemroot%\system32\icsvc.dll,-101
- %systemroot%\system32\svchost.exe -k ICService
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-102

+ @%systemroot%\system32\icsvc.dll,-201
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-202

+ @%systemroot%\system32\icsvcext.dll,-601
- %systemroot%\system32\svchost.exe -k ICService
- Load on Demand
- @%systemroot%\system32\icsvcext.dll,-602

+ @%systemroot%\system32\icsvc.dll,-301
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-302

+ @%systemroot%\system32\icsvc.dll,-401
- %systemroot%\system32\svchost.exe -k LocalServiceNetworkRestricted
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-402

+ @%systemroot%\system32\icsvc.dll,-901
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-902

+ @%systemroot%\system32\icsvcext.dll,-501
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%systemroot%\system32\icsvcext.dll,-502

+ @%systemroot%\system32\vmms.exe,-10
- %systemroot%\system32\vmms.exe
- Auto Load
- @%systemroot%\system32\vmms.exe,-11

+ VMware Tools
- "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe"
- Auto Load
- Provides support for synchronizing objects between the host and guest operating systems.

+ VMware Snapshot Provider
- C:\Windows\system32\dllhost.exe /Processid:{E7F00531-E54F-40EF-A90B-DB9382073EA7}
- Load on Demand
- VMware Snapshot Provider

+ VMware vCenter Converter Standalone Agent
- "C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe" -s "C:\ProgramData\VMware\VMware vCenter Converter Standalone\converter-agent.xml"
- Auto Load
- VMware vCenter Converter Standalone Agent provides virtual machine conversion and reconfiguration services.

+ VMware vCenter Converter Standalone Server
- "C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe" -s "C:\ProgramData\VMware\VMware vCenter Converter Standalone\converter-server.xml"
- Auto Load
- VMware vCenter Converter Standalone Server provides centralized management of Converter Stadalone agents and tasks.

+ VMware vCenter Converter Standalone Worker
- "C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe" -s "C:\ProgramData\VMware\VMware vCenter Converter Standalone\converter-worker.xml"
- Auto Load
- VMware vCenter Converter Standalone Worker helps VMware vCenter Converter Standalone Server to create virtual machines and to orchestrate conversion tasks.

+ @%systemroot%\system32\vssvc.exe,-102
- %systemroot%\system32\vssvc.exe
- Load on Demand
- @%systemroot%\system32\vssvc.exe,-101

+ @%SystemRoot%\system32\w32time.dll,-200
- %SystemRoot%\system32\svchost.exe -k LocalService
- disabled
- @%SystemRoot%\system32\w32time.dll,-201

+ @%windir%\system32\inetsrv\iisres.dll,-30014
- %windir%\system32\svchost.exe -k apphost
- Load on Demand
- @%windir%\system32\inetsrv\iisres.dll,-30015

+ @%windir%\system32\inetsrv\iisres.dll,-30003
- %windir%\system32\svchost.exe -k iissvcs
- Auto Load
- @%windir%\system32\inetsrv\iisres.dll,-30004

+ @%SystemRoot%\System32\WalletService.dll,-1000
- %SystemRoot%\System32\svchost.exe -k appmodel
- Load on Demand
- @%SystemRoot%\System32\WalletService.dll,-1001

+ @%windir%\system32\inetsrv\iisres.dll,-30001
- %windir%\system32\svchost.exe -k iissvcs
- Load on Demand
- @%windir%\system32\inetsrv\iisres.dll,-30002

+ @%systemroot%\system32\wbiosrvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k WbioSvcGroup
- Auto Load
- @%systemroot%\system32\wbiosrvc.dll,-101

+ @%SystemRoot%\System32\wcmsvc.dll,-4097
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
- Auto Load
- @%SystemRoot%\System32\wcmsvc.dll,-4098

+ @%systemroot%\system32\wdi.dll,-502
- %SystemRoot%\System32\svchost.exe -k LocalService
- Load on Demand
- @%systemroot%\system32\wdi.dll,-503

+ @%systemroot%\system32\wdi.dll,-500
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%systemroot%\system32\wdi.dll,-501

+ @%SystemRoot%\system32\wecsvc.dll,-200
- %SystemRoot%\system32\svchost.exe -k NetworkService
- Load on Demand
- @%SystemRoot%\system32\wecsvc.dll,-201

+ @%systemroot%\system32\wephostsvc.dll,-100
- %systemroot%\system32\svchost.exe -k WepHostSvcGroup
- Load on Demand
- @%systemroot%\system32\wephostsvc.dll,-101

+ @%SystemRoot%\System32\wercplsupport.dll,-101
- %SystemRoot%\System32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\System32\wercplsupport.dll,-100

+ @%SystemRoot%\System32\wersvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k WerSvcGroup
- Load on Demand
- @%SystemRoot%\System32\wersvc.dll,-101

+ @%SystemRoot%\system32\wiarpc.dll,-2
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\wiarpc.dll,-1

+ @%SystemRoot%\system32\winhttp.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalService
- Load on Demand
- @%SystemRoot%\system32\winhttp.dll,-101

+ @%Systemroot%\system32\wbem\wmisvc.dll,-205
- %systemroot%\system32\svchost.exe -k netsvcs
- Auto Load
- @%Systemroot%\system32\wbem\wmisvc.dll,-204

+ @%Systemroot%\system32\wsmsvc.dll,-101
- %SystemRoot%\System32\svchost.exe -k NetworkService
- Auto Load
- @%Systemroot%\system32\wsmsvc.dll,-102

+ VNC Server Version 4
- "C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service
- Auto Load
-

+ @%SystemRoot%\system32\flightsettings.dll,-104
- %systemroot%\system32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\system32\flightsettings.dll,-103

+ @%SystemRoot%\system32\wlidsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\system32\wlidsvc.dll,-101

+ @%Systemroot%\system32\wbem\wmiapsrv.exe,-110
- %systemroot%\system32\wbem\WmiApSrv.exe
- Load on Demand
- @%Systemroot%\system32\wbem\wmiapsrv.exe,-111

+ @%windir%\system32\inetsrv\iisres.dll,-20001
- %windir%\system32\inetsrv\wmsvc.exe
- Load on Demand
- @%windir%\system32\inetsrv\iisres.dll,-20002

+ @%SystemRoot%\system32\wpdbusenum.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\wpdbusenum.dll,-101

+ @%SystemRoot%\system32\wpnservice.dll,-1
- %systemroot%\system32\svchost.exe -k netsvcs
- Auto Load
- @%SystemRoot%\system32\wpnservice.dll,-2

+ @%systemroot%\system32\SearchIndexer.exe,-103
- %systemroot%\system32\SearchIndexer.exe /Embedding
- Auto Load
- @%systemroot%\system32\SearchIndexer.exe,-104

+ Windows Update
- %systemroot%\system32\svchost.exe -k wuausvcs
- Load on Demand
- @%systemroot%\system32\wuaueng.dll,-106

+ @%SystemRoot%\system32\wudfsvc.dll,-1000
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\wudfsvc.dll,-1001

+ Xbox Live Auth Manager
- %SystemRoot%\system32\svchost.exe -k netsvcs
- disabled
- @%systemroot%\system32\XblAuthManager.dll,-101

+ Xbox Live Game Save
- %SystemRoot%\system32\svchost.exe -k netsvcs
- disabled
- @%systemroot%\system32\XblGameSave.dll,-101
70629 - Microsoft Windows AutoRuns Winlogon
-
Synopsis
Report programs that startup associates with the winlogon process.
Description
Report the startup locations associated with the winlogon process.

These values could add features to the logon process, assist in authentication, or set screen savers.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output

tcp/0


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers
+ CLSID : {1b283861-754f-4022-ad47-a5eaaa618894}
- Name : Smartcard Reader Selection Provider
- Value : %SystemRoot%\system32\SmartcardCredentialProvider.dll

+ CLSID : {1ee7337f-85ac-45e2-a23c-37c753209769}
- Name : Smartcard WinRT Provider
- Value : %SystemRoot%\system32\SmartcardCredentialProvider.dll

+ CLSID : {2135f72a-90b5-4ed3-a7f1-8bb705ac276a}
- Name : PicturePasswordLogonProvider
- Value : %SystemRoot%\system32\credprovslegacy.dll

+ CLSID : {25CBB996-92ED-457e-B28C-4774084BD562}
- Name : GenericProvider
- Value : %SystemRoot%\system32\credprovs.dll

+ CLSID : {3dd6bec0-8193-4ffe-ae25-e08e39ea4063}
- Name : NPProvider
- Value : %SystemRoot%\system32\credprovs.dll

+ CLSID : {48B4E58D-2791-456C-9091-D524C6C706F2}
- Name : Secondary Authentication Factor Credential Provider
- Value : C:\Windows\System32\devicengccredprov.dll

+ CLSID : {600e7adb-da3e-41a4-9225-3c0399e88c0c}
- Name : CngCredUICredentialProvider
- Value : %systemroot%\system32\cngcredui.dll

+ CLSID : {60b78e88-ead8-445c-9cfd-0b87f74ea6cd}
- Name : PasswordProvider
- Value : %SystemRoot%\system32\credprovs.dll

+ CLSID : {8AF662BF-65A0-4D0A-A540-A338A999D36F}
- Name : FaceCredentialProvider
- Value : C:\Windows\System32\FaceCredentialProvider.dll

+ CLSID : {8FD7E19C-3BF7-489B-A72C-846AB3678C96}
- Name : Smartcard Credential Provider
- Value : %SystemRoot%\system32\SmartcardCredentialProvider.dll

+ CLSID : {94596c7e-3744-41ce-893e-bbf09122f76a}
- Name : Smartcard Pin Provider
- Value : %SystemRoot%\system32\SmartcardCredentialProvider.dll

+ CLSID : {A910D941-9DA9-4656-8933-AA1EAE01F76E}
- Name : Remote NGC Credential Provider
- Value : C:\Windows\System32\ngccredprov.dll

+ CLSID : {BEC09223-B018-416D-A0AC-523971B639F5}
- Name : WinBio Credential Provider
- Value : %SystemRoot%\System32\BioCredProv.dll

+ CLSID : {C885AA15-1764-4293-B82A-0586ADD46B35}
- Name : IrisCredentialProvider
- Value : C:\Windows\System32\FaceCredentialProvider.dll

+ CLSID : {cb82ea12-9f71-446d-89e1-8d0924e1256e}
- Name : PINLogonProvider
- Value : %SystemRoot%\system32\credprovslegacy.dll

+ CLSID : {D6886603-9D2F-4EB2-B667-1971041FA96B}
- Name : NGC Credential Provider
- Value : C:\Windows\System32\ngccredprov.dll

+ CLSID : {e74e57b0-6c6d-44d5-9cda-fb2df5ed7435}
- Name : CertCredProvider
- Value : %systemroot%\system32\certCredProvider.dll

+ CLSID : {F8A0B131-5F68-486c-8040-7E8FC3C85BB6}
- Name : WLIDCredentialProvider
- Value : %SystemRoot%\system32\wlidcredprov.dll


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters
+ CLSID : {DDC0EED2-ADBE-40b6-A217-EDE16A79A0DE}
- Name : GenericFilter
- Value : %SystemRoot%\system32\credprovs.dll


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\PLAP Providers
+ CLSID : {5537E283-B1E7-4EF8-9C6E-7AB0AFE5056D}
- Name : RasProvider
- Value : %SystemRoot%\system32\rasplap.dll




70630 - Microsoft Windows AutoRuns Winsock Provider
-
Synopsis
Report Winsock providers extensions.
Description
A Winsock provider is a type of Layered Service Provider (LSP) that can be used to control protocols by inserting itself into the TCP/IP stack. This can commonly be used to help filter web traffic, enable QoS type services, or anything to hook network traffic controls.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output

tcp/0


+ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries
- Name : Hyper-V RAW
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60100
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60101
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60102
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60200
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60201
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60202
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\wshqos.dll,-100
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\wshqos.dll,-101
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\wshqos.dll,-102
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\wshqos.dll,-103
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : vSockets DGRAM
- PackedCatalogItem : %windir%\system32\vsocklib.dll

- Name : vSockets STREAM
- PackedCatalogItem : %windir%\system32\vsocklib.dll


+ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
- LibararyPath : %SystemRoot%\system32\napinsp.dll
- LibararyPath : %SystemRoot%\System32\mswsock.dll
- LibararyPath : %SystemRoot%\System32\winrnr.dll
- LibararyPath : %SystemRoot%\system32\NLAapi.dll


+ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
- Name : Hyper-V RAW
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60100
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60101
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60102
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60200
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60201
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60202
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\wshqos.dll,-100
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\wshqos.dll,-101
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\wshqos.dll,-102
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\wshqos.dll,-103
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : vSockets DGRAM
- PackedCatalogItem : %windir%\system32\vsocklib.dll

- Name : vSockets STREAM
- PackedCatalogItem : %windir%\system32\vsocklib.dll


+ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
- LibararyPath : %SystemRoot%\system32\napinsp.dll
- LibararyPath : %SystemRoot%\System32\mswsock.dll
- LibararyPath : %SystemRoot%\System32\winrnr.dll
- LibararyPath : %SystemRoot%\system32\NLAapi.dll

92371 - Microsoft Windows DNS Cache
-
Synopsis
Nessus was able to collect and report DNS cache information from the remote host.
Description
Nessus was able to collect details of the DNS cache from the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2025/12/15
Plugin Output

tcp/0

client.wns.windows.com

DNS cache information attached.
92363 - Microsoft Windows Device Logs
-
Synopsis
Nessus was able to collect available device logs from the remote host.
Description
Nessus was able to collect available device logs from the remote Windows host and add them as attachments.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output

tcp/0

Device logs attached.
92364 - Microsoft Windows Environment Variables
-
Synopsis
Nessus was able to collect and report environment variables from the remote host.
Description
Nessus was able to collect system and active account environment variables on the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0757
Plugin Information
Published: 2016/07/19, Modified: 2022/06/24
Plugin Output

tcp/0

Global Environment Variables :
processor_level : 6
comspec : %SystemRoot%\system32\cmd.exe
number_of_processors : 40
os : Windows_NT
username : SYSTEM
perl5lib : C:\oracle\product\10.2.0\db_1\perl\5.8.3\lib\MSWin32-x64;C:\oracle\product\10.2.0\db_1\perl\5.8.3\lib;C:\oracle\product\10.2.0\db_1\perl\5.8.3\lib\MSWin32-x64;C:\oracle\product\10.2.0\db_1\perl\site\5.8.3;C:\oracle\product\10.2.0\db_1\perl\site\5.8.3\lib;C:\oracle\product\10.2.0\db_1\sysman\admin\scripts;C:\oracle\product\10.2.0\db_1\perl\5.8.3\lib\MSWin32-x64;C:\oracle\product\10.2.0\db_1\perl\5.8.3\lib;C:\oracle\product\10.2.0\db_1\perl\5.8.3\lib\MSWin32-x64;C:\oracle\product\10.2.0\db_1\perl\site\5.8.3;C:\oracle\product\10.2.0\db_1\perl\site\5.8.3\lib;C:\oracle\product\10.2.0\db_1\sysman\admin\scripts
temp : %SystemRoot%\TEMP
processor_revision : cf02
path : C:\Program Files\Common Files\Oracle\Java\javapath;C:\oracle\product\10.2.0\db_1\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\120\DTS\Binn\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\ManagementStudio\;C:\Program Files (x86)\Microsoft SQL Server\120\DTS\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\dotnet\;C:\Program Files (x86)\dotnet\;C:\Program Files (x86)\Microsoft SQL Server\150\Tools\Binn\;C:\Program Files\Microsoft SQL Server\150\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\150\DTS\Binn\;C:\Program Files\Microsoft SQL Server\150\DTS\Binn\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\160\DTS\Binn\;C:\Program Files\Azure Data Studio\bin
tmp : %SystemRoot%\TEMP
processor_identifier : Intel64 Family 6 Model 207 Stepping 2, GenuineIntel
pathext : .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
processor_architecture : AMD64
vssdk100install : C:\Program Files (x86)\Microsoft Visual Studio 2010 SDK SP1\
psmodulepath : %ProgramFiles%\WindowsPowerShell\Modules;%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\PowerShell\Modules\;C:\Program Files (x86)\Microsoft SQL Server\150\Tools\PowerShell\Modules\
windir : %SystemRoot%

Active User Environment Variables
- S-1-5-21-3087833412-113499397-355877213-500
temp : %USERPROFILE%\AppData\Local\Temp
path : %USERPROFILE%\AppData\Local\Microsoft\WindowsApps;%USERPROFILE%\.dotnet\tools;C:\Program Files\Azure Data Studio\bin
tmp : %USERPROFILE%\AppData\Local\Temp
92365 - Microsoft Windows Hosts File
-
Synopsis
Nessus was able to collect the hosts file from the remote host.
Description
Nessus was able to collect the hosts file from the remote Windows host and report it as attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2020/01/27
Plugin Output

tcp/0

Windows hosts file attached.

MD5: 3688374325b992def12793500307566d
SHA-1: 4bed0823746a2a8577ab08ac8711b79770e48274
SHA-256: 2d6bdfb341be3a6234b24742377f93aa7c7cfb0d9fd64efa9282c87852e57085
187318 - Microsoft Windows Installed
-
Synopsis
The remote host is running Microsoft Windows.
Description
The remote host is running Microsoft Windows.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/12/27, Modified: 2025/12/10
Plugin Output

tcp/0


OS Name : Microsoft Windows Server 2016 1607
Vendor : Microsoft
Product : Windows Server
Release : 2016 1607
Edition : Datacenter
Version : 10.0.14393.4225
Role : server
Kernel : Windows NT 10.0
Architecture : x64
CPE v2.2 : cpe:/o:microsoft:windows_server_2016:10.0.14393.4225:-:~~datacenter~~x64~
CPE v2.3 : cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4225:-:*:*:datacenter:*:x64:*
Type : local
Method : SMB
Confidence : 100

20811 - Microsoft Windows Installed Software Enumeration (credentialed check)
-
Synopsis
It is possible to enumerate installed software.
Description
This plugin lists software potentially installed on the remote host by crawling the registry entries in :

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall HKLM\SOFTWARE\Microsoft\Updates

Note that these entries do not necessarily mean the applications are actually installed on the remote host - they may have been left behind by uninstallers, or the associated files may have been manually removed.
Solution
Remove any applications that are not compliant with your organization's acceptable use and security policies.
Risk Factor
None
References
XREF IAVT:0001-T-0501
Plugin Information
Published: 2006/01/26, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


The following software are installed on the remote host :

Kaspersky Security Center Network Agent [version 14.2.0.26967]
KB3045324 [version 12.0.2269.0] [installed on 2021/02/27]
KB3058865 [version 12.1.4100.1] [installed on 2021/02/28]
KB3171021 [version 12.2.5000.0] [installed on 2021/02/28]
Service Pack 3 for SQL Server 2014 (KB4022619) (64-bit) [version 12.3.6024.0] [installed on 2021/02/28]
Hotfix 4335 for SQL Server 2019 (KB5030333) (64-bit) [version 15.0.4335.1] [installed on 2024/12/21]
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) [version 10.1.2531.0] [installed on 2020/12/14]
Microsoft Help Viewer 1.1 [version 1.1.40219]
Microsoft Help Viewer 2.0 [version 2.0.50727]
Microsoft Help Viewer 2.2 [version 2.2.25420]
Microsoft Help Viewer 2.3 [version 2.3.28307]
Microsoft Report Viewer Redistributable 2005
Microsoft Report Viewer Redistributable 2008
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2014 (64-bit)
Microsoft SQL Server 2019 (64-bit)
Microsoft Visual Studio 2010 Service Pack 1 [version 10.0.40219]
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) [version 10.0.31007]
Microsoft Visual Studio Macro Tools [version 9.0.30729]
Notepad++ (32-bit x86) [version 8.3.3]
Microsoft Office Standard 2010 [version 14.0.7015.1000]
VNC Enterprise Edition E4.6.1 [version E4.6.1] [installed on 2020/12/06]
TreeSize Free V4.1.2 [version 4.1.2] [installed on 2025/12/18]
VNC Printer Driver 1.7.0 [version 1.7.0] [installed on 2020/12/06]
WinRAR 6.00 (64-bit) [version 6.00.0]
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 [version 14.36.32532] [installed on 2025/03/10]
Microsoft .NET AppHost Pack - 8.0.7 (x64) [version 64.28.16731] [installed on 2024/11/14]
Microsoft Visual Studio 2015 Shell (Minimum) [version 14.0.23107] [installed on 2020/12/15]
Microsoft .NET 7.0 Templates 7.0.400 (x64) [version 28.6.43700] [installed on 2025/12/03]
SQL Server 2019 Database Engine Services [version 15.0.2000.5] [installed on 2024/12/21]
Microsoft .NET SDK 7.0.400 (x64) [version 7.4.23.36916]
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 [version 12.0.30501.0]
Microsoft .NET SDK 8.0.303 (x64) [version 8.3.324.31708]
Microsoft Visual Studio 2015 Shell (Integrated) [version 14.0.23111] [installed on 2020/12/14]
IIS Express Application Compatibility Database for x64
Microsoft ASP.NET 2.0 AJAX Extensions 1.0 [version 1.0.61025] [installed on 2020/12/06]
SQL Server 2019 Data quality client [version 15.0.2000.5] [installed on 2024/12/21]
Microsoft Visual Studio 2015 Preparation [version 14.0.23107] [installed on 2020/12/14]
Microsoft SQL Server 2008 R2 Transact-SQL Language Service [version 10.50.1750.9] [installed on 2020/12/14]
SQL Server 2019 Data quality service [version 15.0.2000.5] [installed on 2024/12/21]
Microsoft Visual Studio 2010 SharePoint Developer Tools [version 10.0.40219] [installed on 2020/12/14]
Blend for Visual Studio SDK for Silverlight 5 [version 3.0.40218.0] [installed on 2021/01/08]
Visual Studio 2017 Isolated Shell for SSMS [version 15.0.28308.421] [installed on 2024/12/21]
Microsoft.NET.Workload.Emscripten.net6.Manifest (x64) [version 56.35.64642] [installed on 2025/12/03]
SQL Server 2014 Integration Services [version 12.3.6024.0] [installed on 2021/02/28]
SQL Server 2019 Common Files [version 15.0.2000.5] [installed on 2024/12/21]
Microsoft .NET Core Runtime - 3.1.3 (x86) [version 3.1.3.28628]
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU [version 4.0.8080.0] [installed on 2020/12/14]
Microsoft.NET.Sdk.Maui.Manifest-8.0.100 (x64) [version 8.0.3] [installed on 2024/11/14]
MSBuild/NuGet Integration 14.0 (x86) [version 14.0.25420] [installed on 2020/12/15]
Visual Studio 2012 Prerequisites - ENU Language Pack [version 11.0.50727] [installed on 2020/12/14]
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 [version 12.0.21005] [installed on 2020/12/14]
Microsoft Visual Studio 2015 Shell (Minimum) Interop Assemblies [version 14.0.25420] [installed on 2020/12/15]
Tools for .Net 3.5 [version 3.11.50727] [installed on 2020/12/14]
Microsoft Visual Studio 2015 Devenv Resources [version 14.0.23107] [installed on 2020/12/15]
Microsoft .NET Framework 4.5 SDK [version 4.5.50709] [installed on 2020/12/08]
Microsoft .NET Framework 4.5.1 SDK [version 4.5.51641] [installed on 2020/12/14]
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack [version 4.5.51651] [installed on 2020/12/08]
Microsoft .NET Core Runtime - 3.1.3 (x64) [version 24.76.28628] [installed on 2022/05/10]
vs_tipsmsi [version 15.0.27005] [installed on 2020/12/15]
SQL Server 2014 Data quality client [version 12.3.6024.0] [installed on 2021/02/28]
Microsoft SQL Server 2014 Policies [version 12.3.6024.0] [installed on 2021/02/28]
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 [version 10.0.40219] [installed on 2021/02/27]
Microsoft Expression Blend SDK for Silverlight 4 [version 2.0.20525.0] [installed on 2021/01/08]
Microsoft Visual Studio 2012 Preparation [version 11.0.50727] [installed on 2020/12/14]
SQL Server 2014 Documentation Components [version 12.0.2000.8] [installed on 2020/12/06]
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 [version 10.0.40219] [installed on 2020/12/06]
Microsoft ASP.NET Core 8.0.22 Shared Framework (x86) [version 8.0.22.25528] [installed on 2025/12/03]
Microsoft .NET Core 1.0.6 - Host FX Resolver (x64) [version 4.1.21306] [installed on 2023/11/16]
vs_filehandler_x86 [version 15.9.28302] [installed on 2020/12/15]
Microsoft ASP.NET Core 8.0.22 - Shared Framework (x64) [version 8.0.22.25528]
Microsoft Visual Studio Team Foundation Server 2017 Update 9 Office Integration (x64) [version 15.129.30720] [installed on 2020/12/15]
SQL Server 2019 XEvent [version 15.0.2000.5] [installed on 2024/12/21]
Visual Studio Extensions for Windows Library for JavaScript [version 1.0.9202.20789] [installed on 2021/01/08]
Microsoft Visual C++ 2015 x86 Debug Runtime - 14.0.24210 [version 14.0.24210] [installed on 2020/12/15]
vcpp_crt.redist.clickonce [version 14.16.27033] [installed on 2020/12/15]
Visual Studio 2008 Shell Integrated Mode Redistributable Package [version 9.0.21022] [installed on 2020/12/14]
Microsoft .NET Framework Cumulative Intellisense Pack for Visual Studio (ENU) [version 4.7.02558] [installed on 2020/12/15]
SQL Server 2019 Distributed Replay [version 15.0.2000.5] [installed on 2024/12/21]
Microsoft SQL Server 2014 Management Objects [version 12.0.2000.8] [installed on 2020/12/14]
VMware Tools [version 12.3.5.22544099] [installed on 2025/03/17]
SQL Server 2019 SQL Diagnostics [version 15.0.2000.5] [installed on 2024/12/21]
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) [version 4.5.51209] [installed on 2020/12/08]
Microsoft.NET.Workload.Mono.Toolchain.net6.Manifest (x64) [version 64.28.16731] [installed on 2024/11/14]
SQL Server 2014 Client Tools [version 12.3.6024.0] [installed on 2021/02/28]
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources [version 11.0.50727] [installed on 2021/01/08]
Microsoft VSS Writer for SQL Server 2019 [version 15.0.2000.5] [installed on 2024/12/21]
SQL Server 2014 Distributed Replay [version 12.3.6024.0] [installed on 2021/02/28]
SQL Server 2014 SQL Data Quality Common [version 12.3.6024.0] [installed on 2021/02/28]
Microsoft .NET Framework 4.6.1 SDK [version 4.6.01055] [installed on 2020/12/15]
Sql Server Customer Experience Improvement Program [version 10.1.2531.0] [installed on 2020/12/14]
Microsoft SQL Server 2019 T-SQL Language Service [version 15.0.2000.5] [installed on 2024/12/21]
Microsoft Report Viewer 2014 Runtime [version 12.0.2000.8] [installed on 2020/12/06]
Microsoft Visual Studio 2012 Devenv [version 11.0.50727] [installed on 2021/01/08]
Microsoft Visual Studio Team Foundation Server 2017 Update 9 Office Integration Language Pack (x64) - ENU [version 15.129.30720] [installed on 2020/12/15]
Microsoft Build Tools Language Resources 14.0 (amd64) [version 14.0.25420] [installed on 2020/12/15]
SQL Server 2019 Integration Services [version 15.0.2000.5] [installed on 2024/12/21]
SQL Server 2014 Distributed Replay [version 12.0.2000.8] [installed on 2020/12/06]
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 [version 11.0.61030] [installed on 2021/01/08]
Blend for Visual Studio SDK for .NET 4.5 [version 3.0.40218.0] [installed on 2021/01/08]
Microsoft Visual Studio 2012 Shell (Minimum) Resources [version 11.0.50727] [installed on 2021/01/08]
Microsoft System CLR Types for SQL Server 2014 (x64) [version 12.3.6024.0] [installed on 2021/02/28]
Microsoft .NET Core 1.1.3 - Host (x64) [version 4.16.1560] [installed on 2023/11/16]
vs_minshellinteropmsi [version 15.8.27825] [installed on 2020/12/15]
Microsoft SQL Server Compact 3.5 SP2 ENU [version 3.5.8080.0] [installed on 2020/12/14]
Microsoft .NET Runtime - 8.0.22 (x86) [version 64.88.42551] [installed on 2025/12/03]
Microsoft .NET Host FX Resolver - 8.0.7 (x64) [version 64.28.16731] [installed on 2024/11/14]
Microsoft .NET Core Host - 3.1.3 (x64) [version 24.76.28628] [installed on 2022/05/10]
Microsoft .NET AppHost Pack - 7.0.10 (x64_x86) [version 56.43.64668] [installed on 2025/12/03]
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 [version 14.36.32532.0]
Microsoft Visual Studio 2015 XAML Designer [version 14.0.25420] [installed on 2020/12/15]
Microsoft Visual Studio 2015 Shell (Isolated) Resources [version 14.0.23107] [installed on 2020/12/15]
Microsoft .NET Host - 7.0.10 (x64) [version 56.43.64668] [installed on 2025/12/03]
Microsoft .NET Host FX Resolver - 8.0.22 (x86) [version 64.88.42551] [installed on 2025/12/03]
Microsoft ASP.NET Core Module V2 [version 18.0.25301.0] [installed on 2025/12/03]
Microsoft .NET Framework 4.6.1 Developer Pack [version 4.6.1055]
TypeScript Power Tool [version 1.8.34.0] [installed on 2020/12/15]
Microsoft ASP.NET Core 8.0.22 Shared Framework (x64) [version 8.0.22.25528] [installed on 2025/12/03]
Microsoft SQL Server 2014 Transact-SQL Compiler Service [version 12.3.6024.0] [installed on 2021/02/28]
SQL Server 2019 Full text search [version 15.0.2000.5] [installed on 2024/12/21]
Microsoft ASP.NET Core 7.0.10 Targeting Pack (x64) [version 7.0.10.23364] [installed on 2025/12/03]
Microsoft Visual Studio 2012 Shell (Integrated) [version 11.0.50727] [installed on 2020/12/14]
Microsoft Web Platform Installer 5.1 [version 5.1.51515.0] [installed on 2020/12/06]
Microsoft.NET.Workload.Mono.Toolchain.net7.Manifest (x64) [version 56.3.64668] [installed on 2025/12/03]
Microsoft VisualStudio JavaScript Project System [version 14.0.25420] [installed on 2020/12/15]
Microsoft ODBC Driver 11 for SQL Server [version 12.3.6024.0] [installed on 2021/02/28]
Microsoft Build Tools Language Resources 14.0 (x86) [version 14.0.25420] [installed on 2020/12/15]
Microsoft SQL Server 2008 Common Files [version 10.1.2531.0] [installed on 2020/12/14]
Microsoft.NET.Sdk.iOS.Manifest-7.0.100 (x64) [version 16.0.0] [installed on 2025/12/03]
Microsoft Visual Studio 2012 Shell (Integrated) [version 11.0.50727.1]
Microsoft.NET.Sdk.tvOS.Manifest-8.0.100 (x64) [version 17.0.8478] [installed on 2024/11/14]
Microsoft .NET Framework 4.5 Multi-Targeting Pack [version 4.5.50710] [installed on 2020/12/14]
vs_SQLClickOnceBootstrappermsi [version 15.0.27005] [installed on 2020/12/15]
Microsoft.NET.Sdk.macOS.Manifest-7.0.100 (x64) [version 12.3.0] [installed on 2025/12/03]
VS Update core components [version 14.0.25420] [installed on 2020/12/15]
Microsoft ODBC Driver 17 for SQL Server [version 17.10.5.1] [installed on 2024/12/21]
Microsoft ASP.NET Core 3.1.3 Shared Framework (x86) [version 3.1.3.0] [installed on 2022/05/10]
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 [version 10.0.40219] [installed on 2021/02/27]
Microsoft .NET AppHost Pack - 7.0.10 (x64_arm) [version 56.43.64668] [installed on 2025/12/03]
Microsoft Report Viewer Redistributable 2008 [version 9.0.21022] [installed on 2020/12/06]
Browser for SQL Server 2019 [version 15.0.2000.5] [installed on 2024/12/21]
IntelliTraceProfilerProxy [version 15.0.17289.01] [installed on 2020/12/15]
Microsoft .NET Core Runtime - 3.1.3 (x64) [version 3.1.3.28628]
Microsoft Visual Studio 2015 Shell (Integrated) [version 14.0.23111.35]
Visual Studio 2012 Prerequisites [version 11.0.50727] [installed on 2021/01/08]
SQL Server 2019 Database Engine Shared [version 15.0.2000.5] [installed on 2024/12/21]
SQL Server 2019 Shared Management Objects [version 15.0.2000.5] [installed on 2024/12/21]
Microsoft SQL Server 2008 Setup Support Files [version 10.3.5500.0] [installed on 2020/12/06]
Microsoft Report Viewer Redistributable 2005 [version 8.0.52571] [installed on 2020/12/07]
Microsoft System CLR Types for SQL Server vNext CTP1.6 [version 15.0.600.33] [installed on 2020/12/15]
Microsoft ASP.NET Core 3.1.3 - Shared Framework [version 3.1.3.20163]
Azure Data Studio [version 1.41.2] [installed on 2024/12/21]
Microsoft Web Deploy 3.6 [version 10.0.1981] [installed on 2023/11/16]
Visual Studio 2010 Prerequisites - English [version 10.0.40219] [installed on 2020/12/14]
Microsoft .NET Core Host FX Resolver - 3.1.3 (x86) [version 24.76.28628] [installed on 2022/05/10]
.NET Core SDK 1.1.0 (x64) [version 1.1.0]
SQL Server Management Studio [version 19.0.20209.0] [installed on 2024/12/21]
SQL Server 2019 Client Tools [version 15.0.2000.5] [installed on 2024/12/21]
vs_minshellmsi [version 15.9.28302] [installed on 2020/12/15]
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack [version 4.5.50932] [installed on 2020/12/14]
vs_clickoncesigntoolmsi [version 15.0.27005] [installed on 2020/12/15]
Oracle Data Provider for .NET Help [version 10.2.020] [installed on 2020/12/06]
ManageEngine UEMS - Agent [version 10.0.652.W] [installed on 2021/02/27]
Microsoft.NET.Sdk.iOS.Manifest-8.0.100 (x64) [version 17.0.8478] [installed on 2024/11/14]
Microsoft Build Tools 14.0 (x86) [version 14.0.25420] [installed on 2020/12/15]
Microsoft SQL Server 2014 Transact-SQL ScriptDom [version 12.3.6024.0] [installed on 2021/02/28]
Microsoft Visual Studio 2015 Shell (Isolated) [version 14.0.23107] [installed on 2020/12/15]
Microsoft.NET.Sdk.tvOS.Manifest-7.0.100 (x64) [version 16.0.0] [installed on 2025/12/03]
Microsoft SQL Server 2019 Setup (English) [version 15.0.4335.1] [installed on 2024/12/21]
Microsoft ASP.NET Core 8.0.7 Targeting Pack (x64) [version 8.0.7.24314] [installed on 2024/11/14]
Microsoft .NET 8.0.22 - Windows Server Hosting [version 8.0.22.25528]
Visual Studio 2012 Update 5 (KB2707250) [version 11.0.61219]
VMware vCenter Converter Standalone [version 6.1.1.3533064] [installed on 2022/05/25]
Microsoft Windows Desktop Targeting Pack - 7.0.10 (x64) [version 56.43.64722] [installed on 2025/12/03]
vs_communitymsi [version 15.9.28307] [installed on 2020/12/15]
Microsoft System CLR Types for SQL Server 2014 [version 12.0.2402.11] [installed on 2020/12/14]
JavaScript Tooling [version 11.0.60315] [installed on 2021/01/08]
Microsoft .NET Core 1.0.5 - Runtime (x64) [version 1.0.5] [installed on 2023/11/16]
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 [version 14.36.32532] [installed on 2025/03/10]
SQL Server 2014 Management Studio [version 12.3.6024.0] [installed on 2021/02/28]
Microsoft Report Viewer Redistributable 2005 [version 8.0.50727.42] [installed on 2020/12/07]
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.60610 [version 11.0.60610] [installed on 2021/01/08]
Microsoft.NET.Workload.Emscripten.net6.Manifest (x64) [version 64.28.16721] [installed on 2024/11/14]
Microsoft Build Tools 14.0 (amd64) [version 14.0.25420] [installed on 2020/12/15]
Microsoft Visual Studio Services Hub [version 1.0.25420.01] [installed on 2020/12/15]
Microsoft .NET Host FX Resolver - 8.0.22 (x64) [version 64.88.42551] [installed on 2025/12/03]
Microsoft SQL Server 2008 R2 Data-Tier Application Project [version 10.50.1750.9] [installed on 2020/12/14]
Microsoft ASP.NET Core 3.1.3 Shared Framework (x64) [version 3.1.3.0] [installed on 2022/05/10]
Microsoft SQL Server 2008 RsFx Driver [version 10.1.2531.0] [installed on 2020/12/14]
Microsoft.NET.Sdk.MacCatalyst.Manifest-7.0.100 (x64) [version 15.4.0] [installed on 2025/12/03]
Microsoft .NET AppHost Pack - 7.0.10 (x64) [version 56.43.64668] [installed on 2025/12/03]
Microsoft Analysis Services OLE DB Provider [version 16.0.5143.0] [installed on 2024/12/21]
Microsoft.NET.Workload.Emscripten.net7.Manifest (x64) [version 64.28.16721] [installed on 2024/11/14]
Integration Services [version 16.0.5107.0] [installed on 2024/12/21]
Microsoft Visual Studio 2015 Shell (Minimum) Resources [version 14.0.23107] [installed on 2020/12/15]
Visual Studio 2015 Update 3 (KB3022398) [version 14.0.25420]
Microsoft Visual Studio 2012 Shell (Minimum) [version 11.0.50727] [installed on 2021/01/08]
SQL Server 2019 DMF [version 15.0.2000.5] [installed on 2024/12/21]
Smart Storage Administrator [version 2.60.18.0] [installed on 2022/04/09]
Microsoft.NET.Workload.Mono.Toolchain.Current.Manifest (x64) [version 64.28.16731] [installed on 2024/11/14]
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies [version 11.0.50727] [installed on 2021/01/08]
Blend for Visual Studio Add-in for Adobe FXG Import [version 1.0.40218.0] [installed on 2021/01/08]
Visual Studio 2015 Prerequisites - ENU Language Pack [version 14.0.23107] [installed on 2020/12/14]
Microsoft SQL Server 2008 R2 Management Objects [version 10.51.2500.0] [installed on 2020/12/06]
Kaspersky Endpoint Security for Windows [version 11.15.8.493]
Kaspersky Endpoint Security for Windows [version 12.3.0.493] [installed on 2023/12/10]
Microsoft Windows Desktop Runtime - 7.0.10 (x64) [version 56.43.64722] [installed on 2025/12/03]
Microsoft .NET Host - 8.0.22 (x64) [version 64.88.42551] [installed on 2025/12/03]
Microsoft.NET.Workload.Mono.Toolchain.net6.Manifest (x64) [version 56.3.64668] [installed on 2025/12/03]
Microsoft SQL Server 2008 Common Files [version 10.0.1600.22] [installed on 2020/12/14]
Microsoft .NET Host FX Resolver - 7.0.10 (x64) [version 56.43.64668] [installed on 2025/12/03]
Microsoft .NET Runtime - 7.0.10 (x64) [version 56.43.64668] [installed on 2025/12/03]
Microsoft.NET.Sdk.Maui.Manifest-7.0.100 (x64) [version 7.0.49] [installed on 2025/12/03]
Microsoft.NET.Sdk.MacCatalyst.Manifest-8.0.100 (x64) [version 17.0.8478] [installed on 2024/11/14]
Microsoft .NET Framework 4.6.1 Targeting Pack [version 4.6.01055] [installed on 2020/12/15]
SQL Server 2019 Shared Management Objects Extensions [version 15.0.2000.5] [installed on 2024/12/21]
Microsoft Visual Studio Tools for Applications 2019 x64 Hosting Support [version 16.0.31110] [installed on 2024/12/21]
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) [version 4.6.01055] [installed on 2020/12/15]
MySQL Connector/ODBC 5.3 [version 5.3.14] [installed on 2021/02/27]
Microsoft SQL Server Management Studio - 19.0.2 [version 19.0.20209.0]
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 [version 14.36.32532.0]
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Definition Update for Microsoft Office 2010 (KB3115475) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Microsoft Office Excel MUI (English) 2010 [version 14.0.7015.1000] [installed on 2021/02/27]
Microsoft Office PowerPoint MUI (English) 2010 [version 14.0.7015.1000] [installed on 2021/02/27]
Microsoft Office Publisher MUI (English) 2010 [version 14.0.7015.1000] [installed on 2021/02/27]
Microsoft Office Outlook MUI (English) 2010 [version 14.0.7015.1000] [installed on 2021/02/27]
Microsoft Office Word MUI (English) 2010 [version 14.0.7015.1000] [installed on 2021/02/27]
Microsoft Office Proof (English) 2010 [version 14.0.7015.1000] [installed on 2021/02/27]
Microsoft Office Proof (French) 2010 [version 14.0.7015.1000] [installed on 2021/02/27]
Microsoft Office Proof (Spanish) 2010 [version 14.0.7015.1000] [installed on 2021/02/27]
Microsoft Office Office 64-bit Components 2010 [version 14.0.7015.1000] [installed on 2021/02/27]
Microsoft Office Shared 64-bit MUI (English) 2010 [version 14.0.7015.1000] [installed on 2021/02/27]
Microsoft Office Proofing (English) 2010 [version 14.0.7015.1000] [installed on 2021/02/27]
Microsoft Office Shared MUI (English) 2010 [version 14.0.7015.1000] [installed on 2021/02/27]
Microsoft Office OneNote MUI (English) 2010 [version 14.0.7015.1000] [installed on 2021/02/27]
Microsoft Access database engine 2010 (English) [version 14.0.7015.1000] [installed on 2021/02/27]
Microsoft Office Shared Setup Metadata MUI (English) 2010 [version 14.0.7015.1000] [installed on 2021/02/27]
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 [version 14.0.7015.1000] [installed on 2021/02/27]
Microsoft SQL Server 2016 LocalDB [version 13.1.4001.0] [installed on 2020/12/15]
Microsoft .NET AppHost Pack - 8.0.7 (x64_x86) [version 64.28.16731] [installed on 2024/11/14]
SSMS Post Install Tasks [version 19.0.20209.0] [installed on 2024/12/21]
Microsoft SQL Server 2008 Report Builder 2.0 [version 10.0.1600.60] [installed on 2020/12/07]
vs_clickoncebootstrappermsires [version 15.0.27005] [installed on 2020/12/15]
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 [version 12.0.21005] [installed on 2023/11/16]
Microsoft Application Error Reporting [version 12.0.6012.5000] [installed on 2020/12/06]
Microsoft Application Error Reporting [version 12.0.6015.5000] [installed on 2020/12/14]
Microsoft Visual Studio Tools for Applications 2017 x86 Hosting Support [version 15.0.27520] [installed on 2024/12/21]
Microsoft.NET.Sdk.macOS.Manifest-8.0.100 (x64) [version 14.0.8478] [installed on 2024/11/14]
Windows XP Targeting with C++ [version 11.0.51106] [installed on 2021/01/08]
SQL Server 2019 Connection Info [version 15.0.2000.5] [installed on 2024/12/21]
Microsoft Expression Blend SDK for .NET 4 [version 2.0.20525.0] [installed on 2021/01/08]
IIS URL Rewrite Module 2 [version 7.2.1993] [installed on 2020/12/06]
Microsoft Visual Studio 2012 Shell (Isolated) [version 11.0.50727] [installed on 2021/01/08]
Microsoft .NET Targeting Pack - 7.0.10 (x64) [version 56.43.64668] [installed on 2025/12/03]
Microsoft SQL Server 2012 Native Client [version 11.4.7462.6] [installed on 2021/02/28]
Microsoft.NET.Workload.Mono.Toolchain.net7.Manifest (x64) [version 64.28.16731] [installed on 2024/11/14]
Microsoft .NET Core 3.1.3 - Windows Server Hosting [version 3.1.3.20163]
vs_filehandler_amd64 [version 15.9.28302] [installed on 2020/12/15]
Visual Studio 2012 Verification SDK [version 14.0.25420] [installed on 2020/12/15]
vs_FileTracker_Singleton [version 15.9.28128] [installed on 2020/12/15]
IIS 10.0 Express [version 10.0.1738] [installed on 2023/11/16]
vs_clickoncebootstrappermsi [version 15.0.27005] [installed on 2020/12/15]
Microsoft .NET Standard Targeting Pack - 2.1.0 (x64) [version 24.0.28113] [installed on 2024/11/14]
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 [version 12.0.21005] [installed on 2023/11/16]
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.60610 [version 11.0.60610] [installed on 2021/01/08]
Microsoft Visual Studio 2015 XAML Designer - ENU [version 14.0.25420] [installed on 2020/12/15]
Microsoft SQL Server Database Publishing Wizard 1.4 [version 10.1.2512.8] [installed on 2020/12/14]
Microsoft Visual Studio Tools for Applications 2017 x64 Hosting Support [version 15.0.27520] [installed on 2024/12/21]
Microsoft .NET AppHost Pack - 7.0.10 (x64_arm64) [version 56.43.64668] [installed on 2025/12/03]
Microsoft Visual Studio 2012 Devenv Resources [version 11.0.50727] [installed on 2021/01/08]
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 [version 11.0.61030] [installed on 2021/01/08]
Microsoft ASP.NET Core 8.0.22 Hosting Bundle Options [version 8.0.22.25528] [installed on 2025/12/03]
Microsoft.NET.Sdk.Android.Manifest-8.0.100 (x64) [version 34.0.43] [installed on 2024/11/14]
Microsoft ASP.NET Core 8.0.7 Shared Framework (x64) [version 8.0.7.24314] [installed on 2024/11/14]
Microsoft Visual Studio 2012 Shell (Isolated) Resources [version 11.0.50727] [installed on 2021/01/08]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 [version 9.0.30729.4974] [installed on 2020/12/06]
SQL Server Management Studio Language Pack - English [version 19.0.20209.0] [installed on 2024/12/21]
Microsoft .NET AppHost Pack - 8.0.7 (x64_arm64) [version 64.28.16731] [installed on 2024/11/14]
Microsoft SQL Server 2008 Native Client [version 10.1.2531.0] [installed on 2020/12/14]
Microsoft SQL Server 2008 R2 Data-Tier Application Framework [version 10.50.1750.9] [installed on 2020/12/14]
SQL Server 2014 Common Files [version 12.3.6024.0] [installed on 2021/02/28]
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 [version 11.0.61030] [installed on 2021/01/08]
TypeScript Tools for Microsoft Visual Studio 2015 [version 1.8.34.0] [installed on 2020/12/15]
NXLog-CE [version 3.2.2329] [installed on 2023/09/20]
Microsoft .NET Core 1.1.2 - Runtime (x64) [version 1.1.2] [installed on 2023/11/16]
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core [version 11.0.50727] [installed on 2021/01/08]
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 [version 14.36.32532] [installed on 2025/03/10]
Microsoft SQL Server System CLR Types [version 10.51.2500.0] [installed on 2020/12/06]
Microsoft .NET Runtime - 8.0.22 (x64) [version 64.88.42551] [installed on 2025/12/03]
Microsoft Report Viewer 2012 Runtime [version 11.1.3452.0] [installed on 2020/12/08]
Microsoft Visual C++ 2013 x64 Debug Runtime - 12.0.21005 [version 12.0.21005] [installed on 2020/12/14]
Microsoft .NET Toolset 8.0.303 (x64) [version 32.8.56572] [installed on 2024/11/14]
Microsoft .NET Core 1.1.3 - Host FX Resolver (x64) [version 4.16.34328] [installed on 2023/11/16]
Microsoft .NET Core Host FX Resolver - 3.1.3 (x64) [version 24.76.28628] [installed on 2022/05/10]
Microsoft .NET Runtime - 8.0.7 (x64) [version 64.28.16731] [installed on 2024/11/14]
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) [version 10.0.31010] [installed on 2020/12/14]
Microsoft SQL Server 2008 Database Engine Shared [version 10.1.2531.0] [installed on 2020/12/14]
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 [version 11.0.61030] [installed on 2021/01/08]
Microsoft ASP.NET Core 7.0.10 Shared Framework (x64) [version 7.0.10.23364] [installed on 2025/12/03]
Microsoft .NET Framework 4 Multi-Targeting Pack [version 4.0.30319] [installed on 2020/12/08]
ClickOnce Bootstrapper Package for Microsoft .NET Framework [version 4.7.03083] [installed on 2020/12/15]
Microsoft Windows Desktop Targeting Pack - 8.0.7 (x64) [version 64.28.16739] [installed on 2024/11/14]
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) [version 4.5.50932] [installed on 2020/12/14]
SQL Server 2019 Batch Parser [version 15.0.2000.5] [installed on 2024/12/21]
Microsoft SQL Server Compact 3.5 SP2 x64 ENU [version 3.5.8080.0] [installed on 2020/12/14]
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 [version 14.36.32532] [installed on 2025/03/10]
Microsoft .NET Targeting Pack - 8.0.7 (x64) [version 64.28.16731] [installed on 2024/11/14]
Microsoft Visual Studio 2010 Shell (Isolated) - ENU [version 10.0.40219] [installed on 2021/02/27]
Microsoft .NET 8.0 Templates 8.0.303 (x64) [version 32.9.56572] [installed on 2024/11/14]
Microsoft VisualStudio JavaScript Language Service [version 14.0.25420] [installed on 2020/12/15]
Microsoft .NET Core Host - 3.1.3 (x86) [version 24.76.28628] [installed on 2022/05/10]
Microsoft Visual C++ 2015 x64 Debug Runtime - 14.0.24210 [version 14.0.24210] [installed on 2020/12/15]
Java(TM) SE Development Kit 17.0.12 (64-bit) [version 17.0.12.0] [installed on 2024/12/27]
Microsoft SQL Server 2012 Management Objects [version 11.0.2100.60] [installed on 2020/12/08]
Microsoft Visual Studio Setup Configuration [version 2.5.2141.57745] [installed on 2020/12/15]
MySQL Connector/ODBC 5.1 [version 5.1.13] [installed on 2021/03/01]
SQL Server 2019 SQL Data Quality Common [version 15.0.2000.5] [installed on 2024/12/21]
SQL Server 2019 Client Tools Extensions [version 15.0.2000.5] [installed on 2024/12/21]
Visual Studio 2015 Prerequisites [version 14.0.23107] [installed on 2020/12/15]
.NET Core SDK 1.1.0 (x64) [version 4.16.5124] [installed on 2023/11/16]
Microsoft System CLR Types for SQL Server 2012 [version 11.0.2100.60] [installed on 2020/12/08]
Microsoft .NET Host - 8.0.22 (x86) [version 64.88.42551] [installed on 2025/12/03]
Microsoft Visual C++ 2013 x86 Debug Runtime - 12.0.21005 [version 12.0.21005] [installed on 2020/12/14]
Microsoft.NET.Workload.Emscripten.net7.Manifest (x64) [version 56.35.64642] [installed on 2025/12/03]
Microsoft.NET.Workload.Emscripten.Current.Manifest (x64) [version 64.28.16721] [installed on 2024/11/14]
Microsoft .NET Toolset 7.0.400 (x64) [version 28.6.43700] [installed on 2025/12/03]
Microsoft Visual Studio Tools for Applications 2019 x86 Hosting Support [version 16.0.31110] [installed on 2024/12/21]
Microsoft .NET Core Runtime - 3.1.3 (x86) [version 24.76.28628] [installed on 2022/05/10]
Microsoft SQL Server 2019 RsFx Driver [version 15.0.4335.1] [installed on 2024/12/21]
Microsoft OLE DB Driver for SQL Server [version 18.6.7.0] [installed on 2024/12/21]
SQL Server 2019 Analysis Services [version 15.0.2000.5] [installed on 2024/12/21]
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [version 10.0.40219] [installed on 2020/12/06]
vs_update3notification [version 14.0.25420] [installed on 2020/12/15]
Microsoft System CLR Types for SQL Server 2012 (x64) [version 11.0.2100.60] [installed on 2020/12/08]
Microsoft Visual Studio 2010 SDK SP1 [version 10.0.40219] [installed on 2020/12/14]
Microsoft.NET.Sdk.Aspire.Manifest-8.0.100 (x64) [version 64.0.5426] [installed on 2024/11/14]
Microsoft Windows Desktop Runtime - 8.0.7 (x64) [version 64.28.16739] [installed on 2024/11/14]
SQL Server Report Builder 3 for SQL Server 2012 [version 11.0.2100.60] [installed on 2020/12/07]
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 [version 12.0.21005] [installed on 2020/12/14]
Microsoft SQL Server 2008 Database Engine Services [version 10.1.2531.0] [installed on 2020/12/14]
Microsoft Visual Studio 2015 Devenv [version 14.0.23107] [installed on 2020/12/15]
Microsoft .NET Core 1.0.6 - Host (x64) [version 4.0.21306] [installed on 2023/11/16]
Microsoft.NET.Sdk.Android.Manifest-7.0.100 (x64) [version 33.0.4] [installed on 2025/12/03]
IIS Express Application Compatibility Database for x86
Microsoft Visual Studio 2015 Shell (Isolated) [version 14.0.23107.10]
Microsoft Visual Studio 2012 Shell (Isolated) [version 11.0.50727.1]
Microsoft Visual Studio Tools for Applications 2019 [version 16.0.31110]
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 [version 12.0.30501.0]
Microsoft Visual Studio Tools for Applications 2017 [version 15.0.27520]

The following updates are installed :

.NET :
Microsoft .NET 8.0.22 - Windows Server Hosting (x86) [version 8.0.22.25528] [installed on 2025-12-03]
Microsoft ASP.NET Core 8.0.22 - Shared Framework (x64) [version 8.0.22.25528] [installed on 2025-12-03]
.NET Core :
Microsoft .NET Core 3.1.3 - Windows Server Hosting (x86) [version 3.1.3.20163] [installed on 2022-05-10]
Microsoft ASP.NET Core 3.1.3 - Shared Framework (x64) [version 3.1.3.20163] [installed on 2022-05-10]
Microsoft .NET Framework 4 Multi-Targeting Pack :
KB2504637 [version 1] [installed on 12/8/2020]
Microsoft ReportViewer 2010 SP1 Redistributable :
KB983509 [version 1] [installed on 12/14/2020]
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 :
KB2151757 [version 1] [installed on 12/6/2020]
KB2467173 [version 1] [installed on 12/6/2020]
KB2565063 [version 1] [installed on 12/6/2020]
KB982573 [version 1] [installed on 12/6/2020]
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 :
KB2455033 [version 1] [installed on 12/14/2020]
KB2565057 [version 1] [installed on 2/27/2021]
KB982517 [version 1] [installed on 12/14/2020]
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 :
KB2151757 [version 1] [installed on 12/6/2020]
KB2467173 [version 1] [installed on 12/6/2020]
KB2565063 [version 1] [installed on 12/6/2020]
KB982573 [version 1] [installed on 12/6/2020]
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 :
KB2455033 [version 1] [installed on 12/14/2020]
KB2565057 [version 1] [installed on 2/27/2021]
KB982517 [version 1] [installed on 12/14/2020]
Microsoft Visual Studio 2010 SDK SP1 :
KB2275326 [version 1] [installed on 12/14/2020]
KB983509 [version 1] [installed on 12/14/2020]
Microsoft Visual Studio 2010 Shell (Isolated) - ENU :
KB2635973 [version 1] [installed on 2/27/2021]
KB2938807 [version 1] [installed on 2/27/2021]
KB3002340 [version 1] [installed on 2/27/2021]
KB4336919 [version 1] [installed on 2/27/2021]
KB4476698 [version 1] [installed on 2/27/2021]
KB983509 [version 1] [installed on 12/14/2020]
Microsoft Visual Studio 2012 :
Visual Studio 2012 Update 5 (KB2707250) [version 11.0.61219] [installed on 2021-01-08]
Microsoft Visual Studio 2015 :
vsupdate_KB3022398 [version 14.0.25420] [installed on 12/15/2020]
Visual Studio 2010 Prerequisites - English :
KB2413561 [version 1] [installed on 12/14/2020]
178102 - Microsoft Windows Installed Software Version Enumeration
-
Synopsis
Enumerates installed software versions.
Description
This plugin enumerates the installed software version by interrogating information obtained from various registry entries and files on disk. This plugin provides a best guess at the software version and a confidence level for that version.

Note that the versions detected here do not necessarily indicate the actual installed version nor do they necessarily mean that the application is actually installed on the remote host. In some cases there may be artifacts left behind by uninstallers on the system.
Solution
Remove any applications that are not compliant with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2023/07/10, Modified: 2024/07/15
Plugin Output

tcp/445/cifs

report output too big - ending list here

92366 - Microsoft Windows Last Boot Time
-
Synopsis
Nessus was able to collect the remote host's last boot time in a human readable format.
Description
Nessus was able to collect and report the remote host's last boot time as an ISO 8601 timestamp.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/07/09
Plugin Output

tcp/0

Last reboot : 2026-01-09T19:42:06+05:30 (20260109194206.318431+330)

161502 - Microsoft Windows Logged On Users
-
Synopsis
Nessus was able to determine the logged on users from the registry
Description
Using the HKU registry, Nessus was able to enumerate the SIDs of logged on users
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2022/05/25, Modified: 2025/10/01
Plugin Output

tcp/445/cifs

Logged on users :
- S-1-5-21-3087833412-113499397-355877213-500
Domain : MUMPORTAL001
Username : Production
63080 - Microsoft Windows Mounted Devices
-
Synopsis
It is possible to get a list of mounted devices that may have been connected to the remote system in the past.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates mounted devices that have been connected to the remote host in the past.
See Also
Solution
Make sure that the mounted drives agree with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2012/11/28, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


Name : \dosdevices\g:
Data : 4e
Raw data : ba3465920000100000000000

Name : \dosdevices\e:
Data : DMIO:ID:KHt.~R
Raw data : 444d494f3a49443a7f1aac4be4d68248aad374049b2e7e52

Name : \??\volume{7b10cbb4-380d-11eb-b7eb-806e6f6e6963}
Data : \??\USBSTOR#CdRom&Ven_HP&Prod_Virtual_DVD-ROM&Rev_#7&2015f5d&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c00550053004200530054004f00520023004300640052006f006d002600560065006e005f00480050002600500072006f0064005f005600690072007400750061006c005f004400560044002d0052004f004d0026005200650076005f0023003700260032003000310035006600350064002600300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \dosdevices\f:
Data : DMIO:ID:~hTO2QjV
Raw data : 444d494f3a49443a7edc68ad8a54f24fbf325102986a56f8

Name : \dosdevices\i:
Data : DMIO:ID:VGd[
Raw data : 444d494f3a49443ac056eeb6dd19bf47b864f45bd0a0cded

Name : \dosdevices\c:
Data : P
Raw data : 87981cb70000501f00000000

Name : \dosdevices\d:
Data : DMIO:ID:`XJyN
Raw data : 444d494f3a49443aa1de6016b905584a9c05abaf794eb18d

92372 - Microsoft Windows NetBIOS over TCP/IP Info
-
Synopsis
Nessus was able to collect and report NBT information from the remote host.
Description
Nessus was able to collect details for NetBIOS over TCP/IP from the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2025/12/15
Plugin Output

tcp/0

NBT information attached.
First 10 lines of all CSVs:
nbtstat_local.csv:
Interface,Name,Suffix,Type,Status,MAC
172.17.100.60,MUMPORTAL001,<20>,UNIQUE,Registered,00:50:56:BC:47:5E
172.17.100.60,MUMPORTAL001,<00>,UNIQUE,Registered,00:50:56:BC:47:5E
172.17.100.60,WORKGROUP,<00>,GROUP,Registered,00:50:56:BC:47:5E

103871 - Microsoft Windows Network Adapters
-
Synopsis
Identifies the network adapters installed on the remote host.
Description
Using the supplied credentials, this plugin enumerates and reports the installed network adapters on the remote Windows host.
Solution
Make sure that all of the installed network adapters agrees with your organization's acceptable use and security policies.
Risk Factor
None
References
XREF IAVT:0001-T-0758
Plugin Information
Published: 2017/10/17, Modified: 2022/02/01
Plugin Output

tcp/445/cifs

Network Adapter Driver Description : Broadcom NetXtreme Gigabit Ethernet
Network Adapter Driver Version : 17.2.1.0

Network Adapter Driver Description : Broadcom NetXtreme Gigabit Ethernet
Network Adapter Driver Version : 17.2.1.0

Network Adapter Driver Description : Broadcom NetXtreme Gigabit Ethernet
Network Adapter Driver Version : 17.2.1.0

Network Adapter Driver Description : Broadcom NetXtreme Gigabit Ethernet
Network Adapter Driver Version : 17.2.1.0

Network Adapter Driver Description : Intel(R) 82574L Gigabit Network Connection
Network Adapter Driver Version : 12.15.22.6
65791 - Microsoft Windows Portable Devices
-
Synopsis
It is possible to get a list of portable devices that may have been connected to the remote system in the past.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates portable devices that have been connected to the remote host in the past.
See Also
Solution
Make sure that use of the portable devices agrees with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2013/04/03, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


Friendly name : F:\
Device : SWD#WPDBUSENUM#{79DDC812-E31E-11EC-BBD2-005056BC16B3}#0000000008100000

Friendly name : Seagate Expansion Drive
Device : SWD#WPDBUSENUM#{7B10CBAF-380D-11EB-B7EB-806E6F6E6963}#0000000000008000

92367 - Microsoft Windows PowerShell Execution Policy
-
Synopsis
Nessus was able to collect and report the PowerShell execution policy for the remote host.
Description
Nessus was able to collect and report the PowerShell execution policy for the remote Windows host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2020/06/12
Plugin Output

tcp/0

HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy : RemoteSigned
HKLM\SOFTWARE\Wow6432Node\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy : RemoteSigned
70329 - Microsoft Windows Process Information
-
Synopsis
Use WMI to obtain running process information.
Description
Report details on the running processes on the machine.

This plugin is informative only and could be used for forensic investigation, malware detection, and to confirm that your system processes conform to your system policies.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/08, Modified: 2025/12/15
Plugin Output

tcp/0

Process Overview :
SID: Process (PID)
0 : System Idle Process (0)
0 : |- System (4)
0 : |- smss.exe (872)
2 : explorer.exe (11752)
2 : |- Scheduler.exe (3100)
2 : ServerManager.exe (12444)
2 : WScheduler.exe (13180)
1 : winlogon.exe (232)
1 : |- LogonUI.exe (1236)
1 : |- dwm.exe (1244)
0 : wininit.exe (244)
0 : |- services.exe (924)
0 : |- svchost.exe (1072)
2 : |- RuntimeBroker.exe (11292)
2 : |- ShellExperienceHost.exe (12048)
2 : |- SearchUI.exe (12160)
0 : |- unsecapp.exe (12536)
0 : |- WmiPrvSE.exe (16096)
2 : |- ApplicationFrameHost.exe (22596)
0 : |- WmiPrvSE.exe (30400)
0 : |- WmiPrvSE.exe (6056)
0 : |- WmiPrvSE.exe (9272)
0 : |- nxlog.exe (10920)
0 : |- svchost.exe (1136)
2 : |- svchost.exe (11416)
0 : |- SearchIndexer.exe (11984)
0 : |- avpsus.exe (12808)
0 : |- svchost.exe (1288)
2 : |- rdpclip.exe (2292)
0 : |- svchost.exe (1296)
2 : |- sihost.exe (11408)
2 : |- taskhostw.exe (11452)
0 : |- svchost.exe (13364)
0 : |- svchost.exe (1360)
0 : |- svchost.exe (1436)
0 : |- WUDFHost.exe (1780)
0 : |- svchost.exe (1540)
0 : |- svchost.exe (1624)
0 : |- svchost.exe (1760)
0 : |- svchost.exe (1792)
0 : |- svchost.exe (2124)
0 : |- vm3dservice.exe (2192)
1 : |- vm3dservice.exe (3404)
0 : |- svchost.exe (2488)
0 : |- vmtoolsd.exe (2500)
0 : |- svchost.exe (2604)
0 : |- AppinfoMaSvc.exe (2620)
0 : |- svchost.exe (2628)
0 : |- aspnet_state.exe (2656)
0 : |- avp.exe (2692)
2 : |- avpui.exe (7964)
0 : |- svchost.exe (2712)
0 : |- svchost.exe (3004)
0 : |- w3wp.exe (10084)
0 : |- w3wp.exe (11112)
0 : |- w3wp.exe (13436)
0 : |- w3wp.exe (17252)
0 : |- w3wp.exe (21288)
0 : |- w3wp.exe (26800)
0 : |- w3wp.exe (26912)
0 : |- w3wp.exe (28924)
0 : |- w3wp.exe (9328)
0 : |- conhost.exe (9532)
0 : |- sqlwriter.exe (3020)
0 : |- sqlbrowser.exe (3028)
0 : |- SMSvcHost.exe (3052)
0 : |- VGAuthService.exe (3076)
0 : |- vmware-converter.exe (3196)
0 : |- vmware-converter.exe (3204)
0 : |- vmware-converter-a.exe (3212)
0 : |- winvnc4.exe (3320)
1 : |- winvnc4.exe (4444)
0 : |- vmms.exe (3716)
0 : |- MsDtsSrvr.exe (5000)
0 : |- sqlceip.exe (5020)
0 : |- sqlceip.exe (5056)
0 : |- sqlceip.exe (5084)
0 : |- sqlservr.exe (5116)
0 : |- msmdsrv.exe (5480)
0 : |- dllhost.exe (5488)
0 : |- msdtc.exe (6064)
0 : |- vmcompute.exe (6216)
0 : |- klnagent.exe (7360)
0 : |- vapm.exe (13512)
0 : |- fdlauncher.exe (7952)
0 : |- fdhost.exe (8008)
0 : |- conhost.exe (8016)
0 : |- SQLAGENT.EXE (7988)
0 : |- conhost.exe (8064)
0 : |- lsass.exe (960)
1 : csrss.exe (348)
2 : csrss.exe (3708)
2 : winlogon.exe (4984)
2 : |- dwm.exe (10740)
0 : csrss.exe (992)

Process_Information_172.17.100.60.csv : information about the running process.
70331 - Microsoft Windows Process Module Information
-
Synopsis
Use WMI to obtain running process module information.
Description
Report details on the running processes modules on the machine.

This plugin is informative only and could be used for forensic investigation, malware detection, and to that confirm your system processes conform to your system policies.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/08, Modified: 2025/12/15
Plugin Output

tcp/0

Process_Modules_172.17.100.60.csv : lists the loaded modules for each process.

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/80/www


The Win32 process 'System' is listening on this port (pid 4).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/135/epmap


The Win32 process 'svchost.exe' is listening on this port (pid 1136).

This process 'svchost.exe' (pid 1136) is hosting the following Windows services :
RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001)
RpcSs (@combase.dll,-5010)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

udp/137/netbios-ns


The Win32 process 'System' is listening on this port (pid 4).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

udp/138


The Win32 process 'System' is listening on this port (pid 4).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/139/smb


The Win32 process 'System' is listening on this port (pid 4).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/443/www


The Win32 process 'System' is listening on this port (pid 4).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/445/cifs


The Win32 process 'System' is listening on this port (pid 4).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

udp/500


The Win32 process 'svchost.exe' is listening on this port (pid 1296).

This process 'svchost.exe' (pid 1296) is hosting the following Windows services :
CertPropSvc (@%SystemRoot%\System32\certprop.dll,-11)
gpsvc (@gpapi.dll,-112)
IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501)
iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500)
lfsvc (@%SystemRoot%\System32\lfsvc.dll,-1)
MSiSCSI (@%SystemRoot%\system32\iscsidsc.dll,-5000)
ProfSvc (@%systemroot%\system32\profsvc.dll,-300)
Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
SENS (@%SystemRoot%\system32\Sens.dll,-200)
SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026)
ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288)
Themes (@%SystemRoot%\System32\themeservice.dll,-8192)
UserManager (@%systemroot%\system32\usermgr.dll,-100)
Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205)
WpnService (@%SystemRoot%\system32\wpnservice.dll,-1)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/1433/mssql


The Win32 process 'sqlservr.exe' is listening on this port (pid 5116).

This process 'sqlservr.exe' (pid 5116) is hosting the following Windows services :
MSSQLSERVER (SQL Server (MSSQLSERVER))

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

udp/1434


The Win32 process 'sqlbrowser.exe' is listening on this port (pid 3028).

This process 'sqlbrowser.exe' (pid 3028) is hosting the following Windows services :
SQLBrowser (SQL Server Browser)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

udp/1900


The Win32 process 'svchost.exe' is listening on this port (pid 13364).

This process 'svchost.exe' (pid 13364) is hosting the following Windows services :
SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/2179


The Win32 process 'vmms.exe' is listening on this port (pid 3716).

This process 'vmms.exe' (pid 3716) is hosting the following Windows services :
vmms (@%systemroot%\system32\vmms.exe,-10)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/2383


The Win32 process 'msmdsrv.exe' is listening on this port (pid 5480).

This process 'msmdsrv.exe' (pid 5480) is hosting the following Windows services :
MSSQLServerOLAPService (SQL Server Analysis Services (MSSQLSERVER))

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/3389/msrdp


The Win32 process 'svchost.exe' is listening on this port (pid 1288).

This process 'svchost.exe' (pid 1288) is hosting the following Windows services :
TermService (Remote Desktop Services)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

udp/3389


The Win32 process 'svchost.exe' is listening on this port (pid 1288).

This process 'svchost.exe' (pid 1288) is hosting the following Windows services :
TermService (Remote Desktop Services)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

udp/3544


The Win32 process 'svchost.exe' is listening on this port (pid 1296).

This process 'svchost.exe' (pid 1296) is hosting the following Windows services :
CertPropSvc (@%SystemRoot%\System32\certprop.dll,-11)
gpsvc (@gpapi.dll,-112)
IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501)
iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500)
lfsvc (@%SystemRoot%\System32\lfsvc.dll,-1)
MSiSCSI (@%SystemRoot%\system32\iscsidsc.dll,-5000)
ProfSvc (@%systemroot%\system32\profsvc.dll,-300)
Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
SENS (@%SystemRoot%\system32\Sens.dll,-200)
SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026)
ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288)
Themes (@%SystemRoot%\System32\themeservice.dll,-8192)
UserManager (@%systemroot%\system32\usermgr.dll,-100)
Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205)
WpnService (@%SystemRoot%\system32\wpnservice.dll,-1)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

udp/4500


The Win32 process 'svchost.exe' is listening on this port (pid 1296).

This process 'svchost.exe' (pid 1296) is hosting the following Windows services :
CertPropSvc (@%SystemRoot%\System32\certprop.dll,-11)
gpsvc (@gpapi.dll,-112)
IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501)
iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500)
lfsvc (@%SystemRoot%\System32\lfsvc.dll,-1)
MSiSCSI (@%SystemRoot%\system32\iscsidsc.dll,-5000)
ProfSvc (@%systemroot%\system32\profsvc.dll,-300)
Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
SENS (@%SystemRoot%\system32\Sens.dll,-200)
SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026)
ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288)
Themes (@%SystemRoot%\System32\themeservice.dll,-8192)
UserManager (@%systemroot%\system32\usermgr.dll,-100)
Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205)
WpnService (@%SystemRoot%\system32\wpnservice.dll,-1)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

udp/5050


The Win32 process 'svchost.exe' is listening on this port (pid 1540).

This process 'svchost.exe' (pid 1540) is hosting the following Windows services :
CDPSvc (@%SystemRoot%\system32\cdpsvc.dll,-100)
EventSystem (@comres.dll,-2450)
FontCache (@%systemroot%\system32\FntCache.dll,-100)
LicenseManager (@%SystemRoot%\system32\licensemanagersvc.dll,-200)
netprofm (@%SystemRoot%\system32\netprofmsvc.dll,-202)
nsi (@%SystemRoot%\system32\nsisvc.dll,-200)
RemoteRegistry (Remote Registry)
WinHttpAutoProxySvc (@%SystemRoot%\system32\winhttp.dll,-100)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

udp/5353


The Win32 process 'svchost.exe' is listening on this port (pid 1760).

This process 'svchost.exe' (pid 1760) is hosting the following Windows services :
CryptSvc (@%SystemRoot%\system32\cryptsvc.dll,-1001)
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)
LanmanWorkstation (@%systemroot%\system32\wkssvc.dll,-100)
NlaSvc (@%SystemRoot%\System32\nlasvc.dll,-1)
WinRM (@%Systemroot%\system32\wsmsvc.dll,-101)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

udp/5355/llmnr


The Win32 process 'svchost.exe' is listening on this port (pid 1760).

This process 'svchost.exe' (pid 1760) is hosting the following Windows services :
CryptSvc (@%SystemRoot%\system32\cryptsvc.dll,-1001)
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)
LanmanWorkstation (@%systemroot%\system32\wkssvc.dll,-100)
NlaSvc (@%SystemRoot%\System32\nlasvc.dll,-1)
WinRM (@%Systemroot%\system32\wsmsvc.dll,-101)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/5800/www


The Win32 process 'winvnc4.exe' is listening on this port (pid 4444).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/5900/vnc


The Win32 process 'winvnc4.exe' is listening on this port (pid 4444).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/5985/www


The Win32 process 'System' is listening on this port (pid 4).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

udp/15000


The Win32 process 'klnagent.exe' is listening on this port (pid 7360).

This process 'klnagent.exe' (pid 7360) is hosting the following Windows services :
klnagent (Kaspersky Security Center Network Agent)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/47001/www


The Win32 process 'System' is listening on this port (pid 4).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/49664/dce-rpc


The Win32 process 'wininit.exe' is listening on this port (pid 244).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/49665/dce-rpc


The Win32 process 'svchost.exe' is listening on this port (pid 1360).

This process 'svchost.exe' (pid 1360) is hosting the following Windows services :
Dhcp (@%SystemRoot%\system32\dhcpcore.dll,-100)
EventLog (@%SystemRoot%\system32\wevtsvc.dll,-200)
lmhosts (@%SystemRoot%\system32\lmhsvc.dll,-101)
TimeBrokerSvc (@%windir%\system32\TimeBrokerServer.dll,-1001)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/49666/dce-rpc


The Win32 process 'svchost.exe' is listening on this port (pid 1296).

This process 'svchost.exe' (pid 1296) is hosting the following Windows services :
CertPropSvc (@%SystemRoot%\System32\certprop.dll,-11)
gpsvc (@gpapi.dll,-112)
IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501)
iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500)
lfsvc (@%SystemRoot%\System32\lfsvc.dll,-1)
MSiSCSI (@%SystemRoot%\system32\iscsidsc.dll,-5000)
ProfSvc (@%systemroot%\system32\profsvc.dll,-300)
Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
SENS (@%SystemRoot%\system32\Sens.dll,-200)
SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026)
ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288)
Themes (@%SystemRoot%\System32\themeservice.dll,-8192)
UserManager (@%systemroot%\system32\usermgr.dll,-100)
Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205)
WpnService (@%SystemRoot%\system32\wpnservice.dll,-1)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/49667/dce-rpc


The Win32 process 'svchost.exe' is listening on this port (pid 2488).

This process 'svchost.exe' (pid 2488) is hosting the following Windows services :
PolicyAgent (@%SystemRoot%\System32\polstore.dll,-5010)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/49669/dce-rpc


The Win32 process 'services.exe' is listening on this port (pid 924).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/49692/dce-rpc


The Win32 process 'lsass.exe' is listening on this port (pid 960).

This process 'lsass.exe' (pid 960) is hosting the following Windows services :
KeyIso (@keyiso.dll,-100)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
VaultSvc (@%SystemRoot%\system32\vaultsvc.dll,-1003)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/49834/www


The Win32 process 'AppinfoMaSvc.exe' is listening on this port (pid 2620).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

udp/52521


The Win32 process 'svchost.exe' is listening on this port (pid 1296).

This process 'svchost.exe' (pid 1296) is hosting the following Windows services :
CertPropSvc (@%SystemRoot%\System32\certprop.dll,-11)
gpsvc (@gpapi.dll,-112)
IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501)
iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500)
lfsvc (@%SystemRoot%\System32\lfsvc.dll,-1)
MSiSCSI (@%SystemRoot%\system32\iscsidsc.dll,-5000)
ProfSvc (@%systemroot%\system32\profsvc.dll,-300)
Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
SENS (@%SystemRoot%\system32\Sens.dll,-200)
SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026)
ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288)
Themes (@%SystemRoot%\System32\themeservice.dll,-8192)
UserManager (@%systemroot%\system32\usermgr.dll,-100)
Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205)
WpnService (@%SystemRoot%\system32\wpnservice.dll,-1)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

udp/57946


The Win32 process 'nxlog.exe' is listening on this port (pid 10920).

This process 'nxlog.exe' (pid 10920) is hosting the following Windows services :
nxlog (NXLog)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

udp/63666


The Win32 process 'svchost.exe' is listening on this port (pid 13364).

This process 'svchost.exe' (pid 13364) is hosting the following Windows services :
SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)

126527 - Microsoft Windows SAM user enumeration
-
Synopsis
Nessus was able to enumerate domain users from the local SAM.
Description
Using the domain security identifier (SID), Nessus was able to enumerate the domain users on the remote Windows system using the Security Accounts Manager.

Note: Unable to obtain SMB SAMR user data during Agent scans.
Rendering User data obtained by plugin 171956
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2019/07/08, Modified: 2025/06/04
Plugin Output

tcp/0

- ___VMware_Conv_SA___ (id S-1-5-21-3087833412-113499397-1014, ___VMware_Conv_SA___, Dedicated User to run VMware Converter Standalone server jobs.)
- admin (id S-1-5-21-3087833412-113499397-1025)
- commoniis (id S-1-5-21-3087833412-113499397-1021, commoniis)
- CommonProduction (id S-1-5-21-3087833412-113499397-1022, CommonProduction)
- Complaince (id S-1-5-21-3087833412-113499397-1018, Complaince Dept.)
- compliance (id S-1-5-21-3087833412-113499397-1024, compliance)
- DefaultAccount (id S-1-5-21-3087833412-113499397-503, A user account managed by the system.)
- Guest (id S-1-5-21-3087833412-113499397-501, Built-in account for guest access to the computer/domain, Guest account)
- IIS_USERS (id S-1-5-21-3087833412-113499397-1023, IIS_USERS)
- Lkpadmin (id S-1-5-21-3087833412-113499397-1000, Lkpadmin)
- mssqlserver_user$ (id S-1-5-21-3087833412-113499397-1020)
- Production (id S-1-5-21-3087833412-113499397-500, Administrator account, Built-in account for administering the computer/domain)
- RMS (id S-1-5-21-3087833412-113499397-1017, Rms Dept)
- sahil (id S-1-5-21-3087833412-113499397-1015, Access for CDSL_AllocationFile)
- tidua (id S-1-5-21-3087833412-113499397-1019, Audit)

17651 - Microsoft Windows SMB : Obtains the Password Policy
-
Synopsis
It is possible to retrieve the remote host's password policy using the supplied credentials.
Description
Using the supplied credentials it was possible to extract the password policy for the remote Windows host. The password policy must conform to the Informational System Policy.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/03/30, Modified: 2015/01/12
Plugin Output

tcp/445/cifs

The following password policy is defined on the remote host:

Minimum password len: 0
Password history len: 0
Maximum password age (d): 42
Password must meet complexity requirements: Enabled
Minimum password age (d): 0
Forced logoff time (s): Not set
Locked account time (s): 1800
Time between failed logon (s): 1800
Number of invalid logon before locked out (s): 0
50859 - Microsoft Windows SMB : WSUS Client Configured
-
Synopsis
The remote Windows host is utilizing a WSUS server.
Description
The remote host is configured to utilize a Windows Server Update Services (WSUS) server.
See Also
Solution
Verify the remote host is configured to utilize the correct WSUS server.
Risk Factor
None
Plugin Information
Published: 2010/12/01, Modified: 2018/11/15
Plugin Output

tcp/445/cifs


This host is configured to get updates from the following WSUS server :

http://localhost:1550

WSUS Environment Options :

ElevateNonAdmins : undefined
TargetGroup : Automatic Windows Update Policy
TargetGroupEnabled : 1

Automatic Update settings :

AUOptions : 2
AutoInstallMinorUpdates : 0
DetectionFrequency : 22
DetectionFrequencyEnabled : 1
NoAutoRebootWithLoggedOnUsers : 1
NoAutoUpdate : 1
RebootRelaunchTimeout : undefined
RebootRelaunchTimeoutEnabled : undefined
RebootWarningTimeout : undefined
RebootWarningTimeoutEnabled : undefined
RescheduleWaitTime : undefined
RescheduleWaitTimeEnabled : 0
ScheduledInstallDay : 0
ScheduledInstallTime : 10
38689 - Microsoft Windows SMB Last Logged On User Disclosure
-
Synopsis
Nessus was able to identify the last logged on user on the remote host.
Description
By connecting to the remote host with the supplied credentials, Nessus was able to identify the username associated with the last successful logon.

Microsoft documentation notes that interactive console logons change the DefaultUserName registry entry to be the last logged-on user.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/05/05, Modified: 2019/09/02
Plugin Output

tcp/445/cifs


Last Successful logon : .\Production
10394 - Microsoft Windows SMB Log In Possible
-
Synopsis
It was possible to log into the remote host.
Description
The remote host is running a Microsoft Windows operating system or Samba, a CIFS/SMB server for Unix. It was possible to log into it using one of the following accounts :

- Guest account
- Supplied credentials
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2000/05/09, Modified: 2025/07/21
Plugin Output

tcp/445/cifs

- The SMB tests will be done as tidua/******
10859 - Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration
-
Synopsis
It is possible to obtain the host SID for the remote host.
Description
By emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the host SID (Security Identifier).

The host SID can then be used to get the list of local users.
See Also
Solution
You can prevent anonymous lookups of the host SID by setting the 'RestrictAnonymous' registry setting to an appropriate value.

Refer to the 'See also' section for guidance.
Risk Factor
None
Plugin Information
Published: 2002/02/13, Modified: 2024/01/31
Plugin Output

tcp/445/cifs


The remote host SID value is : S-1-5-21-3087833412-113499397-355877213

The value of 'RestrictAnonymous' setting is : 0
10785 - Microsoft Windows SMB NativeLanManager Remote System Information Disclosure
-
Synopsis
It was possible to obtain information about the remote operating system.
Description
Nessus was able to obtain the remote operating system name and version (Windows and/or Samba) by sending an authentication request to port 139 or 445. Note that this plugin requires SMB to be enabled on the host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/10/17, Modified: 2021/09/20
Plugin Output

tcp/445/cifs

The remote Operating System is : Windows Server 2016 Datacenter 14393
The remote native LAN manager is : Windows Server 2016 Datacenter 6.3
The remote SMB Domain Name is : MUMPORTAL001
48942 - Microsoft Windows SMB Registry : OS Version and Processor Architecture
-
Synopsis
It was possible to determine the processor architecture, build lab strings, and Windows OS version installed on the remote system.
Description
Nessus was able to determine the processor architecture, build lab strings, and the Windows OS version installed on the remote system by connecting to the remote registry with the supplied credentials.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/08/31, Modified: 2022/02/01
Plugin Output

tcp/445/cifs

Operating system version = 10.14393
Architecture = x64
Build lab extended = 14393.4225.amd64fre.rs1_release.210127-1811
11457 - Microsoft Windows SMB Registry : Winlogon Cached Password Weakness
-
Synopsis
User credentials are stored in memory.
Description
The registry key 'HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ Winlogon\CachedLogonsCount' is not 0. Using a value greater than 0 for the CachedLogonsCount key indicates that the remote Windows host locally caches the passwords of the users when they login, in order to continue to allow the users to login in the case of the failure of the primary domain controller (PDC).

Cached logon credentials could be accessed by an attacker and subjected to brute force attacks.
See Also
Solution
Consult Microsoft documentation and best practices.
Risk Factor
None
Plugin Information
Published: 2003/03/24, Modified: 2018/06/05
Plugin Output

tcp/445/cifs


Max cached logons : 10
10400 - Microsoft Windows SMB Registry Remotely Accessible
-
Synopsis
Access the remote Windows Registry.
Description
It was possible to access the remote Windows Registry using the login / password combination used for the Windows local checks (SMB tests).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2000/05/09, Modified: 2025/12/16
Plugin Output

tcp/445/cifs

44401 - Microsoft Windows SMB Service Config Enumeration
-
Synopsis
It was possible to enumerate configuration parameters of remote services.
Description
Nessus was able to obtain, via the SMB protocol, the launch parameters of each active service on the remote host (executable path, logon type, etc.).
Solution
Ensure that each service is configured properly.
Risk Factor
None
References
XREF IAVT:0001-T-0752
Plugin Information
Published: 2010/02/05, Modified: 2022/05/16
Plugin Output

tcp/445/cifs


The following services are set to start automatically :

AVP.KES.21.15 startup parameters :
Display name : Kaspersky Endpoint Security Service (KES.21.15)
Service name : AVP.KES.21.15
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Kaspersky Lab\KES.12.3.0\avp.exe" -r

AppHostSvc startup parameters :
Display name : Application Host Helper Service
Service name : AppHostSvc
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k apphost

BFE startup parameters :
Display name : Base Filtering Engine
Service name : BFE
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Dependencies : RpcSs/

BITS startup parameters :
Display name : Background Intelligent Transfer Service
Service name : BITS
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RpcSs/

BrokerInfrastructure startup parameters :
Display name : Background Tasks Infrastructure Service
Service name : BrokerInfrastructure
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch
Dependencies : RpcEptMapper/DcomLaunch/RpcSs/

CDPSvc startup parameters :
Display name : Connected Devices Platform Service
Service name : CDPSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService

CDPUserSvc_a30a9 startup parameters :
Display name : CDPUserSvc_a30a9
Service name : CDPUserSvc_a30a9
Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup

CoreMessagingRegistrar startup parameters :
Display name : CoreMessaging
Service name : CoreMessagingRegistrar
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Dependencies : rpcss/

CryptSvc startup parameters :
Display name : Cryptographic Services
Service name : CryptSvc
Log on as : NT Authority\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkService
Dependencies : RpcSs/

DPS startup parameters :
Display name : Diagnostic Policy Service
Service name : DPS
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

DcomLaunch startup parameters :
Display name : DCOM Server Process Launcher
Service name : DcomLaunch
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch

Dhcp startup parameters :
Display name : DHCP Client
Service name : Dhcp
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : NSI/Tdx/Afd/

DiagTrack startup parameters :
Display name : Connected User Experiences and Telemetry
Service name : DiagTrack
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k utcsvc
Dependencies : RpcSs/

Dnscache startup parameters :
Display name : DNS Client
Service name : Dnscache
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkService
Dependencies : Tdx/nsi/

EventLog startup parameters :
Display name : Windows Event Log
Service name : EventLog
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

EventSystem startup parameters :
Display name : COM+ Event System
Service name : EventSystem
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : rpcss/

FontCache startup parameters :
Display name : Windows Font Cache Service
Service name : FontCache
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService

IISADMIN startup parameters :
Display name : IIS Admin Service
Service name : IISADMIN
Log on as : localSystem
Executable path : C:\Windows\system32\inetsrv\inetinfo.exe
Dependencies : RPCSS/SamSS/HTTP/

IKEEXT startup parameters :
Display name : IKE and AuthIP IPsec Keying Modules
Service name : IKEEXT
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : BFE/nsi/

LSM startup parameters :
Display name : Local Session Manager
Service name : LSM
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch
Dependencies : RpcEptMapper/DcomLaunch/RpcSs/

LanmanServer startup parameters :
Display name : Server
Service name : LanmanServer
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k smbsvcs
Dependencies : SamSS/Srv2/

LanmanWorkstation startup parameters :
Display name : Workstation
Service name : LanmanWorkstation
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService
Dependencies : Bowser/MRxSmb20/NSI/

MSDTC startup parameters :
Display name : Distributed Transaction Coordinator
Service name : MSDTC
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\msdtc.exe
Dependencies : RPCSS/SamSS/

MSSQLSERVER startup parameters :
Display name : SQL Server (MSSQLSERVER)
Service name : MSSQLSERVER
Log on as : NT Service\MSSQLSERVER
Executable path : "C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
Dependencies : KEYISO/

MSSQLServerOLAPService startup parameters :
Display name : SQL Server Analysis Services (MSSQLSERVER)
Service name : MSSQLServerOLAPService
Log on as : NT Service\MSSQLServerOLAPService
Executable path : "C:\Program Files\Microsoft SQL Server\MSAS15.MSSQLSERVER\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSAS12.MSSQLSERVER\OLAP\Config"

MSiSCSI startup parameters :
Display name : Microsoft iSCSI Initiator Service
Service name : MSiSCSI
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs

MapsBroker startup parameters :
Display name : Downloaded Maps Manager
Service name : MapsBroker
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService
Dependencies : rpcss/

MpsSvc startup parameters :
Display name : Windows Firewall
Service name : MpsSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Dependencies : mpsdrv/bfe/

MsDtsServer120 startup parameters :
Display name : SQL Server Integration Services 12.0
Service name : MsDtsServer120
Log on as : NT Service\MsDtsServer120
Executable path : "C:\Program Files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe"

MsDtsServer150 startup parameters :
Display name : SQL Server Integration Services 15.0
Service name : MsDtsServer150
Log on as : NT Service\MsDtsServer150
Executable path : "C:\Program Files\Microsoft SQL Server\150\DTS\Binn\MsDtsSrvr.exe"

NetMsmqActivator startup parameters :
Display name : Net.Msmq Listener Adapter
Service name : NetMsmqActivator
Log on as : NT AUTHORITY\NetworkService
Executable path : "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" -NetMsmqActivator
Dependencies : was/msmq/

NetPipeActivator startup parameters :
Display name : Net.Pipe Listener Adapter
Service name : NetPipeActivator
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
Dependencies : was/

NetTcpActivator startup parameters :
Display name : Net.Tcp Listener Adapter
Service name : NetTcpActivator
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
Dependencies : was/NetTcpPortSharing/

NlaSvc startup parameters :
Display name : Network Location Awareness
Service name : NlaSvc
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService
Dependencies : NSI/RpcSs/TcpIp/Dhcp/Eventlog/

OneSyncSvc_a30a9 startup parameters :
Display name : Sync Host_a30a9
Service name : OneSyncSvc_a30a9
Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup

PcaSvc startup parameters :
Display name : Program Compatibility Assistant Service
Service name : PcaSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/

Power startup parameters :
Display name : Power
Service name : Power
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch

ProfSvc startup parameters :
Display name : User Profile Service
Service name : ProfSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RpcSs/

RpcEptMapper startup parameters :
Display name : RPC Endpoint Mapper
Service name : RpcEptMapper
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k RPCSS

RpcSs startup parameters :
Display name : Remote Procedure Call (RPC)
Service name : RpcSs
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k rpcss
Dependencies : RpcEptMapper/DcomLaunch/

SENS startup parameters :
Display name : System Event Notification Service
Service name : SENS
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : EventSystem/

SQLBrowser startup parameters :
Display name : SQL Server Browser
Service name : SQLBrowser
Log on as : NT AUTHORITY\LOCALSERVICE
Executable path : "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe"

SQLSERVERAGENT startup parameters :
Display name : SQL Server Agent (MSSQLSERVER)
Service name : SQLSERVERAGENT
Log on as : NT Service\SQLSERVERAGENT
Executable path : "C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -i MSSQLSERVER
Dependencies : MSSQLSERVER/

SQLTELEMETRY startup parameters :
Display name : SQL Server CEIP service (MSSQLSERVER)
Service name : SQLTELEMETRY
Log on as : NT Service\SQLTELEMETRY
Executable path : "C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlceip.exe" -Service

SQLWriter startup parameters :
Display name : SQL Server VSS Writer
Service name : SQLWriter
Log on as : LocalSystem
Executable path : "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"

SSASTELEMETRY startup parameters :
Display name : SQL Server Analysis Services CEIP (MSSQLSERVER)
Service name : SSASTELEMETRY
Log on as : NT Service\SSASTELEMETRY
Executable path : "C:\Program Files\Microsoft SQL Server\MSAS15.MSSQLSERVER\OLAP\Bin\sqlceip.exe" -Service MSSQLSERVER MSAS

SSISTELEMETRY150 startup parameters :
Display name : SQL Server Integration Services CEIP service 15.0
Service name : SSISTELEMETRY150
Log on as : NT Service\SSISTELEMETRY150
Executable path : "C:\Program Files\Microsoft SQL Server\150\DTS\Binn\sqlceip.exe" -Service default MSIS

SamSs startup parameters :
Display name : Security Accounts Manager
Service name : SamSs
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : RPCSS/

Schedule startup parameters :
Display name : Task Scheduler
Service name : Schedule
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RPCSS/SystemEventsBroker/

ShellHWDetection startup parameters :
Display name : Shell Hardware Detection
Service name : ShellHWDetection
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RpcSs/

SystemEventsBroker startup parameters :
Display name : System Events Broker
Service name : SystemEventsBroker
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch
Dependencies : RpcEptMapper/RpcSs/

TermService startup parameters :
Display name : Remote Desktop Services
Service name : TermService
Log on as : NT Authority\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k termsvcs
Dependencies : RPCSS/

Themes startup parameters :
Display name : Themes
Service name : Themes
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs

TrkWks startup parameters :
Display name : Distributed Link Tracking Client
Service name : TrkWks
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/

UALSVC startup parameters :
Display name : User Access Logging Service
Service name : UALSVC
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : WinMgmt/

UserManager startup parameters :
Display name : User Manager
Service name : UserManager
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RpcSs/ProfSvc/

VGAuthService startup parameters :
Display name : VMware Alias Manager and Ticket Service
Service name : VGAuthService
Log on as : LocalSystem
Executable path : "C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe"

VMTools startup parameters :
Display name : VMware Tools
Service name : VMTools
Log on as : LocalSystem
Executable path : "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe"

W3SVC startup parameters :
Display name : World Wide Web Publishing Service
Service name : W3SVC
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k iissvcs
Dependencies : WAS/HTTP/

WSearch startup parameters :
Display name : Windows Search
Service name : WSearch
Log on as : LocalSystem
Executable path : C:\Windows\system32\SearchIndexer.exe /Embedding
Dependencies : RPCSS/

WbioSrvc startup parameters :
Display name : Windows Biometric Service
Service name : WbioSrvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k WbioSvcGroup
Dependencies : RpcSs/WUDFSvc/

Wcmsvc startup parameters :
Display name : Windows Connection Manager
Service name : Wcmsvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : RpcSs/

WinRM startup parameters :
Display name : Windows Remote Management (WS-Management)
Service name : WinRM
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService
Dependencies : RPCSS/HTTP/

WinVNC4 startup parameters :
Display name : VNC Server Version 4
Service name : WinVNC4
Log on as : LocalSystem
Executable path : "C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service

Winmgmt startup parameters :
Display name : Windows Management Instrumentation
Service name : Winmgmt
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RPCSS/

WpnService startup parameters :
Display name : Windows Push Notifications System Service
Service name : WpnService
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : rpcss/

aspnet_state startup parameters :
Display name : ASP.NET State Service
Service name : aspnet_state
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

avpsus.KES.21.15 startup parameters :
Display name : Kaspersky Seamless Update Service (KES.21.15)
Service name : avpsus.KES.21.15
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Kaspersky Lab\KES.12.3.0\avpsus.exe"

gpsvc startup parameters :
Display name : Group Policy Client
Service name : gpsvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RPCSS/Mup/

iphlpsvc startup parameters :
Display name : IP Helper
Service name : iphlpsvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k NetSvcs
Dependencies : RpcSS/Tdx/winmgmt/tcpip/nsi/WinHttpAutoProxySvc/

klnagent startup parameters :
Display name : Kaspersky Security Center Network Agent
Service name : klnagent
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe"

nsi startup parameters :
Display name : Network Store Interface Service
Service name : nsi
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : rpcss/nsiproxy/

nxlog startup parameters :
Display name : nxlog
Service name : nxlog
Log on as : LocalSystem
Executable path : "C:\Program Files\nxlog\nxlog.exe" -c "C:\Program Files\nxlog\conf\nxlog.conf"
Dependencies : eventlog/

sppsvc startup parameters :
Display name : Software Protection
Service name : sppsvc
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\sppsvc.exe
Dependencies : RpcSs/

tiledatamodelsvc startup parameters :
Display name : Tile Data model server
Service name : tiledatamodelsvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k appmodel
Dependencies : rpcss/staterepository/

vm3dservice startup parameters :
Display name : VMware SVGA Helper Service
Service name : vm3dservice
Log on as : LocalSystem
Executable path : C:\Windows\system32\vm3dservice.exe

vmms startup parameters :
Display name : Hyper-V Virtual Machine Management
Service name : vmms
Log on as : LocalSystem
Executable path : C:\Windows\system32\vmms.exe
Dependencies : RPCSS/WINMGMT/

vmware-converter-agent startup parameters :
Display name : VMware vCenter Converter Standalone Agent
Service name : vmware-converter-agent
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe" -s "C:\ProgramData\VMware\VMware vCenter Converter Standalone\converter-agent.xml"

vmware-converter-server startup parameters :
Display name : VMware vCenter Converter Standalone Server
Service name : vmware-converter-server
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe" -s "C:\ProgramData\VMware\VMware vCenter Converter Standalone\converter-server.xml"
Dependencies : lanmanworkstation/

vmware-converter-worker startup parameters :
Display name : VMware vCenter Converter Standalone Worker
Service name : vmware-converter-worker
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe" -s "C:\ProgramData\VMware\VMware vCenter Converter Standalone\converter-worker.xml"

The following services must be started manually :

AJRouter startup parameters :
Display name : AllJoyn Router Service
Service name : AJRouter
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted

ALG startup parameters :
Display name : Application Layer Gateway Service
Service name : ALG
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\alg.exe

AppIDSvc startup parameters :
Display name : Application Identity
Service name : AppIDSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : RpcSs/AppID/CryptSvc/

AppMgmt startup parameters :
Display name : Application Management
Service name : AppMgmt
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs

AppReadiness startup parameters :
Display name : App Readiness
Service name : AppReadiness
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k AppReadiness

AppXSvc startup parameters :
Display name : AppX Deployment Service (AppXSVC)
Service name : AppXSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k wsappx
Dependencies : rpcss/staterepository/

Appinfo startup parameters :
Display name : Application Information
Service name : Appinfo
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RpcSs/ProfSvc/

AudioEndpointBuilder startup parameters :
Display name : Windows Audio Endpoint Builder
Service name : AudioEndpointBuilder
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

Audiosrv startup parameters :
Display name : Windows Audio
Service name : Audiosrv
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : AudioEndpointBuilder/RpcSs/

AxInstSV startup parameters :
Display name : ActiveX Installer (AxInstSV)
Service name : AxInstSV
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k AxInstSVGroup
Dependencies : rpcss/

COMSysApp startup parameters :
Display name : COM+ System Application
Service name : COMSysApp
Log on as : LocalSystem
Executable path : C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Dependencies : RpcSs/EventSystem/SENS/

CertPropSvc startup parameters :
Display name : Certificate Propagation
Service name : CertPropSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RpcSs/

ClipSVC startup parameters :
Display name : Client License Service (ClipSVC)
Service name : ClipSVC
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k wsappx
Dependencies : rpcss/

DcpSvc startup parameters :
Display name : DataCollectionPublishingService
Service name : DcpSvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs

DevQueryBroker startup parameters :
Display name : DevQuery Background Discovery Broker
Service name : DevQueryBroker
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

DeviceAssociationService startup parameters :
Display name : Device Association Service
Service name : DeviceAssociationService
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

DeviceInstall startup parameters :
Display name : Device Install Service
Service name : DeviceInstall
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch

DmEnrollmentSvc startup parameters :
Display name : Device Management Enrollment Service
Service name : DmEnrollmentSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : rpcss/

DsSvc startup parameters :
Display name : Data Sharing Service
Service name : DsSvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

DsmSvc startup parameters :
Display name : Device Setup Manager
Service name : DsmSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RpcSs/

EFS startup parameters :
Display name : Encrypting File System (EFS)
Service name : EFS
Log on as : LocalSystem
Executable path : C:\Windows\System32\lsass.exe
Dependencies : RPCSS/

Eaphost startup parameters :
Display name : Extensible Authentication Protocol
Service name : Eaphost
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RPCSS/KeyIso/

EntAppSvc startup parameters :
Display name : Enterprise App Management Service
Service name : EntAppSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k appmodel
Dependencies : rpcss/

FDResPub startup parameters :
Display name : Function Discovery Resource Publication
Service name : FDResPub
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Dependencies : RpcSs/http/

FontCache3.0.0.0 startup parameters :
Display name : Windows Presentation Foundation Font Cache 3.0.0.0
Service name : FontCache3.0.0.0
Log on as : NT Authority\LocalService
Executable path : C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

FrameServer startup parameters :
Display name : Windows Camera Frame Server
Service name : FrameServer
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k Camera
Dependencies : rpcss/

HvHost startup parameters :
Display name : HV Host Service
Service name : HvHost
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : hvservice/

KPSSVC startup parameters :
Display name : KDC Proxy Server service (KPS)
Service name : KPSSVC
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k KpsSvcGroup
Dependencies : rpcss/http/

KeyIso startup parameters :
Display name : CNG Key Isolation
Service name : KeyIso
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : RpcSs/

KtmRm startup parameters :
Display name : KtmRm for Distributed Transaction Coordinator
Service name : KtmRm
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation
Dependencies : RPCSS/SamSS/

LicenseManager startup parameters :
Display name : Windows License Manager Service
Service name : LicenseManager
Log on as : NT Authority\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalService
Dependencies : rpcss/

MSSQL$SQLEXPRESS startup parameters :
Display name : SQL Server (SQLEXPRESS)
Service name : MSSQL$SQLEXPRESS
Log on as : NT AUTHORITY\NETWORK SERVICE
Executable path : "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS

MSSQLFDLauncher startup parameters :
Display name : SQL Full-text Filter Daemon Launcher (MSSQLSERVER)
Service name : MSSQLFDLauncher
Log on as : NT Service\MSSQLFDLauncher
Executable path : "C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe" -s MSSQL15.MSSQLSERVER

NcaSvc startup parameters :
Display name : Network Connectivity Assistant
Service name : NcaSvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k NetSvcs
Dependencies : BFE/dnscache/NSI/iphlpsvc/

NcbService startup parameters :
Display name : Network Connection Broker
Service name : NcbService
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSS/tcpip/

NetSetupSvc startup parameters :
Display name : Network Setup Service
Service name : NetSetupSvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RpcSs/

NetTcpPortSharing startup parameters :
Display name : Net.Tcp Port Sharing Service
Service name : NetTcpPortSharing
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

Netlogon startup parameters :
Display name : Netlogon
Service name : Netlogon
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : LanmanWorkstation/

Netman startup parameters :
Display name : Network Connections
Service name : Netman
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/nsi/

NgcCtnrSvc startup parameters :
Display name : Microsoft Passport Container
Service name : NgcCtnrSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : RpcSs/

NgcSvc startup parameters :
Display name : Microsoft Passport
Service name : NgcSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/

PerfHost startup parameters :
Display name : Performance Counter DLL Host
Service name : PerfHost
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\SysWow64\perfhost.exe
Dependencies : RPCSS/

PhoneSvc startup parameters :
Display name : Phone Service
Service name : PhoneSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : RpcSs/

PimIndexMaintenanceSvc_a30a9 startup parameters :
Display name : Contact Data_a30a9
Service name : PimIndexMaintenanceSvc_a30a9
Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup

PlugPlay startup parameters :
Display name : Plug and Play
Service name : PlugPlay
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch

PolicyAgent startup parameters :
Display name : IPsec Policy Agent
Service name : PolicyAgent
Log on as : NT Authority\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
Dependencies : Tcpip/bfe/

PrintNotify startup parameters :
Display name : Printer Extensions and Notifications
Service name : PrintNotify
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k print
Dependencies : RpcSs/

QWAVE startup parameters :
Display name : Quality Windows Audio Video Experience
Service name : QWAVE
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Dependencies : rpcss/psched/QWAVEdrv/LLTDIO/

RSoPProv startup parameters :
Display name : Resultant Set of Policy Provider
Service name : RSoPProv
Log on as : LocalSystem
Executable path : C:\Windows\system32\RSoPProv.exe
Dependencies : RPCSS/

RasAuto startup parameters :
Display name : Remote Access Auto Connection Manager
Service name : RasAuto
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RasAcd/

RasMan startup parameters :
Display name : Remote Access Connection Manager
Service name : RasMan
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : SstpSvc/

RemoteRegistry startup parameters :
Display name : Remote Registry
Service name : RemoteRegistry
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k localService
Dependencies : RPCSS/

RmSvc startup parameters :
Display name : Radio Management Service
Service name : RmSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : RpcSs/

RpcLocator startup parameters :
Display name : Remote Procedure Call (RPC) Locator
Service name : RpcLocator
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\locator.exe

SCPolicySvc startup parameters :
Display name : Smart Card Removal Policy
Service name : SCPolicySvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RpcSs/

SNMPTRAP startup parameters :
Display name : SNMP Trap
Service name : SNMPTRAP
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\snmptrap.exe

SQL Server Distributed Replay Client startup parameters :
Display name : SQL Server Distributed Replay Client
Service name : SQL Server Distributed Replay Client
Log on as : NT Service\SQL Server Distributed Replay Client
Executable path : "C:\Program Files (x86)\Microsoft SQL Server\150\Tools\DReplayClient\DReplayClient.exe"

SQL Server Distributed Replay Controller startup parameters :
Display name : SQL Server Distributed Replay Controller
Service name : SQL Server Distributed Replay Controller
Log on as : NT Service\SQL Server Distributed Replay Controller
Executable path : "C:\Program Files (x86)\Microsoft SQL Server\150\Tools\DReplayController\DReplayController.exe"

SSDPSRV startup parameters :
Display name : SSDP Discovery
Service name : SSDPSRV
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Dependencies : HTTP/

ScDeviceEnum startup parameters :
Display name : Smart Card Device Enumeration Service
Service name : ScDeviceEnum
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

SecPod Saner Upgrade Controller v2 startup parameters :
Display name : SecPod Saner Upgrade Controller v2
Service name : SecPod Saner Upgrade Controller v2
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\SecPod Saner\Upgrader\bin\spupgradecontroller.exe"

SensorDataService startup parameters :
Display name : Sensor Data Service
Service name : SensorDataService
Log on as : LocalSystem
Executable path : C:\Windows\System32\SensorDataService.exe

SensorService startup parameters :
Display name : Sensor Service
Service name : SensorService
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

SensrSvc startup parameters :
Display name : Sensor Monitoring Service
Service name : SensrSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

SessionEnv startup parameters :
Display name : Remote Desktop Configuration
Service name : SessionEnv
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RPCSS/LanmanWorkstation/

SharedAccess startup parameters :
Display name : Internet Connection Sharing (ICS)
Service name : SharedAccess
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : BFE/

SstpSvc startup parameters :
Display name : Secure Socket Tunneling Protocol Service
Service name : SstpSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService

StateRepository startup parameters :
Display name : State Repository Service
Service name : StateRepository
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k appmodel
Dependencies : rpcss/

StorSvc startup parameters :
Display name : Storage Service
Service name : StorSvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

SysMain startup parameters :
Display name : Superfetch
Service name : SysMain
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : rpcss/

TabletInputService startup parameters :
Display name : Touch Keyboard and Handwriting Panel Service
Service name : TabletInputService
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/

TapiSrv startup parameters :
Display name : Telephony
Service name : TapiSrv
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService
Dependencies : RpcSs/

TieringEngineService startup parameters :
Display name : Storage Tiers Management
Service name : TieringEngineService
Log on as : localSystem
Executable path : C:\Windows\system32\TieringEngineService.exe

TimeBrokerSvc startup parameters :
Display name : Time Broker
Service name : TimeBrokerSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted

TrustedInstaller startup parameters :
Display name : Windows Modules Installer
Service name : TrustedInstaller
Log on as : localSystem
Executable path : C:\Windows\servicing\TrustedInstaller.exe

UI0Detect startup parameters :
Display name : Interactive Services Detection
Service name : UI0Detect
Log on as : LocalSystem
Executable path : C:\Windows\system32\UI0Detect.exe

UmRdpService startup parameters :
Display name : Remote Desktop Services UserMode Port Redirector
Service name : UmRdpService
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : TermService/RDPDR/

UnistoreSvc_a30a9 startup parameters :
Display name : User Data Storage_a30a9
Service name : UnistoreSvc_a30a9
Executable path : C:\Windows\System32\svchost.exe -k UnistackSvcGroup

UserDataSvc_a30a9 startup parameters :
Display name : User Data Access_a30a9
Service name : UserDataSvc_a30a9
Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup

UsoSvc startup parameters :
Display name : Update Orchestrator Service for Windows Update
Service name : UsoSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : rpcss/

VSS startup parameters :
Display name : Volume Shadow Copy
Service name : VSS
Log on as : LocalSystem
Executable path : C:\Windows\system32\vssvc.exe
Dependencies : RPCSS/

VaultSvc startup parameters :
Display name : Credential Manager
Service name : VaultSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : rpcss/

WAS startup parameters :
Display name : Windows Process Activation Service
Service name : WAS
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k iissvcs
Dependencies : RPCSS/

WEPHOSTSVC startup parameters :
Display name : Windows Encryption Provider Host Service
Service name : WEPHOSTSVC
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k WepHostSvcGroup
Dependencies : rpcss/

WMSVC startup parameters :
Display name : Web Management Service
Service name : WMSVC
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\inetsrv\wmsvc.exe
Dependencies : HTTP/

WPDBusEnum startup parameters :
Display name : Portable Device Enumerator Service
Service name : WPDBusEnum
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/

WalletService startup parameters :
Display name : WalletService
Service name : WalletService
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k appmodel

WdiServiceHost startup parameters :
Display name : Diagnostic Service Host
Service name : WdiServiceHost
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalService

WdiSystemHost startup parameters :
Display name : Diagnostic System Host
Service name : WdiSystemHost
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

Wecsvc startup parameters :
Display name : Windows Event Collector
Service name : Wecsvc
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkService
Dependencies : HTTP/Eventlog/

WerSvc startup parameters :
Display name : Windows Error Reporting Service
Service name : WerSvc
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k WerSvcGroup

WiaRpc startup parameters :
Display name : Still Image Acquisition Events
Service name : WiaRpc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/

WinHttpAutoProxySvc startup parameters :
Display name : WinHTTP Web Proxy Auto-Discovery Service
Service name : WinHttpAutoProxySvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : Dhcp/

WpnUserService_a30a9 startup parameters :
Display name : Windows Push Notifications User Service_a30a9
Service name : WpnUserService_a30a9
Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup

defragsvc startup parameters :
Display name : Optimize drives
Service name : defragsvc
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k defragsvc
Dependencies : RPCSS/

diagnosticshub.standardcollector.service startup parameters :
Display name : Microsoft (R) Diagnostics Hub Standard Collector Service
Service name : diagnosticshub.standardcollector.service
Log on as : LocalSystem
Executable path : C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

dmwappushservice startup parameters :
Display name : dmwappushsvc
Service name : dmwappushservice
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : rpcss/

dot3svc startup parameters :
Display name : Wired AutoConfig
Service name : dot3svc
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/Ndisuio/Eaphost/

embeddedmode startup parameters :
Display name : Embedded Mode
Service name : embeddedmode
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : BrokerInfrastructure/

fdPHost startup parameters :
Display name : Function Discovery Provider Host
Service name : fdPHost
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : RpcSs/http/

hidserv startup parameters :
Display name : Human Interface Device Service
Service name : hidserv
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

hns startup parameters :
Display name : Host Network Service
Service name : hns
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k NetSvcs

icssvc startup parameters :
Display name : Windows Mobile Hotspot Service
Service name : icssvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : RpcSs/wcmsvc/

ksnproxy startup parameters :
Display name : Kaspersky Security Network proxy server
Service name : ksnproxy
Log on as : NT SERVICE\ksnproxy
Executable path : "C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\ksnproxy.exe"

lfsvc startup parameters :
Display name : Geolocation Service
Service name : lfsvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RpcSs/

lltdsvc startup parameters :
Display name : Link-Layer Topology Discovery Mapper
Service name : lltdsvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalService
Dependencies : rpcss/lltdio/

lmhosts startup parameters :
Display name : TCP/IP NetBIOS Helper
Service name : lmhosts
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : Afd/

msiserver startup parameters :
Display name : Windows Installer
Service name : msiserver
Log on as : LocalSystem
Executable path : C:\Windows\system32\msiexec.exe /V
Dependencies : rpcss/

netprofm startup parameters :
Display name : Network List Service
Service name : netprofm
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalService
Dependencies : RpcSs/nlasvc/

ose startup parameters :
Display name : Office Source Engine
Service name : ose
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

osppsvc startup parameters :
Display name : Office Software Protection Platform
Service name : osppsvc
Log on as : NT AUTHORITY\NetworkService
Executable path : "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
Dependencies : RpcSs/

pla startup parameters :
Display name : Performance Logs & Alerts
Service name : pla
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
Dependencies : RPCSS/

sacsvr startup parameters :
Display name : Special Administration Console Helper
Service name : sacsvr
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs

seclogon startup parameters :
Display name : Secondary Logon
Service name : seclogon
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs

smphost startup parameters :
Display name : Microsoft Storage Spaces SMP
Service name : smphost
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k smphost
Dependencies : RPCSS/

stisvc startup parameters :
Display name : Windows Image Acquisition (WIA)
Service name : stisvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k imgsvc
Dependencies : RpcSs/

svsvc startup parameters :
Display name : Spot Verifier
Service name : svsvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

swprv startup parameters :
Display name : Microsoft Software Shadow Copy Provider
Service name : swprv
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k swprv
Dependencies : RPCSS/

upnphost startup parameters :
Display name : UPnP Device Host
Service name : upnphost
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Dependencies : SSDPSRV/HTTP/

vds startup parameters :
Display name : Virtual Disk
Service name : vds
Log on as : LocalSystem
Executable path : C:\Windows\System32\vds.exe
Dependencies : RpcSs/

vmcompute startup parameters :
Display name : Hyper-V Host Compute Service
Service name : vmcompute
Log on as : LocalSystem
Executable path : C:\Windows\system32\vmcompute.exe
Dependencies : clreg/rpcss/wcifs/

vmicguestinterface startup parameters :
Display name : Hyper-V Guest Service Interface
Service name : vmicguestinterface
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

vmicheartbeat startup parameters :
Display name : Hyper-V Heartbeat Service
Service name : vmicheartbeat
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k ICService

vmickvpexchange startup parameters :
Display name : Hyper-V Data Exchange Service
Service name : vmickvpexchange
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

vmicrdv startup parameters :
Display name : Hyper-V Remote Desktop Virtualization Service
Service name : vmicrdv
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k ICService

vmicshutdown startup parameters :
Display name : Hyper-V Guest Shutdown Service
Service name : vmicshutdown
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

vmictimesync startup parameters :
Display name : Hyper-V Time Synchronization Service
Service name : vmictimesync
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : VmGid/

vmicvmsession startup parameters :
Display name : Hyper-V PowerShell Direct Service
Service name : vmicvmsession
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

vmicvss startup parameters :
Display name : Hyper-V Volume Shadow Copy Requestor
Service name : vmicvss
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

vmvss startup parameters :
Display name : VMware Snapshot Provider
Service name : vmvss
Log on as : LocalSystem
Executable path : C:\Windows\system32\dllhost.exe /Processid:{E7F00531-E54F-40EF-A90B-DB9382073EA7}
Dependencies : rpcss/

w3logsvc startup parameters :
Display name : W3C Logging Service
Service name : w3logsvc
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k apphost
Dependencies : HTTP/

wercplsupport startup parameters :
Display name : Problem Reports and Solutions Control Panel Support
Service name : wercplsupport
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs

wisvc startup parameters :
Display name : Windows Insider Service
Service name : wisvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : rpcss/

wlidsvc startup parameters :
Display name : Microsoft Account Sign-in Assistant
Service name : wlidsvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RpcSs/

wmiApSrv startup parameters :
Display name : WMI Performance Adapter
Service name : wmiApSrv
Log on as : localSystem
Executable path : C:\Windows\system32\wbem\WmiApSrv.exe

wuauserv startup parameters :
Display name : Windows Update
Service name : wuauserv
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k wuausvcs
Dependencies : rpcss/

wudfsvc startup parameters :
Display name : Windows Driver Foundation - User-mode Driver Framework
Service name : wudfsvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : WudfPf/

The following services are disabled :

AppVClient startup parameters :
Display name : Microsoft App-V Client
Service name : AppVClient
Log on as : LocalSystem
Executable path : C:\Windows\system32\AppVClient.exe
Dependencies : RpcSS/netprofm/AppvVfs/AppVStrm/

Browser startup parameters :
Display name : Computer Browser
Service name : Browser
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k smbsvcs
Dependencies : LanmanWorkstation/LanmanServer/

CscService startup parameters :
Display name : Offline Files
Service name : CscService
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/

MSSQLServerADHelper100 startup parameters :
Display name : SQL Active Directory Helper Service
Service name : MSSQLServerADHelper100
Log on as : NT AUTHORITY\NETWORK SERVICE
Executable path : "C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE"

ManageEngine UEMS -Agent startup parameters :
Display name : ManageEngine UEMS -Agent
Service name : ManageEngine UEMS -Agent
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\UEMS_Agent\bin\dcagentservice.exe"

RemoteAccess startup parameters :
Display name : Routing and Remote Access
Service name : RemoteAccess
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RpcSS/Bfe/RasMan/Http/+NetBIOSGroup/

SCardSvr startup parameters :
Display name : Smart Card
Service name : SCardSvr
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Dependencies : wudfsvc/

SQLAgent$SQLEXPRESS startup parameters :
Display name : SQL Server Agent (SQLEXPRESS)
Service name : SQLAgent$SQLEXPRESS
Log on as : NT AUTHORITY\NETWORK SERVICE
Executable path : "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS
Dependencies : MSSQL$SQLEXPRESS/

Spooler startup parameters :
Display name : Print Spooler
Service name : Spooler
Log on as : LocalSystem
Executable path : C:\Windows\System32\spoolsv.exe
Dependencies : RPCSS/http/

UevAgentService startup parameters :
Display name : User Experience Virtualization Service
Service name : UevAgentService
Log on as : LocalSystem
Executable path : C:\Windows\system32\AgentService.exe

W32Time startup parameters :
Display name : Windows Time
Service name : W32Time
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService

XblAuthManager startup parameters :
Display name : Xbox Live Auth Manager
Service name : XblAuthManager
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RpcSs/

XblGameSave startup parameters :
Display name : Xbox Live Game Save
Service name : XblGameSave
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : UserManager/XblAuthManager/

bthserv startup parameters :
Display name : Bluetooth Support Service
Service name : bthserv
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService

tzautoupdate startup parameters :
Display name : Auto Time Zone Updater
Service name : tzautoupdate
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService

11011 - Microsoft Windows SMB Service Detection
-
Synopsis
A file / print sharing service is listening on the remote host.
Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2002/06/05, Modified: 2021/02/11
Plugin Output

tcp/139/smb


An SMB server is running on this port.

11011 - Microsoft Windows SMB Service Detection
-
Synopsis
A file / print sharing service is listening on the remote host.
Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2002/06/05, Modified: 2021/02/11
Plugin Output

tcp/445/cifs


A CIFS server is running on this port.
10456 - Microsoft Windows SMB Service Enumeration
-
Synopsis
It is possible to enumerate remote services.
Description
This plugin implements the SvcOpenSCManager() and SvcEnumServices() calls to obtain, using the SMB protocol, the list of active and inactive services of the remote host.

An attacker may use this feature to gain better knowledge of the remote host.
Solution
To prevent the listing of the services from being obtained, you should either have tight login restrictions, so that only trusted users can access your host, and/or you should filter incoming traffic to this port.
Risk Factor
None
References
XREF IAVT:0001-T-0751
Plugin Information
Published: 2000/07/03, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


Active Services :

Application Host Helper Service [ AppHostSvc ]
ASP.NET State Service [ aspnet_state ]
Kaspersky Endpoint Security Service (KES.21.15) [ AVP.KES.21.15 ]
Kaspersky Seamless Update Service (KES.21.15) [ avpsus.KES.21.15 ]
Base Filtering Engine [ BFE ]
Background Tasks Infrastructure Service [ BrokerInfrastructure ]
Connected Devices Platform Service [ CDPSvc ]
Certificate Propagation [ CertPropSvc ]
COM+ System Application [ COMSysApp ]
CoreMessaging [ CoreMessagingRegistrar ]
Cryptographic Services [ CryptSvc ]
DCOM Server Process Launcher [ DcomLaunch ]
DHCP Client [ Dhcp ]
Connected User Experiences and Telemetry [ DiagTrack ]
DNS Client [ Dnscache ]
Diagnostic Policy Service [ DPS ]
Data Sharing Service [ DsSvc ]
Windows Event Log [ EventLog ]
COM+ Event System [ EventSystem ]
Windows Font Cache Service [ FontCache ]
Group Policy Client [ gpsvc ]
IKE and AuthIP IPsec Keying Modules [ IKEEXT ]
IP Helper [ iphlpsvc ]
CNG Key Isolation [ KeyIso ]
Kaspersky Security Center Network Agent [ klnagent ]
Server [ LanmanServer ]
Workstation [ LanmanWorkstation ]
Geolocation Service [ lfsvc ]
Windows License Manager Service [ LicenseManager ]
TCP/IP NetBIOS Helper [ lmhosts ]
Local Session Manager [ LSM ]
Windows Firewall [ MpsSvc ]
Distributed Transaction Coordinator [ MSDTC ]
SQL Server Integration Services 15.0 [ MsDtsServer150 ]
Microsoft iSCSI Initiator Service [ MSiSCSI ]
SQL Full-text Filter Daemon Launcher (MSSQLSERVER) [ MSSQLFDLauncher ]
SQL Server (MSSQLSERVER) [ MSSQLSERVER ]
SQL Server Analysis Services (MSSQLSERVER) [ MSSQLServerOLAPService ]
Network Connection Broker [ NcbService ]
Net.Pipe Listener Adapter [ NetPipeActivator ]
Network List Service [ netprofm ]
Net.Tcp Listener Adapter [ NetTcpActivator ]
Net.Tcp Port Sharing Service [ NetTcpPortSharing ]
Network Location Awareness [ NlaSvc ]
Network Store Interface Service [ nsi ]
nxlog [ nxlog ]
Program Compatibility Assistant Service [ PcaSvc ]
Plug and Play [ PlugPlay ]
IPsec Policy Agent [ PolicyAgent ]
Power [ Power ]
User Profile Service [ ProfSvc ]
Remote Registry [ RemoteRegistry ]
RPC Endpoint Mapper [ RpcEptMapper ]
Remote Procedure Call (RPC) [ RpcSs ]
Security Accounts Manager [ SamSs ]
Task Scheduler [ Schedule ]
System Event Notification Service [ SENS ]
Remote Desktop Configuration [ SessionEnv ]
Shell Hardware Detection [ ShellHWDetection ]
SQL Server Browser [ SQLBrowser ]
SQL Server Agent (MSSQLSERVER) [ SQLSERVERAGENT ]
SQL Server CEIP service (MSSQLSERVER) [ SQLTELEMETRY ]
SQL Server VSS Writer [ SQLWriter ]
SQL Server Analysis Services CEIP (MSSQLSERVER) [ SSASTELEMETRY ]
SSDP Discovery [ SSDPSRV ]
SQL Server Integration Services CEIP service 15.0 [ SSISTELEMETRY150 ]
State Repository Service [ StateRepository ]
Storage Service [ StorSvc ]
System Events Broker [ SystemEventsBroker ]
Remote Desktop Services [ TermService ]
Themes [ Themes ]
Tile Data model server [ tiledatamodelsvc ]
Time Broker [ TimeBrokerSvc ]
Distributed Link Tracking Client [ TrkWks ]
Windows Modules Installer [ TrustedInstaller ]
User Access Logging Service [ UALSVC ]
Remote Desktop Services UserMode Port Redirector [ UmRdpService ]
User Manager [ UserManager ]
Credential Manager [ VaultSvc ]
VMware Alias Manager and Ticket Service [ VGAuthService ]
VMware SVGA Helper Service [ vm3dservice ]
Hyper-V Host Compute Service [ vmcompute ]
Hyper-V Virtual Machine Management [ vmms ]
VMware Tools [ VMTools ]
VMware vCenter Converter Standalone Agent [ vmware-converter-agent ]
VMware vCenter Converter Standalone Server [ vmware-converter-server ]
VMware vCenter Converter Standalone Worker [ vmware-converter-worker ]
World Wide Web Publishing Service [ W3SVC ]
Windows Process Activation Service [ WAS ]
Windows Connection Manager [ Wcmsvc ]
WinHTTP Web Proxy Auto-Discovery Service [ WinHttpAutoProxySvc ]
Windows Management Instrumentation [ Winmgmt ]
Windows Remote Management (WS-Management) [ WinRM ]
VNC Server Version 4 [ WinVNC4 ]
Windows Push Notifications System Service [ WpnService ]
Windows Search [ WSearch ]
Windows Driver Foundation - User-mode Driver Framework [ wudfsvc ]
CDPUserSvc_a30a9 [ CDPUserSvc_a30a9 ]
Sync Host_a30a9 [ OneSyncSvc_a30a9 ]

Inactive Services :

AllJoyn Router Service [ AJRouter ]
Application Layer Gateway Service [ ALG ]
Application Identity [ AppIDSvc ]
Application Information [ Appinfo ]
Application Management [ AppMgmt ]
App Readiness [ AppReadiness ]
Microsoft App-V Client [ AppVClient ]
AppX Deployment Service (AppXSVC) [ AppXSvc ]
Windows Audio Endpoint Builder [ AudioEndpointBuilder ]
Windows Audio [ Audiosrv ]
ActiveX Installer (AxInstSV) [ AxInstSV ]
Background Intelligent Transfer Service [ BITS ]
Computer Browser [ Browser ]
Bluetooth Support Service [ bthserv ]
Client License Service (ClipSVC) [ ClipSVC ]
Offline Files [ CscService ]
DataCollectionPublishingService [ DcpSvc ]
Optimize drives [ defragsvc ]
Device Association Service [ DeviceAssociationService ]
Device Install Service [ DeviceInstall ]
DevQuery Background Discovery Broker [ DevQueryBroker ]
Microsoft (R) Diagnostics Hub Standard Collector Service [ diagnosticshub.standardcollector.service ]
Device Management Enrollment Service [ DmEnrollmentSvc ]
dmwappushsvc [ dmwappushservice ]
Wired AutoConfig [ dot3svc ]
Device Setup Manager [ DsmSvc ]
Extensible Authentication Protocol [ Eaphost ]
Encrypting File System (EFS) [ EFS ]
Embedded Mode [ embeddedmode ]
Enterprise App Management Service [ EntAppSvc ]
Function Discovery Provider Host [ fdPHost ]
Function Discovery Resource Publication [ FDResPub ]
Windows Presentation Foundation Font Cache 3.0.0.0 [ FontCache3.0.0.0 ]
Windows Camera Frame Server [ FrameServer ]
Human Interface Device Service [ hidserv ]
Host Network Service [ hns ]
HV Host Service [ HvHost ]
Windows Mobile Hotspot Service [ icssvc ]
IIS Admin Service [ IISADMIN ]
KDC Proxy Server service (KPS) [ KPSSVC ]
Kaspersky Security Network proxy server [ ksnproxy ]
KtmRm for Distributed Transaction Coordinator [ KtmRm ]
Link-Layer Topology Discovery Mapper [ lltdsvc ]
ManageEngine UEMS -Agent [ ManageEngine UEMS -Agent ]
Downloaded Maps Manager [ MapsBroker ]
SQL Server Integration Services 12.0 [ MsDtsServer120 ]
Windows Installer [ msiserver ]
SQL Server (SQLEXPRESS) [ MSSQL$SQLEXPRESS ]
SQL Active Directory Helper Service [ MSSQLServerADHelper100 ]
Network Connectivity Assistant [ NcaSvc ]
Netlogon [ Netlogon ]
Network Connections [ Netman ]
Net.Msmq Listener Adapter [ NetMsmqActivator ]
Network Setup Service [ NetSetupSvc ]
Microsoft Passport Container [ NgcCtnrSvc ]
Microsoft Passport [ NgcSvc ]
Office Source Engine [ ose ]
Office Software Protection Platform [ osppsvc ]
Performance Counter DLL Host [ PerfHost ]
Phone Service [ PhoneSvc ]
Performance Logs & Alerts [ pla ]
Printer Extensions and Notifications [ PrintNotify ]
Quality Windows Audio Video Experience [ QWAVE ]
Remote Access Auto Connection Manager [ RasAuto ]
Remote Access Connection Manager [ RasMan ]
Routing and Remote Access [ RemoteAccess ]
Radio Management Service [ RmSvc ]
Remote Procedure Call (RPC) Locator [ RpcLocator ]
Resultant Set of Policy Provider [ RSoPProv ]
Special Administration Console Helper [ sacsvr ]
Smart Card [ SCardSvr ]
Smart Card Device Enumeration Service [ ScDeviceEnum ]
Smart Card Removal Policy [ SCPolicySvc ]
Secondary Logon [ seclogon ]
SecPod Saner Upgrade Controller v2 [ SecPod Saner Upgrade Controller v2 ]
Sensor Data Service [ SensorDataService ]
Sensor Service [ SensorService ]
Sensor Monitoring Service [ SensrSvc ]
Internet Connection Sharing (ICS) [ SharedAccess ]
Microsoft Storage Spaces SMP [ smphost ]
SNMP Trap [ SNMPTRAP ]
Print Spooler [ Spooler ]
Software Protection [ sppsvc ]
SQL Server Distributed Replay Client [ SQL Server Distributed Replay Client ]
SQL Server Distributed Replay Controller [ SQL Server Distributed Replay Controller ]
SQL Server Agent (SQLEXPRESS) [ SQLAgent$SQLEXPRESS ]
Secure Socket Tunneling Protocol Service [ SstpSvc ]
Windows Image Acquisition (WIA) [ stisvc ]
Spot Verifier [ svsvc ]
Microsoft Software Shadow Copy Provider [ swprv ]
Superfetch [ SysMain ]
Touch Keyboard and Handwriting Panel Service [ TabletInputService ]
Telephony [ TapiSrv ]
Storage Tiers Management [ TieringEngineService ]
Auto Time Zone Updater [ tzautoupdate ]
User Experience Virtualization Service [ UevAgentService ]
Interactive Services Detection [ UI0Detect ]
UPnP Device Host [ upnphost ]
Update Orchestrator Service for Windows Update [ UsoSvc ]
Virtual Disk [ vds ]
Hyper-V Guest Service Interface [ vmicguestinterface ]
Hyper-V Heartbeat Service [ vmicheartbeat ]
Hyper-V Data Exchange Service [ vmickvpexchange ]
Hyper-V Remote Desktop Virtualization Service [ vmicrdv ]
Hyper-V Guest Shutdown Service [ vmicshutdown ]
Hyper-V Time Synchronization Service [ vmictimesync ]
Hyper-V PowerShell Direct Service [ vmicvmsession ]
Hyper-V Volume Shadow Copy Requestor [ vmicvss ]
VMware Snapshot Provider [ vmvss ]
Volume Shadow Copy [ VSS ]
Windows Time [ W32Time ]
W3C Logging Service [ w3logsvc ]
WalletService [ WalletService ]
Windows Biometric Service [ WbioSrvc ]
Diagnostic Service Host [ WdiServiceHost ]
Diagnostic System Host [ WdiSystemHost ]
Windows Event Collector [ Wecsvc ]
Windows Encryption Provider Host Service [ WEPHOSTSVC ]
Problem Reports and Solutions Control Panel Support [ wercplsupport ]
Windows Error Reporting Service [ WerSvc ]
Still Image Acquisition Events [ WiaRpc ]
Windows Insider Service [ wisvc ]
Microsoft Account Sign-in Assistant [ wlidsvc ]
WMI Performance Adapter [ wmiApSrv ]
Web Management Service [ WMSVC ]
Portable Device Enumerator Service [ WPDBusEnum ]
Windows Update [ wuauserv ]
Xbox Live Auth Manager [ XblAuthManager ]
Xbox Live Game Save [ XblGameSave ]
Contact Data_a30a9 [ PimIndexMaintenanceSvc_a30a9 ]
User Data Storage_a30a9 [ UnistoreSvc_a30a9 ]
User Data Access_a30a9 [ UserDataSvc_a30a9 ]
Windows Push Notifications User Service_a30a9 [ WpnUserService_a30a9 ]

92373 - Microsoft Windows SMB Sessions
-
Synopsis
Nessus was able to collect and report SMB session information from the remote host.
Description
Nessus was able to collect details of SMB sessions from the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2025/12/15
Plugin Output

tcp/0

tidua
Production
Production
Production
production
Production
Production
production
sahil
Production
Production

Extended SMB session information attached.

23974 - Microsoft Windows SMB Share Hosting Office Files
-
Synopsis
The remote share contains Office-related files.
Description
This plugin connects to the remotely accessible SMB shares and attempts to find office related files (such as .doc, .ppt, .xls, .pdf etc).
Solution
Make sure that the files containing confidential information have proper access controls set on them.
Risk Factor
None
Plugin Information
Published: 2007/01/04, Modified: 2011/03/21
Plugin Output

tcp/445/cifs


Here is a list of office files which have been found on the remote SMB
shares :

+ C$ :

- \oracle\product\10.2.0\db_1\precomp\doc\ott\readme.doc
- \windows\syswow64\msdrm\msoirmprotector.doc
- \windows\winsxs\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.14393.0_none_3b3f9bb50c2f5a4d\msoirmprotector.doc
- \windows\winsxs\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.14393.4169_none_838d46ab500c36f9\msoirmprotector.doc
- \windows\winsxs\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.14393.0_none_4594460740901c48\msoirmprotector.doc
- \windows\winsxs\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.14393.4169_none_8de1f0fd846cf8f4\msoirmprotector.doc
- \windows\system32\msdrm\msoirmprotector.doc
- \program files (x86)\microsoft office\office14\1033\prottplv.doc
- \program files (x86)\microsoft office\office14\1033\prottpln.doc
- \oracle\product\10.2.0\db_1\srvm\doc\readme.doc
- \oracle\product\10.2.0\db_1\precomp\doc\procob2\readme.doc
- \oracle\product\10.2.0\db_1\precomp\doc\proc\readme.doc
- \program files (x86)\microsoft office\office14\1033\prottpln.ppt
- \program files (x86)\microsoft office\office14\1033\prottplv.ppt
- \windows\system32\msdrm\msoirmprotector.ppt
- \windows\winsxs\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.14393.4169_none_8de1f0fd846cf8f4\msoirmprotector.ppt
- \windows\winsxs\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.14393.0_none_4594460740901c48\msoirmprotector.ppt
- \windows\winsxs\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.14393.4169_none_838d46ab500c36f9\msoirmprotector.ppt
- \windows\winsxs\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.14393.0_none_3b3f9bb50c2f5a4d\msoirmprotector.ppt
- \windows\syswow64\msdrm\msoirmprotector.ppt
- \program files (x86)\microsoft office\office14\1033\prottpln.xls
- \program files (x86)\microsoft office\office14\1033\prottplv.xls
- \program files (x86)\microsoft office\office14\samples\solvsamp.xls
- \windows\system32\msdrm\msoirmprotector.xls
- \windows\winsxs\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.14393.4169_none_8de1f0fd846cf8f4\msoirmprotector.xls
- \windows\winsxs\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.14393.0_none_4594460740901c48\msoirmprotector.xls
- \windows\winsxs\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.14393.4169_none_838d46ab500c36f9\msoirmprotector.xls
- \windows\winsxs\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.14393.0_none_3b3f9bb50c2f5a4d\msoirmprotector.xls
- \windows\syswow64\msdrm\msoirmprotector.xls
- \users\administrator\appdata\local\microsoft\windows\inetcache\content.mso\155726f5.xlsx
- \users\mssqlserver\appdata\local\temp\13b2aa96-f569-4808-9750-0e923cbcd158\ces84_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\14568a59-abc6-46a9-8d6d-06033bde0801\cev02_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\16764dfa-ce9d-441f-80ed-cdd3cd601247\cfa52_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\168dfd23-3b67-4b86-801d-9abe61eb250e\cfr20_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\16f17b6e-ca0e-4484-be47-8b16e54f2b0c\4305j010_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\2449d695-fd24-49e0-9731-90997123e4bb\4300v003_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\2cf95f2a-8925-43be-b2e1-22ae0d2af1e3\cfp02_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\2d25f535-322f-4b3b-8680-be002e12ff4e\cfa16_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\2eea88b9-313d-4830-aa3a-125cf1763ca5\cfm08_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\30c4abe0-5169-4c1b-b1dd-f1a08ce454ac\cfd24_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\48ddb0e8-0b68-4019-a7b0-ae019d1829e3\cfp31_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\4ea329d5-0f5d-44ed-9759-9f995ab5c0f3\4307d007_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\52682a46-43d2-4e51-a8a3-f9a7caba9ef7\4073s025_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\528380cd-ca9f-450c-8106-3baf08ecdc46\cfs108_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\53a7239a-bd65-4444-b63f-6e235dddc593\cfp42_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\5e386859-9dc7-4c7f-8ea4-16f088dd6790\cfd26_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\65ef3f43-286a-4de6-855a-ba38595e59d7\cfn15_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\66ca3946-7ad9-421a-a82d-c7c80f817ada\cfp25_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\6b40aa8f-e649-4778-9e1a-608aa5dbe405\cfn08_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\6f0b0949-3db0-4813-9216-c8924bb13d78\cfc06_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\78b4ea1e-468c-48e3-8206-0c100982700a\cek07_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\797a406e-1d66-4c62-a0a2-9434dd598e57\cfa48_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\7c2c98d3-0ec7-4ab7-97c1-878ce522b11c\cfb22_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\7d08766b-2e3d-4a1a-96cb-65c231fb9f09\cfb23_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\7dc62f73-a449-49cb-8f25-fd06d21c2911\equity_pushclientinfo_2025-10-22.xlsx
- \users\mssqlserver\appdata\local\temp\8da614c8-1381-46ed-8931-dcc8e0629a27\cfa54_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\8f9b8b7f-7a6e-46c3-b871-15bddea863cd\cfp39_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\94bb8994-9b2b-4c6e-b3c0-49483a0b1555\cfa34_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\94c490d0-be2f-4a0c-becb-b3132905e513\cfp10_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\96536ca9-a946-4166-9654-2887fca1055a\cek11_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\a7aeb2d8-94a0-4d48-abc0-16aa4ec7d200\cfa49_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\a8fdb44e-6ea4-4f41-bc17-b5b16bcf0295\cfc07_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\a9030091-80f3-43ed-a3cb-338fbc1e655d\410604010_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\aa2bcf74-9046-408a-8a91-1b856e1a6a5f\cfg09_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\aaee2199-8a5c-46ed-8172-dcf4e7510e79\cfn19_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\b6b05eaa-584c-47a4-9149-6a2070971bda\commodity_pushclientinfo_2025-10-24.xlsx
- \users\mssqlserver\appdata\local\temp\b834068b-9b52-416d-9efc-2a053566d781\cfk02_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\b8b982b1-083e-49f0-9497-37cc410f5a5a\4284s027_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\b97ccaf7-7df0-47ee-b774-129b90f5524c\cfr26_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\bb4d6f1f-0080-487b-8367-d0b2329153c5\4301n001_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\c6658d1b-4ecd-4e5b-b51b-6c8ff6b1380b\cfa45_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\c6ab0f60-af22-4ac6-99e3-2219da612b64\cfr23_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\c98d2fde-cd01-4cd7-8eb1-26881aa61482\410600005_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\cd02767c-733b-409c-9e71-6c8a05e5ae77\cfd22_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\cd671f72-4d9f-4a7f-bfee-93d73aecdf84\4307d004_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\e10aec11-b527-4a09-8b4a-cbbc3e5bf67b\4252t001_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\eb011f98-ab52-45cc-b8ff-de12d9dd8c46\cfs05_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\f087cc91-91c5-450e-a68b-c5b330b3e399\cfb24_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\f0b44ba2-c26c-48be-a9fd-eff20e259e22\cfk14_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\f52ae8f7-0107-47ec-8f5c-fb5b00d15efd\cfn16_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\f6b61f72-4f69-48f2-8ff2-1fc5cd9a9d81\cfk15_tax_profitloss_ fy2425.xlsx
- \windows\shellnew\excel12.xlsx
- \users\mssqlserver\appdata\local\temp\ffe23565-650d-46b9-a27f-905af2bafbcb\cer20_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\fad0bcd9-19ab-4678-a708-21445f6c0b9d\cfp24_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\f8f3c019-f057-48b9-8cee-645303e47f9b\cev01_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\f7ffab90-f6d6-4ecf-a33d-2bec30d658a3\cfr25_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\dea619a0-68db-449f-a8eb-c76fd6dda6ce\cfp35_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\dbd76d2c-e004-4d9c-aa29-7a908693bf6e\cfd27_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\d73e24c1-6e10-41cf-9cbe-99309ff17fff\cfp33_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\d69d9d45-2917-491d-b8c1-a35d47b57cbf\cfc09_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\d1104948-ee70-4caf-ad04-065398e9634a\commodity_pushclientinfo_2025-10-22.xlsx
- \users\mssqlserver\appdata\local\temp\cfe0c95d-c195-4867-b04e-cfab34f650a4\ces58_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\c64b19e4-0b4b-459f-82a7-042d7040d4a7\cfn18_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\c53bca0a-85b6-4f08-8e76-5d60f6a810bc\cfj09_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\c3634761-7d37-4a77-8bf6-f76327b0a68b\cfr31_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\c32a21c3-60e5-4b22-ac03-31b20226bc8b\cfr06_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\bfaebf74-4ade-449b-97d9-54891a231169\cfa40_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\b4094137-7a98-411a-b325-ee15e93cb599\4263m001_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\ae985058-d97e-4cab-aba1-0e2c09ce20ae\cfd03_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\adb61223-053e-41f7-a272-10f6483635f9\cfa38_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\ad5441e1-7c2c-41e7-a45c-9ef8321ad05d\equity_pushclientinfo_2025-10-22.xlsx
- \users\mssqlserver\appdata\local\temp\ab85a8d8-62c7-48e4-aa79-a6a52ede3a2c\cfp27_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\a5fbd5f6-458f-4a82-b2df-b32351f3897f\ces93_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\a0f6e374-f418-4527-aa66-6e7dcaf61adf\cev04_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\a0e05577-4e31-4f60-9a3c-b1ec71c44c7d\cfi05_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\9cfbff4d-3105-4641-aeb5-2efed85b5121\cfs102_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\9a0352e1-1192-4356-9af4-e70f39c77fb0\cfa47_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\8b23263e-c787-434d-a570-d59bb2831e71\cfm24_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\8a5ddb62-30f6-4f01-904d-78a4ba7153fe\cfp16_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\894aa21a-607f-4052-93bc-65595406fcf3\cfp23_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\88fcca97-1cbf-4809-aea2-5f542c7f0457\commodity_pushclientinfo_2025-10-22.xlsx
- \users\mssqlserver\appdata\local\temp\88d3b8c3-c950-4ed1-8f6b-e445cd9a1058\cfp13_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\77578ecc-660e-4ee6-a416-25dd457b0dd9\cfk07_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\7610d6b0-9fb0-4b3b-aaf3-2091ccc83874\cfj11_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\760a9b7c-9da5-42e8-afba-c0b118cab1b4\cfd14_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\75e5b1d7-5db0-4041-85a0-ae2f4bb78c37\cfp08_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\7575412f-e16d-4afd-b246-148f59317149\cfm23_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\5c234d7c-2df4-4374-8505-5e51f2e53716\cfd06_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\59e1ec02-e5da-43f7-8f32-cce55999f15e\cev05_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\56f7adf8-e85e-4b47-a2f3-fd5c464f8f62\cfa36_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\56127ae1-ae1b-4ca8-8c8f-16748bcd987c\4083s005_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\54544a0a-3da0-41cd-a9a3-b085ade4ffb9\cfc10_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\4817669f-d18f-4a16-9e1a-8058b70d4eb2\cfb28_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\4726e11a-842b-4e19-93e2-328eb891a1a7\4307a013_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\3f6ad3c1-72b0-4ea9-aba1-4e4416a4b0d2\4307a009_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\3e0026c8-df73-4a02-9618-73c3832ee3fe\cfn09_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\33c34d14-7c56-49f0-86a0-aad0bb19bfd4\cfs107_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\21f9704e-6dc0-48ec-9729-83cf69008978\cfp09_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\20d42493-8932-4ab2-9249-6770b43385c5\cfs105_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\1b95996c-1d77-4cce-9a38-efacabd02149\cfd20_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\1acaae90-b4c0-46ec-ba95-cb8d552b8dbc\cfb25_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\19a8675c-600f-4f87-9217-ca7c14ebe292\cfa42_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\10ac110d-0d35-4361-930d-29ff7e1ae97a\equity_pushclientinfo_2025-10-24.xlsx
- \users\mssqlserver\appdata\local\temp\0a2aa32e-e883-4885-bc6f-a1de77fd8437\cfa20_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\071038c3-5a0e-476f-b4ce-b5123dcc04b8\cfs104_tax_profitloss_ fy2425.xlsx
- \users\mssqlserver\appdata\local\temp\01d74aad-f480-4169-b434-c44bec1db1e7\cfn20_tax_profitloss_ fy2425.xlsx
- \users\administrator\downloads\file.xlsx
- \program files (x86)\microsoft sql server management studio 19\licenses\1033\ssms license terms.docx
- \users\administrator\documents\sql server management studio\rms query by haresh.docx
- \users\administrator\documents\to run or create the ckyc integration service on a windows server 2019.docx
- \windows\shellnew\pwrpnt12.pptx

+ D$ :

- \kyc old deleted files in downloads\account_closure_raheja.doc
- \mailimage\individual _brief(0).doc
- \mailimage\individual _brief(1).doc
- \mailimage\individual _brief(2).doc
- \mailimage\individual _brief(3).doc
- \mailimage\individual _brief(4).doc
- \mailimage\individual _brief(5).doc
- \mailimage\individual _brief(6).doc
- \mailimage\individual _brief(7).doc
- \mailimage\individual_comprehensive.doc
- \mailimage\individual_comprehensive3(0).doc
- \mailimage\individual_comprehensive3(1).doc
- \mailimage\individual_comprehensive3(2).doc
- \mailimage\individual_comprehensive3.doc
- \mailimage\non individuals _brief(0).doc
- \mailimage\non individuals _brief(1).doc
- \mailimage\non individuals _brief(10).doc
- \mailimage\non individuals _brief.doc
- \mailimage\non individuals_ comprehensive(0).doc
- \mailimage\non individuals_ comprehensive(1).doc
- \mailimage\non individuals_ comprehensive(2).doc
- \mailimage\non individuals_ comprehensive(3).doc
- \mailimage\non individuals_ comprehensive(4).doc
- \mailimage\non individuals_ comprehensive(5).doc
- \mailimage\non individuals_ comprehensive(6).doc
- \old_emp_kit\_adharcard_aadhar_-gaurav09_19_20_20_19_51.doc
- \old_emp_kit\_adharcard_danish_moin12_16_21_12_18_33.doc
- \old_emp_kit\_education_12th_marksheet_(1)11_16_17_10_55_11.doc
- \old_emp_kit\_education_12th_marksheet_(1)11_16_17_12_45_24.doc
- \old_emp_kit\_education_12th_marksheet_(1)11_16_17_13_11_16.doc
- \old_emp_kit\_education_12th_marksheet_(1)_(1)11_21_17_10_07_56.doc
- \old_emp_kit\_education_ravi_kumar_singh_(1)02_11_19_15_12_02.doc
- \old_emp_kit\_education_ravi_kumar_singh_(1)02_11_19_15_23_42.doc
- \old_emp_kit\_electioncard_voter_id12_07_16_12_15_58.doc
- \old_emp_kit\_pancard_pan_gaurav09_19_20_20_22_20.doc
- \old_emp_kit\_payslip1_ankush_2_treadbulls_salry_slip_(1)01_02_18_13_41_35.doc
- \old_emp_kit\_payslip1_balu_aug_salary12_22_16_11_07_02.doc
- \old_emp_kit\_payslip1_bma_pay_slip_oct_201701_19_18_13_35_17.doc
- \old_emp_kit\_payslip1_rainbow_commodity_pvt_(1)09_09_16_16_55_33.doc
- \old_emp_kit\_payslip1_salary_slip_-august-18_sunjay11_19_18_15_32_57.doc
- \old_emp_kit\_payslip1_sarvadaman_kumar_payslip_oct12_27_18_11_55_15.doc
- \old_emp_kit\_payslip2_salary_slip_september_18_sanjay11_19_18_15_33_50.doc
- \old_emp_kit\_payslip2_sarvadaman_kumar_payslip_oct01_02_19_10_33_12.doc
- \old_emp_kit\_payslip2_sarvadaman_kumar_payslip_oct01_03_19_10_25_59.doc
- \old_emp_kit\_payslip2_sarvadaman_kumar_payslip_oct12_27_18_11_53_55.doc
- \old_emp_kit\_payslip2_sarvadaman_kumar_payslip_oct12_27_18_12_50_39.doc
- \old_emp_kit\_payslip2_sarvadaman_payslip_sep(1)12_27_18_11_55_26.doc
- \old_emp_kit\_payslip3_ankush_4_treadbulls_salry_slip_(1)01_02_18_13_44_02.doc
- \old_emp_kit\_payslip3_balu_oct_salary12_22_16_11_07_31.doc
- \old_emp_kit\_photo_jayant_photo04_03_19_17_31_27.doc
- \old_emp_kit\_photo_jayant_photo04_03_19_17_31_53.doc
- \old_emp_kit\_photo_jayant_photo04_03_19_17_33_18.doc
- \old_emp_kit\_photo_tanvi02_20_18_10_21_04.doc
- \webportal\batchdownloads\ftp\scrip\scrip.doc
- \webportal\download\application for dealing or trading in derivatives segment (2).doc
- \webportal\download\commodity\policies of alpha & new kyc\account opening process.doc
- \webportal\download\commodity\policies of alpha & new kyc\risk management policy.doc
- \webportal\download\common\demat\namechange.doc
- \webportal\download\common\demat\no_nomination_request_form.doc
- \webportal\download\common\demat\partner's_undertaking1.doc
- \webportal\download\common\demat\smart-terms-and-conditions-cum-registration-modification-form.doc
- \webportal\download\common\ipo.doc
- \webportal\download\common\it\jaadoomail creation\jaadoo_mail_set_up.doc
- \webportal\download\common\kyc\account_closure.doc
- \webportal\download\common\kyc\activation letter for dealing in nse slb.doc
- \webportal\download\common\mf\registration_form_for_ipo_code.doc
- \webportal\download\common\mf.doc
- \webportal\download\common\rms\intra-day product faqs.doc
- \webportal\download\common\tradesmart@lkp\alpha commodity offline to online letter.doc
- \webportal\download\compliance\exchange circulars\bse\bse bonus issue of finkurve financial services ltd. (scrip code 508954) 19.08.2013.doc
- \webportal\download\compliance\exchange circulars\bse\bse bonus issue of tata teleservices (maharashtra) ltd. scrip code 532371 01.08.2013.doc
- \webportal\download\compliance\exchange circulars\bse\bse bonus issue of torrent pharmaceuticals ltd. 17.07.2013.doc
- \webportal\download\compliance\exchange circulars\bse\bse change in group 26.07.2013.doc
- \webportal\download\compliance\exchange circulars\nse\nse suspension of trading in equity shares & f&o (sterlite ind) 19.08.2013.doc
- \webportal\download\mfcommon\mf forms\arn change form.doc
- \webportal\download\remove tabs from common\las\board resolution lkpf.doc
- \webportal\download\remove tabs from common\las\dp new tariff.doc
- \webportal\download\remove tabs from common\las\lkpf - las account closer letter.doc
- \webportal\download\remove tabs from common\las\poa authorisation letter for huf towards demat account.doc
- \webportal\download\remove tabs from common\las\sms smart-terms-and-conditions-cum-registration-modification-form.doc
- \webportal\download\remove tabs from common\mcx-sx eq registration document\mcx-sx capital & derivatives segment registration documents.doc
- \webportal\intranet_new\cvmimages\1121_01022019.doc
- \webportal\intranet_new\cvmimages\1121_01022020.doc
- \webportal\intranet_new\cvmimages\1121_01032019.doc
- \webportal\intranet_new\cvmimages\1121_01042019.doc
- \webportal\intranet_new\cvmimages\1121_01062019.doc
- \webportal\intranet_new\cvmimages\1121_01062020.doc
- \webportal\intranet_new\cvmimages\1121_01072019.doc
- \webportal\intranet_new\cvmimages\1121_01082019.doc
- \webportal\intranet_new\cvmimages\1121_09042020.doc
- \webportal\intranet_new\cvmimages\1121_30092019.doc
- \webportal\intranet_new\cvmimages\1154_ssms14012020.doc
- \webportal\intranet_new\cvmimages\123456.doc
- \webportal\intranet_new\cvmimages\132_2302.doc
- \webportal\intranet_new\cvmimages\138_rent_april_ro_3.doc
- \webportal\intranet_new\cvmimages\138_rent_april_ro_4.doc
- \webportal\intranet_new\cvmimages\138_rent_april_ro_5.doc
- \webportal\intranet_new\cvmimages\138_rent_july20_ro(2).doc
- \webportal\intranet_new\cvmimages\138_rent_july20_ro(3).doc
- \webportal\intranet_new\cvmimages\138_rent_july20_ro(4).doc
- \webportal\intranet_new\cvmimages\138_rent_july20_ro(5).doc
- \webportal\intranet_new\cvmimages\138_rent_june18_ro_2.doc
- \webportal\intranet_new\cvmimages\138_rent_june18_ro_3.doc
- \webportal\intranet_new\cvmimages\138_rent_june_ro_1.doc
- \webportal\intranet_new\cvmimages\138_rent_june_ro_2.doc
- \webportal\intranet_new\cvmimages\144_rent_may17_ro_(3).doc
- \webportal\intranet_new\cvmimages\144_rent_may17_ro_(4).doc
- \webportal\intranet_new\cvmimages\151_rent_april20_1325.doc
- \webportal\intranet_new\cvmimages\151_rent_aug20_1325.doc
- \webportal\intranet_new\cvmimages\151_rent_feb21_1325.doc
- \webportal\intranet_new\cvmimages\151_rent_july20_1325.doc
- \webportal\intranet_new\cvmimages\151_rent_june18_1325.doc
- \webportal\intranet_new\cvmimages\158_kyc_frank_dec20.doc
- \webportal\intranet_new\cvmimages\158_postam_frank_june16.doc
- \webportal\intranet_new\cvmimages\165_kra_2012-13_02_2083.doc


Note that Nessus has limited the report to 255 files although there
may be more.
11777 - Microsoft Windows SMB Share Hosting Possibly Copyrighted Material
-
Synopsis
The remote host may contain material (movies/audio) infringing copyright.
Description
This plugin displays a list of media files (such as .mp3, .ogg, .mpg, .avi) which have been found on the remote SMB shares.

Some of these files may contain copyrighted materials, such as commercial movies or music files, that are being shared without the owner's permission.

If any of these files actually contain copyrighted material, and if they are freely swapped around, your organization might be held liable for copyright infringement by associations such as the RIAA or the MPAA.
Solution
Delete the files infringing copyright.
Risk Factor
None
Plugin Information
Published: 2003/06/26, Modified: 2012/11/29
Plugin Output

tcp/445/cifs


Here is a list of files which have been found on the remote SMB shares.
Some of these files may contain copyrighted materials, such as commercial
movies or music files.

+ D$ :

\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_17_incoming_09821890003_410_26-09-2024 15-35-48_26-09-2024 15-36-45.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_18_incoming_09821890003_410_16-09-2024 12-50-59_16-09-2024 12-51-29.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_1_out_410_09821890003_03-06-2024 15-32-31_03-06-2024 15-32-48.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_1_out_410_09821890003_06-06-2024 13-11-47_06-06-2024 13-11-59.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_1_out_410_09821890003_07-06-2024 15-53-10_07-06-2024 15-53-43.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_28_incoming_09821890003_410_04-09-2024 11-32-14_04-09-2024 11-32-45.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_31_out_210_09821890003_12-06-2024 11-22-53_12-06-2024 11-23-55.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_31_out_210_09821890003_12-06-2024 14-51-00_12-06-2024 14-51-42.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_31_out_210_09821890003_13-06-2024 09-44-00_13-06-2024 09-44-18.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_31_out_210_09821890003_13-06-2024 11-03-09_13-06-2024 11-03-25.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_31_out_210_09821890003_13-06-2024 15-37-42_13-06-2024 15-38-22.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_31_out_210_09821890003_14-06-2024 12-22-38_14-06-2024 12-23-14.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_31_out_210_09821890003_14-06-2024 13-28-56_14-06-2024 13-29-32.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_31_out_210_09821890003_14-06-2024 14-46-20_14-06-2024 14-47-06.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_31_out_210_09821890003_24-06-2024 15-34-07_24-06-2024 15-34-46.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_31_out_210_09821890003_25-06-2024 12-43-03_25-06-2024 12-43-49.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_31_out_210_09821890003_26-06-2024 15-49-00_26-06-2024 15-49-41.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_31_out_210_09821890003_27-06-2024 15-47-19_27-06-2024 15-47-39.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_31_out_210_09821890003_28-06-2024 13-23-18_28-06-2024 13-23-48.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_31_out_281_09821890003_14-06-2024 15-20-39_14-06-2024 15-21-09.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_31_out_293_09821890003_26-06-2024 10-39-08_26-06-2024 10-39-55.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_32_miss_09821890003_293_29-07-2024 09-12-57_29-07-2024 09-12-67.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_33_out_210_09821890003_07-06-2024 12-30-46_07-06-2024 12-32-11.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_33_out_210_09821890003_07-06-2024 13-49-56_07-06-2024 13-50-29.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_33_out_210_09821890003_12-06-2024 11-24-07_12-06-2024 11-24-29.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_33_out_210_09821890003_12-06-2024 12-06-50_12-06-2024 12-07-27.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_33_out_210_09821890003_12-06-2024 14-04-00_12-06-2024 14-04-14.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_33_out_210_09821890003_14-06-2024 15-46-29_14-06-2024 15-47-50.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_33_out_210_09821890003_18-06-2024 14-35-11_18-06-2024 14-35-32.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_33_out_210_09821890003_18-06-2024 15-59-58_18-06-2024 16-01-15.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_34_incoming_09821890003_210_19-06-2024 11-38-56_19-06-2024 11-39-30.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_34_out_210_09821890003_13-06-2024 12-23-33_13-06-2024 12-24-08.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_34_out_210_09821890003_13-06-2024 13-43-53_13-06-2024 13-44-35.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_34_out_210_09821890003_14-06-2024 10-49-33_14-06-2024 10-50-24.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_34_out_210_09821890003_14-06-2024 12-14-59_14-06-2024 12-16-06.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_34_out_210_09821890003_18-06-2024 13-02-26_18-06-2024 13-03-06.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_34_out_210_09821890003_19-06-2024 12-45-20_19-06-2024 12-46-05.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_34_out_210_09821890003_20-06-2024 13-09-05_20-06-2024 13-09-26.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_35_incoming_09821890003_210_23-09-2024 14-32-59_23-09-2024 14-33-31.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_35_incoming_09821890003_210_27-09-2024 13-32-10_27-09-2024 13-32-20.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_35_incoming_09821890003_210_30-09-2024 14-05-06_30-09-2024 14-05-37.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_35_out_210_09821890003_05-09-2024 14-05-30_05-09-2024 14-05-43.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_35_out_210_09821890003_07-10-2024 14-42-34_07-10-2024 14-43-46.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_35_out_210_09821890003_09-09-2024 12-15-19_09-09-2024 12-15-57.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_35_out_210_09821890003_09-09-2024 14-08-31_09-09-2024 14-09-06.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_35_out_210_09821890003_10-09-2024 11-42-11_10-09-2024 11-42-21.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_35_out_210_09821890003_18-06-2024 13-16-08_18-06-2024 13-16-35.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_35_out_210_09821890003_18-06-2024 13-23-32_18-06-2024 13-24-00.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_35_out_210_09821890003_19-06-2024 11-38-22_19-06-2024 11-38-35.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_35_out_210_09821890003_19-06-2024 15-45-04_19-06-2024 15-46-09.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_35_out_210_09821890003_20-06-2024 13-51-02_20-06-2024 13-51-58.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_35_out_210_09821890003_20-08-2024 11-04-10_20-08-2024 11-04-52.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_35_out_210_09821890003_20-08-2024 11-26-26_20-08-2024 11-26-40.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_35_out_210_09821890003_24-06-2024 10-11-33_24-06-2024 10-12-06.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_35_out_210_09821890003_30-09-2024 14-13-12_30-09-2024 14-14-06.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_37_out_210_09821890003_19-06-2024 10-32-14_19-06-2024 10-32-56.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_37_out_210_09821890003_20-06-2024 15-34-37_20-06-2024 15-34-51.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_37_out_210_09821890003_24-06-2024 12-46-18_24-06-2024 12-46-38.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_38_incoming_09821890003_210_12-09-2024 12-36-17_12-09-2024 12-36-33.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_38_out_210_09821890003_10-09-2024 11-16-17_10-09-2024 11-16-54.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_38_out_210_09821890003_11-09-2024 12-40-55_11-09-2024 12-41-14.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_38_out_210_09821890003_11-09-2024 14-53-06_11-09-2024 14-53-23.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_39_incoming_09821890003_210_24-06-2024 10-50-20_24-06-2024 10-50-56.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_39_incoming_09821890003_210_25-06-2024 15-33-43_25-06-2024 15-34-21.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_39_incoming_09821890003_210_27-06-2024 15-47-53_27-06-2024 15-47-58.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_39_out_210_09821890003_16-08-2024 16-09-29_16-08-2024 16-09-59.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_40_incoming_09821890003_210_06-06-2024 13-20-53_06-06-2024 13-21-44.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_40_out_210_09821890003_06-06-2024 13-18-57_06-06-2024 13-19-32.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_40_out_210_09821890003_11-06-2024 15-39-53_11-06-2024 15-40-34.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_41_incoming_09821890003_210_13-06-2024 10-57-27_13-06-2024 10-57-38.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_42_out_210_09821890003_03-06-2024 13-25-55_03-06-2024 13-26-35.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_42_out_210_09821890003_03-09-2024 15-21-28_03-09-2024 15-21-50.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_42_out_210_09821890003_04-06-2024 12-13-25_04-06-2024 12-13-55.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_42_out_210_09821890003_10-06-2024 13-04-38_10-06-2024 13-05-32.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_42_out_210_09821890003_20-08-2024 11-10-02_20-08-2024 11-10-11.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_43_incoming_09821890003_210_04-09-2024 14-22-04_04-09-2024 14-22-33.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_43_out_210_09821890003_05-09-2024 14-27-13_05-09-2024 14-27-51.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_43_out_210_09821890003_16-08-2024 14-00-38_16-08-2024 14-01-01.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_46_incoming_09821890003_210_19-06-2024 10-23-24_19-06-2024 10-23-34.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_46_incoming_09821890003_210_24-06-2024 12-04-40_24-06-2024 12-04-51.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_46_incoming_09821890003_210_25-06-2024 10-12-41_25-06-2024 10-13-04.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_46_out_210_09821890003_05-09-2024 14-41-13_05-09-2024 14-41-38.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_46_out_210_09821890003_16-08-2024 15-42-45_16-08-2024 15-42-56.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_46_out_210_09821890003_28-03-2024 12-19-43_28-03-2024 12-20-00.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_46_out_210_09821890003_29-08-2024 10-33-18_29-08-2024 10-33-33.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_47_incoming_09821890003_210_12-09-2024 13-46-22_12-09-2024 13-47-21.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_47_out_210_09821890003_12-09-2024 12-35-53_12-09-2024 12-36-02.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_47_out_210_09821890003_16-08-2024 14-59-05_16-08-2024 14-59-36.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_47_out_210_09821890003_20-08-2024 13-29-16_20-08-2024 13-29-49.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_47_out_210_09821890003_20-09-2024 10-39-38_20-09-2024 10-40-02.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_47_out_210_09821890003_23-09-2024 11-19-31_23-09-2024 11-19-59.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_47_out_210_09821890003_23-09-2024 11-58-01_23-09-2024 11-58-37.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_47_out_210_09821890003_27-09-2024 11-46-44_27-09-2024 11-47-16.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_47_out_210_09821890003_30-09-2024 10-46-11_30-09-2024 10-47-18.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_49_incoming_09821890003_210_26-09-2024 15-05-06_26-09-2024 15-05-46.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_49_out_210_09821890003_11-09-2024 11-12-41_11-09-2024 11-12-53.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_49_out_210_09821890003_12-09-2024 12-08-33_12-09-2024 12-09-02.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_49_out_210_09821890003_13-09-2024 11-52-19_13-09-2024 11-52-32.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_49_out_210_09821890003_13-09-2024 12-09-12_13-09-2024 12-09-33.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_49_out_210_09821890003_24-09-2024 13-13-38_24-09-2024 13-14-27.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_49_out_210_09821890003_25-09-2024 15-00-34_25-09-2024 15-01-07.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_49_out_210_09821890003_25-09-2024 15-44-26_25-09-2024 15-44-57.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_51_out_210_09821890003_03-06-2024 15-46-03_03-06-2024 15-47-08.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_52_incoming_09821890003_210_05-06-2024 09-30-43_05-06-2024 09-31-39.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_52_incoming_09821890003_210_25-06-2024 11-41-24_25-06-2024 11-41-38.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_52_out_210_09821890003_03-06-2024 13-47-52_03-06-2024 13-49-02.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_52_out_210_09821890003_04-06-2024 11-03-33_04-06-2024 11-03-54.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_52_out_210_09821890003_04-06-2024 12-05-24_04-06-2024 12-05-53.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_52_out_210_09821890003_11-06-2024 14-48-23_11-06-2024 14-49-16.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_53_incoming_09821890003_210_12-06-2024 09-26-17_12-06-2024 09-26-40.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_53_out_210_09821890003_25-09-2024 11-49-25_25-09-2024 11-50-03.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_53_out_210_09821890003_26-09-2024 15-45-33_26-09-2024 15-46-00.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_53_out_210_09821890003_28-08-2024 12-46-36_28-08-2024 12-47-07.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_53_out_210_09821890003_29-08-2024 11-31-44_29-08-2024 11-32-14.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_54_incoming_09821890003_210_16-08-2024 16-06-42_16-08-2024 16-07-15.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_54_incoming_09821890003_210_24-09-2024 13-11-31_24-09-2024 13-11-59.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_54_incoming_09821890003_210_27-09-2024 10-21-39_27-09-2024 10-22-12.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_54_out_210_09821890003_03-09-2024 13-15-45_03-09-2024 13-16-17.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_54_out_210_09821890003_27-09-2024 14-32-36_27-09-2024 14-33-08.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_55_incoming_09821890003_210_21-06-2024 13-44-07_21-06-2024 13-44-19.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_55_incoming_09821890003_210_24-06-2024 13-59-40_24-06-2024 13-59-49.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_56_incoming_09821890003_210_04-06-2024 11-08-04_04-06-2024 11-08-41.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_56_incoming_09821890003_210_04-06-2024 12-00-32_04-06-2024 12-00-47.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_56_incoming_09821890003_210_06-06-2024 09-36-00_06-06-2024 09-36-25.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_56_incoming_09821890003_210_10-09-2024 11-47-34_10-09-2024 11-47-43.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_56_incoming_09821890003_210_11-06-2024 13-39-19_11-06-2024 13-39-34.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_58_incoming_09821890003_210_27-06-2024 10-31-04_27-06-2024 10-31-25.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_59_incoming_09821890003_210_14-06-2024 11-59-15_14-06-2024 11-59-52.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_59_incoming_09821890003_210_25-06-2024 13-07-40_25-06-2024 13-07-54.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_59_out_210_09821890003_03-06-2024 13-22-02_03-06-2024 13-22-26.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_59_out_210_09821890003_03-06-2024 15-55-56_03-06-2024 15-56-21.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_59_out_210_09821890003_04-06-2024 11-00-52_04-06-2024 11-01-19.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_5_out_410_09821890003_04-09-2024 10-09-56_04-09-2024 10-10-11.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_5_out_410_09821890003_04-09-2024 10-40-20_04-09-2024 10-40-48.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_5_out_410_09821890003_20-08-2024 10-51-51_20-08-2024 10-52-13.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_5_out_410_09821890003_20-09-2024 13-28-57_20-09-2024 13-29-32.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_5_out_410_09821890003_23-09-2024 14-53-58_23-09-2024 14-54-53.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_5_out_410_09821890003_26-09-2024 15-30-35_26-09-2024 15-30-51.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_5_out_410_09821890003_30-09-2024 11-13-58_30-09-2024 11-14-25.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_60_incoming_09821890003_210_03-09-2024 14-24-56_03-09-2024 14-25-27.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_60_incoming_09821890003_210_10-09-2024 11-47-49_10-09-2024 11-47-58.mp3
\$recycle.bin\s-1-5-21-3087833412-113499397-355877213-1000\$r2asy0g\d_60_incoming_09821890003_210_24-09-2024 11-32-14_24-09-2024 11-33-09.mp3
\webportal\intranet\e-induction-1\story_content\5vywmlfnylz_22050_64.mp3
\webportal\intranet\e-induction-1\story_content\5w3pwhcnie2_22050_64.mp3
\webportal\intranet\e-induction-1\story_content\5yxnkezkh4f_22050_64.mp3
\webportal\intranet\e-induction-1\story_content\5yz0189rwsa_22050_64.mp3
\webportal\intranet\e-induction-1\story_content\6bdko2ywwgz_22050_64.mp3
\webportal\intranet\e-induction-1\story_content\6crmp6h5va8_22050_64.mp3
\webportal\intranet\e-induction-1\story_content\6dzxjuth0p6_22050_64.mp3
\webportal\intranet\e-induction-1\story_content\6jsjfcykryn_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5be0nxljjvt_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5bg2bmptmid_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5blsjlnvc46_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5bmukwtwzkj_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5bs48qnwovt_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5bsacbdgbh2_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5bva3z7ozut_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5byotpithux_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5e2f7evofkv_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5e9tgmnuwh7_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5ebf0netary_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5fckzhceuao_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5ffg0aadunu_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5fjimutkshb_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5fkrpsgtokg_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5fu2ofbf7wm_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5jin9dwaqrj_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5jkzoitizlw_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5jma6wwbtni_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5jucyjt9ack_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5jw5n9hokhf_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5khqdvbnqqa_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5knkn9mrzsc_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5knraa0qt3m_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5micri6klad_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5moos8kuxni_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5ncpespjgae_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5njbsalza4g_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5njel4sis7j_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5nle9o4yshj_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5noiuvovwzs_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5nqkm6ryrrn_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5qroou35wd9_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5qsoatisnct_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5qwjszv21nm_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5qzvvd49z3q_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5r3knjjulnr_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5rbxpv9iyit_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5rr9yqvvjsa_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5sjghtnvnuz_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5wl6zmj0cgr_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5wlijt0r54r_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5wmcsyuu3it_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5wsht56mctq_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5wulxjvjgzn_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5wyauqrp4ds_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5wznvecsw9f_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5x7tw72zo17_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5y7hsp0clia_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5y8gbap1o4l_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5ybtwjbpfut_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5yedqf01lk3_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5yepdkqbtcc_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5ylxovlezle_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5ympzwhpqg7_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\5ynd49uxuuu_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\62ejk7zurrb_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\62nbrabnzbq_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\63gpe3ch7lj_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\63hcdawrthy_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\63odfjguaeb_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\63pqnkl66gn_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\63q3tgikten_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\63vqnaknhda_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\67inm36lezg_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\686jrqdxgjd_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\68cvox1xvro_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\68micmgxlwc_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\68wbrplooe5_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\69hx9sovys7_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\69ivgiedc6b_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\69kb2qj7geg_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6azgeyb3h0j_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6b2xku14vpf_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6b60mqza121_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6b94ubni8iu_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6bc22sqysee_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6bfyn5sm4ir_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6biz27wgvco_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6bjcfje61hz_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6dbffjnq1sk_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6ddiwwpiduk_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6dezgeqz6ik_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6dh2pw5tnhs_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6difznfcwix_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6dlin5shhau_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6dncf9rxpvv_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6dnojlacp9a_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6ewhvlvfoa2_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6exd2kkyl5f_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6f0aex8pgl2_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6f5gwys6s7b_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6fcibwpcv5o_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6fdu4kcdlln_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6ffzwm0ohdv_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6fg6ftqxcq5_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6gkjbzctbmo_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6gtfqiauufi_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6h4m0i51ey5_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6h6hmckyxkx_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6h8knymttsl_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6h9mpyd9k8w_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6hc94upyvwr_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6hkkvrrlfq8_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6iz0ppgqbb5_22050_64.mp3
\webportal\intranet\e-induction-2\story_content\6jdmviqoxlh_22050_64.mp3

60119 - Microsoft Windows SMB Share Permissions Enumeration
-
Synopsis
It was possible to enumerate the permissions of remote network shares.
Description
By using the supplied credentials, Nessus was able to enumerate the permissions of network shares. User permissions are enumerated for each network share that has a list of access control entries (ACEs).
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2012/07/25, Modified: 2022/08/11
Plugin Output

tcp/445/cifs


Share path : \\MUMPORTAL001\CDSL_AllocationFile$
Local path : D:\FileUpload\CDSL_AllocationFile
[*] Allow ACE for MUMPORTAL001\Production (S-1-5-21-3087833412-113499397-355877213-500): 0x001f01ff
MAXIMUM_ALLOWED: NO
FILE_TRAVERSE: YES
FILE_GENERIC_READ: YES
STANDARD_RIGHTS_ALL: YES
ACCESS_ALL: YES
FILE_LIST_DIRECTORY: YES
GENERIC_ALL: NO
FILE_DELETE_CHILD: YES
ACCESS_SYSTEM_SECURITY: NO
FILE_WRITE_EA: YES
FILE_ADD_FILE: YES
FILE_READ_EA: YES
FILE_READ_ATTRIBUTES: YES
STANDARD_RIGHTS_EXECUTE: YES
FILE_ALL_ACCESS: YES
GENERIC_READ: NO
WRITE_DAC: YES
DELETE: YES
ACCESS_GROUP: NO
STANDARD_RIGHTS_REQUIRED: YES
WRITE_OWNER: YES
FILE_GENERIC_EXECUTE: YES
GENERIC_WRITE: NO
SYNCHRONIZE: YES
FILE_GENERIC_WRITE: YES
FILE_CREATE_PIPE_INSTANCE: YES
FILE_WRITE_ATTRIBUTES: YES
[*] Allow ACE for MUMPORTAL001\sahil (S-1-5-21-3087833412-113499397-355877213-1015): 0x001f01ff
MAXIMUM_ALLOWED: NO
FILE_TRAVERSE: YES
FILE_GENERIC_READ: YES
STANDARD_RIGHTS_ALL: YES
ACCESS_ALL: YES
FILE_LIST_DIRECTORY: YES
GENERIC_ALL: NO
FILE_DELETE_CHILD: YES
ACCESS_SYSTEM_SECURITY: NO
FILE_WRITE_EA: YES
FILE_ADD_FILE: YES
FILE_READ_EA: YES
FILE_READ_ATTRIBUTES: YES
STANDARD_RIGHTS_EXECUTE: YES
FILE_ALL_ACCESS: YES
GENERIC_READ: NO
WRITE_DAC: YES
DELETE: YES
ACCESS_GROUP: NO
STANDARD_RIGHTS_REQUIRED: YES
WRITE_OWNER: YES
FILE_GENERIC_EXECUTE: YES
GENERIC_WRITE: NO
SYNCHRONIZE: YES
FILE_GENERIC_WRITE: YES
FILE_CREATE_PIPE_INSTANCE: YES
FILE_WRITE_ATTRIBUTES: YES

Share path : \\MUMPORTAL001\FileUpload
Local path : D:\FileUpload
[*] Allow ACE for MUMPORTAL001\CommonProduction (S-1-5-21-3087833412-113499397-355877213-1022): 0x001f01ff
MAXIMUM_ALLOWED: NO
FILE_TRAVERSE: YES
FILE_GENERIC_READ: YES
STANDARD_RIGHTS_ALL: YES
ACCESS_ALL: YES
FILE_LIST_DIRECTORY: YES
GENERIC_ALL: NO
FILE_DELETE_CHILD: YES
ACCESS_SYSTEM_SECURITY: NO
FILE_WRITE_EA: YES
FILE_ADD_FILE: YES
FILE_READ_EA: YES
FILE_READ_ATTRIBUTES: YES
STANDARD_RIGHTS_EXECUTE: YES
FILE_ALL_ACCESS: YES
GENERIC_READ: NO
WRITE_DAC: YES
DELETE: YES
ACCESS_GROUP: NO
STANDARD_RIGHTS_REQUIRED: YES
WRITE_OWNER: YES
FILE_GENERIC_EXECUTE: YES
GENERIC_WRITE: NO
SYNCHRONIZE: YES
FILE_GENERIC_WRITE: YES
FILE_CREATE_PIPE_INSTANCE: YES
FILE_WRITE_ATTRIBUTES: YES
[*] Allow ACE for MUMPORTAL001\Production (S-1-5-21-3087833412-113499397-355877213-500): 0x001f01ff
MAXIMUM_ALLOWED: NO
FILE_TRAVERSE: YES
FILE_GENERIC_READ: YES
STANDARD_RIGHTS_ALL: YES
ACCESS_ALL: YES
FILE_LIST_DIRECTORY: YES
GENERIC_ALL: NO
FILE_DELETE_CHILD: YES
ACCESS_SYSTEM_SECURITY: NO
FILE_WRITE_EA: YES
FILE_ADD_FILE: YES
FILE_READ_EA: YES
FILE_READ_ATTRIBUTES: YES
STANDARD_RIGHTS_EXECUTE: YES
FILE_ALL_ACCESS: YES
GENERIC_READ: NO
WRITE_DAC: YES
DELETE: YES
ACCESS_GROUP: NO
STANDARD_RIGHTS_REQUIRED: YES
WRITE_OWNER: YES
FILE_GENERIC_EXECUTE: YES
GENERIC_WRITE: NO
SYNCHRONIZE: YES
FILE_GENERIC_WRITE: YES
FILE_CREATE_PIPE_INSTANCE: YES
FILE_WRITE_ATTRIBUTES: YES

Share path : \\MUMPORTAL001\RMS2$
Local path : D:\RMS2
[*] Allow ACE for MUMPORTAL001\RMS (S-1-5-21-3087833412-113499397-355877213-1017): 0x001f01ff
MAXIMUM_ALLOWED: NO
FILE_TRAVERSE: YES
FILE_GENERIC_READ: YES
STANDARD_RIGHTS_ALL: YES
ACCESS_ALL: YES
FILE_LIST_DIRECTORY: YES
GENERIC_ALL: NO
FILE_DELETE_CHILD: YES
ACCESS_SYSTEM_SECURITY: NO
FILE_WRITE_EA: YES
FILE_ADD_FILE: YES
FILE_READ_EA: YES
FILE_READ_ATTRIBUTES: YES
STANDARD_RIGHTS_EXECUTE: YES
FILE_ALL_ACCESS: YES
GENERIC_READ: NO
WRITE_DAC: YES
DELETE: YES
ACCESS_GROUP: NO
STANDARD_RIGHTS_REQUIRED: YES
WRITE_OWNER: YES
FILE_GENERIC_EXECUTE: YES
GENERIC_WRITE: NO
SYNCHRONIZE: YES
FILE_GENERIC_WRITE: YES
FILE_CREATE_PIPE_INSTANCE: YES
FILE_WRITE_ATTRIBUTES: YES

Share path : \\MUMPORTAL001\Short_Allocation$
Local path : D:\FileUpload\Short_Allocation
[*] Allow ACE for MUMPORTAL001\Complaince (S-1-5-21-3087833412-113499397-355877213-1018): 0x001f01ff
MAXIMUM_ALLOWED: NO
FILE_TRAVERSE: YES
FILE_GENERIC_READ: YES
STANDARD_RIGHTS_ALL: YES
ACCESS_ALL: YES
FILE_LIST_DIRECTORY: YES
GENERIC_ALL: NO
FILE_DELETE_CHILD: YES
ACCESS_SYSTEM_SECURITY: NO
FILE_WRITE_EA: YES
FILE_ADD_FILE: YES
FILE_READ_EA: YES
FILE_READ_ATTRIBUTES: YES
STANDARD_RIGHTS_EXECUTE: YES
FILE_ALL_ACCESS: YES
GENERIC_READ: NO
WRITE_DAC: YES
DELETE: YES
ACCESS_GROUP: NO
STANDARD_RIGHTS_REQUIRED: YES
WRITE_OWNER: YES
FILE_GENERIC_EXECUTE: YES
GENERIC_WRITE: NO
SYNCHRONIZE: YES
FILE_GENERIC_WRITE: YES
FILE_CREATE_PIPE_INSTANCE: YES
FILE_WRITE_ATTRIBUTES: YES
10396 - Microsoft Windows SMB Shares Access
-
Synopsis
It is possible to access a network share.
Description
The remote has one or more Windows shares that can be accessed through the network with the given credentials.

Depending on the share rights, it may allow an attacker to read / write confidential data.
Solution
To restrict access under Windows, open Explorer, do a right click on each share, go to the 'sharing' tab, and click on 'permissions'.
Risk Factor
None
Plugin Information
Published: 2000/05/09, Modified: 2021/10/04
Plugin Output

tcp/445/cifs


The following shares can be accessed as tidua :

- ADMIN$ - (readable,writable)
+ Content of this share :
..
$Reconfig$
aaRemove.exe
ADFS
appcompat
AppPatch
AppReadiness
assembly
bcastdvr
bfsvc.exe
Boot
bootstat.dat
Branding
CbsTemp
Cluster
CSC
Cursors
debug
DfsrAdmin.exe
DfsrAdmin.exe.config
diagnostics
DigitalLocker
Downloaded Program Files
drivers
DtcInstall.log
ELAMBKUP
en-US
explorer.exe
Fonts
GameBarPresenceWriter
Globalization
Help
HelpPane.exe
hh.exe
iis.log
IME
ImmersiveControlPanel
INF
InfusedApps
Initial.ini
InputMethod
Installer
L2Schemas
LiveKernelReports
Logs
lsasetup.log
Media
mib.bin
Microsoft.NET
Migration
Minidump
MiracastView
ModemLogs
NetworkController
notepad.exe
OCR
ODBC.INI
ODBCINST.INI
Offline Web Pages
Panther
PCHEALTH
Performance
PFRO.log
PLA
PolicyDefinitions
prefetch
PrintDialog
Provisioning
regedit.exe
Registration
RemotePackages
rescache
Resources
SchCache
schemas
security
ServerDataCenter.xml
ServiceProfiles
servicing
Setup
setupact.log
setuperr.log
ShellExperiences
SHELLNEW
SKB
SoftwareDistribution
Speech
Speech_OneCore
splwow64.exe
symbols
System
system.ini

- C$ - (readable,writable)
+ Content of this share :
.rnd
bootmgr
BOOTNXT
Config.Msi
copy_log.txt
cpqsystem
digio-ckyc
Documents and Settings
inetpub
KASPERSKY
KES Unistall
KVRT2020_Data
MSOCache
oracle
pagefile.sys
PerfLogs
Program Files
Program Files (x86)
ProgramData
Recovery
StorageReports
System Volume Information
temp
Users
VS 2008 Shell Redist
WebPortal
Windows

- D$ - (readable,writable)
+ Content of this share :
172.17.100.60
20163411736.INI
2018-19 SQL Webportal DB
AlphaCommWebSite
APRegCodeFileUpload_FileFormat.xlsx
AtomPaynetz
AUTO_BACKUPP2
back
BSETRADE08062021.0RD
Bulk Mail
Bulk Mail - MF
Bulk Mail By Procedure
BulkMailAttachment
cd_span_11062020.csv
CheckJamoonTradeFileOnServer_1
Client_Master_List.csv
CommonAPI
CommonAPI_Test
CommonAPI_Test - 08-10-2025.rar
CommonAPI_Test_20250625.rar
CommonAPI_Test_31-10-2025.rar
CommonAPI_UAT
CommonAPI_W
Common_Core_API
Compliance
Connection_log
currancy 14092021.csv
d$ (172.17.100.60) (W) - Shortcut.lnk
Database
DB.jpg
DP debit & freeze file 21.01.25
DP_Client_Master_List.csv
eKYCDoc
EmployeeKit
ExcelExport
ExportExcel_OnlineNREFile
e_KYCWebsite
fiddler4setup.exe
filebackup
FileDownload
FileUpload
FileUpload20191025.xls
ftp_script.bat
ftp_script_client.bat
ftp_script_client1.bat
GSI6_MUMPORTAL001_production_05_30_2020_23_39_35.zip
HDFC_Live
HDFC_Live_20062022_1219_PS.rar
Hr_EmpWebsite
Hr_EmpWebsite 21 Apr 2022.rar
Hr_EmpWebsite_older
IIS BackUp
IIS Reset Scheduler

- E$ - (readable,writable)
+ Content of this share :
19022019.txt
Bulk Mailer New EXE
C Drive Backup
cert
CMS
Code Backup File
Cscans63
Data (D) - Shortcut.lnk
Database
DATABASE BACKUP
DBBACKUP
Hr_EmpWebsite_14Mar2022_backup
IISCrypto
iis_apppool.JPG
iis_websiter.JPG
LinkedServer.JPG
LIVERISK
MF_Mailer
Single Database
Softwares
SQL Restore
SubBroker
System Volume Information

- F$ - (readable,writable)
+ Content of this share :
API.LKP.NET.IN-Backup 03112022
CommonAPI_Test
Database
DATABASE BACKUP
DBBACKUP
GSI6_MUMPORTAL001_Lkpadmin_06_20_2024_12_29_54.zip
Hr_EmpWebsite 16 Mar 2022
Hr_EmpWebsite 21 Apr 2022
System Volume Information
Web.config
10395 - Microsoft Windows SMB Shares Enumeration
-
Synopsis
It is possible to enumerate remote network shares.
Description
By connecting to the remote host, Nessus was able to enumerate the network share names.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2000/05/09, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


Here are the SMB shares available on the remote host when logged in as tidua:

- ADMIN$
- C$
- CDSL_AllocationFile$
- D$
- E$
- F$
- FileUpload
- IPC$
- RMS2$
- Short_Allocation$
100871 - Microsoft Windows SMB Versions Supported (remote check)
-
Synopsis
It was possible to obtain information about the version of SMB running on the remote host.
Description
Nessus was able to obtain the version of SMB running on the remote host by sending an authentication request to port 139 or 445.

Note that this plugin is a remote check and does not work on agents.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2017/06/19, Modified: 2019/11/22
Plugin Output

tcp/445/cifs


The remote host supports the following versions of SMB :
SMBv1
SMBv2
106716 - Microsoft Windows SMB2 and SMB3 Dialects Supported (remote check)
-
Synopsis
It was possible to obtain information about the dialects of SMB2 and SMB3 available on the remote host.
Description
Nessus was able to obtain the set of SMB2 and SMB3 dialects running on the remote host by sending an authentication request to port 139 or 445.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2018/02/09, Modified: 2020/03/11
Plugin Output

tcp/445/cifs


The remote host supports the following SMB dialects :
_version_ _introduced in windows version_
2.0.2 Windows 2008
2.1 Windows 7
3.0 Windows 8
3.0.2 Windows 8.1
3.1.1 Windows 10

The remote host does NOT support the following SMB dialects :
_version_ _introduced in windows version_
2.2.2 Windows 8 Beta
2.2.4 Windows 8 Beta
3.1 Windows 10

92368 - Microsoft Windows Scripting Host Settings
-
Synopsis
Nessus was able to collect and report the Windows scripting host settings from the remote host.
Description
Nessus was able to collect system and user level Windows scripting host settings from the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output

tcp/0

HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\displaylogo : 1
HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\usewinsafer : 1
HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\silentterminate : 0
HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\activedebugging : 1
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\displaylogo : 1
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\usewinsafer : 1
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\silentterminate : 0
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\activedebugging : 1

Windows scripting host configuration attached.

200493 - Microsoft Windows Start Menu Software Version Enumeration
-
Synopsis
Enumerates Start Menu software versions.
Description
This plugin enumerates the installed software version by interrogating information obtained from various registry entries and files on disk. This plugin provides a best guess at the software version and a confidence level for that version.

Note that the versions detected here do not necessarily indicate the actual installed version nor do they necessarily mean that the application is actually installed on the remote host. In some cases there may be artifacts left behind by uninstallers on the system.
Solution
Remove any applications that are not compliant with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2024/06/13, Modified: 2025/12/15
Plugin Output

tcp/445/cifs

The following software information is available on the remote host :

- Immersive Control Panel.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Immersive Control Panel.lnk
Target : C:\Windows\System32\Control.exe
Version : 10.0.14393.0

- Microsoft Web Platform Installer.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft Web Platform Installer.lnk
Target : C:\Program Files\Microsoft\Web Platform Installer\WebPlatformInstaller.exe
Version : 7.1.51515.0

- MiracastView.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\MiracastView.lnk
Target : C:\Windows\MiracastView\MiracastView.exe
Version : 10.0.14393.0

- Notepad++.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Notepad++.lnk
Target : C:\Program Files (x86)\Notepad++\notepad++.exe
Version : 8.3.3.0

- PrintDialog.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\PrintDialog.lnk
Target : C:\Windows\PrintDialog\PrintDialog.exe
Version : 10.0.14393.0

- Server Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Server Manager.lnk
Target : C:\Windows\system32\ServerManager.exe
Version : 10.0.14393.2608

- Visual Studio 2015.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Visual Studio 2015.lnk
Target : C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
Version : 14.0.25420.1

- Visual Studio Installer.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Visual Studio Installer.lnk
Target : C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe
Version : unknown

- Speech Recognition.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessibility\Speech Recognition.lnk
Target : C:\Windows\Speech\Common\sapisvr.exe
Version : 5.3.19915.0

- Calculator.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Calculator.lnk
Target : C:\Windows\system32\win32calc.exe
Version : 10.0.14393.0

- Math Input Panel.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Math Input Panel.lnk
Target : C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe
Version : 10.0.14393.4169

- Paint.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Paint.lnk
Target : C:\Windows\system32\mspaint.exe
Version : 10.0.14393.4169

- Remote Desktop Connection.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Remote Desktop Connection.lnk
Target : C:\Windows\system32\mstsc.exe
Version : 10.0.14393.4169

- Snipping Tool.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Snipping Tool.lnk
Target : C:\Windows\system32\SnippingTool.exe
Version : 10.0.14393.0

- Steps Recorder.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Steps Recorder.lnk
Target : C:\Windows\system32\psr.exe
Version : 10.0.14393.4169

- Windows Media Player.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Windows Media Player.lnk
Target : C:\Program Files (x86)\Windows Media Player\wmplayer.exe
Version : 12.0.14393.4169

- Wordpad.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Wordpad.lnk
Target : C:\Program Files\Windows NT\Accessories\wordpad.exe
Version : 10.0.14393.4169

- Character Map.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\System Tools\Character Map.lnk
Target : C:\Windows\system32\charmap.exe
Version : 5.2.3668.0

- Windows Server Backup.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\System Tools\Windows Server Backup.lnk
Target : C:\Windows\system32\wbadmin.msc
Version : unknown

- Component Services.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Component Services.lnk
Target : C:\Windows\system32\comexp.msc
Version : unknown

- Computer Management.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Computer Management.lnk
Target : C:\Windows\system32\compmgmt.msc
Version : unknown

- dfrgui.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\dfrgui.lnk
Target : C:\Windows\system32\dfrgui.exe
Version : 10.0.14393.4169

- Disk Cleanup.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Disk Cleanup.lnk
Target : C:\Windows\system32\cleanmgr.exe
Version : 10.0.14393.0

- Event Viewer.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Event Viewer.lnk
Target : C:\Windows\system32\eventvwr.msc
Version : unknown

- IIS Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\IIS Manager.lnk
Target : C:\Windows\system32\inetsrv\InetMgr.exe
Version : 10.0.14393.0

- IIS6 Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\IIS6 Manager.lnk
Target : C:\Windows\system32\inetsrv\InetMgr6.exe
Version : 10.0.14393.0

- iSCSI Initiator.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\iSCSI Initiator.lnk
Target : C:\Windows\system32\iscsicpl.exe
Version : 10.0.14393.0

- Memory Diagnostics Tool.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Memory Diagnostics Tool.lnk
Target : C:\Windows\system32\MdSched.exe
Version : 10.0.14393.0

- Microsoft Azure services.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Microsoft Azure services.lnk
Target : C:\Windows\explorer.exe
Version : 10.0.14393.4169

- ODBC Data Sources (32-bit).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\ODBC Data Sources (32-bit).lnk
Target : C:\Windows\syswow64\odbcad32.exe
Version : 10.0.14393.0

- ODBC Data Sources (64-bit).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\ODBC Data Sources (64-bit).lnk
Target : C:\Windows\system32\odbcad32.exe
Version : 10.0.14393.0

- Performance Monitor.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Performance Monitor.lnk
Target : C:\Windows\system32\perfmon.msc
Version : unknown

- Print Management.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Print Management.lnk
Target : C:\Windows\system32\printmanagement.msc
Version : unknown

- Resource Monitor.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Resource Monitor.lnk
Target : C:\Windows\system32\perfmon.exe
Version : 10.0.14393.4169

- Security Configuration Management.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Security Configuration Management.lnk
Target : C:\Windows\system32\secpol.msc
Version : unknown

- Server Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Server Manager.lnk
Target : C:\Windows\system32\ServerManager.exe
Version : 10.0.14393.2608

- services.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\services.lnk
Target : C:\Windows\system32\services.msc
Version : unknown

- System Configuration.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\System Configuration.lnk
Target : C:\Windows\system32\msconfig.exe
Version : 1.0.0.1

- System Information.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\System Information.lnk
Target : C:\Windows\system32\msinfo32.exe
Version : 10.0.14393.1480

- Task Scheduler.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Task Scheduler.lnk
Target : C:\Windows\system32\taskschd.msc
Version : unknown

- Windows Firewall with Advanced Security.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Windows Firewall with Advanced Security.lnk
Target : C:\Windows\system32\WF.msc
Version : unknown

- Windows Server Backup.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Windows Server Backup.lnk
Target : C:\Windows\system32\wbadmin.msc
Version : unknown

- Azure Data Studio.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Azure Data Studio\Azure Data Studio.lnk
Target : C:\Program Files\Azure Data Studio\azuredatastudio.exe
Version : 1.41.2.0

- Kaspersky Endpoint Security for Windows.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Kaspersky Endpoint Security for Windows\Kaspersky Endpoint Security for Windows.lnk
Target : C:\Program Files (x86)\Kaspersky Lab\KES.12.3.0\avpui.exe
Version : 21.15.8.493

- Expression Blend SDK Documentation.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft Expression\Microsoft Expression Blend SDK\Expression Blend SDK Documentation.lnk
Target : C:\Program Files (x86)\Microsoft SDKs\Expression\Blend\.NETFramework\v4.0\Help\en\.NETFramework40BlendSDK.chm
Version : unknown

- Microsoft Excel 2010.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft Office\Microsoft Excel 2010.lnk
Target : C:\Windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\xlicons.exe
Version : 14.0.7006.1000

- Microsoft OneNote 2010.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft Office\Microsoft OneNote 2010.lnk
Target : C:\Windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\joticon.exe
Version : 14.0.7006.1000

- Microsoft Outlook 2010.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft Office\Microsoft Outlook 2010.lnk
Target : C:\Windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\outicon.exe
Version : 14.0.7006.1000

- Microsoft PowerPoint 2010.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft Office\Microsoft PowerPoint 2010.lnk
Target : C:\Windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\pptico.exe
Version : 14.0.7006.1000

- Microsoft Publisher 2010.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft Office\Microsoft Publisher 2010.lnk
Target : C:\Windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\pubs.exe
Version : 14.0.7006.1000

- Microsoft Word 2010.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft Office\Microsoft Word 2010.lnk
Target : C:\Windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\wordicon.exe
Version : 14.0.7006.1000

- Digital Certificate for VBA Projects.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft Office\Microsoft Office 2010 Tools\Digital Certificate for VBA Projects.lnk
Target : C:\Windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\misc.exe
Version : 14.0.7006.1000

- Microsoft Clip Organizer.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk
Target : C:\Windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\cagicon.exe
Version : 14.0.7006.1000

- Microsoft Office 2010 Language Preferences.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Language Preferences.lnk
Target : C:\Windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\misc.exe
Version : 14.0.7006.1000

- Microsoft Office 2010 Upload Center.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk
Target : C:\Windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\msouc.exe
Version : 14.0.7006.1000

- Microsoft Office Picture Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk
Target : C:\Windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\oisicon.exe
Version : 14.0.7006.1000

- Import and Export Data (64-bit).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2008\Import and Export Data (64-bit).lnk
Target : C:\Program Files\Microsoft SQL Server\100\DTS\Binn\DTSWizard.exe
Version : 2007.100.1600.22

- SQL Server Configuration Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2008\Configuration Tools\SQL Server Configuration Manager.lnk
Target : C:\Windows\SysWOW64\mmc.exe
Version : 10.0.14393.4169

- SQL Server Error and Usage Reporting.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2008\Configuration Tools\SQL Server Error and Usage Reporting.lnk
Target : C:\Program Files\Microsoft SQL Server\100\Shared\SqlWtsn.exe
Version : 10.0.1600.22

- SQL Server Installation Center (64-bit).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2008\Configuration Tools\SQL Server Installation Center (64-bit).lnk
Target : C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x64\LandingPage.exe
Version : 10.0.5500.0

- Report Builder 2.0 Help.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2008 Report Builder 2.0\Report Builder 2.0 Help.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server\Report Builder 2.0\1033\s10ch_rptdesign.chm
Version : unknown

- Report Builder 2.0.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2008 Report Builder 2.0\Report Builder 2.0.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server\Report Builder 2.0\MSReportBuilder.exe
Version : 10.0.1600.60

- Report Builder 3.0 Help.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2012 Report Builder 3.0\Report Builder 3.0 Help.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server\Report Builder 3.0\1033\s11ch_rptdesign.chm
Version : unknown

- Report Builder 3.0.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2012 Report Builder 3.0\Report Builder 3.0.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server\Report Builder 3.0\MSReportBuilder.exe
Version : 11.0.2100.60

- SQL Server 2014 Import and Export Data (32-bit).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\SQL Server 2014 Import and Export Data (32-bit).lnk
Target : C:\Program Files (x86)\Microsoft SQL Server\120\DTS\Binn\DTSWizard.exe
Version : 12.0.6024.0

- SQL Server 2014 Import and Export Data (64-bit).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\SQL Server 2014 Import and Export Data (64-bit).lnk
Target : C:\Program Files\Microsoft SQL Server\120\DTS\Binn\DTSWizard.exe
Version : 12.0.6024.0

- SQL Server 2014 Management Studio.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\SQL Server 2014 Management Studio.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\ManagementStudio\Ssms.exe
Version : 2014.120.6024.0

- Deployment Wizard.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\Analysis Services\Deployment Wizard.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\ManagementStudio\Microsoft.AnalysisServices.Deployment.exe
Version : 12.0.2000.8

- SQL Server 2014 Configuration Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\Configuration Tools\SQL Server 2014 Configuration Manager.lnk
Target : C:\Windows\SysWOW64\mmc.exe
Version : 10.0.14393.4169

- SQL Server 2014 Reporting Services Configuration Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\Configuration Tools\SQL Server 2014 Reporting Services Configuration Manager.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\RSConfigTool.exe
Version : 12.0.6024.0

- SQL Server 2014 Data Quality Client.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\Data Quality Services\SQL Server 2014 Data Quality Client.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\DQ\DataQualityServices.exe
Version : 12.0.2000.8

- Community Projects & Samples.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\Documentation & Community\Community Projects & Samples.lnk
Target :
Version : unknown

- Manage Help Settings.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\Documentation & Community\Manage Help Settings.lnk
Target : C:\Program Files\Microsoft Help Viewer\v1.0\HelpLibManager.exe
Version : 1.0.40219.1

- Resource Center.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\Documentation & Community\Resource Center.lnk
Target :
Version : unknown

- SQL Server Documentation.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\Documentation & Community\SQL Server Documentation.lnk
Target :
Version : unknown

- SQL Server 2014 Data Profile Viewer.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\Integration Services\SQL Server 2014 Data Profile Viewer.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server\120\DTS\Binn\DataProfileViewer.exe
Version : 12.0.2000.8

- SQL Server 2014 Deployment Wizard.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\Integration Services\SQL Server 2014 Deployment Wizard.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server\120\DTS\Binn\ISDeploymentWizard.exe
Version : 12.0.2000.8

- SQL Server 2014 Execute Package Utility.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\Integration Services\SQL Server 2014 Execute Package Utility.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\ManagementStudio\DTExecUI.exe
Version : 12.0.2000.8

- SQL Server 2014 Project Conversion Wizard.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\Integration Services\SQL Server 2014 Project Conversion Wizard.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server\120\DTS\Binn\ISProjectWizard.exe
Version : 12.0.2000.8

- SQL Server 2014 Database Engine Tuning Advisor.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\Performance Tools\SQL Server 2014 Database Engine Tuning Advisor.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\DTASHELL.EXE
Version : 12.0.2000.8

- SQL Server 2014 Profiler.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\Performance Tools\SQL Server 2014 Profiler.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\PROFILER.EXE
Version : 2014.120.6024.0

- SQL Server 2019 Import and Export Data (32-bit).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2019\SQL Server 2019 Import and Export Data (32-bit).lnk
Target : C:\Program Files (x86)\Microsoft SQL Server\150\DTS\Binn\DTSWizard.exe
Version : 15.0.4335.1

- SQL Server 2019 Import and Export Data (64-bit).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2019\SQL Server 2019 Import and Export Data (64-bit).lnk
Target : C:\Program Files\Microsoft SQL Server\150\DTS\Binn\DTSWizard.exe
Version : 15.0.4335.1

- SQL Server 2019 Configuration Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2019\Configuration Tools\SQL Server 2019 Configuration Manager.lnk
Target : C:\Windows\SysWOW64\mmc.exe
Version : 10.0.14393.4169

- SQL Server 2019 Error and Usage Reporting.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2019\Configuration Tools\SQL Server 2019 Error and Usage Reporting.lnk
Target : C:\Program Files\Microsoft SQL Server\150\Shared\SqlWtsn.exe
Version : 15.0.2000.5

- SQL Server 2019 Installation Center (64-bit).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2019\Configuration Tools\SQL Server 2019 Installation Center (64-bit).lnk
Target : C:\Program Files\Microsoft SQL Server\150\Setup Bootstrap\SQL2019\x64\LandingPage.exe
Version : 15.0.4335.1

- SQL Server 2019 Data Quality Client.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2019\Data Quality Services\SQL Server 2019 Data Quality Client.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server\150\Tools\Binn\DQ\DataQualityServices.exe
Version : 15.0.2000.5

- SQL Server 2019 Data Quality Server Installer.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2019\Data Quality Services\SQL Server 2019 Data Quality Server Installer.lnk
Target : C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\DQSInstaller.exe
Version : 15.0.2000.5

- Analysis Services Deployment Wizard 19.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server Tools 19\Analysis Services Deployment Wizard 19.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server Management Studio 19\Common7\IDE\Microsoft.AnalysisServices.Deployment.exe
Version : 16.0.19993.0

- SQL Server Management Studio Management Studio 19.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server Tools 19\SQL Server Management Studio Management Studio 19.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server Management Studio 19\Common7\IDE\Ssms.exe
Version : 2023.160.20209.0

- Database Engine Tuning Advisor 19.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server Tools 19\Performance Tools\Database Engine Tuning Advisor 19.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server Management Studio 19\Common7\DTASHELL.EXE
Version : 16.200.20209.0

- SQL Server Profiler 19.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server Tools 19\Performance Tools\SQL Server Profiler 19.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server Management Studio 19\Common7\PROFILER.EXE
Version : 2022.160.4001.1

- Getting Started with the Microsoft Visual Studio 2010 SDK SP1.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft Visual Studio 2010 SDK SP1\Getting Started with the Microsoft Visual Studio 2010 SDK SP1.lnk
Target : C:\Program Files (x86)\Microsoft Visual Studio 2010 SDK SP1\Getting Started with the Microsoft Visual Studio 2010 SDK SP1.htm
Version : unknown

- Reset the Microsoft Visual Studio 2010 SP1 Experimental instance.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft Visual Studio 2010 SDK SP1\Tools\Reset the Microsoft Visual Studio 2010 SP1 Experimental instance.lnk
Target : C:\Windows\system32\Cmd.exe
Version : 10.0.14393.0

- Start Experimental Instance of Microsoft Visual Studio 2010 SP1.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft Visual Studio 2010 SDK SP1\Tools\Start Experimental Instance of Microsoft Visual Studio 2010 SP1.lnk
Target : C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe
Version : 10.0.40219.1

- Visual Studio 2012.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft Visual Studio 2012\Visual Studio 2012.lnk
Target : C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
Version : 11.0.61219.0

- Notepad++.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Notepad++\Notepad++.lnk
Target : C:\Program Files (x86)\Notepad++\notepad++.exe
Version : 8.3.3.0

- Oracle Data Provider for .NET Developer's Guide.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Oracle - OraDb10g_home1\Application Development\Oracle Data Provider for .NET Developer's Guide.lnk
Target : C:\oracle\product\10.2.0\db_1\ODP.NET\doc\OdpNet.pdf
Version : unknown

- Oracle Data Provider for .NET Readme.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Oracle - OraDb10g_home1\Application Development\Oracle Data Provider for .NET Readme.lnk
Target : C:\oracle\product\10.2.0\db_1\ODP.NET\doc\readme.txt
Version : unknown

- Oracle ODBC Help.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Oracle - OraDb10g_home1\Application Development\Oracle ODBC Help.lnk
Target : C:\Windows\hh.exe
Version : 10.0.14393.0

- OraOLEDB Readme.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Oracle - OraDb10g_home1\Application Development\OraOLEDB Readme.lnk
Target : C:\Windows\system32\notepad.exe
Version : 10.0.14393.4169

- SQL Plus.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Oracle - OraDb10g_home1\Application Development\SQL Plus.lnk
Target : C:\oracle\product\10.2.0\db_1\BIN\sqlplusw.exe
Version : 0.0.0.0

- Administration Assistant for Windows.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Oracle - OraDb10g_home1\Configuration and Migration Tools\Administration Assistant for Windows.lnk
Target : C:\oracle\product\10.2.0\db_1\MMC Snap-Ins\ORAMMC10.exe
Version : 10.2.0.4

- Database Configuration Assistant.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Oracle - OraDb10g_home1\Configuration and Migration Tools\Database Configuration Assistant.lnk
Target : C:\oracle\product\10.2.0\db_1\BIN\launch.exe
Version : unknown

- Database Upgrade Assistant.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Oracle - OraDb10g_home1\Configuration and Migration Tools\Database Upgrade Assistant.lnk
Target : C:\oracle\product\10.2.0\db_1\BIN\launch.exe
Version : unknown

- Locale Builder.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Oracle - OraDb10g_home1\Configuration and Migration Tools\Locale Builder.lnk
Target : C:\oracle\product\10.2.0\db_1\BIN\launch.exe
Version : unknown

- Microsoft ODBC Administrator.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Oracle - OraDb10g_home1\Configuration and Migration Tools\Microsoft ODBC Administrator.lnk
Target : C:\Windows\System32\odbcad32.exe
Version : 10.0.14393.0

- Net Configuration Assistant.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Oracle - OraDb10g_home1\Configuration and Migration Tools\Net Configuration Assistant.lnk
Target : C:\oracle\product\10.2.0\db_1\BIN\launch.exe
Version : unknown

- Net Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Oracle - OraDb10g_home1\Configuration and Migration Tools\Net Manager.lnk
Target : C:\oracle\product\10.2.0\db_1\BIN\launch.exe
Version : unknown

- Oracle Directory Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Oracle - OraDb10g_home1\Integrated Management Tools\Oracle Directory Manager.lnk
Target : C:\oracle\product\10.2.0\db_1\BIN\launch.exe
Version : unknown

- Wallet Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Oracle - OraDb10g_home1\Integrated Management Tools\Wallet Manager.lnk
Target : C:\oracle\product\10.2.0\db_1\BIN\launch.exe
Version : unknown

- Universal Installer Concepts Guide.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Oracle - OraDb10g_home1\Oracle Installation Products\Universal Installer Concepts Guide.lnk
Target : C:\oracle\product\10.2.0\db_1\oui\guide\toc.htm
Version : unknown

- Universal Installer.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Oracle - OraDb10g_home1\Oracle Installation Products\Universal Installer.lnk
Target : C:\oracle\product\10.2.0\db_1\oui\bin\setup.exe
Version : unknown

- VNC Address Book.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\RealVNC\VNC Address Book.lnk
Target : C:\Program Files\RealVNC\VNC4\vncaddrbook.exe
Version : 4.6.1.54321

- VNC Server.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\RealVNC\VNC Server.lnk
Target : C:\Program Files\RealVNC\VNC4\winvnc4.exe
Version : 4.6.1.54321

- VNC Viewer.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\RealVNC\VNC Viewer.lnk
Target : C:\Program Files\RealVNC\VNC4\vncviewer.exe
Version : 4.6.1.54321

- Enter VNC Server License Key.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\RealVNC\Advanced\Enter VNC Server License Key.lnk
Target : C:\Program Files\RealVNC\VNC4\vncconfig.exe
Version : 4.6.1.54321

- Start Listening VNC Viewer.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\RealVNC\Advanced\Start Listening VNC Viewer.lnk
Target : C:\Program Files\RealVNC\VNC4\vncviewer.exe
Version : 4.6.1.54321

- VNC Server (User Mode).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\RealVNC\Advanced\VNC Server (User Mode).lnk
Target : C:\Program Files\RealVNC\VNC4\winvnc4.exe
Version : 4.6.1.54321

- Task Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\System Tools\Task Manager.lnk
Target : C:\Windows\system32\taskmgr.exe
Version : 1.0.0.1

- README.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\System Tools\Smart Storage Administrator\README.lnk
Target : C:\Program Files\Smart Storage Administrator\ssa\README.TXT
Version : unknown

- Smart Storage Administrator Preferences.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\System Tools\Smart Storage Administrator\Smart Storage Administrator Preferences.lnk
Target : C:\Program Files\Smart Storage Administrator\ssa\bin\ssaprefs.exe
Version : 2.60.18.0

- Smart Storage Administrator.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\System Tools\Smart Storage Administrator\Smart Storage Administrator.lnk
Target : C:\Program Files\Smart Storage Administrator\ssa\bin\ssaclient.exe
Version : 2.60.18.0

- TreeSize Free (Administrator).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\TreeSize Free\TreeSize Free (Administrator).lnk
Target : C:\Program Files (x86)\JAM Software\TreeSize Free\TreeSizeFree.exe
Version : 4.1.2.407

- TreeSize Free Help.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\TreeSize Free\TreeSize Free Help.lnk
Target : C:\Program Files (x86)\JAM Software\TreeSize Free\TreeSizeFree.chm
Version : unknown

- TreeSize Free.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\TreeSize Free\TreeSize Free.lnk
Target : C:\Program Files (x86)\JAM Software\TreeSize Free\TreeSizeFree.exe
Version : 4.1.2.407

- VMware vCenter Converter Standalone Client.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\VMware\VMware vCenter Converter Standalone Client.lnk
Target : C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\converter.exe
Version : 8.6.1.25023

- start VM Statistics Logging.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\VMware\VMware Tools\start VM Statistics Logging.lnk
Target : C:\Windows\System32\perfmon.msc
Version : unknown

- Console RAR manual.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\WinRAR\Console RAR manual.lnk
Target : C:\Program Files\WinRAR\Rar.txt
Version : unknown

- What is new in the latest version.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\WinRAR\What is new in the latest version.lnk
Target : C:\Program Files\WinRAR\WhatsNew.txt
Version : unknown

- WinRAR help.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\WinRAR\WinRAR help.lnk
Target : C:\Program Files\WinRAR\WinRAR.chm
Version : unknown

- WinRAR.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\WinRAR\WinRAR.lnk
Target : C:\Program Files\WinRAR\WinRAR.exe
Version : 6.0.0.0
58452 - Microsoft Windows Startup Software Enumeration
-
Synopsis
It is possible to enumerate startup software.
Description
This plugin lists software that is configured to run on system startup by crawling the registry entries in :

- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersi on\Run
Solution
Review the list of applications and remove any that are not compliant with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2012/03/23, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


The following startup item was found :

VMware User Process - C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
WScheduler - D:\LKPSOFT\SystemScheduler\WScheduler.exe /LOGON
38153 - Microsoft Windows Summary of Missing Patches
-
Synopsis
The remote host is missing several Microsoft security patches.
Description
This plugin summarizes updates for Microsoft Security Bulletins or Knowledge Base (KB) security updates that have not been installed on the remote Windows host based on the results of either a credentialed check using the supplied credentials or a check done using a supported third-party patch management tool.

Note the results of missing patches also include superseded patches.

Review the summary and apply any missing updates in order to be up to date.
Solution
Run Windows Update on the remote host or use a patch management solution.
Risk Factor
None
Plugin Information
Published: 2009/04/24, Modified: 2019/06/13
Plugin Output

tcp/445/cifs

The patches for the following bulletins or KBs are missing on the remote host :

- MS11-049 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-049 )
- MS11-067 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-067 )
- MS12-021 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-021 )
- MS13-068 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-068 )
- MS13-072 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-072 )
- MS13-073 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-073 )
- MS13-085 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-085 )
- MS13-094 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-094 )
- MS14-001 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-001 )
- MS14-017 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-017 )
- MS14-024 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-024 )
- MS14-081 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-081 )
- MS14-082 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-082 )
- MS14-083 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-083 )
- MS15-012 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-012 )
- MS15-013 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-013 )
- MS15-022 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-022 )
- MS15-033 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-033 )
- MS15-046 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-046 )
- MS15-070 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-070 )
- MS15-081 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-081 )
- MS15-099 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-099 )
- MS15-110 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-110 )
- MS15-116 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-116 )
- MS15-131 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-131 )
- MS16-004 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-004 )
- MS16-015 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-015 )
- MS16-029 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-029 )
- MS16-042 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-042 )
- MS16-054 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-054 )
- MS16-070 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-070 )
- MS16-088 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-088 )
- MS16-099 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-099 )
- MS16-107 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-107 )
- MS16-121 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-121 )
- MS16-133 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-133 )
- MS16-148 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-148 )
- MS17-013 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-013 )
- MS17-014 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-014 )
- KB2589382 ( https://support.microsoft.com/en-us/help/2589382 )
- KB3118388 ( https://support.microsoft.com/en-us/help/3118388 )
- KB3191847 ( https://support.microsoft.com/en-us/help/3191847 )
- KB3118310 ( https://support.microsoft.com/en-us/help/3118310 )
- KB3191843 ( https://support.microsoft.com/en-us/help/3191843 )
- KB3191908 ( https://support.microsoft.com/en-us/help/3191908 )
- KB3203461 ( https://support.microsoft.com/en-us/help/3203461 )
- KB3203464 ( https://support.microsoft.com/en-us/help/3203464 )
- KB3203467 ( https://support.microsoft.com/en-us/help/3203467 )
- KB2956078 ( https://support.microsoft.com/en-us/help/2956078 )
- KB3191907 ( https://support.microsoft.com/en-us/help/3191907 )
- KB3128027 ( https://support.microsoft.com/en-us/help/3128027 )
- KB3141537 ( https://support.microsoft.com/en-us/help/3141537 )
- KB3213626 ( https://support.microsoft.com/en-us/help/3213626 )
- KB4011061 ( https://support.microsoft.com/en-us/help/4011061 )
- KB4011089 ( https://support.microsoft.com/en-us/help/4011089 )
- KB2553338 ( https://support.microsoft.com/en-us/help/2553338 )
- KB2837599 ( https://support.microsoft.com/en-us/help/2837599 )
- KB3213630 ( https://support.microsoft.com/en-us/help/3213630 )
- KB4011196 ( https://support.microsoft.com/en-us/help/4011196 )
- KB4011197 ( https://support.microsoft.com/en-us/help/4011197 )
- KB4011270 ( https://support.microsoft.com/en-us/help/4011270 )
- KB4011618 ( https://support.microsoft.com/en-us/help/4011618 )
- KB4011612 ( https://support.microsoft.com/en-us/help/4011612 )
- KB4011614 ( https://support.microsoft.com/en-us/help/4011614 )
- KB4011273 ( https://support.microsoft.com/en-us/help/4011273 )
- KB4011610 ( https://support.microsoft.com/en-us/help/4011610 )
- KB4011659 ( https://support.microsoft.com/en-us/help/4011659 )
- KB4011660 ( https://support.microsoft.com/en-us/help/4011660 )
- KB4011711 ( https://support.microsoft.com/en-us/help/4011711 )
- KB4011674 ( https://support.microsoft.com/en-us/help/4011674 )
- KB4011675 ( https://support.microsoft.com/en-us/help/4011675 )
- KB4018359 ( https://support.microsoft.com/en-us/help/4018359 )
- KB4018362 ( https://support.microsoft.com/en-us/help/4018362 )
- KB2899590 ( https://support.microsoft.com/en-us/help/2899590 )
- KB4022141 ( https://support.microsoft.com/en-us/help/4022141 )
- KB4022146 ( https://support.microsoft.com/en-us/help/4022146 )
- KB3115197 ( https://support.microsoft.com/en-us/help/3115197 )
- KB3115248 ( https://support.microsoft.com/en-us/help/3115248 )
- KB4011186 ( https://support.microsoft.com/en-us/help/4011186 )
- KB4022199 ( https://support.microsoft.com/en-us/help/4022199 )
- KB4022205 ( https://support.microsoft.com/en-us/help/4022205 )
- KB4022209 ( https://support.microsoft.com/en-us/help/4022209 )
- KB4022202 ( https://support.microsoft.com/en-us/help/4022202 )
- KB3213636 ( https://support.microsoft.com/en-us/help/3213636 )
- KB4018310 ( https://support.microsoft.com/en-us/help/4018310 )
- KB4032222 ( https://support.microsoft.com/en-us/help/4032222 )
- KB4032223 ( https://support.microsoft.com/en-us/help/4032223 )
- KB4346087 ( https://support.microsoft.com/en-us/help/4346087 )
- KB4091664 ( https://support.microsoft.com/en-us/help/4091664 )
- KB4227175 ( https://support.microsoft.com/en-us/help/4227175 )
- KB4092439 ( https://support.microsoft.com/en-us/help/4092439 )
- KB4092482 ( https://support.microsoft.com/en-us/help/4092482 )
- KB4227170 ( https://support.microsoft.com/en-us/help/4227170 )
- KB4461466 ( https://support.microsoft.com/en-us/help/4461466 )
- KB3114565 ( https://support.microsoft.com/en-us/help/3114565 )
- KB4032218 ( https://support.microsoft.com/en-us/help/4032218 )
- KB4461526 ( https://support.microsoft.com/en-us/help/4461526 )
- KB4461529 ( https://support.microsoft.com/en-us/help/4461529 )
- KB4461530 ( https://support.microsoft.com/en-us/help/4461530 )
- KB4461521 ( https://support.microsoft.com/en-us/help/4461521 )
- KB4461570 ( https://support.microsoft.com/en-us/help/4461570 )
- KB4461576 ( https://support.microsoft.com/en-us/help/4461576 )
- KB4461577 ( https://support.microsoft.com/en-us/help/4461577 )
- KB2553332 ( https://support.microsoft.com/en-us/help/2553332 )
- KB4091664 ( https://support.microsoft.com/en-us/help/4091664 )
- KB4461623 ( https://support.microsoft.com/en-us/help/4461623 )
- KB4461625 ( https://support.microsoft.com/en-us/help/4461625 )
- KB4462177 ( https://support.microsoft.com/en-us/help/4462177 )
- KB4462186 ( https://support.microsoft.com/en-us/help/4462186 )
- KB4462230 ( https://support.microsoft.com/en-us/help/4462230 )
- KB4461619 ( https://support.microsoft.com/en-us/help/4461619 )
- KB4462224 ( https://support.microsoft.com/en-us/help/4462224 )
- KB4464572 ( https://support.microsoft.com/en-us/help/4464572 )
- KB4475509 ( https://support.microsoft.com/en-us/help/4475509 )
- KB4475533 ( https://support.microsoft.com/en-us/help/4475533 )
- KB4475573 ( https://support.microsoft.com/en-us/help/4475573 )
- KB4475574 ( https://support.microsoft.com/en-us/help/4475574 )
- KB4475569 ( https://support.microsoft.com/en-us/help/4475569 )
- KB4484130 ( https://support.microsoft.com/en-us/help/4484130 )
- KB4484160 ( https://support.microsoft.com/en-us/help/4484160 )
- KB4484164 ( https://support.microsoft.com/en-us/help/4484164 )
- KB4461613 ( https://support.microsoft.com/en-us/help/4461613 )
- KB4475601 ( https://support.microsoft.com/en-us/help/4475601 )
- KB4484192 ( https://support.microsoft.com/en-us/help/4484192 )
- KB4484196 ( https://support.microsoft.com/en-us/help/4484196 )
- KB4484236 ( https://support.microsoft.com/en-us/help/4484236 )
- KB4484243 ( https://support.microsoft.com/en-us/help/4484243 )
- KB4484163 ( https://support.microsoft.com/en-us/help/4484163 )
- KB4484267 ( https://support.microsoft.com/en-us/help/4484267 )
- KB4484240 ( https://support.microsoft.com/en-us/help/4484240 )
- KB3203462 ( https://support.microsoft.com/en-us/help/3203462 )
- KB4032216 ( https://support.microsoft.com/en-us/help/4032216 )
- KB4484235 ( https://support.microsoft.com/en-us/help/4484235 )
- KB4484266 ( https://support.microsoft.com/en-us/help/4484266 )
- KB4484284 ( https://support.microsoft.com/en-us/help/4484284 )
- KB4484285 ( https://support.microsoft.com/en-us/help/4484285 )
- KB4484295 ( https://support.microsoft.com/en-us/help/4484295 )
- KB4484384 ( https://support.microsoft.com/en-us/help/4484384 )
- KB4484380 ( https://support.microsoft.com/en-us/help/4484380 )
- KB4484415 ( https://support.microsoft.com/en-us/help/4484415 )
- KB4484382 ( https://support.microsoft.com/en-us/help/4484382 )
- KB4484458 ( https://support.microsoft.com/en-us/help/4484458 )
- KB4484375 ( https://support.microsoft.com/en-us/help/4484375 )
- KB4484461 ( https://support.microsoft.com/en-us/help/4484461 )
- KB4484497 ( https://support.microsoft.com/en-us/help/4484497 )
- KB4484532 ( https://support.microsoft.com/en-us/help/4484532 )
- KB4486660 ( https://support.microsoft.com/en-us/help/4486660 )
- KB4486665 ( https://support.microsoft.com/en-us/help/4486665 )
- KB4486663 ( https://support.microsoft.com/en-us/help/4486663 )
- KB4486700 ( https://support.microsoft.com/en-us/help/4486700 )
- KB4486703 ( https://support.microsoft.com/en-us/help/4486703 )
- KB4486707 ( https://support.microsoft.com/en-us/help/4486707 )
- KB4484455 ( https://support.microsoft.com/en-us/help/4484455 )
- KB4486737 ( https://support.microsoft.com/en-us/help/4486737 )
- KB4486740 ( https://support.microsoft.com/en-us/help/4486740 )
- KB4486743 ( https://support.microsoft.com/en-us/help/4486743 )
- KB4484372 ( https://support.microsoft.com/en-us/help/4484372 )
- KB4486742 ( https://support.microsoft.com/en-us/help/4486742 )
- KB4493140 ( https://support.microsoft.com/en-us/help/4493140 )
- KB4493148 ( https://support.microsoft.com/en-us/help/4493148 )
- KB4493145 ( https://support.microsoft.com/en-us/help/4493145 )
- KB4493181 ( https://support.microsoft.com/en-us/help/4493181 )
- KB4493186 ( https://support.microsoft.com/en-us/help/4493186 )
- KB4493222 ( https://support.microsoft.com/en-us/help/4493222 )
- KB4504702 ( https://support.microsoft.com/en-us/help/4504702 )
- KB4504707 ( https://support.microsoft.com/en-us/help/4504707 )
- KB5000803 ( https://support.microsoft.com/en-us/help/5000803 )
- KB2553491 ( https://support.microsoft.com/en-us/help/2553491 )
- KB2589361 ( https://support.microsoft.com/en-us/help/2589361 )
- KB3017810 ( https://support.microsoft.com/en-us/help/3017810 )
- KB4493185 ( https://support.microsoft.com/en-us/help/4493185 )
- KB4493218 ( https://support.microsoft.com/en-us/help/4493218 )
- KB4504738 ( https://support.microsoft.com/en-us/help/4504738 )
- KB4504739 ( https://support.microsoft.com/en-us/help/4504739 )
- KB5001347 ( https://support.microsoft.com/en-us/help/5001347 )
- KB5003197 ( https://support.microsoft.com/en-us/help/5003197 )
- KB5003638 ( https://support.microsoft.com/en-us/help/5003638 )
- KB5004238 ( https://support.microsoft.com/en-us/help/5004238 )
- KB5004948 ( https://support.microsoft.com/en-us/help/5004948 )
- KB5005043 ( https://support.microsoft.com/en-us/help/5005043 )
- KB5005573 ( https://support.microsoft.com/en-us/help/5005573 )
- KB5006669 ( https://support.microsoft.com/en-us/help/5006669 )
- KB5007192 ( https://support.microsoft.com/en-us/help/5007192 )
- KB5008207 ( https://support.microsoft.com/en-us/help/5008207 )
- KB5009546 ( https://support.microsoft.com/en-us/help/5009546 )
- KB5010359 ( https://support.microsoft.com/en-us/help/5010359 )
- KB5011495 ( https://support.microsoft.com/en-us/help/5011495 )
- KB5012596 ( https://support.microsoft.com/en-us/help/5012596 )
- KB5013952 ( https://support.microsoft.com/en-us/help/5013952 )
- KB5014702 ( https://support.microsoft.com/en-us/help/5014702 )
- KB5015808 ( https://support.microsoft.com/en-us/help/5015808 )
- KB5016622 ( https://support.microsoft.com/en-us/help/5016622 )
- KB5017305 ( https://support.microsoft.com/en-us/help/5017305 )
- KB5018411 ( https://support.microsoft.com/en-us/help/5018411 )
- KB5019964 ( https://support.microsoft.com/en-us/help/5019964 )
- KB5021235 ( https://support.microsoft.com/en-us/help/5021235 )
- KB5022289 ( https://support.microsoft.com/en-us/help/5022289 )
- KB5022838 ( https://support.microsoft.com/en-us/help/5022838 )
- KB5023697 ( https://support.microsoft.com/en-us/help/5023697 )
- KB5025228 ( https://support.microsoft.com/en-us/help/5025228 )
- KB5026363 ( https://support.microsoft.com/en-us/help/5026363 )
- KB5027219 ( https://support.microsoft.com/en-us/help/5027219 )
- KB5028169 ( https://support.microsoft.com/en-us/help/5028169 )
- KB5029242 ( https://support.microsoft.com/en-us/help/5029242 )
- KB5030213 ( https://support.microsoft.com/en-us/help/5030213 )
- KB5031362 ( https://support.microsoft.com/en-us/help/5031362 )
- KB5032197 ( https://support.microsoft.com/en-us/help/5032197 )
- KB5033373 ( https://support.microsoft.com/en-us/help/5033373 )
- KB5034119 ( https://support.microsoft.com/en-us/help/5034119 )
- KB5034767 ( https://support.microsoft.com/en-us/help/5034767 )
- KB5035855 ( https://support.microsoft.com/en-us/help/5035855 )
- KB5036899 ( https://support.microsoft.com/en-us/help/5036899 )
- KB5037763 ( https://support.microsoft.com/en-us/help/5037763 )
- KB5039214 ( https://support.microsoft.com/en-us/help/5039214 )
- KB5040434 ( https://support.microsoft.com/en-us/help/5040434 )
- KB5041773 ( https://support.microsoft.com/en-us/help/5041773 )
- KB5043051 ( https://support.microsoft.com/en-us/help/5043051 )
- KB5044293 ( https://support.microsoft.com/en-us/help/5044293 )
- KB5046612 ( https://support.microsoft.com/en-us/help/5046612 )
- KB5048671 ( https://support.microsoft.com/en-us/help/5048671 )
- KB5049993 ( https://support.microsoft.com/en-us/help/5049993 )
- KB5052006 ( https://support.microsoft.com/en-us/help/5052006 )
- KB5053594 ( https://support.microsoft.com/en-us/help/5053594 )
- KB5055521 ( https://support.microsoft.com/en-us/help/5055521 )
- KB5058383 ( https://support.microsoft.com/en-us/help/5058383 )
- KB5061010 ( https://support.microsoft.com/en-us/help/5061010 )
- KB5062560 ( https://support.microsoft.com/en-us/help/5062560 )
- KB5063871 ( https://support.microsoft.com/en-us/help/5063871 )
- KB5065427 ( https://support.microsoft.com/en-us/help/5065427 )
- KB5066836 ( https://support.microsoft.com/en-us/help/5066836 )
- KB5068864 ( https://support.microsoft.com/en-us/help/5068864 )
- KB5071543 ( https://support.microsoft.com/en-us/help/5071543 )

92369 - Microsoft Windows Time Zone Information
-
Synopsis
Nessus was able to collect and report time zone information from the remote host.
Description
Nessus was able to collect time zone information from the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2023/06/06
Plugin Output

tcp/0

HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\TimeZoneKeyName : India Standard Time
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardName : @tzres.dll,-492
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightName : @tzres.dll,-491
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DynamicDaylightTimeDisabled : 0x00000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardBias : 0x00000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightBias : 0xFFFFFFC4
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\Bias : 0xFFFFFEB6
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\ActiveTimeBias : 0xFFFFFEB6
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightStart : 00000000000000000000000000000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardStart : 00000000000000000000000000000000
19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2025/10/29
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.11.1
Nessus build : 20021
Plugin feed version : 202601041845
Scanner edition used : Nessus
Scanner OS : WINDOWS
Scanner distribution : win-x86-64
Scan type : Normal
Scan name : Server 1
Scan policy used : Server
Scanner IP : 172.17.100.38
Port scanner(s) : wmi_netstat
Port range : 1-65535
Ping RTT : Unavailable
Thorough tests : no
Experimental tests : no
Scan for Unpatched Vulnerabilities : yes
Plugin debugging enabled : yes (at debugging level 4)
Paranoia level : 0
Report verbosity : 2
Safe checks : yes
Optimize the test : yes
Credentialed checks : yes, as '172.17.100.60\tidua' via SMB
Patch management checks : None
Display superseded patches : yes (supersedence plugin did not launch)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 5
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2026/1/10 3:04 India Standard Time (UTC +05:30)
Scan duration : 2546 sec
Scan for malware : no
58651 - Netstat Active Connections
-
Synopsis
Active connections are enumerated via the 'netstat' command.
Description
This plugin runs 'netstat' on the remote machine to enumerate all active 'ESTABLISHED' or 'LISTENING' tcp/udp connections.

Note: The output for this plugin can be very long, and is not shown by default. To display it, enable verbose reporting in scan settings.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2012/04/10, Modified: 2021/06/29
Plugin Output

tcp/0


Netstat output :

Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1136
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING 5116
TCP 0.0.0.0:2179 0.0.0.0:0 LISTENING 3716
TCP 0.0.0.0:2383 0.0.0.0:0 LISTENING 5480
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 1288
TCP 0.0.0.0:5800 0.0.0.0:0 LISTENING 4444
TCP 0.0.0.0:5900 0.0.0.0:0 LISTENING 4444
TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 244
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 1360
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 1296
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 2488
TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING 924
TCP 0.0.0.0:49692 0.0.0.0:0 LISTENING 960
TCP 0.0.0.0:49834 0.0.0.0:0 LISTENING 2620
TCP 127.0.0.1:1434 0.0.0.0:0 LISTENING 5116
TCP 127.0.0.1:1550 0.0.0.0:0 LISTENING 7360
TCP 127.0.0.1:1551 0.0.0.0:0 LISTENING 7360
TCP 127.0.0.1:9089 0.0.0.0:0 LISTENING 3212
TCP 127.0.0.1:30523 0.0.0.0:0 LISTENING 7360
TCP 127.0.0.1:42424 0.0.0.0:0 LISTENING 2656
TCP 127.0.0.1:49673 0.0.0.0:0 LISTENING 2692
TCP 127.0.0.1:49752 127.0.0.1:49753 ESTABLISHED 10920
TCP 127.0.0.1:49753 127.0.0.1:49752 ESTABLISHED 10920
TCP 127.0.0.1:49756 0.0.0.0:0 LISTENING 7360
TCP 172.17.100.60:135 172.17.100.38:63394 ESTABLISHED 1136
TCP 172.17.100.60:139 0.0.0.0:0 LISTENING 4
TCP 172.17.100.60:443 114.119.138.130:31307 TIME_WAIT 0
TCP 172.17.100.60:445 172.17.100.38:63393 ESTABLISHED 4
TCP 172.17.100.60:445 192.168.10.234:3285 ESTABLISHED 4
TCP 172.17.100.60:445 192.168.150.60:57211 ESTABLISHED 4
TCP 172.17.100.60:445 192.168.150.67:65479 ESTABLISHED 4
TCP 172.17.100.60:445 192.168.150.102:57506 ESTABLISHED 4
TCP 172.17.100.60:445 192.168.150.102:57507 ESTABLISHED 4
TCP 172.17.100.60:445 192.168.150.102:57508 ESTABLISHED 4
TCP 172.17.100.60:445 192.168.150.102:59640 ESTABLISHED 4
TCP 172.17.100.60:445 192.168.150.118:54449 ESTABLISHED 4
TCP 172.17.100.60:445 192.168.150.152:53427 ESTABLISHED 4
TCP 172.17.100.60:445 192.168.150.154:63843 ESTABLISHED 4
TCP 172.17.100.60:445 192.168.150.157:52967 ESTABLISHED 4
TCP 172.17.100.60:445 192.168.150.238:49429 ESTABLISHED 4
TCP 172.17.100.60:1433 172.17.100.60:49954 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:49955 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:49956 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:49957 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:49958 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:49959 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:49960 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:49961 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:49962 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:49963 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:49964 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:49965 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:49966 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:49967 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:49968 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:49969 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:49970 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:49971 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:49972 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:49973 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:54033 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:54034 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:54035 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:54036 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:54037 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:54038 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:54039 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:54040 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:54041 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:54042 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:54043 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:54044 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:54045 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:54046 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:54047 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:54048 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:54049 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:54050 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:54051 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.60:54052 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:51394 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:51395 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:51396 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:51397 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:51398 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:51399 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:51400 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:51401 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:51402 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:51403 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:51404 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:51405 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:51406 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:51407 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:51408 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:51409 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:51410 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:51411 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:51412 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:51413 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60835 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60836 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60837 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60838 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60839 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60840 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60841 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60842 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60843 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60844 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60845 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60846 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60847 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60848 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60849 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60850 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60851 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60852 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60853 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60854 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60896 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60897 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60898 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60899 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60900 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60901 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60902 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60903 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60904 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60905 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60906 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60907 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60908 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60909 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60910 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60911 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60912 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60913 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60914 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:60915 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:63522 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:63523 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:63524 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:63525 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:63526 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:63527 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:63528 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:63529 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:63530 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:63531 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:63532 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:63533 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:63534 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:63535 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:63536 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:63537 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:63538 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:63539 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:63540 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:63541 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:64074 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:64075 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:64076 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:64077 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:64078 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:64079 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:64080 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:64081 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:64082 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:64083 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:64084 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:64085 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:64086 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:64087 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:64088 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:64089 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:64090 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:64091 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:64092 ESTABLISHED 5116
TCP 172.17.100.60:1433 172.17.100.112:64094 ESTABLISHED 5116
TCP 172.17.100.60:1433 192.168.150.57:64355 ESTABLISHED 5116
TCP 172.17.100.60:1433 192.168.150.60:57892 ESTABLISHED 5116
TCP 172.17.100.60:1433 192.168.150.60:57895 ESTABLISHED 5116
TCP 172.17.100.60:1433 192.168.150.154:57415 ESTABLISHED 5116
TCP 172.17.100.60:49666 172.17.100.38:63395 ESTABLISHED 1296
TCP 172.17.100.60:49735 172.17.100.120:445 ESTABLISHED 4
TCP 172.17.100.60:49738 172.17.100.183:445 ESTABLISHED 4
TCP 172.17.100.60:49739 172.17.100.184:445 ESTABLISHED 4
TCP 172.17.100.60:49740 172.17.100.186:445 ESTABLISHED 4
TCP 172.17.100.60:49741 192.168.10.172:445 ESTABLISHED 4
TCP 172.17.100.60:49742 192.168.10.80:445 ESTABLISHED 4
TCP 172.17.100.60:49743 192.168.10.176:445 ESTABLISHED 4
TCP 172.17.100.60:49954 172.17.100.60:1433 ESTABLISHED 10084
TCP 172.17.100.60:49955 172.17.100.60:1433 ESTABLISHED 10084
TCP 172.17.100.60:49956 172.17.100.60:1433 ESTABLISHED 10084
TCP 172.17.100.60:49957 172.17.100.60:1433 ESTABLISHED 10084
TCP 172.17.100.60:49958 172.17.100.60:1433 ESTABLISHED 10084
TCP 172.17.100.60:49959 172.17.100.60:1433 ESTABLISHED 10084
TCP 172.17.100.60:49960 172.17.100.60:1433 ESTABLISHED 10084
TCP 172.17.100.60:49961 172.17.100.60:1433 ESTABLISHED 10084
TCP 172.17.100.60:49962 172.17.100.60:1433 ESTABLISHED 10084
TCP 172.17.100.60:49963 172.17.100.60:1433 ESTABLISHED 10084
TCP 172.17.100.60:49964 172.17.100.60:1433 ESTABLISHED 10084
TCP 172.17.100.60:49965 172.17.100.60:1433 ESTABLISHED 10084
TCP 172.17.100.60:49966 172.17.100.60:1433 ESTABLISHED 10084
TCP 172.17.100.60:49967 172.17.100.60:1433 ESTABLISHED 10084
TCP 172.17.100.60:49968 172.17.100.60:1433 ESTABLISHED 10084
TCP 172.17.100.60:49969 172.17.100.60:1433 ESTABLISHED 10084
TCP 172.17.100.60:49970 172.17.100.60:1433 ESTABLISHED 10084
TCP 172.17.100.60:49971 172.17.100.60:1433 ESTABLISHED 10084
TCP 172.17.100.60:49972 172.17.100.60:1433 ESTABLISHED 10084
TCP 172.17.100.60:49973 172.17.100.60:1433 ESTABLISHED 10084
TCP 172.17.100.60:54033 172.17.100.60:1433 ESTABLISHED 21288
TCP 172.17.100.60:54034 172.17.100.60:1433 ESTABLISHED 21288
TCP 172.17.100.60:54035 172.17.100.60:1433 ESTABLISHED 21288
TCP 172.17.100.60:54036 172.17.100.60:1433 ESTABLISHED 21288
TCP 172.17.100.60:54037 172.17.100.60:1433 ESTABLISHED 21288
TCP 172.17.100.60:54038 172.17.100.60:1433 ESTABLISHED 21288
TCP 172.17.100.60:54039 172.17.100.60:1433 ESTABLISHED 21288
TCP 172.17.100.60:54040 172.17.100.60:1433 ESTABLISHED 21288
TCP 172.17.100.60:54041 172.17.100.60:1433 ESTABLISHED 21288
TCP 172.17.100.60:54042 172.17.100.60:1433 ESTABLISHED 21288
TCP 172.17.100.60:54043 172.17.100.60:1433 ESTABLISHED 21288
TCP 172.17.100.60:54044 172.17.100.60:1433 ESTABLISHED 21288
TCP 172.17.100.60:54045 172.17.100.60:1433 ESTABLISHED 21288
TCP 172.17.100.60:54046 172.17.100.60:1433 ESTABLISHED 21288
TCP 172.17.100.60:54047 172.17.100.60:1433 ESTABLISHED 21288
TCP 172.17.100.60:54048 172.17.100.60:1433 ESTABLISHED 21288
TCP 172.17.100.60:54049 172.17.100.60:1433 ESTABLISHED 21288
TCP 172.17.100.60:54050 172.17.100.60:1433 ESTABLISHED 21288
TCP 172.17.100.60:54051 172.17.100.60:1433 ESTABLISHED 21288
TCP 172.17.100.60:54052 172.17.100.60:1433 ESTABLISHED 21288
TCP 172.17.100.60:55150 4.213.25.242:443 ESTABLISHED 11752
TCP 172.17.100.60:55816 4.213.25.242:443 ESTABLISHED 1296
TCP 172.17.100.60:55833 172.17.100.60:1433 TIME_WAIT 0
TCP 172.17.100.60:55840 52.168.117.168:443 TIME_WAIT 0
TCP [::]:80 [::]:0 LISTENING 4
TCP [::]:135 [::]:0 LISTENING 1136
TCP [::]:443 [::]:0 LISTENING 4
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:1433 [::]:0 LISTENING 5116
TCP [::]:2179 [::]:0 LISTENING 3716
TCP [::]:2383 [::]:0 LISTENING 5480
TCP [::]:3389 [::]:0 LISTENING 1288
TCP [::]:5800 [::]:0 LISTENING 4444
TCP [::]:5900 [::]:0 LISTENING 4444
TCP [::]:5985 [::]:0 LISTENING 4
TCP [::]:47001 [::]:0 LISTENING 4
TCP [::]:49664 [::]:0 LISTENING 244
TCP [::]:49665 [::]:0 LISTENING 1360
TCP [::]:49666 [::]:0 LISTENING 1296
TCP [::]:49667 [::]:0 LISTENING 2488
TCP [::]:49669 [::]:0 LISTENING 924
TCP [::]:49692 [::]:0 LISTENING 960
TCP [::1]:1434 [::]:0 LISTENING 5116
TCP [::1]:1550 [::]:0 LISTENING 7360
TCP [::1]:1551 [::]:0 LISTENING 7360
TCP [::1]:9089 [::]:0 LISTENING 3212
TCP [::1]:30523 [::]:0 LISTENING 7360
TCP [::1]:49756 [::]:0 LISTENING 7360
UDP 0.0.0.0:500 *:* 1296
UDP 0.0.0.0:1434 *:* 3028
UDP 0.0.0.0:3389 *:* 1288
UDP 0.0.0.0:3544 *:* 1296
UDP 0.0.0.0:4500 *:* 1296
UDP 0.0.0.0:5050 *:* 1540
UDP 0.0.0.0:5353 *:* 1760
UDP 0.0.0.0:5355 *:* 1760
UDP 0.0.0.0:15000 *:* 7360
UDP 0.0.0.0:57946 *:* 10920
UDP 127.0.0.1:1900 *:* 13364
UDP 127.0.0.1:57678 *:* 1296
UDP 127.0.0.1:63667 *:* 13364
UDP 172.17.100.60:137 *:* 4
UDP 172.17.100.60:138 *:* 4
UDP 172.17.100.60:1900 *:* 13364
UDP 172.17.100.60:52521 *:* 1296
UDP 172.17.100.60:63666 *:* 13364
UDP [::]:500 *:* 1296
UDP [::]:1434 *:* 3028
UDP [::]:3389 *:* 1288
UDP [::]:4500 *:* 1296
UDP [::]:5353 *:* 1760
UDP [::]:5355 *:* 1760
UDP [::]:15000 *:* 7360
UDP [::1]:1900 *:* 13364
UDP [::1]:63665 *:* 13364
UDP [fe80::1c11:4296:7923:6a60%11]:1900 *:* 13364
UDP [fe80::1c11:4296:7923:6a60%11]:63664 *:* 13364
64582 - Netstat Connection Information
-
Synopsis
Nessus was able to parse the results of the 'netstat' command on the remote host.
Description
The remote host has listening ports or established connections that Nessus was able to extract from the results of the 'netstat' command.

Note: The output for this plugin can be very long, and is not shown by default. To display it, enable verbose reporting in scan settings.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/02/13, Modified: 2023/05/23
Plugin Output

tcp/0

tcp4 (listen)
src: [host=0.0.0.0, port=80]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=135]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=443]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=445]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=1433]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=2179]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=2383]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=3389]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=5800]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=5900]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=5985]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=47001]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49664]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49665]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49666]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49667]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49669]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49692]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49834]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=127.0.0.1, port=1434]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=127.0.0.1, port=1550]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=127.0.0.1, port=1551]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=127.0.0.1, port=9089]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=127.0.0.1, port=30523]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=127.0.0.1, port=42424]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=127.0.0.1, port=49673]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=127.0.0.1, port=49752]
dst: [host=127.0.0.1, port=49753]

tcp4 (established)
src: [host=127.0.0.1, port=49753]
dst: [host=127.0.0.1, port=49752]

tcp4 (listen)
src: [host=127.0.0.1, port=49756]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=172.17.100.60, port=135]
dst: [host=172.17.100.38, port=63394]

tcp4 (listen)
src: [host=172.17.100.60, port=139]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=172.17.100.60, port=443]
dst: [host=114.119.138.130, port=31307]

tcp4 (established)
src: [host=172.17.100.60, port=445]
dst: [host=172.17.100.38, port=63393]

tcp4 (established)
src: [host=172.17.100.60, port=445]
dst: [host=192.168.10.234, port=3285]

tcp4 (established)
src: [host=172.17.100.60, port=445]
dst: [host=192.168.150.60, port=57211]

tcp4 (established)
src: [host=172.17.100.60, port=445]
dst: [host=192.168.150.67, port=65479]

tcp4 (established)
src: [host=172.17.100.60, port=445]
dst: [host=192.168.150.102, port=57506]

tcp4 (established)
src: [host=172.17.100.60, port=445]
dst: [host=192.168.150.102, port=57507]

tcp4 (established)
src: [host=172.17.100.60, port=445]
dst: [host=192.168.150.102, port=57508]

tcp4 (established)
src: [host=172.17.100.60, port=445]
dst: [host=192.168.150.102, port=59640]

tcp4 (established)
src: [host=172.17.100.60, port=445]
dst: [host=192.168.150.118, port=54449]

tcp4 (established)
src: [host=172.17.100.60, port=445]
dst: [host=192.168.150.152, port=53427]

tcp4 (established)
src: [host=172.17.100.60, port=445]
dst: [host=192.168.150.154, port=63843]

tcp4 (established)
src: [host=172.17.100.60, port=445]
dst: [host=192.168.150.157, port=52967]

tcp4 (established)
src: [host=172.17.100.60, port=445]
dst: [host=192.168.150.238, port=49429]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=49954]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=49955]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=49956]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=49957]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=49958]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=49959]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=49960]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=49961]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=49962]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=49963]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=49964]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=49965]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=49966]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=49967]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=49968]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=49969]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=49970]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=49971]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=49972]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=49973]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=54033]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=54034]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=54035]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=54036]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=54037]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=54038]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=54039]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=54040]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=54041]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=54042]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=54043]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=54044]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=54045]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=54046]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=54047]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=54048]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=54049]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=54050]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=54051]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.60, port=54052]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=51394]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=51395]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=51396]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=51397]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=51398]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=51399]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=51400]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=51401]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=51402]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=51403]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=51404]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=51405]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=51406]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=51407]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=51408]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=51409]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=51410]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=51411]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=51412]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=51413]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60835]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60836]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60837]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60838]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60839]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60840]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60841]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60842]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60843]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60844]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60845]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60846]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60847]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60848]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60849]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60850]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60851]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60852]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60853]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60854]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60896]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60897]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60898]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60899]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60900]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60901]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60902]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60903]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60904]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60905]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60906]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60907]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60908]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60909]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60910]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60911]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60912]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60913]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60914]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=60915]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=63522]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=63523]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=63524]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=63525]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=63526]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=63527]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=63528]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=63529]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=63530]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=63531]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=63532]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=63533]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=63534]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=63535]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=63536]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=63537]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=63538]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=63539]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=63540]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=63541]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=64074]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=64075]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=64076]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=64077]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=64078]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=64079]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=64080]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=64081]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=64082]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=64083]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=64084]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=64085]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=64086]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=64087]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=64088]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=64089]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=64090]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=64091]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=64092]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=172.17.100.112, port=64094]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=192.168.150.57, port=64355]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=192.168.150.60, port=57892]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=192.168.150.60, port=57895]

tcp4 (established)
src: [host=172.17.100.60, port=1433]
dst: [host=192.168.150.154, port=57415]

tcp4 (established)
src: [host=172.17.100.60, port=49666]
dst: [host=172.17.100.38, port=63395]

tcp4 (established)
src: [host=172.17.100.60, port=49735]
dst: [host=172.17.100.120, port=445]

tcp4 (established)
src: [host=172.17.100.60, port=49738]
dst: [host=172.17.100.183, port=445]

tcp4 (established)
src: [host=172.17.100.60, port=49739]
dst: [host=172.17.100.184, port=445]

tcp4 (established)
src: [host=172.17.100.60, port=49740]
dst: [host=172.17.100.186, port=445]

tcp4 (established)
src: [host=172.17.100.60, port=49741]
dst: [host=192.168.10.172, port=445]

tcp4 (established)
src: [host=172.17.100.60, port=49742]
dst: [host=192.168.10.80, port=445]

tcp4 (established)
src: [host=172.17.100.60, port=49743]
dst: [host=192.168.10.176, port=445]

tcp4 (established)
src: [host=172.17.100.60, port=49954]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=49955]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=49956]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=49957]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=49958]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=49959]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=49960]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=49961]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=49962]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=49963]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=49964]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=49965]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=49966]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=49967]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=49968]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=49969]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=49970]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=49971]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=49972]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=49973]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=54033]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=54034]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=54035]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=54036]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=54037]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=54038]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=54039]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=54040]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=54041]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=54042]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=54043]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=54044]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=54045]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=54046]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=54047]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=54048]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=54049]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=54050]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=54051]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=54052]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=55150]
dst: [host=4.213.25.242, port=443]

tcp4 (established)
src: [host=172.17.100.60, port=55816]
dst: [host=4.213.25.242, port=443]

tcp4 (established)
src: [host=172.17.100.60, port=55833]
dst: [host=172.17.100.60, port=1433]

tcp4 (established)
src: [host=172.17.100.60, port=55840]
dst: [host=52.168.117.168, port=443]

tcp6 (listen)
src: [host=[::], port=80]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=135]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=443]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=445]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=1433]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=2179]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=2383]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=3389]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=5800]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=5900]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=5985]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=47001]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49664]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49665]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49666]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49667]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49669]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49692]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::1], port=1434]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::1], port=1550]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::1], port=1551]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::1], port=9089]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::1], port=30523]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::1], port=49756]
dst: [host=[::], port=0]

udp4 (listen)
src: [host=0.0.0.0, port=500]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=1434]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=3389]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=3544]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=4500]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=5050]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=5353]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=5355]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=15000]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=57946]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=1900]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=57678]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=63667]
dst: [host=*, port=*]

udp4 (listen)
src: [host=172.17.100.60, port=137]
dst: [host=*, port=*]

udp4 (listen)
src: [host=172.17.100.60, port=138]
dst: [host=*, port=*]

udp4 (listen)
src: [host=172.17.100.60, port=1900]
dst: [host=*, port=*]

udp4 (listen)
src: [host=172.17.100.60, port=52521]
dst: [host=*, port=*]

udp4 (listen)
src: [host=172.17.100.60, port=63666]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=500]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=1434]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=3389]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=4500]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=5353]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=5355]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=15000]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::1], port=1900]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::1], port=63665]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[fe80::1c11:4296:7923:6a60%11], port=1900]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[fe80::1c11:4296:7923:6a60%11], port=63664]
dst: [host=*, port=*]
174736 - Netstat Ingress Connections
-
Synopsis
External connections are enumerated via the 'netstat' command.
Description
This plugin runs 'netstat' to enumerate any non-private connections to the scan target.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/04/25, Modified: 2025/12/15
Plugin Output

tcp/0

Netstat output indicated the following connections from non-private IP addresses:

114.119.138.130 connected to port 443 on the scan target.

NOTE: This list may be truncated depending on the scan verbosity settings.
34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/0


Nessus was able to find 35 open ports.

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/80/www

Port 80/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/135/epmap

Port 135/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

udp/137/netbios-ns

Port 137/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

udp/138

Port 138/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/139/smb

Port 139/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/443/www

Port 443/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/445/cifs

Port 445/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

udp/500

Port 500/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/1433/mssql

Port 1433/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

udp/1434

Port 1434/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

udp/1900

Port 1900/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/2179

Port 2179/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/2383

Port 2383/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/3389/msrdp

Port 3389/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

udp/3389

Port 3389/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

udp/3544

Port 3544/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

udp/4500

Port 4500/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

udp/5050

Port 5050/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

udp/5353

Port 5353/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

udp/5355/llmnr

Port 5355/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/5800/www

Port 5800/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/5900/vnc

Port 5900/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/5985/www

Port 5985/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

udp/15000

Port 15000/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/47001/www

Port 47001/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/49664/dce-rpc

Port 49664/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/49665/dce-rpc

Port 49665/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/49666/dce-rpc

Port 49666/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/49667/dce-rpc

Port 49667/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/49669/dce-rpc

Port 49669/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/49692/dce-rpc

Port 49692/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/49834/www

Port 49834/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

udp/52521

Port 52521/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

udp/57946

Port 57946/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

udp/63666

Port 63666/udp was found to be open

24272 - Network Interfaces Enumeration (WMI)
-
Synopsis
Nessus was able to obtain the list of network interfaces on the remote host.
Description
Nessus was able, via WMI queries, to extract a list of network interfaces on the remote host and the IP addresses attached to them.
Note that this plugin only enumerates IPv6 addresses for systems running Windows Vista or later.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/02/03, Modified: 2025/12/15
Plugin Output

tcp/0

+ Network Interface Information :

- Network Interface = [00000016] Intel(R) 82574L Gigabit Network Connection
- MAC Address = 00:50:56:BC:47:5E
- IPAddress/IPSubnet = 172.17.100.60/255.255.255.0
- IPAddress/IPSubnet = fe80::1c11:4296:7923:6a60/64


+ Routing Information :

Destination Netmask Gateway
----------- ------- -------
0.0.0.0 0.0.0.0 172.17.100.10
127.0.0.0 255.0.0.0 0.0.0.0
127.0.0.1 255.255.255.255 0.0.0.0
127.255.255.255 255.255.255.255 0.0.0.0
172.17.100.0 255.255.255.0 0.0.0.0
172.17.100.60 255.255.255.255 0.0.0.0
172.17.100.255 255.255.255.255 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0

42823 - Non-compliant Strict Transport Security (STS)
-
Synopsis
The remote web server implements Strict Transport Security incorrectly.
Description
The remote web server implements Strict Transport Security. However, it does not respect all the requirements of the STS draft standard.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/11/16, Modified: 2014/09/19
Plugin Output

tcp/80/www


The Strict-Transport-Security header must not be sent over an
unencrypted channel.

181646 - Notepad++ Installed (Windows)
-
Synopsis
Notepad++ is installed on the remote Windows host.
Description
Notepad++ is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/09/20, Modified: 2025/12/15
Plugin Output

tcp/0


Path : C:\Program Files (x86)\Notepad++
Version : 8.3.3.0
209654 - OS Fingerprints Detected
-
Synopsis
Multiple OS fingerprints were detected.
Description
Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc), it was possible to gather one or more fingerprints from the remote system. While the highest-confidence result was reported in plugin 11936, “OS Identification”, the complete set of fingerprints detected are reported here.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/02/26, Modified: 2025/03/03
Plugin Output

tcp/0


Following OS Fingerprints were found

Remote operating system : Microsoft Windows Server 2012 R2
Confidence level : 56
Method : MLSinFP
Type : unknown
Fingerprint : unknown

Remote operating system : Microsoft Windows Server 2016 Datacenter 14393
Confidence level : 80
Method : Misc
Type : general-purpose
Fingerprint : unknown

Remote operating system : Microsoft Windows Server 2016 Datacenter Build 14393
Confidence level : 100
Method : SMB_OS
Type : general-purpose
Fingerprint : unknown

Remote operating system : Microsoft Windows Server 2016 Datacenter Build 14393
Confidence level : 70
Method : HTTP
Type : general-purpose
Fingerprint : HTTP:Server: Microsoft-HTTPAPI/2.0


Remote operating system : Microsoft Windows Server 2016 Datacenter Build 14393
Confidence level : 70
Method : SinFP
Type : general-purpose
Fingerprint : SinFP:
P1:B11113:F0x12:W8192:O0204ffff:M1460:
P2:B11113:F0x12:W8192:O0204ffff010303080402080affffffff44454144:M1460:
P3:B00000:F0x00:W0:O0:M0
P4:191601_7_p=49667

Remote operating system : Microsoft Windows Server 2016 Datacenter Build 14393
Confidence level : 70
Method : smb
Type : general-purpose
Fingerprint : unknown

Following fingerprints could not be used to determine OS :
SSLcert:!:i/CN:GlobalSign RSA OV SSL CA 2018i/O:GlobalSign nv-sas/CN:www.lkp.net.ins/O:LKP SECURITIES LIMITED
b9755cef63e7724d0084789836fada3ca7ea16c4
i/CN:MUMPORTAL001s/CN:MUMPORTAL001
9031c269156d4e4f4824d7fc61c544b70841cb88
i/CN:SSL_Self_Signed_Fallbacks/CN:SSL_Self_Signed_Fallback
19d0e1ca768fb25ddc4aca640bb742a4161c7069
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2025/06/03
Plugin Output

tcp/0


Remote operating system : Microsoft Windows Server 2016 Datacenter Build 14393
Confidence level : 100
Method : SMB_OS


The remote host is running Microsoft Windows Server 2016 Datacenter Build 14393

117887 - OS Security Patch Assessment Available
-
Synopsis
Nessus was able to log in to the remote host using the provided credentials and enumerate OS security patch levels.
Description
Nessus was able to determine OS security patch levels by logging into the remote host and running commands to determine the version of the operating system and its components. The remote host was identified as an operating system or device that Nessus supports for patch and update assessment. The necessary information was obtained to perform these checks.
Solution
n/a
Risk Factor
None
References
XREF IAVB:0001-B-0516
Plugin Information
Published: 2018/10/02, Modified: 2021/07/12
Plugin Output

tcp/445/cifs

OS Security Patch Assessment is available.

Account : 172.17.100.60\tidua
Protocol : SMB

92426 - OpenSaveMRU History
-
Synopsis
Nessus was able to enumerate opened and saved files on the remote host.
Description
Nessus was able to generate a report on files that were opened using the shell dialog box or saved using the shell dialog box. This is the box that appears when you attempt to save a document or open a document in Windows Explorer.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output

tcp/0

Open / Save report attached.

71644 - Oracle Database Patch Info (credentialed check)
-
Synopsis
It was possible to gather Oracle Database patch information with the supplied credentials.
Description
It was possible to gather Oracle Database patch information with the supplied credentials.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0684
Plugin Information
Published: 2013/12/27, Modified: 2025/12/18
Plugin Output

tcp/445/cifs


Path : c:\oracle\product\10.2.0\db_1
Version : 10.2.0.4.0


No patches have been applied to the Oracle homes on the remote host.
71643 - Oracle Installed Software Enumeration (Windows)
-
Synopsis
It was possible to enumerate installed Oracle software on the remote Windows host.
Description
It was possible to enumerate installed Oracle software on the remote Windows host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/12/27, Modified: 2025/12/18
Plugin Output

tcp/445/cifs


Nessus found the following Oracle products on the remote host :

Oracle home : OraDb10g_home1
Installed top-level products
- Assistant Common Files 10.2.0.4.0
- Database Configuration and Upgrade Assistants 10.2.0.4.0
- Oracle UIX 2.1.22.0.0
- Oracle Database User Interface 2.2.13.0.0
- Oracle Display Fonts 9.0.2.0.0
- Oracle Extended Windowing Toolkit 3.4.38.0.0
- Oracle Help For Java 4.2.6.1.0
- Oracle Ice Browser 5.2.3.6.0
- Oracle JFC Extended Windowing Toolkit 4.2.33.0.0
- Oracle Code Editor 1.2.1.0.0I
- Oracle Help for the Web 1.1.10.0.0
- regexp 2.1.9.0.0
- Bali Share 1.1.18.0.0
- Buildtools Common Files 10.2.0.4.0
- Platform Required Support Files 10.2.0.4.0
- Character Set Migration Utility 10.2.0.4.0
- Oracle Text 10.2.0.4.0
- JDBC Common Files 10.2.0.4.0
- Oracle JDBC/OCI Instant Client 10.2.0.4.0
- Oracle JDBC/THIN Interfaces 10.2.0.4.0
- Oracle JDBC Thin Driver for JDK 1.4 10.2.0.4.0
- DBJAVA Required Support Files 10.2.0.4.0
- Enterprise Manager plugin Common Files 10.2.0.4.0
- Agent Required Support Files 10.2.0.4.0
- HAS Common Files 10.2.0.4.0
- HAS Files for DB 10.2.0.4.0
- Oracle RAC Required Support Files-HAS 10.2.0.4.0
- Sun JDK extensions 10.1.2.0.0
- Oracle Java Client 10.2.0.4.0
- Oracle Containers for Java 10.2.0.4.0
- Oracle JVM 10.2.0.4.0
- Sun JDK 1.5.0.11.0
- Oracle LDAP administration 10.2.0.4.0
- Oracle Internet Directory Client 10.2.0.4.0
- LDAP Required Support Files 10.2.0.4.0
- Oracle Message Gateway Common Files 10.2.0.4.0
- Oracle Advanced Security 10.2.0.4.0
- Oracle Net 10.2.0.4.0
- Oracle Net Listener 10.2.0.4.0
- Oracle Wallet Manager 10.2.0.4.0
- Oracle Net Required Support Files 10.2.0.4.0
- SSL Required Support Files for InstantClient 10.2.0.4.0
- Secure Socket Layer 10.2.0.4.0
- Oracle Globalization Support 10.2.0.4.0
- Oracle Locale Builder 10.2.0.4.0
- Oracle COM Automation Feature 10.2.0.4.0
- Oracle Provider for OLE DB 10.2.0.4.0
- Oracle Data Provider for .NET 2.0 10.2.0.4.0
- Oracle Data Provider for .NET Documentation 10.2.0.4.0
- Oracle Administration Assistant for Windows 10.2.0.4.0
- Oracle Remote Configuration Agent 10.2.0.4.0
- Oracle ODBC Driver 10.2.0.4.0
- Oracle ODBC Driverfor Instant Client 10.2.0.4.0
- Enterprise Manager Minimal Integration 10.2.0.4.0
- Oracle Notification Service 10.1.0.3.0
- Oracle Core Required Support Files 10.2.0.4.0
- Oracle OLAP 10.2.0.4.0
- Oracle OLAP API 10.2.0.4.0
- OLAP SQL Scripts 10.2.0.4.0
- Oracle interMedia Annotator 10.2.0.4.0
- Oracle interMedia Client Option 10.2.0.4.0
- Oracle interMedia Java Advanced Imaging 10.2.0.4.0
- Oracle Database 10g interMedia Files 10.2.0.4.0
- Oracle interMedia 10.2.0.4.0
- Database Workspace Manager 10.2.0.4.0
- Perl Interpreter 5.8.3.0.4
- Precompiler Common Files 10.2.0.4.0
- Precompiler Required Support Files 10.2.0.4.0
- Oracle Clusterware RDBMS Files 10.2.0.4.0
- Database SQL Scripts 10.2.0.4.0
- Oracle Data Mining RDBMS Files 10.2.0.4.0
- Generic Connectivity Common Files 10.2.0.4.0
- Oracle Starter Database 10.2.0.4.0
- Sample Schema Data 10.2.0.4.0
- Oracle interMedia Locator RDBMS Files 10.2.0.4.0
- Oracle OLAP RDBMS Files 10.2.0.4.0
- Oracle Partitioning 10.2.0.4.0
- PL/SQL 10.2.0.4.0
- Oracle Real Application Testing 10.2.0.4.0
- Oracle Recovery Manager 10.2.0.4.0
- RDBMS Required Support Files 10.2.0.4.0
- RDBMS Required Support Files for Instant Client 10.2.0.4.0
- Oracle Database Utilities 10.2.0.4.0
- Required Support Files 10.2.0.4.0
- Oracle Spatial 10.2.0.4.0
- Oracle interMedia Locator 10.2.0.4.0
- Oracle Database 10g 10.2.0.4.0
- Parser Generator Required Support Files 10.2.0.4.0
- SQLJ Runtime 10.2.0.4.0
- SQL*Plus 10.2.0.4.0
- Java Runtime Environment 1.5.0.11.0
- Installer SDK Component 10.2.0.4.0
- Enterprise Manager Agent Core 10.2.0.4.0a
- Enterprise Manager Agent DB 10.2.0.4.0
- Enterprise Manager Baseline 10.2.0.4.0
- Enterprise Manager Common Files 10.2.0.4.0a
- Enterprise Manager plugin Common Files 10.2.0.4.0
- Enterprise Manager Repository Core 10.2.0.4.0a
- Enterprise Manager Repository DB 10.2.0.3.0
- PL/SQL Embedded Gateway 10.2.0.4.0
- XML Parser for Java 10.2.0.4.0
- XDK Required Support Files 10.2.0.4.0
- XML Parser for Oracle JVM 10.2.0.4.0

Installed products
- Oracle JDBC Thin Driver for JDK 1.2 10.2.0.4.0
- Oracle Net Services 10.2.0.4.0
- Enterprise Edition Options 10.2.0.4.0
- Oracle Programmer 10.2.0.4.0
- Oracle Database 10g 10.2.0.4.0
- Installation Common Files 10.2.0.4.0
- Oracle Call Interface (OCI) 10.2.0.4.0
- iSQL*Plus 10.2.0.4.0
- Oracle One-Off Patch Installer 10.2.0.4.2
- Oracle Universal Installer 10.2.0.4.0
- Oracle Configuration Manager 10.2.7.1.0
- Oracle Enterprise Manager Console DB 10.2.0.4.0
- Oracle Windows Interfaces 10.2.0.4.0
- Oracle XML Development Kit 10.2.0.4.0
71462 - Oracle Java JRE Premier Support and Extended Support Version Detection
-
Synopsis
The remote host contains one or more versions of the Oracle Java JRE that require long-term support.
Description
According to its version, there is at least one install of Oracle (formerly Sun) Java JRE that is potentially under either Premier Support or Extended Support.

Note that both support programs require vendor contracts. Premier Support provides upgrades and security fixes for five years after the general availability (GA) date. Extended Support provides upgrades and security fixes for three years after Premier Support ends.
See Also
Solution
To continue receiving updates and security fixes, contact the vendor regarding Premier Support or Extended Support contracts.
Risk Factor
None
Plugin Information
Published: 2013/12/16, Modified: 2022/04/11
Plugin Output

tcp/445/cifs


The following Java JRE installs are in Premier Support status :

Path : C:\Program Files\Java\jdk-17
Version : 17.0.12
Support dates : 2026-09-01 (end of Premier Support) / 2029-09-01 (end of Extended Support)

33545 - Oracle Java Runtime Environment (JRE) Detection
-
Synopsis
There is a Java runtime environment installed on the remote Windows host.
Description
One or more instances of Oracle's (formerly Sun's) Java Runtime Environment (JRE) is installed on the remote host. This may include private JREs bundled with the Java Development Kit (JDK).

- Additional instances of Java may be discovered if thorough tests are enabled.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0690
Plugin Information
Published: 2008/07/18, Modified: 2022/10/10
Plugin Output

tcp/0


Path : C:\Program Files\Java\jdk-17\
Version : 17.0.12
Binary Location : C:\Program Files\Java\jdk-17\bin\java.exe

124175 - Oracle MySQL Connectors Installed (Windows)
-
Synopsis
One or more connectors for Oracle MySQL are installed on the remote Windows host.
Description
Oracle MySQL connectors, drivers for connecting to MySQL databases, are installed on the remote Windows host.
Note: Thorough tests may be required for an in-depth search of all connectors.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0801
Plugin Information
Published: 2019/04/19, Modified: 2025/12/15
Plugin Output

tcp/445/cifs


Nessus detected 2 installs of MySQL Connector:

Path : C:\Program Files\MySQL\Connector ODBC 5.3\
Version : 5.3.14
Product : MySQL Connector/ODBC

Path : C:\Program Files\MySQL\Connector ODBC 5.1\
Version : 5.1.13
Product : MySQL Connector/ODBC

178011 - Oracle OPatch Installed
-
Synopsis
A patch management software is installed on the remote host.
Description
Oracle OPatch, a patch management software, is installed on the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/07/06, Modified: 2025/12/18
Plugin Output

tcp/0


Path : c:\oracle\product\10.2.0\db_1
Version : 10.2.0.4.2
Oracle home : OraDb10g_home1
Product : Oracle OPatch
66334 - Patch Report
-
Synopsis
The remote host is missing several patches.
Description
The remote host is missing one or more security patches. This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date.

Note: Because the 'Show missing patches that have been superseded' setting in your scan policy depends on this plugin, it will always run and cannot be disabled.
Solution
Install the patches listed below.
Risk Factor
None
Plugin Information
Published: 2013/07/08, Modified: 2025/12/15
Plugin Output

tcp/0



. You need to take the following 68 actions :

+ Install the following Microsoft patches :
- KB4011610 (MS18-01) (3 vulnerabilities)The following KBs would be covered:
[4041083; 4049016], [4049016, 4041083]
- KB5071543 (59 vulnerabilities)The following KBs would be covered:
KB5063871, KB5065427, KB5066836, KB5055521, KB5052006,
KB5058383, KB5061010, KB5048671, KB5049993, KB5068864,
KB5062560, KB5053594, KB5041773, KB5043051, KB5044293,
KB5036899, KB5034767, KB5037763, KB5039214, KB5033373,
KB5034119, KB5046612, KB5040434, KB5035855, KB5029242,
KB5030213, KB5031362, KB5025228, KB5022838, KB5026363,
KB5027219, KB5021235, KB5022289, KB5032197, KB5028169,
KB5023697, KB5016622, KB5017305, KB5018411, KB5012596,
KB5010359, KB5013952, KB5014702, KB5008207, KB5009546,
KB5019964, KB5015808, KB5011495, KB5005043, KB5005573,
KB5006669, KB5001347, KB4601318, KB5003197, KB5003638,
KB5004948, KB5008601, KB5005393, KB5000803
- KB4504739 (18 vulnerabilities)The following KBs would be covered:
KB4493140, KB4493214, KB4484375, KB4484532, KB4486700,
KB4484192, KB4486737, KB4484266, KB4484236, KB4462224,
KB4475569, KB4462177, KB4461570, KB4484160, KB4022199,
KB2553371, KB2899590, KB4032218
- KB4504738 (1 vulnerabilities)The following KBs would be covered:
KB4504703
- KB4504707 (11 vulnerabilities)The following KBs would be covered:
KB4493222, KB4493148, KB4493186, KB4484461, KB4486665,
KB4484285, KB4484384, KB4486743, KB4484415, KB4484267,
KB4486707
- KB4504702 (9 vulnerabilities)The following KBs would be covered:
KB4484372, KB4484235, KB4461613, KB4461521, KB4018310,
KB4092482, KB3128027, KB3118378, KB3115467
- KB4493218 (11 vulnerabilities)The following KBs would be covered:
KB4486740, KB4493145, KB4484494, KB4486660, KB4486703,
KB4475601, KB4484295, KB4484380, KB4484240, KB4475533,
KB4461619
- KB4493185 (19 vulnerabilities)The following KBs would be covered:
KB4486742, KB4484497, KB4484284, KB4475573, KB4486663,
KB4484382, KB4484163, KB4461623, KB4461576, KB4475509,
KB4032222, KB4227170, KB4011711, KB4011196, KB4011273,
KB4461529, KB4022205, KB2956078, KB4011089
- KB4484455 (2 vulnerabilities)The following KBs would be covered:
KB3203462, KB3115120
- KB4484243 (43 vulnerabilities)The following KBs would be covered:
KB3128037, KB4484196, KB4464572, KB4475574, KB4484130,
KB4462230, KB4461577, KB4484164, KB4462186, KB4227175,
KB4461466, KB4018362, KB4011660, KB4011197, KB4461530,
KB4011675, KB4011061, KB3191847, KB3178690, KB4032223,
KB4022146, KB4022209, KB3191907, KB3118390, KB3118316,
KB3115322, KB3115130, KB3114888, KB3114759, KB3114564,
KB3114415, KB3101543, KB3085609, KB3085526, KB3055044,
KB3054981, KB3054845, KB2956142, KB2956081, KB2910902,
KB2826033, KB2760597, KB2597126
- KB4461625 (11 vulnerabilities)The following KBs would be covered:
KB4461526, KB4022202, KB4092439, KB4018359, KB4011659,
KB4022141, KB4011614, KB4011674, KB3203464, KB3213630,
KB4011270
- KB4346087
- KB4091664
- KB4032216 (5 vulnerabilities)The following KBs would be covered:
KB4011186, KB3114395, KB3141537, KB2817478, KB2553147
- KB3213636 (1 vulnerabilities)The following KBs would be covered:
KB3118389
- KB3213626 (2 vulnerabilities)The following KBs would be covered:
KB3203461, KB3118310
- KB3203467 (3 vulnerabilities)The following KBs would be covered:
KB3118388, KB3118313, KB3115474
- KB3191908 (1 vulnerabilities)The following KBs would be covered:
KB2589382
- KB3191843
- KB3178687 (8 vulnerabilities)The following KBs would be covered:
KB3128034, KB3127953, KB3118312, KB3115471, KB3115317,
KB3115243, KB3115123, KB3114553
- KB3115248 (1 vulnerabilities)The following KBs would be covered:
KB3054984
- KB3115246 (2 vulnerabilities)The following KBs would be covered:
KB3114883, KB2794707
- KB3115197 (8 vulnerabilities)The following KBs would be covered:
KB3101520, KB3114878, KB3114755, KB3114557, KB3101532,
KB3055039, KB3054973, KB3054842
- KB3114885 (1 vulnerabilities)The following KBs would be covered:
KB3054978
- KB3114565 (1 vulnerabilities)The following KBs would be covered:
KB3085528
- KB3114400 (1 vulnerabilities)The following KBs would be covered:
KB3085560
- KB3054965
- KB3054834 (2 vulnerabilities)The following KBs would be covered:
KB2883100, KB2553091
- KB3017810
- KB2965313 (1 vulnerabilities)The following KBs would be covered:
KB3085514
- KB2920812 (1 vulnerabilities)The following KBs would be covered:
KB2553185
- KB2889841 (1 vulnerabilities)The following KBs would be covered:
KB2881071
- KB2881029 (2 vulnerabilities)The following KBs would be covered:
KB2810073, KB2597986
- KB2837599
- KB2645410
- KB2589361
- KB2579115 (1 vulnerabilities)The following KBs would be covered:
KB971117
- KB2553491
- KB2553338
- KB2553332
- KB2553313
- KB2553154
- KB2494096

[ Apache Log4j 1.2 JMSAppender Remote Code Execution (CVE-2021-4104) (156103) ]

+ Action to take : Upgrade to Apache Log4j version 2.16.0 or later since 1.x is end of life.

Upgrading to the latest versions for Apache Log4j is highly recommended as intermediate versions / patches have known high severity vulnerabilities and the vendor is updating their advisories often as new research and knowledge about the impact of Log4j is discovered. Refer to https://logging.apache.org/log4j/2.x/security.html for the latest versions.


[ MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893) (55129) ]

+ Action to take : Microsoft has released a set of patches for InfoPath 2007 and 2010, SQL Server 2005, 2008, and 2008 R2, SQL Server Management Studio Express 2005, Visual Studio 2005, 2008, and 2010.


[ MS11-067: Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230) (55797) ]

+ Action to take : Microsoft has released a set of patches for Microsoft Visual Studio 2005 SP1 and the Microsoft Report Viewer 2005 SP1 Redistributable Package.


[ MS12-021: Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019) (58333) ]

+ Action to take : Microsoft has released a set of patches for Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1.


[ MS13-094: Vulnerability in Microsoft Outlook Could Allow Information Disclosure (2894514) (70852) ]

+ Action to take : Microsoft has released a set of patches for Office 2007, 2010, 2013 and 2013 RT.

+ Impact : Taking this action will resolve the following 2 different vulnerabilities :
CVE-2013-3905, CVE-2013-3870


[ MS17-013: Security Update for Microsoft Graphics Component (4013075) (97794) ]

+ Action to take : Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.
Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2010 Attendee, Lync 2013, Lync Basic 2013, Live Meeting 2007 Console, and Silverlight 5.

+ Impact : Taking this action will resolve the following 12 different vulnerabilities :
CVE-2017-0108, CVE-2017-0073, CVE-2017-0063, CVE-2017-0062, CVE-2017-0061
CVE-2017-0060, CVE-2017-0047, CVE-2017-0038, CVE-2017-0025, CVE-2017-0014
CVE-2017-0005, CVE-2017-0001


[ Microsoft ASP.NET Core Security Feature Bypass (October 2025) (270707) ]

+ Action to take : Update .NET Core to version 8.0.21, 9.0.10, 10.0.0-rc.2.25502.107 or later.

+ Impact : Taking this action will resolve the following 15 different vulnerabilities :
CVE-2025-55315, CVE-2024-21386, CVE-2023-44487, CVE-2023-36558, CVE-2022-41089
CVE-2022-38013, CVE-2021-43877, CVE-2021-34532, CVE-2021-34485, CVE-2021-26423
CVE-2021-1723, CVE-2021-1721, CVE-2020-1597, CVE-2020-1161, CVE-2020-1045



[ Microsoft Azure Data Studio < 1.48.0 Elevation of Privilege Vulnerability (CVE-2024-26203) (192147) ]

+ Action to take : Upgrade to Microsoft Azure Data Studio version 1.48.0 or later.


[ Notepad++ < 8.8.2 Privilege Escalation (CVE-2025-49144) (240630) ]

+ Action to take : Upgrade to Notepad++ 8.8.2 or later.

+ Impact : Taking this action will resolve the following 6 different vulnerabilities :
CVE-2025-49144, CVE-2023-40166, CVE-2023-40164, CVE-2023-40036, CVE-2023-40031
CVE-2022-32168


[ Oracle Database Multiple Vulnerabilities (April 2012 CPU) (58798) ]

+ Action to take : Apply the appropriate patch according to the April 2012 Oracle Critical Patch Update advisory.

+ Impact : Taking this action will resolve the following 174 different vulnerabilities :
CVE-2012-1708, CVE-2012-0552, CVE-2012-0534, CVE-2012-0528, CVE-2012-0527
CVE-2012-0526, CVE-2012-0525, CVE-2012-0520, CVE-2012-0519, CVE-2012-0512
CVE-2012-0511, CVE-2012-0510, CVE-2011-3525, CVE-2011-3512, CVE-2011-3511
CVE-2011-2322, CVE-2011-2301, CVE-2011-2257, CVE-2011-2253, CVE-2011-2248
CVE-2011-2244, CVE-2011-2243, CVE-2011-2242, CVE-2011-2240, CVE-2011-2239
CVE-2011-2238, CVE-2011-2232, CVE-2011-2231, CVE-2011-2230, CVE-2011-0882
CVE-2011-0881, CVE-2011-0880, CVE-2011-0879, CVE-2011-0877, CVE-2011-0876
CVE-2011-0875, CVE-2011-0870, CVE-2011-0852, CVE-2011-0848, CVE-2011-0838
CVE-2011-0835, CVE-2011-0832, CVE-2011-0831, CVE-2011-0830, CVE-2011-0822
CVE-2011-0816, CVE-2011-0811, CVE-2011-0806, CVE-2011-0805, CVE-2011-0804
CVE-2011-0799, CVE-2011-0793, CVE-2011-0792, CVE-2011-0787, CVE-2011-0785
CVE-2010-4423, CVE-2010-4421, CVE-2010-4420, CVE-2010-4413, CVE-2010-3600
CVE-2010-3590, CVE-2010-2419, CVE-2010-2415, CVE-2010-2412, CVE-2010-2411
CVE-2010-2407, CVE-2010-2391, CVE-2010-2390, CVE-2010-2389, CVE-2010-1321
CVE-2010-0911, CVE-2010-0903, CVE-2010-0902, CVE-2010-0901, CVE-2010-0900
CVE-2010-0892, CVE-2010-0867, CVE-2010-0866, CVE-2010-0860, CVE-2010-0854
CVE-2010-0852, CVE-2010-0851, CVE-2010-0072, CVE-2010-0071, CVE-2009-3555
CVE-2009-3415, CVE-2009-3414, CVE-2009-3413, CVE-2009-3412, CVE-2009-3411
CVE-2009-3410, CVE-2009-2001, CVE-2009-2000, CVE-2009-1997, CVE-2009-1996
CVE-2009-1995, CVE-2009-1994, CVE-2009-1993, CVE-2009-1992, CVE-2009-1991
CVE-2009-1985, CVE-2009-1979, CVE-2009-1973, CVE-2009-1972, CVE-2009-1971
CVE-2009-1970, CVE-2009-1969, CVE-2009-1968, CVE-2009-1967, CVE-2009-1966
CVE-2009-1965, CVE-2009-1964, CVE-2009-1963, CVE-2009-1021, CVE-2009-1020
CVE-2009-1019, CVE-2009-1018, CVE-2009-1015, CVE-2009-1007, CVE-2009-0997
CVE-2009-0992, CVE-2009-0991, CVE-2009-0988, CVE-2009-0987, CVE-2009-0986
CVE-2009-0985, CVE-2009-0984, CVE-2009-0981, CVE-2009-0980, CVE-2009-0979
CVE-2009-0978, CVE-2009-0977, CVE-2009-0976, CVE-2009-0975, CVE-2009-0973
CVE-2009-0972, CVE-2008-5439, CVE-2008-5437, CVE-2008-5436, CVE-2008-4015
CVE-2008-4005, CVE-2008-3999, CVE-2008-3997, CVE-2008-3996, CVE-2008-3995
CVE-2008-3994, CVE-2008-3992, CVE-2008-3991, CVE-2008-3990, CVE-2008-3989
CVE-2008-3984, CVE-2008-3983, CVE-2008-3982, CVE-2008-3980, CVE-2008-3979
CVE-2008-3978, CVE-2008-3976, CVE-2008-3974, CVE-2008-3973, CVE-2008-2625
CVE-2008-2624, CVE-2008-2613, CVE-2008-2611, CVE-2008-2608, CVE-2008-2607
CVE-2008-2605, CVE-2008-2604, CVE-2008-2603, CVE-2008-2602, CVE-2008-2600
CVE-2008-2592, CVE-2008-2591, CVE-2008-2590, CVE-2008-2587


[ Oracle Java SE Multiple Vulnerabilities (October 2025 CPU) (271249) ]

+ Action to take : Apply the appropriate patch according to the October 2025 Oracle Critical Patch Update advisory.

+ Impact : Taking this action will resolve the following 74 different vulnerabilities :
CVE-2025-6558, CVE-2025-61748, CVE-2025-53066, CVE-2025-53057, CVE-2025-50106
CVE-2025-50063, CVE-2025-50059, CVE-2025-43265, CVE-2025-43240, CVE-2025-43228
CVE-2025-43227, CVE-2025-43216, CVE-2025-43212, CVE-2025-43211, CVE-2025-32415
CVE-2025-32414, CVE-2025-31278, CVE-2025-31273, CVE-2025-31257, CVE-2025-30761
CVE-2025-30754, CVE-2025-30752, CVE-2025-30749, CVE-2025-30698, CVE-2025-30691
CVE-2025-27113, CVE-2025-24928, CVE-2025-24855, CVE-2025-24189, CVE-2025-24162
CVE-2025-24158, CVE-2025-24150, CVE-2025-24143, CVE-2025-23085, CVE-2025-23084
CVE-2025-23083, CVE-2025-21587, CVE-2025-21502, CVE-2025-0509, CVE-2024-56171
CVE-2024-55549, CVE-2024-54543, CVE-2024-54534, CVE-2024-54508, CVE-2024-54505
CVE-2024-54502, CVE-2024-54479, CVE-2024-47778, CVE-2024-47777, CVE-2024-47776
CVE-2024-47775, CVE-2024-47606, CVE-2024-47597, CVE-2024-47596, CVE-2024-47546
CVE-2024-47545, CVE-2024-47544, CVE-2024-44309, CVE-2024-44308, CVE-2024-44296
CVE-2024-44244, CVE-2024-44187, CVE-2024-44185, CVE-2024-40896, CVE-2024-40866
CVE-2024-36138, CVE-2024-27856, CVE-2024-25062, CVE-2024-22020, CVE-2024-21235
CVE-2024-21217, CVE-2024-21211, CVE-2024-21210, CVE-2024-21208


[ Oracle MySQL Connectors (October 2024 CPU) (209245) ]

+ Action to take : Apply the appropriate patch according to the October 2024 Oracle Critical Patch Update advisory.

+ Impact : Taking this action will resolve the following 5 different vulnerabilities :
CVE-2024-6119, CVE-2024-5535, CVE-2024-21272, CVE-2024-21262, CVE-2023-45853



[ RARLAB WinRAR < 7.13 Directory Traversal (CVE-2025-8088) (248462) ]

+ Action to take : Upgrade to RARLAB WinRAR version 7.13 or later.

+ Impact : Taking this action will resolve the following 7 different vulnerabilities :
CVE-2025-8088, CVE-2025-6218, CVE-2025-31334, CVE-2024-36052, CVE-2024-30370
CVE-2023-40477, CVE-2023-38831


[ Security Update for Microsoft .NET Core (October 2025) (270711) ]

+ Action to take : Update .NET Core, remove vulnerable packages and refer to vendor advisory.

+ Impact : Taking this action will resolve the following 51 different vulnerabilities :
CVE-2025-55248, CVE-2025-30399, CVE-2025-26682, CVE-2025-26646, CVE-2025-24070
CVE-2025-21176, CVE-2025-21173, CVE-2025-21172, CVE-2024-43485, CVE-2024-43484
CVE-2024-43483, CVE-2024-38229, CVE-2024-38168, CVE-2024-38167, CVE-2024-30045
CVE-2024-21409, CVE-2024-21404, CVE-2024-21392, CVE-2024-20672, CVE-2024-0057
CVE-2023-44487, CVE-2023-38171, CVE-2023-36796, CVE-2023-36794, CVE-2023-36793
CVE-2023-36792, CVE-2023-36558, CVE-2023-36435, CVE-2022-41089, CVE-2022-41032
CVE-2022-38013, CVE-2022-34716, CVE-2022-30184, CVE-2022-29145, CVE-2022-29117
CVE-2022-24512, CVE-2022-24464, CVE-2022-23267, CVE-2021-26701, CVE-2021-26423
CVE-2021-1723, CVE-2021-1721, CVE-2020-8927, CVE-2020-1147, CVE-2020-1108
CVE-2019-0982, CVE-2019-0981, CVE-2019-0980, CVE-2019-0820, CVE-2019-0757
CVE-2019-0657


[ Security Updates for Microsoft Excel Products (April 2021) (148470) ]

+ Action to take : Microsoft has released the following security updates to address this issue:
-KB3017810
-KB4504721
-KB4504735 For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.

+ Impact : Taking this action will resolve the following 96 different vulnerabilities :
CVE-2021-28456, CVE-2021-28454, CVE-2021-28451, CVE-2021-28449, CVE-2021-27057
CVE-2021-27054, CVE-2021-27053, CVE-2021-24070, CVE-2021-24069, CVE-2021-24068
CVE-2021-24067, CVE-2020-17130, CVE-2020-17129, CVE-2020-17128, CVE-2020-17127
CVE-2020-17126, CVE-2020-17125, CVE-2020-17123, CVE-2020-17067, CVE-2020-17066
CVE-2020-17065, CVE-2020-17064, CVE-2020-16932, CVE-2020-16931, CVE-2020-16929
CVE-2020-1594, CVE-2020-1504, CVE-2020-1498, CVE-2020-1497, CVE-2020-1496
CVE-2020-1495, CVE-2020-1494, CVE-2020-1335, CVE-2020-1332, CVE-2020-1226
CVE-2020-1225, CVE-2020-1224, CVE-2020-0979, CVE-2020-0906, CVE-2020-0901
CVE-2020-0760, CVE-2020-0759, CVE-2020-0651, CVE-2020-0650, CVE-2019-1464
CVE-2019-1448, CVE-2019-1446, CVE-2019-1331, CVE-2019-1327, CVE-2019-1297
CVE-2019-1263, CVE-2019-1111, CVE-2019-1110, CVE-2019-0828, CVE-2019-0669
CVE-2018-8636, CVE-2018-8627, CVE-2018-8598, CVE-2018-8597, CVE-2018-8577
CVE-2018-8574, CVE-2018-8502, CVE-2018-8429, CVE-2018-8382, CVE-2018-8379
CVE-2018-8375, CVE-2018-8246, CVE-2018-8163, CVE-2018-8162, CVE-2018-8148
CVE-2018-8147, CVE-2018-1029, CVE-2018-1027, CVE-2018-1011, CVE-2018-0920
CVE-2018-0907, CVE-2018-0796, CVE-2017-8632, CVE-2017-8631, CVE-2017-11884
CVE-2017-11878, CVE-2017-11877, CVE-2015-2545, CVE-2015-2523, CVE-2015-2522
CVE-2015-2521, CVE-2015-2520, CVE-2015-1683, CVE-2015-1682, CVE-2014-6361
CVE-2014-6360, CVE-2013-3890, CVE-2013-3889, CVE-2013-3159, CVE-2013-3158
CVE-2013-1315


[ Security Updates for Microsoft Office Products (April 2021) (148474) ]

+ Action to take : Microsoft has released the following security updates to address this issue:
-KB2553491
-KB2589361
-KB3178639
-KB3178643
-KB4504738
-KB4504722
-KB4504726
-KB4504724
-KB4504739
-KB4504727

+ Impact : Taking this action will resolve the following 322 different vulnerabilities :
CVE-2021-28454, CVE-2021-28453, CVE-2021-28449, CVE-2021-27059, CVE-2021-27057
CVE-2021-27054, CVE-2021-24108, CVE-2021-1716, CVE-2021-1715, CVE-2021-1714
CVE-2021-1713, CVE-2021-1711, CVE-2020-17128, CVE-2020-17122, CVE-2020-17064
CVE-2020-17062, CVE-2020-16957, CVE-2020-16954, CVE-2020-16930, CVE-2020-16929
CVE-2020-1594, CVE-2020-1583, CVE-2020-1581, CVE-2020-1563, CVE-2020-1503
CVE-2020-1497, CVE-2020-1496, CVE-2020-1495, CVE-2020-1494, CVE-2020-1338
CVE-2020-1335, CVE-2020-1332, CVE-2020-1224, CVE-2020-1218, CVE-2020-1193
CVE-2020-0991, CVE-2020-0980, CVE-2020-0979, CVE-2020-0961, CVE-2020-0906
CVE-2020-0760, CVE-2020-0652, CVE-2019-1464, CVE-2019-1463, CVE-2019-1462
CVE-2019-1461, CVE-2019-1449, CVE-2019-1448, CVE-2019-1446, CVE-2019-1402
CVE-2019-1400, CVE-2019-1331, CVE-2019-1327, CVE-2019-1112, CVE-2019-1111
CVE-2019-1109, CVE-2019-1084, CVE-2019-0675, CVE-2019-0674, CVE-2019-0673
CVE-2019-0672, CVE-2019-0671, CVE-2019-0669, CVE-2019-0585, CVE-2019-0582
CVE-2019-0561, CVE-2019-0560, CVE-2019-0559, CVE-2019-0541, CVE-2019-0540
CVE-2019-0538, CVE-2018-8627, CVE-2018-8597, CVE-2018-8577, CVE-2018-8573
CVE-2018-8539, CVE-2018-8378, CVE-2018-8248, CVE-2018-8246, CVE-2018-8173
CVE-2018-8161, CVE-2018-8160, CVE-2018-8158, CVE-2018-8157, CVE-2018-8150
CVE-2018-8148, CVE-2018-8147, CVE-2018-0862, CVE-2018-0849, CVE-2018-0848
CVE-2018-0845, CVE-2018-0812, CVE-2018-0807, CVE-2018-0806, CVE-2018-0805
CVE-2018-0804, CVE-2018-0802, CVE-2018-0801, CVE-2018-0798, CVE-2018-0797
CVE-2018-0795, CVE-2018-0794, CVE-2018-0793, CVE-2017-8744, CVE-2017-8742
CVE-2017-8696, CVE-2017-8695, CVE-2017-8682, CVE-2017-8676, CVE-2017-8663
CVE-2017-8630, CVE-2017-8572, CVE-2017-8571, CVE-2017-8570, CVE-2017-8550
CVE-2017-8534, CVE-2017-8533, CVE-2017-8532, CVE-2017-8531, CVE-2017-8528
CVE-2017-8527, CVE-2017-8513, CVE-2017-8512, CVE-2017-8511, CVE-2017-8510
CVE-2017-8509, CVE-2017-8508, CVE-2017-8507, CVE-2017-8506, CVE-2017-8502
CVE-2017-8501, CVE-2017-11939, CVE-2017-11935, CVE-2017-11934, CVE-2017-11882
CVE-2017-11854, CVE-2017-11826, CVE-2017-11825, CVE-2017-0292, CVE-2017-0289
CVE-2017-0288, CVE-2017-0287, CVE-2017-0286, CVE-2017-0285, CVE-2017-0284
CVE-2017-0283, CVE-2017-0282, CVE-2017-0281, CVE-2017-0262, CVE-2017-0261
CVE-2017-0260, CVE-2017-0255, CVE-2017-0254, CVE-2017-0243, CVE-2017-0207
CVE-2017-0204, CVE-2017-0199, CVE-2017-0197, CVE-2017-0195, CVE-2017-0194
CVE-2017-0107, CVE-2017-0106, CVE-2017-0105, CVE-2017-0053, CVE-2017-0052
CVE-2017-0031, CVE-2017-0030, CVE-2017-0029, CVE-2017-0027, CVE-2017-0020
CVE-2017-0019, CVE-2017-0006, CVE-2016-7298, CVE-2016-7291, CVE-2016-7290
CVE-2016-7289, CVE-2016-7277, CVE-2016-7276, CVE-2016-7275, CVE-2016-7268
CVE-2016-7267, CVE-2016-7266, CVE-2016-7265, CVE-2016-7264, CVE-2016-7263
CVE-2016-7262, CVE-2016-7245, CVE-2016-7244, CVE-2016-7236, CVE-2016-7235
CVE-2016-7234, CVE-2016-7233, CVE-2016-7232, CVE-2016-7231, CVE-2016-7230
CVE-2016-7229, CVE-2016-7228, CVE-2016-7213, CVE-2016-7193, CVE-2016-3381
CVE-2016-3366, CVE-2016-3365, CVE-2016-3364, CVE-2016-3363, CVE-2016-3362
CVE-2016-3361, CVE-2016-3360, CVE-2016-3359, CVE-2016-3358, CVE-2016-3357
CVE-2016-3318, CVE-2016-3317, CVE-2016-3316, CVE-2016-3315, CVE-2016-3313
CVE-2016-3284, CVE-2016-3283, CVE-2016-3282, CVE-2016-3281, CVE-2016-3280
CVE-2016-3279, CVE-2016-3278, CVE-2016-3235, CVE-2016-3234, CVE-2016-3233
CVE-2016-0198, CVE-2016-0183, CVE-2016-0141, CVE-2016-0140, CVE-2016-0139
CVE-2016-0137, CVE-2016-0136, CVE-2016-0134, CVE-2016-0127, CVE-2016-0126
CVE-2016-0122, CVE-2016-0057, CVE-2016-0056, CVE-2016-0055, CVE-2016-0054
CVE-2016-0053, CVE-2016-0052, CVE-2016-0039, CVE-2016-0035, CVE-2016-0025
CVE-2016-0022, CVE-2016-0021, CVE-2016-0012, CVE-2016-0011, CVE-2016-0010
CVE-2015-6177, CVE-2015-6172, CVE-2015-6124, CVE-2015-6122, CVE-2015-6118
CVE-2015-6117, CVE-2015-6094, CVE-2015-6093, CVE-2015-6092, CVE-2015-6091
CVE-2015-6040, CVE-2015-6039, CVE-2015-6038, CVE-2015-6037, CVE-2015-2558
CVE-2015-2557, CVE-2015-2556, CVE-2015-2555, CVE-2015-2503, CVE-2015-2477
CVE-2015-2470, CVE-2015-2469, CVE-2015-2468, CVE-2015-2467, CVE-2015-2466
CVE-2015-2424, CVE-2015-2423, CVE-2015-2415, CVE-2015-2380, CVE-2015-2379
CVE-2015-2378, CVE-2015-2377, CVE-2015-2376, CVE-2015-2375, CVE-2015-1651
CVE-2015-1650, CVE-2015-1649, CVE-2015-1642, CVE-2015-1641, CVE-2015-1636
CVE-2015-1633, CVE-2015-0097, CVE-2015-0086, CVE-2015-0085, CVE-2015-0065
CVE-2015-0064, CVE-2015-0063, CVE-2014-6364, CVE-2014-6362, CVE-2014-6357
CVE-2014-6356, CVE-2014-4117, CVE-2014-1809, CVE-2014-1761, CVE-2014-1758
CVE-2014-1757, CVE-2014-0260, CVE-2014-0259, CVE-2014-0258, CVE-2013-3858
CVE-2013-3857, CVE-2013-3856, CVE-2013-3855, CVE-2013-3854, CVE-2013-3853
CVE-2013-3852, CVE-2013-3851, CVE-2013-3850, CVE-2013-3849, CVE-2013-3848
CVE-2013-3847, CVE-2013-3160


[ Security Updates for Microsoft PowerPoint Products (March 2021) (147216) ]

+ Action to take : Microsoft has released the following security updates to address this issue:
-KB4493227
-KB4504702
-KB4493224

+ Impact : Taking this action will resolve the following 9 different vulnerabilities :
CVE-2021-27056, CVE-2020-17124, CVE-2020-0760, CVE-2019-1462, CVE-2018-8628
CVE-2018-8501, CVE-2018-8376, CVE-2017-8743, CVE-2017-8742


[ Security Updates for Microsoft Publisher Products (April 2020) (135462) ]

+ Action to take : Microsoft has released the following security updates to address this issue:
-KB3162033
-KB4011097
-KB4032216

+ Impact : Taking this action will resolve the following 3 different vulnerabilities :
CVE-2020-0760, CVE-2018-8245, CVE-2017-8725


[ Security Updates for Microsoft SQL Server (November 2025) (275459) ]

+ Action to take : Microsoft has released security updates for Microsoft SQL Server.

+ Impact : Taking this action will resolve the following 109 different vulnerabilities :
CVE-2025-59499, CVE-2025-55227, CVE-2025-53727, CVE-2025-49719, CVE-2025-49718
CVE-2025-49717, CVE-2025-47997, CVE-2024-49043, CVE-2024-49021, CVE-2024-49018
CVE-2024-49017, CVE-2024-49016, CVE-2024-49015, CVE-2024-49014, CVE-2024-49013
CVE-2024-49012, CVE-2024-49011, CVE-2024-49010, CVE-2024-49009, CVE-2024-49008
CVE-2024-49007, CVE-2024-49006, CVE-2024-49005, CVE-2024-49004, CVE-2024-49003
CVE-2024-49002, CVE-2024-49001, CVE-2024-49000, CVE-2024-48999, CVE-2024-48998
CVE-2024-48997, CVE-2024-48996, CVE-2024-48995, CVE-2024-48994, CVE-2024-48993
CVE-2024-43462, CVE-2024-43459, CVE-2024-38255, CVE-2024-38088, CVE-2024-38087
CVE-2024-37980, CVE-2024-37966, CVE-2024-37965, CVE-2024-37342, CVE-2024-37341
CVE-2024-37340, CVE-2024-37339, CVE-2024-37338, CVE-2024-37337, CVE-2024-37336
CVE-2024-37335, CVE-2024-37334, CVE-2024-37333, CVE-2024-37332, CVE-2024-37331
CVE-2024-37330, CVE-2024-37329, CVE-2024-37328, CVE-2024-37327, CVE-2024-37326
CVE-2024-37324, CVE-2024-37323, CVE-2024-37322, CVE-2024-37321, CVE-2024-37320
CVE-2024-37319, CVE-2024-37318, CVE-2024-35272, CVE-2024-35271, CVE-2024-35256
CVE-2024-29043, CVE-2024-28943, CVE-2024-28941, CVE-2024-28938, CVE-2024-28937
CVE-2024-28936, CVE-2024-28935, CVE-2024-28934, CVE-2024-28933, CVE-2024-28932
CVE-2024-28931, CVE-2024-28930, CVE-2024-28929, CVE-2024-28928, CVE-2024-26191
CVE-2024-26186, CVE-2024-21907, CVE-2024-21449, CVE-2024-21428, CVE-2024-21425
CVE-2024-21415, CVE-2024-21414, CVE-2024-21398, CVE-2024-21373, CVE-2024-21335
CVE-2024-21333, CVE-2024-21332, CVE-2024-21331, CVE-2024-21317, CVE-2024-21308
CVE-2024-21303, CVE-2024-20701, CVE-2023-23384, CVE-2023-21718, CVE-2023-21713
CVE-2023-21705, CVE-2023-21704, CVE-2023-21568, CVE-2023-21528


[ Security Updates for Microsoft SQL Server OLE DB Driver (July 2024) (205300) ]

+ Action to take : Microsoft has released security updates for the Microsoft SQL OLE DB Driver.

+ Impact : Taking this action will resolve the following 26 different vulnerabilities :
CVE-2024-37334, CVE-2024-29985, CVE-2024-29984, CVE-2024-29983, CVE-2024-29982
CVE-2024-29048, CVE-2024-29047, CVE-2024-29046, CVE-2024-29045, CVE-2024-29044
CVE-2024-28945, CVE-2024-28944, CVE-2024-28942, CVE-2024-28940, CVE-2024-28939
CVE-2024-28927, CVE-2024-28926, CVE-2024-28915, CVE-2024-28914, CVE-2024-28913
CVE-2024-28912, CVE-2024-28911, CVE-2024-28910, CVE-2024-28909, CVE-2024-28908
CVE-2024-28906


[ Security Updates for Microsoft Word Products (April 2021) (148478) ]

+ Action to take : Microsoft has released the following security updates to address this issue:
-KB4493208
-KB4493218
-KB4493198 For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.

+ Impact : Taking this action will resolve the following 41 different vulnerabilities :
CVE-2021-28453, CVE-2021-1716, CVE-2021-1715, CVE-2020-17020, CVE-2020-16933
CVE-2020-1583, CVE-2020-1503, CVE-2020-1502, CVE-2020-1448, CVE-2020-1447
CVE-2020-1446, CVE-2020-1445, CVE-2020-1342, CVE-2020-1229, CVE-2020-1218
CVE-2020-0980, CVE-2020-0892, CVE-2020-0850, CVE-2020-0760, CVE-2019-1461
CVE-2019-1201, CVE-2019-1034, CVE-2019-0585, CVE-2019-0561, CVE-2018-8573
CVE-2018-8504, CVE-2018-8310, CVE-2018-8161, CVE-2018-0950, CVE-2018-0922
CVE-2018-0919, CVE-2018-0862, CVE-2018-0849, CVE-2018-0848, CVE-2018-0845
CVE-2018-0798, CVE-2018-0797, CVE-2018-0794, CVE-2018-0793, CVE-2018-0792
CVE-2017-11854


[ Security Updates for Outlook (April 2021) (148464) ]

+ Action to take : Microsoft has released the following security updates to address this issue:
-KB4504712
-KB4504733
-KB4493185

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.

+ Impact : Taking this action will resolve the following 26 different vulnerabilities :
CVE-2021-28452, CVE-2020-17119, CVE-2020-16949, CVE-2020-16947, CVE-2020-1493
CVE-2020-1483, CVE-2020-1349, CVE-2020-0760, CVE-2020-0696, CVE-2019-1204
CVE-2019-1200, CVE-2019-1084, CVE-2019-0559, CVE-2018-8587, CVE-2018-8582
CVE-2018-8579, CVE-2018-8576, CVE-2018-8558, CVE-2018-8524, CVE-2018-8522
CVE-2018-8244, CVE-2018-0852, CVE-2018-0850, CVE-2018-0791, CVE-2017-11776
CVE-2017-11774


[ Security Updates for Windows Malicious Software Removal Tool (January 2023) (169783) ]

+ Action to take : Microsoft has released version 5.109 to address this issue.


[ VMware Tools 11.x < 12.5.4 / 13.x < 13.0.5 Multiple Vulnerabilities (VMSA-2025-0015) (266420) ]

+ Action to take : Upgrade to VMware Tools version 12.5.4, 13.0.5 or later.

+ Impact : Taking this action will resolve the following 5 different vulnerabilities :
CVE-2025-41246, CVE-2025-41244, CVE-2025-41239, CVE-2025-22247, CVE-2025-22230



[ Visual Studio Tools for Applications Elevation of Privilege (CVE-2025-29803) (276819) ]

+ Action to take : Upgrade to VSTA 16.0.35907.0, 17.0.35906.0 or later.

206777 - Postman Installed (Windows)
-
Synopsis
Postman is installed on the remote Windows host.
Description
Postman is installed on the remote Windows host.

Note. To detect the software, customers need to use an account that is used to install the software, or one that has the administrative privileges on the target.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2024/09/09, Modified: 2025/12/15
Plugin Output

tcp/0


Path : C:\Users\Administrator\AppData\Local\Postman
Version : 10.24.26

122422 - RARLAB WinRAR Installed (Windows)
-
Synopsis
An archive manager is installed on the remote Windows host.
Description
RARLAB WinRaR, an archive manager, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0706
Plugin Information
Published: 2019/02/26, Modified: 2025/12/15
Plugin Output

tcp/445/cifs


Path : C:\Program Files\WinRAR\WinRAR.exe
Version : 6.0.0.0

92428 - Recent File History
-
Synopsis
Nessus was able to enumerate recently opened files on the remote host.
Description
Nessus was able to gather evidence of files opened by file type from the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output

tcp/0

C:\\Users\SSISTELEMETRY150\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms

Recent files found in registry and appdata attached.
92429 - Recycle Bin Files
-
Synopsis
Nessus was able to enumerate files in the recycle bin on the remote host.
Description
Nessus was able to generate a list of all files found in $Recycle.Bin subdirectories.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output

tcp/0

C:\\$Recycle.Bin\\.
C:\\$Recycle.Bin\\..
C:\\$Recycle.Bin\\S-1-5-18
C:\\$Recycle.Bin\\S-1-5-21-3087833412-113499397-355877213-1000
C:\\$Recycle.Bin\\S-1-5-21-3087833412-113499397-355877213-1020
C:\\$Recycle.Bin\\S-1-5-21-3087833412-113499397-355877213-1023
C:\\$Recycle.Bin\\S-1-5-21-3087833412-113499397-355877213-1025
C:\\$Recycle.Bin\\S-1-5-21-3087833412-113499397-355877213-500
C:\\$Recycle.Bin\\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
C:\\$Recycle.Bin\\S-1-5-18\.
C:\\$Recycle.Bin\\S-1-5-18\..
C:\\$Recycle.Bin\\S-1-5-18\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-3087833412-113499397-355877213-1000\.
C:\\$Recycle.Bin\\S-1-5-21-3087833412-113499397-355877213-1000\..
C:\\$Recycle.Bin\\S-1-5-21-3087833412-113499397-355877213-1000\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-3087833412-113499397-355877213-1020\.
C:\\$Recycle.Bin\\S-1-5-21-3087833412-113499397-355877213-1020\..
C:\\$Recycle.Bin\\S-1-5-21-3087833412-113499397-355877213-1020\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-3087833412-113499397-355877213-1023\.
C:\\$Recycle.Bin\\S-1-5-21-3087833412-113499397-355877213-1023\..
C:\\$Recycle.Bin\\S-1-5-21-3087833412-113499397-355877213-1023\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-3087833412-113499397-355877213-1025\.
C:\\$Recycle.Bin\\S-1-5-21-3087833412-113499397-355877213-1025\..
C:\\$Recycle.Bin\\S-1-5-21-3087833412-113499397-355877213-1025\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-3087833412-113499397-355877213-500\.
C:\\$Recycle.Bin\\S-1-5-21-3087833412-113499397-355877213-500\..
C:\\$Recycle.Bin\\S-1-5-21-3087833412-113499397-355877213-500\desktop.ini
C:\\$Recycle.Bin\\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\.
C:\\$Recycle.Bin\\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\..
C:\\$Recycle.Bin\\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\desktop.ini
92430 - Registry Editor Last Accessed
-
Synopsis
Nessus was able to find the last key accessed by the Registry Editor when it was closed on the remote host.
Description
Nessus was able to find evidence of the last key that was opened when the Registry Editor was closed for each user.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output

tcp/0

Production
- Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

10940 - Remote Desktop Protocol Service Detection
-
Synopsis
The remote host has an remote desktop protocol service enabled.
Description
The Remote Desktop Protocol allows a user to remotely obtain a graphical login (and therefore act as a local user on the remote host).

If an attacker gains a valid login and password, this service could be used to gain further access on the remote host. An attacker may also use this service to mount a dictionary attack against the remote host to try to log in remotely.

Note that RDP (the Remote Desktop Protocol) is vulnerable to Man-in-the-middle attacks, making it easy for attackers to steal the credentials of legitimate users by impersonating the Windows server.
Solution
Disable the service if you do not use it, and do not allow this service to run across the Internet.
Risk Factor
None
Plugin Information
Published: 2002/04/20, Modified: 2023/08/21
Plugin Output

tcp/3389/msrdp

277650 - Remote Services Not Using Post-Quantum Ciphers
-
Synopsis
Reports remote services that do not offer post-quantum ciphers.
Description
This plugin reports network services that do not offer post-quantum ciphers. Tenable makes no attempt to determine whether the remote service would be vulnerable to a post-quantum attack.

However, cryptography that depends on the classic difficulty of solving the discrete logarithm problem or on the classic difficulty of large prime factorization is broken by Shor's algorithm. Examples of this are RSA asymmetric encryption and Diffie-Hellman key exchange.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/12/08, Modified: 2025/12/08
Plugin Output

tcp/443/www

The target TLS server offers no post-quantum ciphers.

277650 - Remote Services Not Using Post-Quantum Ciphers
-
Synopsis
Reports remote services that do not offer post-quantum ciphers.
Description
This plugin reports network services that do not offer post-quantum ciphers. Tenable makes no attempt to determine whether the remote service would be vulnerable to a post-quantum attack.

However, cryptography that depends on the classic difficulty of solving the discrete logarithm problem or on the classic difficulty of large prime factorization is broken by Shor's algorithm. Examples of this are RSA asymmetric encryption and Diffie-Hellman key exchange.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/12/08, Modified: 2025/12/08
Plugin Output

tcp/1433/mssql

The target TLS server offers no post-quantum ciphers.

277650 - Remote Services Not Using Post-Quantum Ciphers
-
Synopsis
Reports remote services that do not offer post-quantum ciphers.
Description
This plugin reports network services that do not offer post-quantum ciphers. Tenable makes no attempt to determine whether the remote service would be vulnerable to a post-quantum attack.

However, cryptography that depends on the classic difficulty of solving the discrete logarithm problem or on the classic difficulty of large prime factorization is broken by Shor's algorithm. Examples of this are RSA asymmetric encryption and Diffie-Hellman key exchange.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/12/08, Modified: 2025/12/08
Plugin Output

tcp/3389/msrdp

The target TLS server offers no post-quantum ciphers.

62042 - SMB QuickFixEngineering (QFE) Enumeration
-
Synopsis
The remote host has quick-fix engineering updates installed.
Description
By connecting to the host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via the registry.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2012/09/11, Modified: 2022/02/01
Plugin Output

tcp/0


Here is a list of quick-fix engineering updates installed on the
remote system :

KB4048953, Installed on: 2018/02/03
KB4049065, Installed on: 2018/02/03
KB4054590, Installed on: 2020/12/07
KB4502496, Installed on: 2021/02/27
KB4535680, Installed on: 2021/02/27
KB4535684, Installed on: 2021/02/27
KB4535685, Installed on: 2021/02/27
KB4576750, Installed on: 2021/02/27
KB4601318
KB5001078, Installed on: 2021/02/27
KB5048671
KB5050109
KB5054006
KB5055661
KB5058524
KB5060954
42897 - SMB Registry : Start the Registry Service during the scan (WMI)
-
Synopsis
The registry service was enabled for the duration of the scan.
Description
To perform a full credentialed scan, Nessus needs the ability to connect to the remote registry service (RemoteRegistry). If the service is down, this plugin will attempt to start for the duration of the scan.

For this plugin to work, you need to select the option 'Start the Remote Registry service during the scan' on the credentials page when you add your Windows credentials.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/11/25, Modified: 2025/12/15
Plugin Output

tcp/0


The registry service was successfully started for the duration of the scan.
42898 - SMB Registry : Stop the Registry Service after the scan (WMI)
-
Synopsis
The registry service was stopped after the scan.
Description
To perform a full credentialed scan, Nessus needs the ability to connect to the remote registry service (RemoteRegistry). If the service is down and if Nessus automatically enabled the registry for the duration of the scan, this plugins will stop it afterwards.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/11/25, Modified: 2025/12/15
Plugin Output

tcp/0


The registry service was successfully stopped after the scan.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2025/06/16
Plugin Output

tcp/443/www


This port supports TLSv1.2.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2025/06/16
Plugin Output

tcp/1433/mssql


This port supports TLSv1.2.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2025/06/16
Plugin Output

tcp/3389/msrdp


This port supports TLSv1.2.

45410 - SSL Certificate 'commonName' Mismatch
-
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Risk Factor
None
Plugin Information
Published: 2010/04/03, Modified: 2021/03/09
Plugin Output

tcp/443/www


The host name known by Nessus is :

mumportal001

The Common Name in the certificate is :

www.lkp.net.in

The Subject Alternate Names in the certificate are :

admin.pennypal.in
aims.lkp.net.in
allocation.lkp.net.in
api.lkp.net.in
api.lkpconnect.net.in
backoffice.lkp.net.in
backoffice.lkpifsc.com
bo.lkp.net.in
closure.lkponline.com
dashboard.pennypal.in
demo.pennypal.in
devtrade.lkp.net.in
devtradekyc.lkp.net.in
druat.pennypal.in
ekyc.lkp.net.in
ekyc.lkponline.com
ekyc.pennypal.in
ekycuat.lkp.net.in
getsetgrow.lkponline.com
hrms.lkp.net.in
ia.lkp.net.in
ipo.lkp.net.in
lkp.net.in
lkpconnect.net.in
lkpifsc.com
lkpsec.com
lms.lkp.net.in
middleware.lkp.net.in
middlewareapi.lkp.net.in
notification.lkponline.com
notification.pennypal.in
pay.lkp.net.in
pennypal.in
ra.lkp.net.in
referral.pennypal.in
rekyc.lkponline.com
rekyc.pennypal.in
spip.lkp.net.in
spip.lkponline.com
trading.lkponline.com
trading.pennypal.in
trilogy.lkp.net.in
uat.lkp.net.in
uat.lkpsec.com
uat.pennypal.in
uatbackoffice.lkp.net.in
uatekyc.lkponline.com
uatgetsetgrow.lkponline.com
uatspip.lkponline.com
uattrading.lkponline.com
uatweb.pennypal.in
wealth.lkp.net.in
welcome.lkp.net.in
www.lkp.net.in
www.lkpfinance.com
www.lkpsec.com

45410 - SSL Certificate 'commonName' Mismatch
-
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Risk Factor
None
Plugin Information
Published: 2010/04/03, Modified: 2021/03/09
Plugin Output

tcp/1433/mssql


The host name known by Nessus is :

mumportal001

The Common Name in the certificate is :

ssl_self_signed_fallback

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/443/www

Subject Name:

Country: IN
State/Province: Maharashtra
Locality: Mumbai
Organization: LKP SECURITIES LIMITED
Common Name: www.lkp.net.in

Issuer Name:

Country: BE
Organization: GlobalSign nv-sa
Common Name: GlobalSign RSA OV SSL CA 2018

Serial Number: 2C FA C5 1E 45 DD B3 52 F6 C1 9A 8E

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Dec 03 06:52:01 2025 GMT
Not Valid After: May 23 10:26:12 2026 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 A4 F7 91 FA FE A7 BF 52 69 FD B1 BA 47 1C BC A2 02 98 D2
EA 94 50 C4 08 2B 35 E2 A7 F2 23 1F 54 85 EA 9C 08 E4 E0 D4
90 B2 86 0B 09 8E 37 1A E3 1D 6A D2 6A 35 7F EF 02 90 77 EE
DC 8F 4A DB DD 0B E5 BE 45 F8 94 48 7F 64 FC 80 A1 29 A6 64
49 A6 ED 79 6C 50 A8 E3 95 B2 1E DE B2 9B 8B AA DC D2 EC C5
F7 D7 C0 67 B5 10 59 C6 5D CA 69 02 14 6B 27 4B 14 18 73 4D
3E D5 9B 2A A5 3F CF 97 3D B2 01 99 4E DC F5 51 D5 EA 23 94
D5 63 B5 99 C5 D5 85 52 DD A9 83 F8 F5 BC 62 89 97 3C 2E F6
21 7B 54 98 6C EC 30 D5 82 A3 0C 33 1D 1B 13 A1 84 A5 6D 4A
3D 93 DB AF F8 0C 4E 77 88 9E 33 99 01 04 E5 29 E5 F3 DE BD
49 55 33 F0 6F 8E B6 F6 16 C6 61 27 65 E4 D3 CF 4E CE D4 27
F3 14 A6 27 FF F3 4B 7B 20 0A 96 B2 1C E8 44 ED 89 6C 07 9E
61 51 60 25 03 37 26 55 34 36 A8 75 E7 39 19 CB ED
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 4A 3C 10 7C 4F 79 08 E0 51 8E 53 3B 51 98 23 8E A9 D9 5B
4B 54 3A CE DE 1C 68 BD 1A 6C B4 CE 26 EE 4F A0 1A B4 85 23
BE CB B1 F8 C8 BC 7E C5 33 32 D9 EE 16 DC 8E AF 99 A4 77 F7
6A CF 89 1C 75 74 D5 4E 3E 1E 67 48 BA 5C 3C 33 A6 F0 50 7F
D3 ED 57 87 1B F7 65 ED 56 BF 6F F6 49 53 E4 1D 96 8E 1F 6D
81 7A 18 B5 EB 4E BC D7 05 FD 71 90 DD F2 38 A2 A8 B7 33 37
CE CF A2 CD 8B 0F 5B 01 0D 8B B2 E8 98 83 86 68 E6 B6 01 E4
67 93 7A 0E 03 44 FC 2A C2 9C 06 5A 57 58 D4 0E 4B 6A 67 FF
71 8D 1A 12 49 AF DC 82 E9 A8 0E 48 36 BE 60 1C C3 39 10 90
50 2C 3B 6D 86 F4 D0 3B 81 C3 4B D8 55 9D 6B D7 A1 AB 37 AD
FF B4 39 10 1E C7 79 E4 11 24 BE 45 09 27 E8 AB 38 59 C3 12
87 C2 31 87 76 2A 92 2A 42 BE 97 A2 72 13 CC 34 4A 85 7C 98
25 F5 00 F0 E8 F6 39 08 46 ED 9C 9C 38 83 2A 88 F1

Extension: Key Usage(2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: Basic Constraints(2.5.29.19)
Critical: 1


Extension: Authority Information Access(1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Certificate Authority Issuers
URI: http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt
Method#2: Online Certificate Status Protocol
URI: http://ocsp.globalsign.com/gsrsaovsslca2018


Extension: Policies(2.5.29.32)
Critical: 0
Policy ID #1: 1.3.6.1.4.1.4146.1.20
Qualifier ID #1: Certification Practice Statement(1.3.6.1.5.5.7.2.1)
CPS URI: https://www.globalsign.com/repository/
Policy ID #2: 2.23.140.1.2.2


Extension: Subject Alternative Name(2.5.29.17)
Critical: 0
DNS: www.lkp.net.in
DNS: aims.lkp.net.in
DNS: allocation.lkp.net.in
DNS: api.lkp.net.in
DNS: backoffice.lkp.net.in
DNS: bo.lkp.net.in
DNS: devtrade.lkp.net.in
DNS: devtradekyc.lkp.net.in
DNS: ekyc.lkp.net.in
DNS: ekycuat.lkp.net.in
DNS: hrms.lkp.net.in
DNS: ia.lkp.net.in
DNS: ipo.lkp.net.in
DNS: lms.lkp.net.in
DNS: middleware.lkp.net.in
DNS: middlewareapi.lkp.net.in
DNS: pay.lkp.net.in
DNS: ra.lkp.net.in
DNS: spip.lkp.net.in
DNS: trilogy.lkp.net.in
DNS: uat.lkp.net.in
DNS: uatbackoffice.lkp.net.in
DNS: wealth.lkp.net.in
DNS: welcome.lkp.net.in
DNS: admin.pennypal.in
DNS: api.lkpconnect.net.in
DNS: backoffice.lkpifsc.com
DNS: closure.lkponline.com
DNS: dashboard.pennypal.in
DNS: demo.pennypal.in
DNS: druat.pennypal.in
DNS: ekyc.lkponline.com
DNS: ekyc.pennypal.in
DNS: getsetgrow.lkponline.com
DNS: lkpconnect.net.in
DNS: lkpifsc.com
DNS: lkpsec.com
DNS: notification.lkponline.com
DNS: notification.pennypal.in
DNS: pennypal.in
DNS: referral.pennypal.in
DNS: rekyc.lkponline.com
DNS: rekyc.pennypal.in
DNS: spip.lkponline.com
DNS: trading.lkponline.com
DNS: trading.pennypal.in
DNS: uat.lkpsec.com
DNS: uat.pennypal.in
DNS: uatekyc.lkponline.com
DNS: uatgetsetgrow.lkponline.com
DNS: uatspip.lkponline.com
DNS: uattrading.lkponline.com
DNS: uatweb.pennypal.in
DNS: www.lkpfinance.com
DNS: www.lkpsec.com
DNS: lkp.net.in


Extension: Extended Key Usage(2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Authority Key Identifier(2.5.29.35)
Critical: 0
Key Identifier: F8 EF 7F F2 CD 78 67 A8 DE 6F 8F 24 8D 88 F1 87 03 02 B3 EB


Extension: Subject Key Identifier(2.5.29.14)
Critical: 0
Subject Key Identifier: C6 72 59 DE 7C D2 52 1B ED 66 C9 6C 59 28 03 2F CC 65 1C 25


Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 82 01 68 01 66 00 75 00 19 86 D4 C7 28 AA 6F FE BA 03 6F
78 2A 4D 01 91 AA CE 2D 72 31 0F AE CE 5D 70 41 2D 25 4C C7
D4 00 00 01 9A E2 FB 8C 39 00 00 04 03 00 46 30 44 02 20 77
3E 3D 37 98 CC 75 D8 5F F3 83 BF 28 AF C3 75 C8 D2 8F F5 FA
73 46 1D 81 B5 B2 C3 D7 4B 41 EB 02 20 74 73 EB 63 54 73 F4
CE CB 18 9D 72 B7 1D DC 59 E3 BA 1A 17 71 8B 8B 57 CB 07 6F
CC 51 71 C7 2F 00 75 00 64 11 C4 6C A4 12 EC A7 89 1C A2 02
2E 00 BC AB 4F 28 07 D4 1E 35 27 AB EA FE D5 03 C9 7D CD F0
00 00 01 9A E2 FB 8C 04 00 00 04 03 00 46 30 44 02 20 4F A3
F0 25 AD B1 87 4B 79 4D 86 FB EF 2D 6F 69 D0 1E B7 14 FB 95
C5 F7 82 08 4D 76 77 5A 6F EF 02 20 7A 60 AC B3 24 ED 68 40
11 58 6D 6B 93 F5 41 BF 01 9A 86 23 79 B7 D6 BF 10 23 21 7A
6B 01 60 F3 00 76 00 CB 38 F7 15 89 7C 84 A1 44 5F 5B C1 DD
FB C9 6E F2 9A 59 CD 47 0A 69 05 85 B0 CB 14 C3 14 58 E7 00
00 01 9A E2 FB 8C 4E 00 00 04 03 00 47 30 45 02 21 00 A3 75
33 82 EF AA F1 82 DE 1E 3F B3 19 12 59 5D 2F 3E 1B E5 75 21
97 DC B7 48 D2 05 A3 A2 81 AF 02 20 40 AA 3F E4 5B AB D9 D3
66 59 7B 79 FE C6 55 B5 6E 22 A9 1F F0 7B DF 74 3A 6D 7F 94
CA D5 16 AC


Fingerprints :

SHA-256 Fingerprint: 04 9C 06 30 84 18 2B 94 99 3F E1 5E CB C3 3F DC C2 DE B6 8D
D3 2A C7 76 B2 E5 36 83 9F A7 53 AE
SHA-1 Fingerprint: B9 75 5C EF 63 E7 72 4D 00 84 78 98 36 FA DA 3C A7 EA 16 C4
MD5 Fingerprint: B5 E7 9E 0A D6 3F F0 37 DF 79 AD 83 C1 AC 48 4A


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIKkzCCCXugAwIBAgIMLPrFHkXds1L2wZqOMA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSYwJAYDVQQDEx1HbG9iYWxTaWduIFJTQSBPViBTU0wgQ0EgMjAxODAeFw0yNTEyMDMwNjUyMDFaFw0yNjA1MjMxMDI2MTJaMG4xCzAJBgNVBAYTAklOMRQwEgYDVQQIEwtNYWhhcmFzaHRyYTEPMA0GA1UEBxMGTXVtYmFpMR8wHQYDVQQKExZMS1AgU0VDVVJJVElFUyBMSU1JVEVEMRcwFQYDVQQDEw53d3cubGtwLm5ldC5pbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKT3kfr+p79Saf2xukccvKICmNLqlFDECCs14qfyIx9UheqcCOTg1JCyhgsJjjca4x1q0mo1f+8CkHfu3I9K290L5b5F+JRIf2T8gKEppmRJpu15bFCo45WyHt6ym4uq3NLsxffXwGe1EFnGXcppAhRrJ0sUGHNNPtWbKqU/z5c9sgGZTtz1UdXqI5TVY7WZxdWFUt2pg/j1vGKJlzwu9iF7VJhs7DDVgqMMMx0bE6GEpW1KPZPbr/gMTneInjOZAQTlKeXz3r1JVTPwb4629hbGYSdl5NPPTs7UJ/MUpif/80t7IAqWshzoRO2JbAeeYVFgJQM3JlU0Nqh15zkZy+0CAwEAAaOCB00wggdJMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMIGOBggrBgEFBQcBAQSBgTB/MEQGCCsGAQUFBzAChjhodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc3JzYW92c3NsY2EyMDE4LmNydDA3BggrBgEFBQcwAYYraHR0cDovL29jc3AuZ2xvYmFsc2lnbi5jb20vZ3Nyc2FvdnNzbGNhMjAxODBWBgNVHSAETzBNMEEGCSsGAQQBoDIBFDA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgIwggRfBgNVHREEggRWMIIEUoIOd3d3LmxrcC5uZXQuaW6CD2FpbXMubGtwLm5ldC5pboIVYWxsb2NhdGlvbi5sa3AubmV0Lmlugg5hcGkubGtwLm5ldC5pboIVYmFja29mZmljZS5sa3AubmV0Lmlugg1iby5sa3AubmV0LmlughNkZXZ0cmFkZS5sa3AubmV0LmlughZkZXZ0cmFkZWt5Yy5sa3AubmV0Lmlugg9la3ljLmxrcC5uZXQuaW6CEmVreWN1YXQubGtwLm5ldC5pboIPaHJtcy5sa3AubmV0Lmlugg1pYS5sa3AubmV0Lmlugg5pcG8ubGtwLm5ldC5pboIObG1zLmxrcC5uZXQuaW6CFW1pZGRsZXdhcmUubGtwLm5ldC5pboIYbWlkZGxld2FyZWFwaS5sa3AubmV0Lmlugg5wYXkubGtwLm5ldC5pboINcmEubGtwLm5ldC5pboIPc3BpcC5sa3AubmV0LmlughJ0cmlsb2d5LmxrcC5uZXQuaW6CDnVhdC5sa3AubmV0Lmlughh1YXRiYWNrb2ZmaWNlLmxrcC5uZXQuaW6CEXdlYWx0aC5sa3AubmV0LmlughJ3ZWxjb21lLmxrcC5uZXQuaW6CEWFkbWluLnBlbm55cGFsLmlughVhcGkubGtwY29ubmVjdC5uZXQuaW6CFmJhY2tvZmZpY2UubGtwaWZzYy5jb22CFWNsb3N1cmUubGtwb25saW5lLmNvbYIVZGFzaGJvYXJkLnBlbm55cGFsLmlughBkZW1vLnBlbm55cGFsLmlughFkcnVhdC5wZW5ueXBhbC5pboISZWt5Yy5sa3BvbmxpbmUuY29tghBla3ljLnBlbm55cGFsLmlughhnZXRzZXRncm93LmxrcG9ubGluZS5jb22CEWxrcGNvbm5lY3QubmV0Lmluggtsa3BpZnNjLmNvbYIKbGtwc2VjLmNvbYIabm90aWZpY2F0aW9uLmxrcG9ubGluZS5jb22CGG5vdGlmaWNhdGlvbi5wZW5ueXBhbC5pboILcGVubnlwYWwuaW6CFHJlZmVycmFsLnBlbm55cGFsLmlughNyZWt5Yy5sa3BvbmxpbmUuY29tghFyZWt5Yy5wZW5ueXBhbC5pboISc3BpcC5sa3BvbmxpbmUuY29tghV0cmFkaW5nLmxrcG9ubGluZS5jb22CE3RyYWRpbmcucGVubnlwYWwuaW6CDnVhdC5sa3BzZWMuY29tgg91YXQucGVubnlwYWwuaW6CFXVhdGVreWMubGtwb25saW5lLmNvbYIbdWF0Z2V0c2V0Z3Jvdy5sa3BvbmxpbmUuY29tghV1YXRzcGlwLmxrcG9ubGluZS5jb22CGHVhdHRyYWRpbmcubGtwb25saW5lLmNvbYISdWF0d2ViLnBlbm55cGFsLmlughJ3d3cubGtwZmluYW5jZS5jb22CDnd3dy5sa3BzZWMuY29tggpsa3AubmV0LmluMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBT473/yzXhnqN5vjySNiPGHAwKz6zAdBgNVHQ4EFgQUxnJZ3nzSUhvtZslsWSgDL8xlHCUwggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB1ABmG1Mcoqm/+ugNveCpNAZGqzi1yMQ+uzl1wQS0lTMfUAAABmuL7jDkAAAQDAEYwRAIgdz49N5jMddhf84O/KK/DdcjSj/X6c0YdgbWyw9dLQesCIHRz62NUc/TOyxidcrcd3FnjuhoXcYuLV8sHb8xRcccvAHUAZBHEbKQS7KeJHKICLgC8q08oB9QeNSer6v7VA8l9zfAAAAGa4vuMBAAABAMARjBEAiBPo/AlrbGHS3lNhvvvLW9p0B63FPuVxfeCCE12d1pv7wIgemCssyTtaEARWG1rk/VBvwGahiN5t9a/ECMhemsBYPMAdgDLOPcViXyEoURfW8Hd+8lu8ppZzUcKaQWFsMsUwxRY5wAAAZri+4xOAAAEAwBHMEUCIQCjdTOC76rxgt4eP7MZElldLz4b5XUhl9y3SNIFo6KBrwIgQKo/5Fur2dNmWXt5/sZVtW4iqR/we990Om1/lMrVFqwwDQYJKoZIhvcNAQELBQADggEBAEo8EHxPeQjgUY5TO1GYI46p2VtLVDrO3hxovRpstM4m7k+gGrSFI77LsfjIvH7FMzLZ7hbcjq+ZpHf3as+JHHV01U4+HmdIulw8M6bwUH/T7VeHG/dl7Va/b/ZJU+Qdlo4fbYF6GLXrTrzXBf1xkN3yOKKotzM3zs+izYsPWwENi7LomIOGaOa2AeRnk3oOA0T8KsKcBlpXWNQOS2pn/3GNGhJJr9yC6agOSDa+YBzDORCQUCw7bYb00DuBw0vYVZ1r16GrN63/tDkQHsd55BEkvkUJJ+irOFnDEofCMYd2KpIqQr6XonITzDRKhXyYJfUA8Oj2OQhG7ZycOIMqiPE=
-----END CERTIFICATE-----

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/1433/mssql

Subject Name:

Common Name: SSL_Self_Signed_Fallback

Issuer Name:

Common Name: SSL_Self_Signed_Fallback

Serial Number: 51 2C 17 C3 3F 21 C4 92 42 19 4C 87 A1 DB AD F5

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Jan 09 14:12:15 2026 GMT
Not Valid After: Jan 09 14:12:15 2056 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 AF B5 E4 30 73 28 E4 E0 19 05 F4 4B 53 E1 0C 72 15 AD 84
E7 76 45 B5 AF 2C EB 67 AF 34 41 D1 05 A2 37 D3 B0 87 6F 26
46 A6 49 6A C6 43 39 03 69 37 18 3E 9C 71 93 B8 61 DE D3 1E
72 83 63 69 25 57 E9 61 69 CA C3 17 7A EA 00 6E 32 C9 D9 2E
2B CD E2 65 67 81 36 DB AB CE 42 F5 C7 2D D8 94 85 39 35 4E
0A EB 32 7A 88 6B 85 80 88 B9 60 B7 33 14 DA AC 28 3E 8A FB
75 6E 6F 94 6F EB 2B 79 43 39 1C 0C D8 B8 99 C4 83 5E 67 A0
52 BB 51 21 D6 98 71 B8 D8 FB 35 F6 57 84 B4 C8 05 C2 36 A7
1A 6F E3 E2 D9 EB 87 00 9C D5 63 C8 50 B5 A1 24 49 22 16 3B
EE 71 5B 6E 56 12 89 77 32 57 4C 8B A4 70 43 29 00 33 A5 95
7E D5 33 97 71 74 84 F8 0F F4 FA F0 4D A9 49 4B 5F 59 FE CC
89 82 3A 54 C8 01 9D 4E EF 6D E2 54 2E DA DC B6 5D 6C 4B 9D
2D 16 FB EC 28 3E 12 6B DA 5D 13 D1 1B 04 67 9B 79
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 0D C6 BD 26 43 37 E3 71 2A 0C 73 FB 8B 57 C9 40 6F 13 57
8A 79 E0 46 01 37 13 F2 8F C5 AC 61 74 6E 90 58 69 0E FA 07
08 74 A4 D3 23 66 D4 48 F7 D0 11 14 68 75 A2 4D EB 57 A0 44
A7 C3 16 2D F9 12 56 ED 91 9D 17 AA 71 FF 03 6F B9 77 67 85
54 CB 66 E4 50 AC 4C 58 89 B7 BF 1E 76 91 6C 20 A2 EF AC 95
0D 35 E8 18 EA F4 78 8D 0F 06 50 1D B4 93 84 0D 1A 4E 79 89
9D 39 44 68 8D 17 82 28 4E EB AC 5C 6D 85 23 7B 74 DF 2D 85
32 46 09 D9 51 BC 8D A7 26 5C 68 5D 82 6C EC B7 27 E9 DC 03
44 7C 3C D5 B8 40 F7 42 89 EF 04 DC 29 59 0F A2 C5 3C 0A F6
EE 7A CD 79 A5 01 07 90 97 C4 CF 63 49 D6 7E 38 3A 60 6A F3
90 44 71 44 1A 5A BD 87 EE 56 E8 74 E5 4D E1 A8 A8 7E 4C DC
BE DA AE 6E AF 8C 4A 7A 25 53 22 47 CB 6A 56 7E EB 48 6E EE
AA 21 39 EA 60 1E 47 A4 47 3A 5E 12 E9 3B 58 38 B5

Fingerprints :

SHA-256 Fingerprint: 94 EF C8 95 FA 18 35 C2 07 E2 3E FF 70 0E 4D F7 C6 28 FE F9
2B 7F 5E A7 83 B6 E4 8B A4 FA 01 06
SHA-1 Fingerprint: 19 D0 E1 CA 76 8F B2 5D DC 4A CA 64 0B B7 42 A4 16 1C 70 69
MD5 Fingerprint: DC 5D 93 28 70 90 7A 46 15 F5 C7 40 24 75 73 38


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIDADCCAeigAwIBAgIQUSwXwz8hxJJCGUyHodut9TANBgkqhkiG9w0BAQsFADA7MTkwNwYDVQQDHjAAUwBTAEwAXwBTAGUAbABmAF8AUwBpAGcAbgBlAGQAXwBGAGEAbABsAGIAYQBjAGswIBcNMjYwMTA5MTQxMjE1WhgPMjA1NjAxMDkxNDEyMTVaMDsxOTA3BgNVBAMeMABTAFMATABfAFMAZQBsAGYAXwBTAGkAZwBuAGUAZABfAEYAYQBsAGwAYgBhAGMAazCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK+15DBzKOTgGQX0S1PhDHIVrYTndkW1ryzrZ680QdEFojfTsIdvJkamSWrGQzkDaTcYPpxxk7hh3tMecoNjaSVX6WFpysMXeuoAbjLJ2S4rzeJlZ4E226vOQvXHLdiUhTk1TgrrMnqIa4WAiLlgtzMU2qwoPor7dW5vlG/rK3lDORwM2LiZxINeZ6BSu1Eh1phxuNj7NfZXhLTIBcI2pxpv4+LZ64cAnNVjyFC1oSRJIhY77nFbblYSiXcyV0yLpHBDKQAzpZV+1TOXcXSE+A/0+vBNqUlLX1n+zImCOlTIAZ1O723iVC7a3LZdbEudLRb77Cg+EmvaXRPRGwRnm3kCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEADca9JkM343EqDHP7i1fJQG8TV4p54EYBNxPyj8WsYXRukFhpDvoHCHSk0yNm1Ej30BEUaHWiTetXoESnwxYt+RJW7ZGdF6px/wNvuXdnhVTLZuRQrExYibe/HnaRbCCi76yVDTXoGOr0eI0PBlAdtJOEDRpOeYmdOURojReCKE7rrFxthSN7dN8thTJGCdlRvI2nJlxoXYJs7Lcn6dwDRHw81bhA90KJ7wTcKVkPosU8Cvbues15pQEHkJfEz2NJ1n44OmBq85BEcUQaWr2H7lbodOVN4aiofkzcvtqubq+MSnolUyJHy2pWfutIbu6qITnqYB5HpEc6XhLpO1g4tQ==
-----END CERTIFICATE-----

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/3389/msrdp

Subject Name:

Common Name: MUMPORTAL001

Issuer Name:

Common Name: MUMPORTAL001

Serial Number: 61 68 4E 61 87 9E 55 BC 49 6E F9 98 D2 72 24 A6

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Nov 25 13:56:44 2025 GMT
Not Valid After: May 27 13:56:44 2026 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 A2 D8 00 59 6A 85 89 AE B1 97 59 C5 29 68 BA CF 2B E2 DA
E4 0A 20 D4 16 A4 E2 70 DB 55 A7 64 F3 89 CE AA 7E 95 F8 91
C8 0B 83 E1 79 93 A6 2E C7 B2 3D F2 38 2A 6E FB CF 5F 4B D6
1C C8 5A 11 DB 73 C8 DF 35 9F E1 84 B4 A6 A4 8C F4 8F 3A 1C
D4 A1 24 03 CF A1 27 9E 3F 1E 65 23 C1 52 9C 87 E5 70 89 14
A2 EE 71 44 CA 46 D0 44 5B 14 96 1B 31 8F C8 A6 D9 EB AC CA
02 1B 6C 89 93 A0 37 45 9E F6 46 C6 4D 40 BF D6 B0 08 E4 AD
45 B2 2A 6D 03 BA BA 14 9B 1B C9 50 4D 07 55 0E A7 DD 48 00
EF 79 1D 54 D6 CB 86 EC E1 79 6C E6 21 41 F6 15 23 BE 1A AB
41 12 A5 C4 C8 B9 6D E1 D5 A5 11 EE 66 EB C1 2D 06 8D 32 17
0E F4 FA 72 FE 97 B4 97 28 34 FD CD 9D C8 64 48 C4 02 75 6E
50 10 BD 61 B0 B4 AD D6 1B D3 AD 50 C6 5E 36 A2 97 A0 41 1B
E0 CE 66 AF 13 9D 90 BB A2 60 89 95 D8 02 91 91 5B
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 8A C9 14 8B BB 5E 66 21 38 6E EF 81 07 5C 60 C2 1C 6A 9C
D8 16 98 AF 2C DA DB 66 02 5F AB E7 2E F0 20 7E 6B 1F B6 7B
0B 11 0D BF 13 40 70 61 89 81 57 CE 74 11 84 57 62 D0 FE E8
CE F3 70 F5 6C D9 39 1D 77 9D 77 D1 9D 95 B1 BE 29 D7 F8 2B
02 75 E3 20 63 A3 BC C9 C4 56 33 7F 97 96 65 62 34 42 5C EA
18 5F 9D 72 BA 36 41 F2 6C 04 39 9B E9 D2 AF 7D 5C 4A D6 49
98 22 22 1C CB 22 36 2E 30 A3 12 2E 04 68 FA C4 65 A4 83 38
A0 8F CB 1E B2 A7 14 2E 35 C3 92 E5 A6 5D 6B A2 4D 65 EE 01
F8 7A E2 A5 9D 6D D2 6F A4 EF FA 80 5C B1 10 1F A6 E7 F2 AE
A3 50 98 C6 27 5D 3A 62 0D B2 25 4C AA 9F 11 D6 56 9A E3 76
3B 4D 77 34 B6 7F 64 69 B5 48 56 17 A7 6D 14 BA 69 29 AD 5B
17 42 9F 93 E6 D4 56 2E 0E 43 90 33 B3 1C 95 A9 34 0E 88 FB
63 2D F0 B4 6D B6 BB DF 76 15 9C 41 83 F5 75 08 47

Extension: Extended Key Usage(2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage(2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment


Fingerprints :

SHA-256 Fingerprint: EC 4C BE BB 94 C0 A8 E7 32 D1 73 30 B2 59 5D CA 6B DC 93 A8
A4 CA 4B 11 07 68 43 27 C6 F7 79 7F
SHA-1 Fingerprint: 90 31 C2 69 15 6D 4E 4F 48 24 D7 FC 61 C5 44 B7 08 41 CB 88
MD5 Fingerprint: 74 20 25 6F 97 1C 68 95 4B 64 EE EF E5 56 7E 01


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIC3DCCAcSgAwIBAgIQYWhOYYeeVbxJbvmY0nIkpjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDEwxNVU1QT1JUQUwwMDEwHhcNMjUxMTI1MTM1NjQ0WhcNMjYwNTI3MTM1NjQ0WjAXMRUwEwYDVQQDEwxNVU1QT1JUQUwwMDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCi2ABZaoWJrrGXWcUpaLrPK+La5Aog1Bak4nDbVadk84nOqn6V+JHIC4PheZOmLseyPfI4Km77z19L1hzIWhHbc8jfNZ/hhLSmpIz0jzoc1KEkA8+hJ54/HmUjwVKch+VwiRSi7nFEykbQRFsUlhsxj8im2eusygIbbImToDdFnvZGxk1Av9awCOStRbIqbQO6uhSbG8lQTQdVDqfdSADveR1U1suG7OF5bOYhQfYVI74aq0ESpcTIuW3h1aUR7mbrwS0GjTIXDvT6cv6XtJcoNP3NnchkSMQCdW5QEL1hsLSt1hvTrVDGXjail6BBG+DOZq8TnZC7omCJldgCkZFbAgMBAAGjJDAiMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIEMDANBgkqhkiG9w0BAQsFAAOCAQEAiskUi7teZiE4bu+BB1xgwhxqnNgWmK8s2ttmAl+r5y7wIH5rH7Z7CxENvxNAcGGJgVfOdBGEV2LQ/ujO83D1bNk5HXedd9GdlbG+Kdf4KwJ14yBjo7zJxFYzf5eWZWI0QlzqGF+dcro2QfJsBDmb6dKvfVxK1kmYIiIcyyI2LjCjEi4EaPrEZaSDOKCPyx6ypxQuNcOS5aZda6JNZe4B+HripZ1t0m+k7/qAXLEQH6bn8q6jUJjGJ106Yg2yJUyqnxHWVprjdjtNdzS2f2RptUhWF6dtFLppKa1bF0Kfk+bUVi4OQ5AzsxyVqTQOiPtjLfC0bba733YVnEGD9XUIRw==
-----END CERTIFICATE-----

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/443/www


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/1433/mssql


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/3389/msrdp


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2024/09/11
Plugin Output

tcp/443/www


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDHE RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDHE RSA AES-GCM(256) SHA384
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2024/09/11
Plugin Output

tcp/1433/mssql


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDHE RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDHE RSA AES-GCM(256) SHA384
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

Note that this service does not encrypt traffic by default but does
support upgrading to an encrypted connection using STARTTLS.

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2024/09/11
Plugin Output

tcp/3389/msrdp


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDHE RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDHE RSA AES-GCM(256) SHA384
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

Note that this service does not encrypt traffic by default but does
support upgrading to an encrypted connection using STARTTLS.

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/443/www


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDHE RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDHE RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/1433/mssql


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDHE RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDHE RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/3389/msrdp


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDHE RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDHE RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

94761 - SSL Root Certification Authority Certificate Information
-
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
See Also
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2016/11/14, Modified: 2018/11/15
Plugin Output

tcp/443/www


The following root Certification Authority certificate was found :

|-Subject : OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign
|-Issuer : OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign
|-Valid From : Mar 18 10:00:00 2009 GMT
|-Valid To : Mar 18 10:00:00 2029 GMT
|-Signature Algorithm : SHA-256 With RSA Encryption
156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2024/02/12
Plugin Output

tcp/443/www

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2024/02/12
Plugin Output

tcp/1433/mssql

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2024/02/12
Plugin Output

tcp/3389/msrdp

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

97086 - Server Message Block (SMB) Protocol Version 1 Enabled
-
Synopsis
The remote Windows host supports the SMBv1 protocol.
Description
The remote Windows host supports Server Message Block Protocol version 1 (SMBv1). Microsoft recommends that users discontinue the use of SMBv1 due to the lack of security features that were included in later SMB versions. Additionally, the Shadow Brokers group reportedly has an exploit that affects SMB; however, it is unknown if the exploit affects SMBv1 or another version. In response to this, US-CERT recommends that users disable SMBv1 per SMB best practices to mitigate these potential issues.
See Also
Solution
Disable SMBv1 according to the vendor instructions in Microsoft KB2696547. Additionally, block SMB directly by blocking TCP port 445 on all network boundary devices. For SMB over the NetBIOS API, block TCP ports 137 / 139 and UDP ports 137 / 138 on all network boundary devices.
Risk Factor
None
Plugin Information
Published: 2017/02/09, Modified: 2020/06/12
Plugin Output

tcp/445/cifs


SMBv1 server is enabled :
- HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 : NULL or missing
SMB1protocol feature is enabled based on the following key :
- HKLM\SYSTEM\CurrentControlSet\Services\srv
SMBv1 client is enabled :
- HKLM\SYSTEM\CurrentControlSet\Services\mrxsmb10\Start : 2
96982 - Server Message Block (SMB) Protocol Version 1 Enabled (uncredentialed check)
-
Synopsis
The remote host supports the SMBv1 protocol.
Description
The remote host (Windows and/or Samba server) supports Server Message Block Protocol version 1 (SMBv1). Microsoft recommends that users discontinue the use of SMBv1 due to the lack of security features that were included in later SMB versions. Additionally, most security and compliance agencies recommend that users disable SMBv1 per SMB best practices.
See Also
Solution
Disable SMBv1 according to the vendor instructions in Microsoft KB2696547. Additionally, block SMB directly by blocking TCP port 445 on all network boundary devices. For SMB over the NetBIOS API, block TCP ports 137 / 139 and UDP ports 137 / 138 on all network boundary devices.
Risk Factor
None
References
XREF IAVT:0001-T-0710
Plugin Information
Published: 2017/02/03, Modified: 2025/08/13
Plugin Output

tcp/445/cifs


The remote host supports SMBv1.
160486 - Server Message Block (SMB) Protocol Version Detection
-
Synopsis
Verify the version of SMB on the remote host.
Description
The Server Message Block (SMB) Protocol provides shared access to files and printers across nodes on a network.
See Also
Solution
Disable SMB version 1 and block all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices.
Risk Factor
None
Plugin Information
Published: 2022/05/04, Modified: 2022/05/04
Plugin Output

tcp/445/cifs

- SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB2 : Key not found.
- SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB3 : Key not found.
- SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 : Key not found.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2025/12/08
Plugin Output

tcp/80/www

A web server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2025/12/08
Plugin Output

tcp/443/www

A TLSv1.2 server answered on this port.

tcp/443/www

A web server is running on this port through TLSv1.2.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2025/12/08
Plugin Output

tcp/5800/www

A web server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2025/12/08
Plugin Output

tcp/5900/vnc

A vnc server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2025/12/08
Plugin Output

tcp/5985/www

A web server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2025/12/08
Plugin Output

tcp/47001/www

A web server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2025/12/08
Plugin Output

tcp/49834/www

A web server is running on this port.

278501 - Smartbedded Meteobridge Web Detection
-
Synopsis
The web UI for Smartbedded Meteobridge was detected on the remote host.
Description
Smartbedded Meteobridge, a dedicated weather monitoring application, is running on the remote host.

Note: Basic HTTP Authentication credentials are required to obtain the version.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/12/12, Modified: 2025/12/15
Plugin Output

tcp/80/www


URL : http://172.17.100.60/cgi-bin/meteobridge
Version : unknown
Authenticated : False

278501 - Smartbedded Meteobridge Web Detection
-
Synopsis
The web UI for Smartbedded Meteobridge was detected on the remote host.
Description
Smartbedded Meteobridge, a dedicated weather monitoring application, is running on the remote host.

Note: Basic HTTP Authentication credentials are required to obtain the version.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/12/12, Modified: 2025/12/15
Plugin Output

tcp/443/www


URL : https://172.17.100.60/cgi-bin/meteobridge
Version : unknown
Authenticated : False

278501 - Smartbedded Meteobridge Web Detection
-
Synopsis
The web UI for Smartbedded Meteobridge was detected on the remote host.
Description
Smartbedded Meteobridge, a dedicated weather monitoring application, is running on the remote host.

Note: Basic HTTP Authentication credentials are required to obtain the version.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/12/12, Modified: 2025/12/15
Plugin Output

tcp/5985/www


URL : http://172.17.100.60:5985/cgi-bin/meteobridge
Version : unknown
Authenticated : False

278501 - Smartbedded Meteobridge Web Detection
-
Synopsis
The web UI for Smartbedded Meteobridge was detected on the remote host.
Description
Smartbedded Meteobridge, a dedicated weather monitoring application, is running on the remote host.

Note: Basic HTTP Authentication credentials are required to obtain the version.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/12/12, Modified: 2025/12/15
Plugin Output

tcp/47001/www


URL : http://172.17.100.60:47001/cgi-bin/meteobridge
Version : unknown
Authenticated : False

278501 - Smartbedded Meteobridge Web Detection
-
Synopsis
The web UI for Smartbedded Meteobridge was detected on the remote host.
Description
Smartbedded Meteobridge, a dedicated weather monitoring application, is running on the remote host.

Note: Basic HTTP Authentication credentials are required to obtain the version.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/12/12, Modified: 2025/12/15
Plugin Output

tcp/49834/www


URL : http://172.17.100.60:49834/cgi-bin/meteobridge
Version : unknown
Authenticated : False

42822 - Strict Transport Security (STS) Detection
-
Synopsis
The remote web server implements Strict Transport Security.
Description
The remote web server implements Strict Transport Security (STS).
The goal of STS is to make sure that a user does not accidentally downgrade the security of his or her browser.

All unencrypted HTTP connections are redirected to HTTPS. The browser is expected to treat all cookies as 'secure' and to close the connection in the event of potentially insecure situations.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/11/16, Modified: 2019/11/22
Plugin Output

tcp/80/www


The STS header line is :

Strict-Transport-Security: max-age=63072000; preload

161455 - Supersedence Data Builder
-
Synopsis
Supersedence data.
Description
Collects and stores supersedence patch data for various patch types.
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2022/05/24, Modified: 2025/07/14
Plugin Output

tcp/0

Supersedence patch data summary :
- MSKB : 297


Plugin debug log has been attached.
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

84821 - TLS ALPN Supported Protocol Enumeration
-
Synopsis
The remote host supports the TLS ALPN extension.
Description
The remote host supports the TLS ALPN extension. This plugin enumerates the protocols the extension supports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2015/07/17, Modified: 2024/09/11
Plugin Output

tcp/443/www


http/1.1
h2
136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/443/www

TLSv1.2 is enabled and the server supports at least one cipher.

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/1433/mssql

TLSv1.2 is enabled and the server supports at least one cipher.

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/3389/msrdp

TLSv1.2 is enabled and the server supports at least one cipher.

110095 - Target Credential Issues by Authentication Protocol - No Issues Found
-
Synopsis
Nessus was able to log in to the remote host using the provided credentials. No issues were reported with access, privilege, or intermittent failure.
Description
Valid credentials were provided for an authentication protocol on the remote target and Nessus did not log any subsequent errors or failures for the authentication protocol.

When possible, Nessus tracks errors or failures related to otherwise valid credentials in order to highlight issues that may result in incomplete scan results or limited scan coverage. The types of issues that are tracked include errors that indicate that the account used for scanning did not have sufficient permissions for a particular check, intermittent protocol failures which are unexpected after the protocol has been negotiated successfully earlier in the scan, and intermittent authentication failures which are unexpected after a credential set has been accepted as valid earlier in the scan. This plugin reports when none of the above issues have been logged during the course of the scan for at least one authenticated protocol. See plugin output for details, including protocol, port, and account.

Please note the following :

- This plugin reports per protocol, so it is possible for issues to be encountered for one protocol and not another.
For example, authentication to the SSH service on the remote target may have consistently succeeded with no privilege errors encountered, while connections to the SMB service on the remote target may have failed intermittently.

- Resolving logged issues for all available authentication protocols may improve scan coverage, but the value of resolving each issue for a particular protocol may vary from target to target depending upon what data (if any) is gathered from the target via that protocol and what particular check failed. For example, consistently successful checks via SSH are more critical for Linux targets than for Windows targets, and likewise consistently successful checks via SMB are more critical for Windows targets than for Linux targets.
Solution
n/a
Risk Factor
None
References
XREF IAVB:0001-B-0520
Plugin Information
Published: 2018/05/24, Modified: 2025/08/28
Plugin Output

tcp/445/cifs


Nessus was able to log into the remote host with no privilege or access
problems via the following :

User: '172.17.100.60\tidua'
Port: 445
Proto: SMB
Method: password
141118 - Target Credential Status by Authentication Protocol - Valid Credentials Provided
-
Synopsis
Valid credentials were provided for an available authentication protocol.
Description
Nessus was able to determine that valid credentials were provided for an authentication protocol available on the remote target because it was able to successfully authenticate directly to the remote target using that authentication protocol at least once. Authentication was successful because the authentication protocol service was available remotely, the service was able to be identified, the authentication protocol was able to be negotiated successfully, and a set of credentials provided in the scan policy for that authentication protocol was accepted by the remote service. See plugin output for details, including protocol, port, and account.

Please note the following :

- This plugin reports per protocol, so it is possible for valid credentials to be provided for one protocol and not another. For example, authentication may succeed via SSH but fail via SMB, while no credentials were provided for an available SNMP service.

- Providing valid credentials for all available authentication protocols may improve scan coverage, but the value of successful authentication for a given protocol may vary from target to target depending upon what data (if any) is gathered from the target via that protocol. For example, successful authentication via SSH is more valuable for Linux targets than for Windows targets, and likewise successful authentication via SMB is more valuable for Windows targets than for Linux targets.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2020/10/15, Modified: 2024/03/25
Plugin Output

tcp/445/cifs


Nessus was able to log in to the remote host via the following :

User: '172.17.100.60\tidua'
Port: 445
Proto: SMB
Method: password

92433 - Terminal Services History
-
Synopsis
Nessus was able to gather terminal service connection information.
Description
Nessus was able to generate a report on terminal service connections on the target system.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output

tcp/0

Terminal Services Client
- Production
- Production
- Production
- Production
- Production
- Production
- Production


Terminal Services Server
- S-1-5-80-344959196-2060754871-2302487193-2804545603-1466107430_Classes
- S-1-5-80-344959196-2060754871-2302487193-2804545603-1466107430_Classes
- S-1-5-80-344959196-2060754871-2302487193-2804545603-1466107430_Classes
- S-1-5-80-344959196-2060754871-2302487193-2804545603-1466107430_Classes
- S-1-5-80-344959196-2060754871-2302487193-2804545603-1466107430_Classes
- S-1-5-80-344959196-2060754871-2302487193-2804545603-1466107430_Classes
- S-1-5-80-344959196-2060754871-2302487193-2804545603-1466107430_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-21-3087833412-113499397-355877213-500_Classes
- S-1-5-21-3087833412-113499397-355877213-500_Classes
- S-1-5-21-3087833412-113499397-355877213-500_Classes
- S-1-5-21-3087833412-113499397-355877213-500_Classes
- S-1-5-21-3087833412-113499397-355877213-500_Classes
- S-1-5-21-3087833412-113499397-355877213-500_Classes
- S-1-5-21-3087833412-113499397-355877213-500_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921
- S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921
- S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921
- S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921
- S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921
- S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921
- S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921
- Production
- Production
- Production
- Production
- Production
- Production
- Production
- S-1-5-80-2575449109-2369498003-86869817-2770163484-1998650617
- S-1-5-80-2575449109-2369498003-86869817-2770163484-1998650617
- S-1-5-80-2575449109-2369498003-86869817-2770163484-1998650617
- S-1-5-80-2575449109-2369498003-86869817-2770163484-1998650617
- S-1-5-80-2575449109-2369498003-86869817-2770163484-1998650617
- S-1-5-80-2575449109-2369498003-86869817-2770163484-1998650617
- S-1-5-80-2575449109-2369498003-86869817-2770163484-1998650617
- S-1-5-80-1549978933-2891762758-2075524219-3728768389-1145206490
- S-1-5-80-1549978933-2891762758-2075524219-3728768389-1145206490
- S-1-5-80-1549978933-2891762758-2075524219-3728768389-1145206490
- S-1-5-80-1549978933-2891762758-2075524219-3728768389-1145206490
- S-1-5-80-1549978933-2891762758-2075524219-3728768389-1145206490
- S-1-5-80-1549978933-2891762758-2075524219-3728768389-1145206490
- S-1-5-80-1549978933-2891762758-2075524219-3728768389-1145206490
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-80-344959196-2060754871-2302487193-2804545603-1466107430
- S-1-5-80-344959196-2060754871-2302487193-2804545603-1466107430
- S-1-5-80-344959196-2060754871-2302487193-2804545603-1466107430
- S-1-5-80-344959196-2060754871-2302487193-2804545603-1466107430
- S-1-5-80-344959196-2060754871-2302487193-2804545603-1466107430
- S-1-5-80-344959196-2060754871-2302487193-2804545603-1466107430
- S-1-5-80-344959196-2060754871-2302487193-2804545603-1466107430
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-82-3760260245-944937054-2565876219-3982263468-3447258009
- S-1-5-82-3760260245-944937054-2565876219-3982263468-3447258009
- S-1-5-82-3760260245-944937054-2565876219-3982263468-3447258009
- S-1-5-82-3760260245-944937054-2565876219-3982263468-3447258009
- S-1-5-82-3760260245-944937054-2565876219-3982263468-3447258009
- S-1-5-82-3760260245-944937054-2565876219-3982263468-3447258009
- S-1-5-82-3760260245-944937054-2565876219-3982263468-3447258009
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-309224134-970686483-1999427595-3240087295-3167920316
- S-1-5-80-309224134-970686483-1999427595-3240087295-3167920316
- S-1-5-80-309224134-970686483-1999427595-3240087295-3167920316
- S-1-5-80-309224134-970686483-1999427595-3240087295-3167920316
- S-1-5-80-309224134-970686483-1999427595-3240087295-3167920316
- S-1-5-80-309224134-970686483-1999427595-3240087295-3167920316
- S-1-5-80-309224134-970686483-1999427595-3240087295-3167920316
- S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921_Classes
- S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921_Classes
- S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921_Classes
- S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921_Classes
- S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921_Classes
- S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921_Classes
- S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921_Classes
- S-1-5-82-3760260245-944937054-2565876219-3982263468-3447258009_Classes
- S-1-5-82-3760260245-944937054-2565876219-3982263468-3447258009_Classes
- S-1-5-82-3760260245-944937054-2565876219-3982263468-3447258009_Classes
- S-1-5-82-3760260245-944937054-2565876219-3982263468-3447258009_Classes
- S-1-5-82-3760260245-944937054-2565876219-3982263468-3447258009_Classes
- S-1-5-82-3760260245-944937054-2565876219-3982263468-3447258009_Classes
- S-1-5-82-3760260245-944937054-2565876219-3982263468-3447258009_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-1549978933-2891762758-2075524219-3728768389-1145206490_Classes
- S-1-5-80-1549978933-2891762758-2075524219-3728768389-1145206490_Classes
- S-1-5-80-1549978933-2891762758-2075524219-3728768389-1145206490_Classes
- S-1-5-80-1549978933-2891762758-2075524219-3728768389-1145206490_Classes
- S-1-5-80-1549978933-2891762758-2075524219-3728768389-1145206490_Classes
- S-1-5-80-1549978933-2891762758-2075524219-3728768389-1145206490_Classes
- S-1-5-80-1549978933-2891762758-2075524219-3728768389-1145206490_Classes
- S-1-5-80-309224134-970686483-1999427595-3240087295-3167920316_Classes
- S-1-5-80-309224134-970686483-1999427595-3240087295-3167920316_Classes
- S-1-5-80-309224134-970686483-1999427595-3240087295-3167920316_Classes
- S-1-5-80-309224134-970686483-1999427595-3240087295-3167920316_Classes
- S-1-5-80-309224134-970686483-1999427595-3240087295-3167920316_Classes
- S-1-5-80-309224134-970686483-1999427595-3240087295-3167920316_Classes
- S-1-5-80-309224134-970686483-1999427595-3240087295-3167920316_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-2575449109-2369498003-86869817-2770163484-1998650617_Classes
- S-1-5-80-2575449109-2369498003-86869817-2770163484-1998650617_Classes
- S-1-5-80-2575449109-2369498003-86869817-2770163484-1998650617_Classes
- S-1-5-80-2575449109-2369498003-86869817-2770163484-1998650617_Classes
- S-1-5-80-2575449109-2369498003-86869817-2770163484-1998650617_Classes
- S-1-5-80-2575449109-2369498003-86869817-2770163484-1998650617_Classes
- S-1-5-80-2575449109-2369498003-86869817-2770163484-1998650617_Classes


Extended Terminal Services report attached.

64814 - Terminal Services Use SSL/TLS
-
Synopsis
The remote Terminal Services use SSL/TLS.
Description
The remote Terminal Services is configured to use SSL/TLS.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/02/22, Modified: 2023/07/10
Plugin Output

tcp/3389/msrdp

Subject Name:

Common Name: MUMPORTAL001

Issuer Name:

Common Name: MUMPORTAL001

Serial Number: 61 68 4E 61 87 9E 55 BC 49 6E F9 98 D2 72 24 A6

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Nov 25 13:56:44 2025 GMT
Not Valid After: May 27 13:56:44 2026 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 A2 D8 00 59 6A 85 89 AE B1 97 59 C5 29 68 BA CF 2B E2 DA
E4 0A 20 D4 16 A4 E2 70 DB 55 A7 64 F3 89 CE AA 7E 95 F8 91
C8 0B 83 E1 79 93 A6 2E C7 B2 3D F2 38 2A 6E FB CF 5F 4B D6
1C C8 5A 11 DB 73 C8 DF 35 9F E1 84 B4 A6 A4 8C F4 8F 3A 1C
D4 A1 24 03 CF A1 27 9E 3F 1E 65 23 C1 52 9C 87 E5 70 89 14
A2 EE 71 44 CA 46 D0 44 5B 14 96 1B 31 8F C8 A6 D9 EB AC CA
02 1B 6C 89 93 A0 37 45 9E F6 46 C6 4D 40 BF D6 B0 08 E4 AD
45 B2 2A 6D 03 BA BA 14 9B 1B C9 50 4D 07 55 0E A7 DD 48 00
EF 79 1D 54 D6 CB 86 EC E1 79 6C E6 21 41 F6 15 23 BE 1A AB
41 12 A5 C4 C8 B9 6D E1 D5 A5 11 EE 66 EB C1 2D 06 8D 32 17
0E F4 FA 72 FE 97 B4 97 28 34 FD CD 9D C8 64 48 C4 02 75 6E
50 10 BD 61 B0 B4 AD D6 1B D3 AD 50 C6 5E 36 A2 97 A0 41 1B
E0 CE 66 AF 13 9D 90 BB A2 60 89 95 D8 02 91 91 5B
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 8A C9 14 8B BB 5E 66 21 38 6E EF 81 07 5C 60 C2 1C 6A 9C
D8 16 98 AF 2C DA DB 66 02 5F AB E7 2E F0 20 7E 6B 1F B6 7B
0B 11 0D BF 13 40 70 61 89 81 57 CE 74 11 84 57 62 D0 FE E8
CE F3 70 F5 6C D9 39 1D 77 9D 77 D1 9D 95 B1 BE 29 D7 F8 2B
02 75 E3 20 63 A3 BC C9 C4 56 33 7F 97 96 65 62 34 42 5C EA
18 5F 9D 72 BA 36 41 F2 6C 04 39 9B E9 D2 AF 7D 5C 4A D6 49
98 22 22 1C CB 22 36 2E 30 A3 12 2E 04 68 FA C4 65 A4 83 38
A0 8F CB 1E B2 A7 14 2E 35 C3 92 E5 A6 5D 6B A2 4D 65 EE 01
F8 7A E2 A5 9D 6D D2 6F A4 EF FA 80 5C B1 10 1F A6 E7 F2 AE
A3 50 98 C6 27 5D 3A 62 0D B2 25 4C AA 9F 11 D6 56 9A E3 76
3B 4D 77 34 B6 7F 64 69 B5 48 56 17 A7 6D 14 BA 69 29 AD 5B
17 42 9F 93 E6 D4 56 2E 0E 43 90 33 B3 1C 95 A9 34 0E 88 FB
63 2D F0 B4 6D B6 BB DF 76 15 9C 41 83 F5 75 08 47

Extension: Extended Key Usage(2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage(2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment

56468 - Time of Last System Startup
-
Synopsis
The system has been started.
Description
Using the supplied credentials, Nessus was able to determine when the host was last started.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/10/12, Modified: 2018/06/19
Plugin Output

tcp/0


20260109194206.318431+330

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/12/04
Plugin Output

udp/0

For your information, here is the traceroute from 172.17.100.38 to 172.17.100.60 :
172.17.100.38
172.17.100.60

Hop Count: 1

92434 - User Download Folder Files
-
Synopsis
Nessus was able to enumerate downloaded files on the remote host.
Description
Nessus was able to generate a report of all files listed in the default user download folder.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/16
Plugin Output

tcp/0

C:\\Users\admin\Downloads\desktop.ini
C:\\Users\Administrator\Downloads\desktop.ini
C:\\Users\Administrator\Downloads\file.xlsx
C:\\Users\IIS_USERS\Downloads\desktop.ini
C:\\Users\Lkpadmin\Downloads\desktop.ini
C:\\Users\MSSQLSERVER\Downloads\desktop.ini
C:\\Users\mssqlserver_user$\Downloads\desktop.ini
C:\\Users\Public\Downloads\desktop.ini

Download folder content report attached.
92431 - User Shell Folders Settings
-
Synopsis
Nessus was able to find the folder paths for user folders on the remote host.
Description
Nessus was able to gather a list of settings from the target system that store common user folder locations. A few of the more common locations are listed below :

- Administrative Tools
- AppData
- Cache
- CD Burning
- Cookies
- Desktop
- Favorites
- Fonts
- History
- Local AppData
- My Music
- My Pictures
- My Video
- NetHood
- Personal
- PrintHood
- Programs
- Recent
- SendTo
- Start Menu
- Startup
- Templates
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/16
Plugin Output

tcp/0

Production
- {7d1d3a04-debb-4115-95cf-2f29da2920da} : C:\Users\Administrator\Searches
- {1b3ea5dc-b587-4786-b4ef-bd1dc332aeae} : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Libraries
- {374de290-123f-4565-9164-39c4925e467b} : C:\Users\Administrator\Downloads
- recent : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent
- my video : C:\Users\Administrator\Videos
- my music : C:\Users\Administrator\Music
- {56784854-c6cb-462b-8169-88e350acb882} : C:\Users\Administrator\Contacts
- {bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968} : C:\Users\Administrator\Links
- {a520a1a4-1780-4ff6-bd18-167343c5af16} : C:\Users\Administrator\AppData\LocalLow
- sendto : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo
- start menu : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu
- cookies : C:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCookies
- personal : C:\Users\Administrator\Documents
- administrative tools : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
- startup : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
- history : C:\Users\Administrator\AppData\Local\Microsoft\Windows\History
- nethood : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts
- {4c5c32ff-bb9d-43b0-b5b4-2d72e54eaaa4} : C:\Users\Administrator\Saved Games
- {00bcfc5a-ed94-4e48-96a1-3f6217f21990} : C:\Users\Administrator\AppData\Local\Microsoft\Windows\RoamingTiles
- !do not use this registry key : Use the SHGetFolderPath or SHGetKnownFolderPath function instead
- local appdata : C:\Users\Administrator\AppData\Local
- my pictures : C:\Users\Administrator\Pictures
- templates : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates
- printhood : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
- cache : C:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache
- desktop : C:\Users\Administrator\Desktop
- programs : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
- fonts : C:\Windows\Fonts
- cd burning : C:\Users\Administrator\AppData\Local\Microsoft\Windows\Burn\Burn
- favorites : C:\Users\Administrator\Favorites
- appdata : C:\Users\Administrator\AppData\Roaming

S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- {7d1d3a04-debb-4115-95cf-2f29da2920da} : C:\Users\MSSQLSERVER\Searches
- {1b3ea5dc-b587-4786-b4ef-bd1dc332aeae} : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Libraries
- {374de290-123f-4565-9164-39c4925e467b} : C:\Users\Default\Downloads
- recent : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent
- my video : C:\Users\Default\Videos
- my music : C:\Users\Default\Music
- {56784854-c6cb-462b-8169-88e350acb882} : C:\Users\MSSQLSERVER\Contacts
- {bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968} : C:\Users\MSSQLSERVER\Links
- {a520a1a4-1780-4ff6-bd18-167343c5af16} : C:\Users\MSSQLSERVER\AppData\LocalLow
- sendto : C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo
- start menu : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
- cookies : C:\Users\Default\AppData\Local\Microsoft\Windows\INetCookies
- personal : C:\Users\Default\Documents
- administrative tools : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
- startup : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
- history : C:\Users\Default\AppData\Local\Microsoft\Windows\History
- nethood : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts
- {4c5c32ff-bb9d-43b0-b5b4-2d72e54eaaa4} : C:\Users\MSSQLSERVER\Saved Games
- {00bcfc5a-ed94-4e48-96a1-3f6217f21990} : C:\Users\Default\AppData\Local\Microsoft\Windows\RoamingTiles
- !do not use this registry key : Use the SHGetFolderPath or SHGetKnownFolderPath function instead
- local appdata : C:\Users\Default\AppData\Local
- my pictures : C:\Users\Default\Pictures
- templates : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates
- printhood : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
- cache : C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache
- desktop : C:\Users\Default\Desktop
- programs : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
- fonts : C:\Windows\Fonts
- cd burning : C:\Users\Default\AppData\Local\Microsoft\Windows\Burn\Burn
- favorites : C:\Users\Default\Favorites
- appdata : C:\Users\Default\AppData\Roaming
92435 - UserAssist Execution History
-
Synopsis
Nessus was able to enumerate program execution history on the remote host.
Description
Nessus was able to gather evidence from the UserAssist registry key that has a list of programs that have been executed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2019/11/12
Plugin Output

tcp/0

{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\visual studio 2015.lnk
microsoft.autogenerated.{c804bba7-fa5f-cbf7-8b55-2096e5f972cb}
d:\sahil\nse ftp api\nse_ftp_api\nse_ftp_api\bin\debug\nse_ftp_api.exe
d:\lkpsoft\kes av_12.0.0.465 +netagent_14.2.0.26967\installer.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft office\microsoft word 2010.lnk
d:\sahil\scrip_master_job\scrip_master\bin\debug\net46\scrip_master.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\windowspowershell\v1.0\powershell.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\system tools\task manager.lnk
c:\users\administrator\appdata\local\temp\2\{7bc3b18a-4cae-4ac6-93f7-f342089b6115}\cpqsetup.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{e5e8bf75-3d6d-46f8-8ddc-2d49aa3ca11d}\.cr\aspnetcore-runtime-3.1.3-win-x64.exe
microsoft.internetexplorer.default
d:\iis reset scheduler\iis reset scheduler\bin\debug\net7.0\iis reset scheduler.exe
d:\lkpsoft\digio setup\docker desktop installer.exe
c:\users\administrator\appdata\local\temp\2\{f0636b8b-acfb-4b93-b76a-c5bf076a1997}\cpqsetup.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{96255b86-da63-4999-b71b-728b0dcca9a3}\.cr\dotnet-hosting-6.0.0-win.exe
d:\schedular\pnlscheduler\bin\debug\pnlscheduler.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\kaspersky lab\kaspersky security for windows server\kavfsmui.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\kaspersky lab\networkagent\klshwmsg.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\services.lnk
d:\schedular\bondkycdata\referral schedular\bin\debug\referral schedular.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft visual studio\2017\sql\common7\ide\devenv.exe
d:\ftp_script_client1.bat
c:\users\administrator\desktop\plsql\plsqldev1004.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server 2008 report builder 2.0\report builder 2.0.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\dcomcnfg.exe
{6d809377-6af0-444b-8957-a3773f02200e}\internet explorer\iexplore.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server 2014\sql server 2014 management studio.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\performance monitor.lnk
e:\iiscrypto\iiscrypto.exe
d:\webportal\schedulers\daak\documentmanagement_scheduler.exe
c:\users\administrator\downloads\ndp47-kb3186500-web.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\visual studio 2017.lnk
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\postman\postman.lnk
d:\lkpsoft\acroniscyberprotect_agentforesx_web.exe
c:\users\administrator\desktop\dotnet-hosting-6.0.0-win.exe
d:\schedular\advance_ipoapply\advance_ipoapply\bin\debug\advance_ipoapply.exe
d:\pritesh\npp.7.installer.exe
microsoft.windows.pcsettings.defaultapps
e:\lkp soft\keswin_11.9.0.351_en_aes56.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server 2014\configuration tools\sql server 2014 reporting services configuration manager.lnk
d:\exportexcel_onlinenrefile\exporttoexcel.exe
com.squirrel.postman.postman
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server 2014\integration services\sql server 2014 execute package utility.lnk
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\accessories\notepad.lnk
c:\programdata\package cache\{654f5dc4-fd67-455a-b778-ef325039546c}\aspnetcore-runtime-6.0.0-win-x64.exe
c:\programdata\package cache\{1024024b-f50d-492f-9a39-9e07df9a2e48}\dotnet-runtime-6.0.0-win-x64.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\system tools\smart storage administrator\smart storage administrator preferences.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\visual studio 2017 (2).lnk
d:\webportal\download\common\autobackupcopytodr.bat
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\paint.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\taskhostw.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\shutdown.exe
d:\ftp_script_client.bat
c:\users\administrator\desktop\bulkmailer.exe - shortcut.lnk
c:\programdata\package cache\{992e6c21-09ad-4a97-aea8-090ae938ad99}\dotnet-runtime-6.0.4-win-x86.exe
ueme_ctlsession
{6d809377-6af0-444b-8957-a3773f02200e}\microsoft help viewer\v1.0\hlpviewer.exe
visualstudio.14.0
d:\sahil\nseapinarnolia\nseapinarnolia\nseapinarnolia\bin\debug\nseapinarnolia.exe
\\192.168.150.152\d$\lkpsoft\vs2017_professional\vs_setup.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\command prompt.lnk
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\windows powershell\windows powershell ise.lnk
d:\lkpsoft\dotnet-sdk-8.0.303-win-x64.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\certutil.exe
visualstudio.5ffe60f0
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\musnotificationux.exe
d:\ctcl_certificateexpiryremindermailer\ctcl_certificateexpiry_automailer\bin\debug\ctcl_certificateexpiry_automailer.exe
c:\users\administrator\desktop\dotnet-sdk-6.0.202-win-x64.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\wscript.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\cmd.exe
d:\saqlain\krastatus\backup\krapanstatus.exe
d:\lkpsoft\sql-2019\sw_dvd9_ntrl_sql_svr_standard_edtn_2019dec2019_64bit_core_english_oem_vl_x22-22109\x64\landingpage.exe
{6d809377-6af0-444b-8957-a3773f02200e}\dotnet\dotnet.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server management studio 19\common7\ide\ssms.exe
c:\users\administrator\appdata\local\squirreltemp\update.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\calc.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\notepad.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\ping.exe
c:\programdata\package cache\{203f209f-cdf2-4efb-b9b9-8b16faf988ca}\aspnetcore-runtime-6.0.4-win-x86.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\windows powershell\windows powershell.lnk
d:\auto_back_scheduler\auto_back_scheduler\bin\debug\auto_back_scheduler.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\servermanager.exe
d:\lkpsoft\sql-2019\sw_dvd9_ntrl_sql_svr_standard_edtn_2019dec2019_64bit_core_english_oem_vl_x22-22109\setup.exe
c:\users\public\desktop\vmware vcenter converter standalone client.lnk
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\default apps.lnk
c:\users\administrator\appdata\local\temp\2\npp.8.3.3.installer.exe
microsoft.autogenerated.{4a53e500-33be-add9-4671-88c6ca5b7c89}
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\security configuration management.lnk
{d65231b0-b2f1-4857-a4ce-a8e7c6ea7d27}\msdt.exe
c:\users\administrator\desktop\treesizefreesetup.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\kaspersky security for windows server\modify or remove kaspersky security for windows server.lnk
d:\schedular\pnlscheduler\bin\release\pnlscheduler.exe
d:\lkpsoft\sql-2019\sw_dvd9_ntrl_sql_svr_standard_edtn_2019dec2019_64bit_core_english_oem_vl_x22-22109\x64\scenarioengine.exe
d:\lkpsoft\sql-2019\sqlserver2019-kb5030333-x64.exe
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\iis manager.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\gpupdate.exe
c:\users\administrator\desktop\dotnet-hosting-6.0.4-win.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\bulkmail\release\bulkmailer.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\snipping tool.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft\edge beta\application\msedge.exe
d:\lkpsoft\dotnet-hosting-8.0.22-win.exe
d:\lkpsoft\sql-2019\ssms-setup-enu.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\comexp.msc
d:\ftp_script.bat
microsoft.autogenerated.{18c6f720-abae-a6ef-86ec-0e72549f6916}
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server management studio 19\common7\dtashell.exe
d:\sahil\symphony_bo_schedular\symphony_bo_schedular\bin\debug\symphony_bo_schedular.exe
d:\lkpsoft\acroniscyberprotect_agentforwindows_web.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server 2014\configuration tools\sql server 2014 configuration manager.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server\120\tools\binn\rsconfigtool.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\snippingtool.exe
c:\users\administrator\desktop\plsql developer.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft visual studio\2017\professional\common7\ide\devenv.exe
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\visual studio 2017 (2).lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\eventvwr.exe
microsoft.visualstudio.installer
c:\users\administrator\appdata\local\temp\2\dbb1cd57352fdd6b3e70c55a\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\msiexec.exe
c:\users\administrator\downloads\vc_redist.x64.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{bbf07dea-650d-4c83-b61b-541be31c8d12}\.cr\dotnet-sdk-8.0.303-win-x64.exe
d:\lkp soft\directsetup\setup.bat
d:\schedular\liquiloans_trial\liquiloans_trial\bin\debug\net8.0\liquiloans_trial.exe
d:\trade_file_scheduler\bin\debug\trade_file_scheduler.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{5c9950bc-1fca-4335-840a-9a0ae0bae45c}\.cr\dotnet-sdk-7.0.400-win-x64.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\task scheduler.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server 2012 report builder 3.0\report builder 3.0 help.lnk
c:\programdata\package cache\{552b49be-5d77-4b3e-8a86-6ca46f3ff2b2}\aspnetcore-runtime-6.0.0-win-x86.exe
d:\saqlain\krastatus\krapanstatus.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\notepad++\updater\gup.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\systempropertiesremote.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft visual studio 2010 sdk sp1\tools\reset the microsoft visual studio 2010 sp1 experimental instance.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\iis manager.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\cleanmgr.exe
visualstudio.c58c04b4
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft office\office14\outlook.exe
c:\users\administrator\downloads\ndp461-kb3102438-web.exe
d:\schedular\nse ftp api backup\nse_ftp_api\nse_ftp_api\bin\debug\nse_ftp_api.exe
microsoft.windows.controlpanel.folderoptions
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{6acd490b-b03b-4697-a832-3780d0e41e05}\.cr\dotnet-hosting-6.0.4-win.exe
{6d809377-6af0-444b-8957-a3773f02200e}\smart storage administrator\ssa\bin\ssaprefs.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft visual studio 10.0\common7\ide\devenv.exe
visualstudio.11.0
c:\users\administrator\appdata\local\temp\f51atu03.u5v\vs_installer.windows.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server\report builder 3.0\msreportbuilder.exe
c:\users\administrator\appdata\local\temp\6118b311-8d32-42f6-b7f3-c21833a43d84\cyber_cloud_uninstaller_enterprise.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\common files\microsoft shared\msenv\\vslauncher.exe
d:\lkpsoft\systemscheduler\scheduler.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft visual studio\installer\vs_installer.exe
d:\saqlain\createzohocontact\zohocreatecontact.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\rundll32.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\cloudnotifications.exe
c:\users\administrator\downloads\ndp462-kb3151802-web.exe
d:\b0660c75d412ed302d\x64\scenarioengine.exe
microsoft.windows.remotedesktop
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\ipconfig.exe
c:\users\public\desktop\treesize free.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server 2008\configuration tools\sql server installation center (64-bit).lnk
c:\users\administrator\appdata\local\temp\2\b3005d323f6f87adfa8c75bf\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
microsoft.windows.computer
c:\progra~2\micros~4\office14\ois.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\easeofaccessdialog.exe
c:\users\administrator\desktop\trade_file_scheduler.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\odbcad32.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{4a81ade3-c4f7-4967-8e78-6ce3eefd88d3}\.cr\dotnet-hosting-8.0.22-win.exe
kasperskylab.kis.ui.toasts
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\visual studio installer.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mspaint.exe
{6d809377-6af0-444b-8957-a3773f02200e}\compaq\cpqacuxe\bin\hpacuhost.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\common files\microsoft shared\msenv\vslauncher.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\iscsi initiator.lnk
c:\progra~2\micros~4\office14\excel.exe
c:\users\administrator\downloads\service restart.bat
{d65231b0-b2f1-4857-a4ce-a8e7c6ea7d27}\msiexec.exe
d:\sahil\corporateactionfileschedular\corporateactionfileschedular\bin\debug\corporateactionfileschedular.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\wusa.exe
c:\users\administrator\desktop\aspnetcore-runtime-3.1.3-win-x64.exe
c:\users\administrator\desktop\cp029559.exe
c:\users\administrator\desktop\vncviewer.exe
d:\saqlain\kycsummarymail\kycsummarymail.exe
c:\programdata\microsoft\visualstudio\packages\_bootstrapper\vs_bootstrapper.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\control panel.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\usoclient.exe
microsoft.autogenerated.{8abd94fb-e7d6-84a6-a997-c918edde0ae5}
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{279ea3de-234d-40c7-80fe-7301447339eb}\.cr\dotnet-hosting-6.0.0-win.exe
c:\users\administrator\downloads\vs_sql.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\msinfo32.exe
d:\lkpsoft\aspnetcore-runtime-8.0.22-win-x64.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\openwith.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\startup\map drive access.bat
d:\lkpsoft\digio setup\jdk-17.0.12_windows-x64_bin.exe
microsoft.autogenerated.{5b29b9ae-8060-1960-9833-2f50c0175c01}
{6d809377-6af0-444b-8957-a3773f02200e}\compaq\cpqacuxe\bin\cpqacuxe.exe
f:\iiscrypto (1).exe
microsoft.autogenerated.{4dae67c5-d153-41cf-ef44-806f5f8d9dd8}
d:\lkpsoft\dotnet-sdk-7.0.400-win-x64.exe
{d65231b0-b2f1-4857-a4ce-a8e7c6ea7d27}\notepad.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\event viewer.lnk
{f38bf404-1d43-42f2-9305-67de0b28fc23}\regedit.exe
d:\checkjamoontradefileonserver\checkjamoontradefileonserver\bin\debug\netcoreapp3.1\checkjamoontradefileonserver.exe
d:\lkp soft\raid\array_cp018121.exe
d:\lkpsoft\vmware-tools-11.3.0-18090558-x86_64.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{4c83fe57-0d4c-4c73-b02e-130ef74ba0d9}\.cr\ssms-setup-enu.exe
c:\programdata\package cache\{3b46879b-bd75-4e54-9297-363882110c3a}\dotnet-hosting-6.0.4-win.exe
d:\schedular\nse ftp api\nse_ftp_api\nse_ftp_api\bin\debug\nse_ftp_api.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{f453bd09-c03b-44e1-879a-020ec3a45942}\.cr\dotnet-sdk-6.0.202-win-x64.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\vsjitdebugger.exe
c:\progra~2\micros~4\office14\winword.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\wordpad.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\server manager.lnk
d:\schedular\scriptdbtoaws\bin\debug\net6.0\scriptdbtoaws.exe
c:\users\administrator\desktop\plsql\keygen.exe
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\internet explorer.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server\120\dts\binn\dtswizard.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\remotefxvgpudisablement.exe
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\file explorer.lnk
c:\users\administrator\desktop\sql server management studio management studio 19.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server 2008\configuration tools\sql server configuration manager.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server\120\tools\binn\managementstudio\ssms.exe
c:\users\administrator\desktop\dotnet-hosting-3.1.3-win.exe
d:\lkpsoft\systemscheduler\sscmd.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft visual studio 2010\microsoft visual studio 2010.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\plsql developer\plsqldev.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\microsoft.net\framework64\v2.0.50727\applaunch.exe
d:\lkpsoft\iiscrypto (1).exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\systempropertiescomputername.exe
{d65231b0-b2f1-4857-a4ce-a8e7c6ea7d27}\fixmapi.exe
{6d809377-6af0-444b-8957-a3773f02200e}\winrar\winrar.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\file explorer.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft office\office14\ois.exe
{6d809377-6af0-444b-8957-a3773f02200e}\windows nt\accessories\wordpad.exe
microsoft.autogenerated.{bd3f924e-55fb-a1ba-9de6-b50f9f2460ac}
{f38bf404-1d43-42f2-9305-67de0b28fc23}\hh.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\services.msc
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft office\office14\msohtmed.exe
d:\saqlain\createzohocontacts_pennypal\zohocreatecontact.exe
c:\programdata\package cache\{de7bad2b-ba75-42bf-8c43-53c5d67efd01}\aspnetcore-runtime-6.0.4-win-x64.exe
microsoft.autogenerated.{923dd477-5846-686b-a659-0fccd73851a8}
microsoft.autogenerated.{bb044bfd-25b7-2faa-22a8-6371a93e0456}
microsoft.windows.explorer
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\odbc data sources (64-bit).lnk
c:\programdata\package cache\{6c092881-01d6-4bd5-9716-f660db791126}\dotnet-runtime-6.0.0-win-x86.exe
microsoft.windows.windowsinstaller
c:\programdata\package cache\{78a41aea-a74d-484b-baf5-dc41cd70dc88}\dotnet-runtime-6.0.4-win-x64.exe
d:\lkpsoft\systemscheduler\message.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\win32calc.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\calculator.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\bulkmail\release\bulkmailer.vshost.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\systempropertiesadvanced.exe
c:\users\administrator\desktop\treesize free.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server\120\tools\binn\profiler.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\remote desktop connection.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\inetsrv\inetmgr.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft office\office14\excel.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\windowspowershell\v1.0\powershell_ise.exe
microsoft.windows.shell.rundialog
d:\trade_file_scheduler\trade_file_scheduler\bin\debug\trade_file_scheduler.exe
e:\haresh\vs_intshelladditional (1).exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server\120\tools\binn\sqlps.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\hp system tools\hp array configuration utility (64-bit)\hp array configuration utility (64-bit).lnk
c:\users\administrator\desktop\postman.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mmc.exe
d:\commonapi_test\lkp.core.common.api.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\control.exe
microsoft.windows.controlpanel
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\hp system tools\hp array configuration utility (64-bit)\setup hp array configuration utility.lnk
visualstudio.10.0
c:\users\administrator\appdata\local\temp\~nsu1.tmp\un.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{f5ff633b-92a3-4d66-9f7f-5a8a5cc9b465}\.cr\vc_redist.x64.exe
microsoft.autogenerated.{25768b46-0833-0a7e-24a1-35c0ad58dd30}
d:\lkp soft\vmware-converter-en-6.1.1-3533064.exe
c:\users\administrator\appdata\local\temp\2\{0bac6656-0634-41e4-b7f4-4e638dba58aa}\cpqsetup.exe
{d65231b0-b2f1-4857-a4ce-a8e7c6ea7d27}\odbcad32.exe
c:\users\administrator\downloads\vs2012.5.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft office\office14\winword.exe
c:\users\administrator\desktop\bulkmailer.vshost.exe - shortcut.lnk
microsoft.autogenerated.{c1c6f8ac-40a3-0f5c-146f-65a9dc70bbb4}
d:\sahil\nsermsfiles\nsermsfiles\bin\debug\nsermsfiles.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\vmware\vmware vcenter converter standalone\converter.exe
c:\users\public\desktop\google chrome.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\system tools\smart storage administrator\smart storage administrator.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\bulkmail\release\blk.bat
d:\lkpsoft\sanernow_lkp_window_cm_windows_x86_6.3\sanernow_windows_x86_6.3.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft visual studio 2010 sdk sp1\tools\start experimental instance of microsoft visual studio 2010 sp1.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\odbc data sources (32-bit).lnk
d:\lkpsoft\treesizefreesetup.exe
e:\softwares\dotnet-sdk-6.0.202-win-x64.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{5d7cf523-0813-435e-8fa1-18897b297d59}\.cr\dotnet-sdk-8.0.303-win-x64.exe
msedgebeta
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\iscsicpl.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server tools 19\sql server management studio management studio 19.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\winver.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\credentialuibroker.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server 2012 report builder 3.0\report builder 3.0.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\notepad++\notepad++.exe
d:\schedular\auto_backupp\auto_backupp\bin\debug\netcoreapp3.1\auto_backupp.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{4886546e-22c0-436e-9564-78750d7459ed}\.cr\aspnetcore-runtime-8.0.22-win-x64.exe
ueme_ctlcuacount:ctor
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{2ab52c42-a60d-409f-9e5b-f5bc8e716dcc}\.cr\dotnet-sdk-6.0.202-win-x64.exe
d:\webportal\trilogybackup\trilogybak.bat
microsoft.autogenerated.{8aa47365-b2b3-1961-69eb-f866e376b12f}
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\computer.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\msdt.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\useraccountcontrolsettings.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\uems_agent\dcconfig.exe
{6d809377-6af0-444b-8957-a3773f02200e}\common files\microsoft shared\office14\msoxmled.exe
d:\lkp soft\raid\cp015778.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\kaspersky lab\kaspersky security for windows server\kavtray.exe
{6d809377-6af0-444b-8957-a3773f02200e}\smart storage administrator\ssa\bin\ssaclient.exe
windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\kaspersky security for windows server\administration tools\kaspersky security 11 for windows server console.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft edge beta.lnk
d:\schedular\liquiloans_revenue_new\liquiloans_revenue_new\bin\debug\liquiloans_revenue_new.exe
d:\schedular\ipoallotment\ipoallotment\bin\debug\ipoallotment.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft visual studio 2012\visual studio 2012.lnk
microsoft.autogenerated.{2c18cdd1-cf26-19b4-988a-862fc5db076a}
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{d8e068fe-90dd-40e2-a26b-b8838bb8de39}\.cr\dotnet-hosting-3.1.3-win.exe
{6d809377-6af0-444b-8957-a3773f02200e}\compaq\cpqacuxe\bin\hpacubin.exe
d:\schedular\scrip_master_job\scrip_master\bin\debug\net46\scrip_master.exe
d:\webportal\odin_ld_push_scheduler\lkp_odin_ld_push_scheduler.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\visual studio 2015.lnk
microsoft.autogenerated.{c804bba7-fa5f-cbf7-8b55-2096e5f972cb}
d:\sahil\nse ftp api\nse_ftp_api\nse_ftp_api\bin\debug\nse_ftp_api.exe
d:\lkpsoft\kes av_12.0.0.465 +netagent_14.2.0.26967\installer.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft office\microsoft word 2010.lnk
d:\sahil\scrip_master_job\scrip_master\bin\debug\net46\scrip_master.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\windowspowershell\v1.0\powershell.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\system tools\task manager.lnk
c:\users\administrator\appdata\local\temp\2\{7bc3b18a-4cae-4ac6-93f7-f342089b6115}\cpqsetup.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{e5e8bf75-3d6d-46f8-8ddc-2d49aa3ca11d}\.cr\aspnetcore-runtime-3.1.3-win-x64.exe
microsoft.internetexplorer.default
d:\iis reset scheduler\iis reset scheduler\bin\debug\net7.0\iis reset scheduler.exe
d:\lkpsoft\digio setup\docker desktop installer.exe
c:\users\administrator\appdata\local\temp\2\{f0636b8b-acfb-4b93-b76a-c5bf076a1997}\cpqsetup.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{96255b86-da63-4999-b71b-728b0dcca9a3}\.cr\dotnet-hosting-6.0.0-win.exe
d:\schedular\pnlscheduler\bin\debug\pnlscheduler.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\kaspersky lab\kaspersky security for windows server\kavfsmui.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\kaspersky lab\networkagent\klshwmsg.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\services.lnk
d:\schedular\bondkycdata\referral schedular\bin\debug\referral schedular.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft visual studio\2017\sql\common7\ide\devenv.exe
d:\ftp_script_client1.bat
c:\users\administrator\desktop\plsql\plsqldev1004.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server 2008 report builder 2.0\report builder 2.0.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\dcomcnfg.exe
{6d809377-6af0-444b-8957-a3773f02200e}\internet explorer\iexplore.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server 2014\sql server 2014 management studio.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\performance monitor.lnk
e:\iiscrypto\iiscrypto.exe
d:\webportal\schedulers\daak\documentmanagement_scheduler.exe
c:\users\administrator\downloads\ndp47-kb3186500-web.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\visual studio 2017.lnk
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\postman\postman.lnk
d:\lkpsoft\acroniscyberprotect_agentforesx_web.exe
c:\users\administrator\desktop\dotnet-hosting-6.0.0-win.exe
d:\schedular\advance_ipoapply\advance_ipoapply\bin\debug\advance_ipoapply.exe
d:\pritesh\npp.7.installer.exe
microsoft.windows.pcsettings.defaultapps
e:\lkp soft\keswin_11.9.0.351_en_aes56.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server 2014\configuration tools\sql server 2014 reporting services configuration manager.lnk
d:\exportexcel_onlinenrefile\exporttoexcel.exe
com.squirrel.postman.postman
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server 2014\integration services\sql server 2014 execute package utility.lnk
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\accessories\notepad.lnk
c:\programdata\package cache\{654f5dc4-fd67-455a-b778-ef325039546c}\aspnetcore-runtime-6.0.0-win-x64.exe
c:\programdata\package cache\{1024024b-f50d-492f-9a39-9e07df9a2e48}\dotnet-runtime-6.0.0-win-x64.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\system tools\smart storage administrator\smart storage administrator preferences.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\visual studio 2017 (2).lnk
d:\webportal\download\common\autobackupcopytodr.bat
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\paint.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\taskhostw.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\shutdown.exe
d:\ftp_script_client.bat
c:\users\administrator\desktop\bulkmailer.exe - shortcut.lnk
c:\programdata\package cache\{992e6c21-09ad-4a97-aea8-090ae938ad99}\dotnet-runtime-6.0.4-win-x86.exe
ueme_ctlsession
{6d809377-6af0-444b-8957-a3773f02200e}\microsoft help viewer\v1.0\hlpviewer.exe
visualstudio.14.0
d:\sahil\nseapinarnolia\nseapinarnolia\nseapinarnolia\bin\debug\nseapinarnolia.exe
\\192.168.150.152\d$\lkpsoft\vs2017_professional\vs_setup.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\command prompt.lnk
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\windows powershell\windows powershell ise.lnk
d:\lkpsoft\dotnet-sdk-8.0.303-win-x64.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\certutil.exe
visualstudio.5ffe60f0
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\musnotificationux.exe
d:\ctcl_certificateexpiryremindermailer\ctcl_certificateexpiry_automailer\bin\debug\ctcl_certificateexpiry_automailer.exe
c:\users\administrator\desktop\dotnet-sdk-6.0.202-win-x64.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\wscript.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\cmd.exe
d:\saqlain\krastatus\backup\krapanstatus.exe
d:\lkpsoft\sql-2019\sw_dvd9_ntrl_sql_svr_standard_edtn_2019dec2019_64bit_core_english_oem_vl_x22-22109\x64\landingpage.exe
{6d809377-6af0-444b-8957-a3773f02200e}\dotnet\dotnet.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server management studio 19\common7\ide\ssms.exe
c:\users\administrator\appdata\local\squirreltemp\update.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\calc.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\notepad.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\ping.exe
c:\programdata\package cache\{203f209f-cdf2-4efb-b9b9-8b16faf988ca}\aspnetcore-runtime-6.0.4-win-x86.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\windows powershell\windows powershell.lnk
d:\auto_back_scheduler\auto_back_scheduler\bin\debug\auto_back_scheduler.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\servermanager.exe
d:\lkpsoft\sql-2019\sw_dvd9_ntrl_sql_svr_standard_edtn_2019dec2019_64bit_core_english_oem_vl_x22-22109\setup.exe
c:\users\public\desktop\vmware vcenter converter standalone client.lnk
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\default apps.lnk
c:\users\administrator\appdata\local\temp\2\npp.8.3.3.installer.exe
microsoft.autogenerated.{4a53e500-33be-add9-4671-88c6ca5b7c89}
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\security configuration management.lnk
{d65231b0-b2f1-4857-a4ce-a8e7c6ea7d27}\msdt.exe
c:\users\administrator\desktop\treesizefreesetup.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\kaspersky security for windows server\modify or remove kaspersky security for windows server.lnk
d:\schedular\pnlscheduler\bin\release\pnlscheduler.exe
d:\lkpsoft\sql-2019\sw_dvd9_ntrl_sql_svr_standard_edtn_2019dec2019_64bit_core_english_oem_vl_x22-22109\x64\scenarioengine.exe
d:\lkpsoft\sql-2019\sqlserver2019-kb5030333-x64.exe
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\iis manager.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\gpupdate.exe
c:\users\administrator\desktop\dotnet-hosting-6.0.4-win.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\bulkmail\release\bulkmailer.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\snipping tool.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft\edge beta\application\msedge.exe
d:\lkpsoft\dotnet-hosting-8.0.22-win.exe
d:\lkpsoft\sql-2019\ssms-setup-enu.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\comexp.msc
d:\ftp_script.bat
microsoft.autogenerated.{18c6f720-abae-a6ef-86ec-0e72549f6916}
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server management studio 19\common7\dtashell.exe
d:\sahil\symphony_bo_schedular\symphony_bo_schedular\bin\debug\symphony_bo_schedular.exe
d:\lkpsoft\acroniscyberprotect_agentforwindows_web.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server 2014\configuration tools\sql server 2014 configuration manager.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server\120\tools\binn\rsconfigtool.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\snippingtool.exe
c:\users\administrator\desktop\plsql developer.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft visual studio\2017\professional\common7\ide\devenv.exe
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\visual studio 2017 (2).lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\eventvwr.exe
microsoft.visualstudio.installer
c:\users\administrator\appdata\local\temp\2\dbb1cd57352fdd6b3e70c55a\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\msiexec.exe
c:\users\administrator\downloads\vc_redist.x64.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{bbf07dea-650d-4c83-b61b-541be31c8d12}\.cr\dotnet-sdk-8.0.303-win-x64.exe
d:\lkp soft\directsetup\setup.bat
d:\schedular\liquiloans_trial\liquiloans_trial\bin\debug\net8.0\liquiloans_trial.exe
d:\trade_file_scheduler\bin\debug\trade_file_scheduler.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{5c9950bc-1fca-4335-840a-9a0ae0bae45c}\.cr\dotnet-sdk-7.0.400-win-x64.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\task scheduler.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server 2012 report builder 3.0\report builder 3.0 help.lnk
c:\programdata\package cache\{552b49be-5d77-4b3e-8a86-6ca46f3ff2b2}\aspnetcore-runtime-6.0.0-win-x86.exe
d:\saqlain\krastatus\krapanstatus.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\notepad++\updater\gup.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\systempropertiesremote.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft visual studio 2010 sdk sp1\tools\reset the microsoft visual studio 2010 sp1 experimental instance.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\iis manager.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\cleanmgr.exe
visualstudio.c58c04b4
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft office\office14\outlook.exe
c:\users\administrator\downloads\ndp461-kb3102438-web.exe
d:\schedular\nse ftp api backup\nse_ftp_api\nse_ftp_api\bin\debug\nse_ftp_api.exe
microsoft.windows.controlpanel.folderoptions
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{6acd490b-b03b-4697-a832-3780d0e41e05}\.cr\dotnet-hosting-6.0.4-win.exe
{6d809377-6af0-444b-8957-a3773f02200e}\smart storage administrator\ssa\bin\ssaprefs.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft visual studio 10.0\common7\ide\devenv.exe
visualstudio.11.0
c:\users\administrator\appdata\local\temp\f51atu03.u5v\vs_installer.windows.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server\report builder 3.0\msreportbuilder.exe
c:\users\administrator\appdata\local\temp\6118b311-8d32-42f6-b7f3-c21833a43d84\cyber_cloud_uninstaller_enterprise.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\common files\microsoft shared\msenv\\vslauncher.exe
d:\lkpsoft\systemscheduler\scheduler.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft visual studio\installer\vs_installer.exe
d:\saqlain\createzohocontact\zohocreatecontact.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\rundll32.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\cloudnotifications.exe
c:\users\administrator\downloads\ndp462-kb3151802-web.exe
d:\b0660c75d412ed302d\x64\scenarioengine.exe
microsoft.windows.remotedesktop
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\ipconfig.exe
c:\users\public\desktop\treesize free.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server 2008\configuration tools\sql server installation center (64-bit).lnk
c:\users\administrator\appdata\local\temp\2\b3005d323f6f87adfa8c75bf\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
microsoft.windows.computer
c:\progra~2\micros~4\office14\ois.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\easeofaccessdialog.exe
c:\users\administrator\desktop\trade_file_scheduler.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\odbcad32.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{4a81ade3-c4f7-4967-8e78-6ce3eefd88d3}\.cr\dotnet-hosting-8.0.22-win.exe
kasperskylab.kis.ui.toasts
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\visual studio installer.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mspaint.exe
{6d809377-6af0-444b-8957-a3773f02200e}\compaq\cpqacuxe\bin\hpacuhost.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\common files\microsoft shared\msenv\vslauncher.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\iscsi initiator.lnk
c:\progra~2\micros~4\office14\excel.exe
c:\users\administrator\downloads\service restart.bat
{d65231b0-b2f1-4857-a4ce-a8e7c6ea7d27}\msiexec.exe
d:\sahil\corporateactionfileschedular\corporateactionfileschedular\bin\debug\corporateactionfileschedular.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\wusa.exe
c:\users\administrator\desktop\aspnetcore-runtime-3.1.3-win-x64.exe
c:\users\administrator\desktop\cp029559.exe
c:\users\administrator\desktop\vncviewer.exe
d:\saqlain\kycsummarymail\kycsummarymail.exe
c:\programdata\microsoft\visualstudio\packages\_bootstrapper\vs_bootstrapper.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\control panel.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\usoclient.exe
microsoft.autogenerated.{8abd94fb-e7d6-84a6-a997-c918edde0ae5}
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{279ea3de-234d-40c7-80fe-7301447339eb}\.cr\dotnet-hosting-6.0.0-win.exe
c:\users\administrator\downloads\vs_sql.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\msinfo32.exe
d:\lkpsoft\aspnetcore-runtime-8.0.22-win-x64.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\openwith.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\startup\map drive access.bat
d:\lkpsoft\digio setup\jdk-17.0.12_windows-x64_bin.exe
microsoft.autogenerated.{5b29b9ae-8060-1960-9833-2f50c0175c01}
{6d809377-6af0-444b-8957-a3773f02200e}\compaq\cpqacuxe\bin\cpqacuxe.exe
f:\iiscrypto (1).exe
microsoft.autogenerated.{4dae67c5-d153-41cf-ef44-806f5f8d9dd8}
d:\lkpsoft\dotnet-sdk-7.0.400-win-x64.exe
{d65231b0-b2f1-4857-a4ce-a8e7c6ea7d27}\notepad.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\event viewer.lnk
{f38bf404-1d43-42f2-9305-67de0b28fc23}\regedit.exe
d:\checkjamoontradefileonserver\checkjamoontradefileonserver\bin\debug\netcoreapp3.1\checkjamoontradefileonserver.exe
d:\lkp soft\raid\array_cp018121.exe
d:\lkpsoft\vmware-tools-11.3.0-18090558-x86_64.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{4c83fe57-0d4c-4c73-b02e-130ef74ba0d9}\.cr\ssms-setup-enu.exe
c:\programdata\package cache\{3b46879b-bd75-4e54-9297-363882110c3a}\dotnet-hosting-6.0.4-win.exe
d:\schedular\nse ftp api\nse_ftp_api\nse_ftp_api\bin\debug\nse_ftp_api.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{f453bd09-c03b-44e1-879a-020ec3a45942}\.cr\dotnet-sdk-6.0.202-win-x64.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\vsjitdebugger.exe
c:\progra~2\micros~4\office14\winword.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\wordpad.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\server manager.lnk
d:\schedular\scriptdbtoaws\bin\debug\net6.0\scriptdbtoaws.exe
c:\users\administrator\desktop\plsql\keygen.exe
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\internet explorer.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server\120\dts\binn\dtswizard.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\remotefxvgpudisablement.exe
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\file explorer.lnk
c:\users\administrator\desktop\sql server management studio management studio 19.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server 2008\configuration tools\sql server configuration manager.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server\120\tools\binn\managementstudio\ssms.exe
c:\users\administrator\desktop\dotnet-hosting-3.1.3-win.exe
d:\lkpsoft\systemscheduler\sscmd.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft visual studio 2010\microsoft visual studio 2010.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\plsql developer\plsqldev.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\microsoft.net\framework64\v2.0.50727\applaunch.exe
d:\lkpsoft\iiscrypto (1).exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\systempropertiescomputername.exe
{d65231b0-b2f1-4857-a4ce-a8e7c6ea7d27}\fixmapi.exe
{6d809377-6af0-444b-8957-a3773f02200e}\winrar\winrar.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\file explorer.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft office\office14\ois.exe
{6d809377-6af0-444b-8957-a3773f02200e}\windows nt\accessories\wordpad.exe
microsoft.autogenerated.{bd3f924e-55fb-a1ba-9de6-b50f9f2460ac}
{f38bf404-1d43-42f2-9305-67de0b28fc23}\hh.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\services.msc
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft office\office14\msohtmed.exe
d:\saqlain\createzohocontacts_pennypal\zohocreatecontact.exe
c:\programdata\package cache\{de7bad2b-ba75-42bf-8c43-53c5d67efd01}\aspnetcore-runtime-6.0.4-win-x64.exe
microsoft.autogenerated.{923dd477-5846-686b-a659-0fccd73851a8}
microsoft.autogenerated.{bb044bfd-25b7-2faa-22a8-6371a93e0456}
microsoft.windows.explorer
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\odbc data sources (64-bit).lnk
c:\programdata\package cache\{6c092881-01d6-4bd5-9716-f660db791126}\dotnet-runtime-6.0.0-win-x86.exe
microsoft.windows.windowsinstaller
c:\programdata\package cache\{78a41aea-a74d-484b-baf5-dc41cd70dc88}\dotnet-runtime-6.0.4-win-x64.exe
d:\lkpsoft\systemscheduler\message.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\win32calc.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\calculator.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\bulkmail\release\bulkmailer.vshost.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\systempropertiesadvanced.exe
c:\users\administrator\desktop\treesize free.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server\120\tools\binn\profiler.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\remote desktop connection.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\inetsrv\inetmgr.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft office\office14\excel.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\windowspowershell\v1.0\powershell_ise.exe
microsoft.windows.shell.rundialog
d:\trade_file_scheduler\trade_file_scheduler\bin\debug\trade_file_scheduler.exe
e:\haresh\vs_intshelladditional (1).exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server\120\tools\binn\sqlps.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\hp system tools\hp array configuration utility (64-bit)\hp array configuration utility (64-bit).lnk
c:\users\administrator\desktop\postman.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mmc.exe
d:\commonapi_test\lkp.core.common.api.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\control.exe
microsoft.windows.controlpanel
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\hp system tools\hp array configuration utility (64-bit)\setup hp array configuration utility.lnk
visualstudio.10.0
c:\users\administrator\appdata\local\temp\~nsu1.tmp\un.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{f5ff633b-92a3-4d66-9f7f-5a8a5cc9b465}\.cr\vc_redist.x64.exe
microsoft.autogenerated.{25768b46-0833-0a7e-24a1-35c0ad58dd30}
d:\lkp soft\vmware-converter-en-6.1.1-3533064.exe
c:\users\administrator\appdata\local\temp\2\{0bac6656-0634-41e4-b7f4-4e638dba58aa}\cpqsetup.exe
{d65231b0-b2f1-4857-a4ce-a8e7c6ea7d27}\odbcad32.exe
c:\users\administrator\downloads\vs2012.5.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft office\office14\winword.exe
c:\users\administrator\desktop\bulkmailer.vshost.exe - shortcut.lnk
microsoft.autogenerated.{c1c6f8ac-40a3-0f5c-146f-65a9dc70bbb4}
d:\sahil\nsermsfiles\nsermsfiles\bin\debug\nsermsfiles.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\vmware\vmware vcenter converter standalone\converter.exe
c:\users\public\desktop\google chrome.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\system tools\smart storage administrator\smart storage administrator.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\bulkmail\release\blk.bat
d:\lkpsoft\sanernow_lkp_window_cm_windows_x86_6.3\sanernow_windows_x86_6.3.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft visual studio 2010 sdk sp1\tools\start experimental instance of microsoft visual studio 2010 sp1.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\odbc data sources (32-bit).lnk
d:\lkpsoft\treesizefreesetup.exe
e:\softwares\dotnet-sdk-6.0.202-win-x64.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{5d7cf523-0813-435e-8fa1-18897b297d59}\.cr\dotnet-sdk-8.0.303-win-x64.exe
msedgebeta
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\iscsicpl.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server tools 19\sql server management studio management studio 19.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\winver.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\credentialuibroker.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server 2012 report builder 3.0\report builder 3.0.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\notepad++\notepad++.exe
d:\schedular\auto_backupp\auto_backupp\bin\debug\netcoreapp3.1\auto_backupp.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{4886546e-22c0-436e-9564-78750d7459ed}\.cr\aspnetcore-runtime-8.0.22-win-x64.exe
ueme_ctlcuacount:ctor
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{2ab52c42-a60d-409f-9e5b-f5bc8e716dcc}\.cr\dotnet-sdk-6.0.202-win-x64.exe
d:\webportal\trilogybackup\trilogybak.bat
microsoft.autogenerated.{8aa47365-b2b3-1961-69eb-f866e376b12f}
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\computer.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\msdt.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\useraccountcontrolsettings.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\uems_agent\dcconfig.exe
{6d809377-6af0-444b-8957-a3773f02200e}\common files\microsoft shared\office14\msoxmled.exe
d:\lkp soft\raid\cp015778.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\kaspersky lab\kaspersky security for windows server\kavtray.exe
{6d809377-6af0-444b-8957-a3773f02200e}\smart storage administrator\ssa\bin\ssaclient.exe
windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\kaspersky security for windows server\administration tools\kaspersky security 11 for windows server console.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft edge beta.lnk
d:\schedular\liquiloans_revenue_new\liquiloans_revenue_new\bin\debug\liquiloans_revenue_new.exe
d:\schedular\ipoallotment\ipoallotment\bin\debug\ipoallotment.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft visual studio 2012\visual studio 2012.lnk
microsoft.autogenerated.{2c18cdd1-cf26-19b4-988a-862fc5db076a}
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{d8e068fe-90dd-40e2-a26b-b8838bb8de39}\.cr\dotnet-hosting-3.1.3-win.exe
{6d809377-6af0-444b-8957-a3773f02200e}\compaq\cpqacuxe\bin\hpacubin.exe
d:\schedular\scrip_master_job\scrip_master\bin\debug\net46\scrip_master.exe
d:\webportal\odin_ld_push_scheduler\lkp_odin_ld_push_scheduler.exe

Extended userassist report attached.

105793 - VMware Tools Detection
-
Synopsis
A virtual machine management application is installed on the remote host.
Description
VMware Tools, a suite of utilities that enhances the performance of the virtual machines guest operating system is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0738
Plugin Information
Published: 2018/01/13, Modified: 2025/12/15
Plugin Output

tcp/445/cifs


Path : C:\Program Files\VMware\VMware Tools\
Version : 12.3.5.46049

20094 - VMware Virtual Machine Detection
-
Synopsis
The remote host is a VMware virtual machine.
Description
According to the MAC address of its network adapter, the remote host is a VMware virtual machine.
Solution
Since it is physically accessible through the network, ensure that its configuration matches your organization's security policy.
Risk Factor
None
Plugin Information
Published: 2005/10/27, Modified: 2019/12/11
Plugin Output

tcp/0


The remote host is a VMware virtual machine.

76946 - VMware vCenter Converter Installed
-
Synopsis
The remote Windows host has a tool for virtual machine creation installed.
Description
VMware vCenter Converter, a tool for converting physical machines to virtual machines, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2014/07/31, Modified: 2025/12/15
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\
Version : 6.1.1
Build : 3533064

10758 - VNC HTTP Server Detection
-
Synopsis
The remote host is running a remote display software (VNC).
Description
The remote host is running VNC (Virtual Network Computing), which uses the RFB (Remote Framebuffer) protocol to provide remote access to graphical user interfaces and thus permits a console on the remote host to be displayed on another.
See Also
Solution
Make sure use of this software is done in accordance with your organization's security policy and filter incoming traffic to this port.
Risk Factor
None
Plugin Information
Published: 2001/09/14, Modified: 2020/06/12
Plugin Output

tcp/5800/www

19288 - VNC Server Security Type Detection
-
Synopsis
A VNC server is running on the remote host.
Description
This script checks the remote VNC server protocol version and the available 'security types'.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/07/22, Modified: 2021/07/13
Plugin Output

tcp/5900/vnc


The remote VNC server supports the following security types :\n\n 5 (RA2)
129
10342 - VNC Software Detection
-
Synopsis
The remote host is running a remote display software (VNC).
Description
The remote host is running VNC (Virtual Network Computing), which uses the RFB (Remote Framebuffer) protocol to provide remote access to graphical user interfaces and thus permits a console on the remote host to be displayed on another.
See Also
Solution
Make sure use of this software is done in accordance with your organization's security policy and filter incoming traffic to this port.
Risk Factor
None
Plugin Information
Published: 2000/03/07, Modified: 2017/06/12
Plugin Output

tcp/5900/vnc


The highest RFB protocol version supported by the server is :

4.1

24269 - WMI Available
-
Synopsis
WMI queries can be made against the remote host.
Description
The supplied credentials can be used to make WMI (Windows Management Instrumentation) requests against the remote host over DCOM.

These requests can be used to gather information about the remote host, such as its current state, network interface configuration, etc.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/02/03, Modified: 2025/12/15
Plugin Output

tcp/445/cifs

The remote host returned the following caption from Win32_OperatingSystem:

Microsoft Windows Server 2016 Datacenter

52001 - WMI QuickFixEngineering (QFE) Enumeration
-
Synopsis
The remote Windows host has quick-fix engineering updates installed.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via WMI.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/02/16, Modified: 2025/12/15
Plugin Output

tcp/0


Here is a list of quick-fix engineering updates installed on the
remote system :

+ KB4049065
- Description : Update
- InstalledOn : 2/2/2018
- SystemName : MUMPORTAL001
- InstalledBy : NT AUTHORITY\SYSTEM
- Caption : http://support.microsoft.com/?kbid=4049065

+ KB4054590
- Description : Update
- InstalledOn : 12/7/2020
- SystemName : MUMPORTAL001
- InstalledBy : MUMPORTAL001\Production
- Caption : http://support.microsoft.com/?kbid=4054590

+ KB4535680
- Description : Security Update
- InstalledOn : 2/27/2021
- SystemName : MUMPORTAL001
- InstalledBy : NT AUTHORITY\SYSTEM
- Caption : http://support.microsoft.com/?kbid=4535680

+ KB4576750
- Description : Security Update
- InstalledOn : 2/27/2021
- SystemName : MUMPORTAL001
- InstalledBy : MUMPORTAL001\Production
- Caption : https://support.microsoft.com/help/4576750

+ KB5001078
- Description : Security Update
- InstalledOn : 2/27/2021
- SystemName : MUMPORTAL001
- InstalledBy : NT AUTHORITY\SYSTEM
- Caption : https://support.microsoft.com/help/5001078

+ KB4601318
- Description : Security Update
- InstalledOn : 2/27/2021
- SystemName : MUMPORTAL001
- InstalledBy : NT AUTHORITY\SYSTEM
- Caption : https://support.microsoft.com/help/4601318
44871 - WMI Windows Feature Enumeration
-
Synopsis
It is possible to enumerate Windows features using WMI.
Description
Nessus was able to enumerate the server features of the remote host by querying the 'Win32_ServerFeature' class of the '\Root\cimv2' WMI namespace for Windows Server versions or the 'Win32_OptionalFeature' class of the '\Root\cimv2' WMI namespace for Windows Desktop versions.

Note that Features can only be enumerated for Windows 7 and later for desktop versions.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0754
Plugin Information
Published: 2010/02/24, Modified: 2025/12/15
Plugin Output

tcp/0


Nessus enumerated the following Windows features :

- .NET Environment 3.5
- .NET Extensibility 3.5
- .NET Extensibility 4.6
- .NET Framework 3.5 (includes .NET 2.0 and 3.0)
- .NET Framework 3.5 Features
- .NET Framework 4.6
- .NET Framework 4.6 Features
- ASP
- ASP.NET 3.5
- ASP.NET 4.6
- ASP.NET 4.6
- Application Development
- Application Initialization
- Basic Authentication
- CGI
- Centralized SSL Certificate Support
- Client Certificate Mapping Authentication
- Common HTTP Features
- Configuration APIs
- Containers
- Custom Logging
- Default Document
- Digest Authentication
- Directory Browsing
- Dynamic Content Compression
- File Server
- File and Storage Services
- File and iSCSI Services
- HTTP Activation
- HTTP Activation
- HTTP Errors
- HTTP Logging
- HTTP Redirection
- Health and Diagnostics
- IIS 6 Management Compatibility
- IIS 6 Management Console
- IIS 6 Metabase Compatibility
- IIS 6 Scripting Tools
- IIS 6 WMI Compatibility
- IIS Client Certificate Mapping Authentication
- IIS Hostable Web Core
- IIS Management Console
- IIS Management Scripts and Tools
- IP and Domain Restrictions
- ISAPI Extensions
- ISAPI Filters
- Logging Tools
- Management OData IIS Extension
- Management Service
- Management Tools
- Named Pipe Activation
- Non-HTTP Activation
- ODBC Logging
- Performance
- Process Model
- Request Filtering
- Request Monitor
- SMB 1.0/CIFS File Sharing Support
- Security
- Server Side Includes
- Static Content
- Static Content Compression
- Storage Services
- TCP Activation
- TCP Port Sharing
- TFTP Client
- Telnet Client
- Tracing
- URL Authorization
- WCF Services
- Web Server
- Web Server (IIS)
- WebDAV Publishing
- WebSocket Protocol
- Windows Authentication
- Windows PowerShell
- Windows PowerShell 2.0 Engine
- Windows PowerShell 5.1
- Windows PowerShell ISE
- Windows PowerShell Web Access
- Windows Process Activation Service
- WoW64 Support

33139 - WS-Management Server Detection
-
Synopsis
The remote web server is used for remote management.
Description
The remote web server supports the Web Services for Management (WS-Management) specification, a general web services protocol based on SOAP for managing systems, applications, and other such entities.
See Also
Solution
Limit incoming traffic to this port if desired.
Risk Factor
None
Plugin Information
Published: 2008/06/11, Modified: 2021/05/19
Plugin Output

tcp/5985/www


Here is some information about the WS-Management Server :

Product Vendor : Microsoft Corporation
Product Version : OS: 0.0.0 SP: 0.0 Stack: 3.0

10386 - Web Server No 404 Error Code Check
-
Synopsis
The remote web server does not return 404 error codes.
Description
The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.

Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2000/04/28, Modified: 2022/06/17
Plugin Output

tcp/80/www



CGI scanning will be disabled for this host because the host responds
to requests for non-existent URLs with HTTP code 301
rather than 404. The requested URL was :

http://172.17.100.60/Q5MZqu2i8FEP.html

10386 - Web Server No 404 Error Code Check
-
Synopsis
The remote web server does not return 404 error codes.
Description
The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.

Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2000/04/28, Modified: 2022/06/17
Plugin Output

tcp/49834/www


Unfortunately, Nessus has been unable to find a way to recognize this
page so some CGI-related checks have been disabled.

10302 - Web Server robots.txt Information Disclosure
-
Synopsis
The remote web server contains a 'robots.txt' file.
Description
The remote host contains a file named 'robots.txt' that is intended to prevent web 'robots' from visiting certain directories in a website for maintenance or indexing purposes. A malicious user may also be able to use the contents of this file to learn of sensitive documents or directories on the affected site and either retrieve them directly or target them for other attacks.
See Also
Solution
Review the contents of the site's robots.txt file, use Robots META tags instead of entries in the robots.txt file, and/or adjust the web server's access controls to limit access to sensitive material.
Risk Factor
None
Plugin Information
Published: 1999/10/12, Modified: 2018/11/15
Plugin Output

tcp/80/www

Contents of robots.txt :

User-agent: *
Allow: /

92436 - WinRAR History
-
Synopsis
Nessus was able to enumerate files opened with WinRAR on the remote host.
Description
Nessus was able to gather evidence of compressed files that were opened by WinRAR. Note that only compressed files that were opened and not extracted through the explorer shortcut or command line interface were reported.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output

tcp/0

D:\WebPortal\Download\IT_Download\Trading\ODIN\DIET SETUP\RIBBONDIET64_SP24_BASE_SETUP_Launcher.rar
D:\WebPortal\LKPConnect\LKPConnect_ALL.rar
S:\IIS Website Backup\LKP Connect UAT\LKPConnect_UAT_16122025.rar
D:\IIS BackUp\uat_build_151025.rar

WinRAR report attached.

162174 - Windows Always Installed Elevated Status
-
Synopsis
Windows AlwaysInstallElevated policy status was found on the remote Windows host
Description
Windows AlwaysInstallElevated policy status was found on the remote Windows host.
You can use the AlwaysInstallElevated policy to install a Windows Installer package with elevated (system) privileges This option is equivalent to granting full administrative rights, which can pose a massive security risk. Microsoft strongly discourages the use of this setting.
Solution
If enabled, disable AlwaysInstallElevated policy per your corporate security guidelines.
Risk Factor
None
Plugin Information
Published: 2022/06/14, Modified: 2022/06/14
Plugin Output

tcp/445/cifs

AlwaysInstallElevated policy is not enabled under HKEY_LOCAL_MACHINE.
AlwaysInstallElevated policy is not enabled under HKEY_USERS user:S-1-5-21-3087833412-113499397-355877213-500

48337 - Windows ComputerSystemProduct Enumeration (WMI)
-
Synopsis
It is possible to obtain product information from the remote host using WMI.
Description
By querying the WMI class 'Win32_ComputerSystemProduct', it is possible to extract product information about the computer system such as UUID, IdentifyingNumber, vendor, etc.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/08/16, Modified: 2025/12/15
Plugin Output

tcp/0


+ Computer System Product
- IdentifyingNumber : VMware-56 4d 99 24 f1 67 ba 81-6a ad e3 c0 3b 09 6b c1
- Description : Computer System Product
- Vendor : VMware, Inc.
- Name : VMware Virtual Platform
- UUID : 24994D56-67F1-81BA-6AAD-E3C03B096BC1
- Version : None

159817 - Windows Credential Guard Status
-
Synopsis
Retrieves the status of Windows Credential Guard.
Description
Retrieves the status of Windows Credential Guard.
Credential Guard prevents attacks such as such as Pass-the-Hash or Pass-The-Ticket by protecting NTLM password hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications as domain credentials.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2022/04/18, Modified: 2023/08/25
Plugin Output

tcp/445/cifs


Windows Credential Guard is not fully enabled.
The following registry keys have not been set :
- System\CurrentControlSet\Control\DeviceGuard\RequirePlatformSecurityFeatures : Key not found.
- System\CurrentControlSet\Control\LSA\LsaCfgFlags : Key not found.
- System\CurrentControlSet\Control\DeviceGuard\EnableVirtualizationBasedSecurity : Key not found.
58181 - Windows DNS Server Enumeration
-
Synopsis
Nessus enumerated the DNS servers being used by the remote Windows host.
Description
Nessus was able to enumerate the DNS servers configured on the remote Windows host by looking in the registry.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2012/03/01, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


Nessus enumerated DNS servers for the following interfaces :

Interface: {7067690e-ea97-415d-b3cb-b712cded4bd8}
Network Connection : Ethernet0
NameServer: 4.2.2.2,8.8.8.8

Interface: {4041095c-ab80-4ae8-8d86-e7627833a6ee}
Network Connection : LAN_60_Physical
NameServer: 4.2.2.2,8.8.8.8
164690 - Windows Disabled Command Prompt Enumeration
-
Synopsis
This plugin determines if the DisableCMD policy is enabled or disabled on the remote host for each local user.
Description
The remote host may employ the DisableCMD policy on a per user basis. Enumerated local users may have the following registry key:
'HKLM\Software\Policies\Microsoft\Windows\System\DisableCMD'

- Unset or 0: The command prompt is enabled normally.
- 1: The command promt is disabled.
- 2: The command prompt is disabled however windows batch processing is allowed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2022/09/06, Modified: 2022/10/05
Plugin Output

tcp/445/cifs


Username: Production
SID: S-1-5-21-3087833412-113499397-355877213-500
DisableCMD: Unset

Username: admin
SID: S-1-5-21-3087833412-113499397-355877213-1025
DisableCMD: Unset

Username: compliance
SID: S-1-5-21-3087833412-113499397-355877213-1024
DisableCMD: Unset

Username: mssqlserver_user$
SID: S-1-5-21-3087833412-113499397-355877213-1020
DisableCMD: Unset

Username: tidua
SID: S-1-5-21-3087833412-113499397-355877213-1019
DisableCMD: Unset

Username: Complaince
SID: S-1-5-21-3087833412-113499397-355877213-1018
DisableCMD: Unset

Username: Guest
SID: S-1-5-21-3087833412-113499397-355877213-501
DisableCMD: Unset

Username: IIS_USERS
SID: S-1-5-21-3087833412-113499397-355877213-1023
DisableCMD: Unset

Username: CommonProduction
SID: S-1-5-21-3087833412-113499397-355877213-1022
DisableCMD: Unset

Username: DefaultAccount
SID: S-1-5-21-3087833412-113499397-355877213-503
DisableCMD: Unset

Username: commoniis
SID: S-1-5-21-3087833412-113499397-355877213-1021
DisableCMD: Unset

Username: ___VMware_Conv_SA___
SID: S-1-5-21-3087833412-113499397-355877213-1014
DisableCMD: Unset

Username: sahil
SID: S-1-5-21-3087833412-113499397-355877213-1015
DisableCMD: Unset

Username: RMS
SID: S-1-5-21-3087833412-113499397-355877213-1017
DisableCMD: Unset

Username: Lkpadmin
SID: S-1-5-21-3087833412-113499397-355877213-1000
DisableCMD: Unset

72482 - Windows Display Driver Enumeration
-
Synopsis
Nessus was able to enumerate one or more of the display drivers on the remote host.
Description
Nessus was able to enumerate one or more of the display drivers on the remote host via WMI.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0756
Plugin Information
Published: 2014/02/06, Modified: 2025/12/15
Plugin Output

tcp/0


Device Name : VMware SVGA 3D
Driver File Version : 9.17.6.5
Driver Date : 08/25/2023
Video Processor : VMware Virtual SVGA 3D Graphics Adapter
171956 - Windows Enumerate Accounts
-
Synopsis
Enumerate Windows accounts.
Description
Enumerate Windows accounts.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/02/28, Modified: 2025/12/15
Plugin Output

tcp/0

Windows accounts enumerated. Results output to DB.
User data gathered in scan starting at : 2026/1/10 3:04 India Standard Time
92423 - Windows Explorer Recently Executed Programs
-
Synopsis
Nessus was able to enumerate recently executed programs on the remote host.
Description
Nessus was able to find evidence of program execution using Windows Explorer registry logs and settings.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2019/08/15
Plugin Output

tcp/0

avpui.exePO :i+00/D:\V1X7^LKPSOFT@U\X7^.BH7\rLKPSOFT
Postman.exePO :i+00:.:,LB)A&&63[=`MD=`MD
mmc.exePO :i+00/D:\\1ZnSchedularD"X+8[F.rySchedularl1"XMJKycSummaryMailN"XMJ[.,KycSummaryMailN1[Logs:"XMJ[I.77tLogs`1"XMJ2023-11-06F"XMJ[I.8Ig2023-11-06b1"XMJSuccessLogsH"XMJ[I.wIgSuccessLogs
OpenWith.exePO :i+00/C:\`1Q PROGRA~3HHjQ./X0ProgramData\1QK<MICROS~1DHjQK<.1aMicrosoftV1Q(NWindows@HjQ(N.n`hWindows1HjSTARTM~1nHjHj.DStart Menu@shell32.dll,-217861(RpProgramsjHj(Rp.@hPrograms@shell32.dll,-21782
{EB3B6DAE-EDFE-40E6-9C2A-03B0F9CB55D3}PO :i+00:.:,LB)A&&63[:3`:3`
notepad.exePO :i+00/D:\V1[b5LKPSOFT@U\[.BB,LKPSOFTJ1[!SSL8U5q[L1.]ySSL
Ssms.exePO :i+00/D:\\1XCWebPortalD}QSmXC..gWebPortal
\r\n
msedge.exePO :i+00:.:,LB)A&&63[DTDT
RSConfigTool.exePO :i+00.+ezFkp:
iscsicpl.exePO :i+00:.:,LB)A&&63[5\rP
{366440C4-07E5-430C-B6F7-98DDB94ED74B}PO :i+00.+ezFkp:
IISCrypto (1).exePO :i+00/D:\V1XeLKPSOFT@U\Xe.B,LKPSOFT
notepad++.exePO :i+00.:,LB)A
SanerNow_Windows_x86_6.3.exePO :i+00/D:\V1YuLKPSOFT@U\Yu.B=LKPSOFT1YvSanerNow_LKP_Window_CM_Windows_x86_6.3~YuYv.SanerNow_LKP_Window_CM_Windows_x86_6.36
{B4EB362C-CCEA-4C21-86B2-3EF92C2ACC20}PO :i+00:.:,LB)A&&63[?Z?Z
DTSWizard.exePO :i+00:.:,LB)A&&63[Po:Po:
IISCrypto.exePO :i+00/E:\\1ThIISCryptoDThTh.`IISCrypto
devenv.exePO :i+00/D:\\18X=cSchedularD"X+88X=c.r3Schedularf1Wh]IPOAllotmentJWe]Wh].AIPOAllotment
Scheduler.exePO :i+00/D:\
mspaint.exeX\r,!PCsg<;-1SPSsC\nCOi3nM1SPS0%G`1\n192.168.10.235-1SPS:7CD)3\\192.168.10.235\lkpsoftMicrosoft Networkl1{XKReported IssueNP-Xb.[1g Reported Issue\1XbKasperskyDR+Xb.T)DKasperskyn1XbPortal_19062024PXbXb.n"Portal_19062024
InetMgr.exePO :i+00/D:\V1[b5LKPSOFT@U\[.BB,LKPSOFTJ1[SSL8U5q[.]vSSL
WinRAR.exePO :i+00/D:\`1VukfilebackupF/U"VZn/.filebackup
SnippingTool.exePO :i+00:.:,LB)A&&63[S9OS9O
\\192.168.10.234\1
cmd\1
shell:startup\1
calc\1
wmimgmt.msc\1
\\192.168.10.235\1
\\192.168.150.152\d$\1
\\172.17.100.222\1
\\172.17.100.222\ftp\zentech\1
secpol.msc\1
\\192.168.150.67\d$\1
\\192.168.150.67\c$\1
\\172.17.100.112\d$\1
appwiz.cpl\1
%temp%\1
notepad\1
\\192.168.150.154\d$\1
ssms\1
inetmgr\1
regedit\1
qhwkniltpzvbjefacxdsrguyom
temp\1
ncpa.cpl\1
dcomcnfg\1
services.msc\1
gpupdate /force\1
winver\1
DTSWizard.exeO
Scheduler.exe
IISCrypto (1).exe44<S3
mmc.exe\ni]!)D
devenv.exe^t
iscsicpl.exehWp9
msedge.exed
{EB3B6DAE-EDFE-40E6-9C2A-03B0F9CB55D3}^
\r\n
Ssms.exeCO
regedit.exe^+;4
RSConfigTool.exe{s
SnippingTool.exe)&
Explorer.EXE0
notepad++.exe^+
Postman.exe
NOTEPAD.EXEbY
rundll32.exe%&3(
OpenWith.exe
WinRAR.exeHb~
mspaint.exeT
{366440C4-07E5-430C-B6F7-98DDB94ED74B}
{B4EB362C-CCEA-4C21-86B2-3EF92C2ACC20}
SanerNow_Windows_x86_6.3.exe/]
InetMgr.exeuz`
avpui.exeU
IISCrypto.exe 8N
X\r,!PCsg<
x@_dP/N

MRU programs details in attached report.
92418 - Windows Explorer Typed Paths
-
Synopsis
Nessus was able to enumerate the directory paths that users visited by typing the full directory path into Windows Explorer.
Description
Nessus was able to enumerate the directory paths that users visited by manually typing the full directory path into Windows Explorer. The generated folder list report contains folders local to the system, folders from past mounted network drives, and folders from mounted devices.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output

tcp/0

This PC
D:\Schedular\KycSummaryMail\Logs\2025-12-23
D:\
D:\Schedular\Scrip_master_job
D:\WebPortal\Download\IT_Download\Utility\XTS\old
\\172.17.100.222\Server
\\192.168.150.67\c$
D:\WebPortal\LKPConnect_API
D:\Schedular\shrigoda_insurance_API
D:\WebPortal\SPIP\eSignPDF_Files
D:\WebPortal\Trilogy\PDF_Files\eSignPDF_Files
Quick access
\\192.168.150.152\d$\Pranav Publish Projects\LKPConnectAPI
D:\WebPortal\SPIP
D:\WebPortal\SPIP\PDF_Files
D:\Schedular\AUTO_BACKUPP
D:\Schedular\Scrip_master_job_New
\\192.168.150.67\d$\Haresh\Publish\LKP_Common_Test
\\192.168.150.67\d$
\\192.168.10.234
D:\CommonAPI_Test
D:\WebPortal\Download\IT_Download\Trading\ODIN Logs\Admin_hanged_06112025_\1_AdminPlus64_251106_153522.zip
D:\WebPortal\Download\IT_Download\Utility\XTS\Logs
C:\inetpub\logs\FailedReqLogFiles
\\192.168.10.235\d$

Extended explorer typed paths report attached.

159929 - Windows LSA Protection Status
-
Synopsis
Windows LSA Protection is disabled on the remote Windows host.
Description
The LSA Protection validates users for local and remote sign-ins and enforces local security policies to prevent reading memory and code injection by non-protected processes. This provides added security for the credentials that the LSA stores and manages. This protects against Pass-the-Hash or Mimikatz-style attacks.
Solution
Enable LSA Protection per your corporate security guidelines.
Risk Factor
None
Plugin Information
Published: 2022/04/20, Modified: 2025/06/16
Plugin Output

tcp/445/cifs


LSA Protection Key \SYSTEM\CurrentControlSet\Control\Lsa\RunAsPPL not found.

148541 - Windows Language Settings Detection
-
Synopsis
This plugin enumerates language files on a windows host.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates language IDs listed on the host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2021/04/14, Modified: 2022/02/01
Plugin Output

tcp/0

Default Install Language Code: 1033

Default Active Language Code: 1033

Other common microsoft Language packs may be scanned as well.
92422 - Windows Mapped Network Drives
-
Synopsis
Nessus was able to enumerate mapped network drives on the remote host.
Description
Nessus was able to generate a report of mapped network drives on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output

tcp/0

b : \\172.17.100.120\f$
d : \\172.17.100.160\e$
e : \\172.17.100.72\d$
g : \\172.17.100.222\Common\BOD_ScripMaster\master
i : \\172.17.100.222\Server\172.17.100.60
a : \\172.17.100.120\e$
mrulist : ihgfedcba
f : \\172.17.100.222\BackofficeAutomation
h : \\172.17.100.222\ftp\zentech\Masters
c : \\172.17.100.160\d$


Extended mapped network drive report attached.

10150 - Windows NetBIOS / SMB Remote Host Information Disclosure
-
Synopsis
It was possible to obtain the network name of the remote host.
Description
The remote host is listening on UDP port 137 or TCP port 445, and replies to NetBIOS nbtscan or SMB requests.

Note that this plugin gathers information to be used in other plugins, but does not itself generate a report.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/10/12, Modified: 2021/02/10
Plugin Output

udp/137/netbios-ns

The following 3 NetBIOS names have been gathered :

MUMPORTAL001 = File Server Service
MUMPORTAL001 = Computer name
WORKGROUP = Workgroup / Domain name

The remote host has the following MAC address on its adapter :

00:50:56:bc:47:5e

63620 - Windows Product Key Retrieval
-
Synopsis
This plugin retrieves the Windows Product key of the remote Windows host.
Description
Using the supplied credentials, Nessus was able to obtain the retrieve the Windows host's partial product key'.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/01/18, Modified: 2013/01/18
Plugin Output

tcp/445/cifs


Product key : XXXXX-XXXXX-XXXXX-XXXXX-C38T7

Note that all but the final portion of the key has been obfuscated.
160576 - Windows Services Registry ACL
-
Synopsis
Checks Windows Registry for Service ACLs
Description
Checks Windows Registry for Service ACLs.
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2022/05/05, Modified: 2024/01/15
Plugin Output

tcp/445/cifs

report output too big - ending list here

85736 - Windows Store Application Enumeration
-
Synopsis
It is possible to obtain the list of applications installed from the Windows Store.
Description
This plugin connects to the remote Windows host with the supplied credentials and uses WMI and Powershell to enumerate applications installed on the host from the Windows Store.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2015/09/02, Modified: 2025/12/15
Plugin Output

tcp/0


-Microsoft.AAD.BrokerPlugin
Version : 1000.14393.0.0
InstallLocation : C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.BioEnrollment
Version : 10.0.14393.0
InstallLocation : C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.CloudExperienceHost
Version : 10.0.14393.1066
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.Cortana
Version : 1.7.0.14393
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.SecondaryTileExperience
Version : 10.0.0.0
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.SecondaryTileExperience_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.XboxGameCallableUI
Version : 1000.14393.0.0
InstallLocation : C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-windows.immersivecontrolpanel
Version : 6.2.0.0
InstallLocation : C:\Windows\ImmersiveControlPanel
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Windows.MiracastView
Version : 6.3.0.0
InstallLocation : C:\Windows\MiracastView
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Windows.PrintDialog
Version : 6.2.0.0
InstallLocation : C:\Windows\PrintDialog
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.ShellExperienceHost
Version : 10.0.14393.2068
InstallLocation : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.AccountsControl
Version : 10.0.14393.2068
InstallLocation : C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.LockApp
Version : 10.0.14393.2068
InstallLocation : C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.Apprep.ChxApp
Version : 1000.14393.2969.0
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.AssignedAccessLockApp
Version : 1000.14393.2068.0
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
204960 - Windows System Driver Enumeration (Windows)
-
Synopsis
One or more kernel or file system drivers were enumerated on the remote Windows host.
Description
One or more kernel or file system drivers were enumerated on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2024/08/01, Modified: 2025/12/15
Plugin Output

tcp/0


Total : 339

Name : 1394ohci
Path : C:\Windows\system32\drivers\1394ohci.sys
Service Type : Kernel Driver
Description : 1394 OHCI Compliant Host Controller
State : Stopped

Name : 3ware
Path : C:\Windows\system32\drivers\3ware.sys
Service Type : Kernel Driver
Description : 3ware
State : Stopped

Name : ACPI
Path : C:\Windows\system32\drivers\ACPI.sys
Service Type : Kernel Driver
Description : Microsoft ACPI Driver
State : Running

Name : AcpiDev
Path : C:\Windows\system32\drivers\AcpiDev.sys
Service Type : Kernel Driver
Description : ACPI Devices driver
State : Stopped

Name : acpiex
Path : C:\Windows\system32\Drivers\acpiex.sys
Service Type : Kernel Driver
Description : Microsoft ACPIEx Driver
State : Running

Name : acpipagr
Path : C:\Windows\system32\drivers\acpipagr.sys
Service Type : Kernel Driver
Description : ACPI Processor Aggregator Driver
State : Stopped

Name : AcpiPmi
Path : C:\Windows\system32\drivers\acpipmi.sys
Service Type : Kernel Driver
Description : ACPI Power Meter Driver
State : Stopped

Name : acpitime
Path : C:\Windows\system32\drivers\acpitime.sys
Service Type : Kernel Driver
Description : ACPI Wake Alarm Driver
State : Stopped

Name : ADP80XX
Path : C:\Windows\system32\drivers\ADP80XX.SYS
Service Type : Kernel Driver
Description : ADP80XX
State : Stopped

Name : AFD
Path : C:\Windows\system32\drivers\afd.sys
Service Type : Kernel Driver
Description : Ancillary Function Driver for Winsock
State : Running

Name : ahcache
Path : C:\Windows\system32\DRIVERS\ahcache.sys
Service Type : Kernel Driver
Description : Application Compatibility Cache
State : Running

Name : AmdK8
Path : C:\Windows\system32\drivers\amdk8.sys
Service Type : Kernel Driver
Description : AMD K8 Processor Driver
State : Stopped

Name : AmdPPM
Path : C:\Windows\system32\drivers\amdppm.sys
Service Type : Kernel Driver
Description : AMD Processor Driver
State : Stopped

Name : amdsata
Path : C:\Windows\system32\drivers\amdsata.sys
Service Type : Kernel Driver
Description : amdsata
State : Stopped

Name : amdsbs
Path : C:\Windows\system32\drivers\amdsbs.sys
Service Type : Kernel Driver
Description : amdsbs
State : Stopped

Name : amdxata
Path : C:\Windows\system32\drivers\amdxata.sys
Service Type : Kernel Driver
Description : amdxata
State : Stopped

Name : AppID
Path : C:\Windows\system32\drivers\appid.sys
Service Type : Kernel Driver
Description : AppID Driver
State : Stopped

Name : applockerfltr
Path : C:\Windows\system32\drivers\applockerfltr.sys
Service Type : Kernel Driver
Description : Smartlocker Filter Driver
State : Stopped

Name : AppvStrm
Path : C:\Windows\system32\drivers\AppvStrm.sys
Service Type : File System Driver
Description : AppvStrm
State : Stopped

Name : AppvVemgr
Path : C:\Windows\system32\drivers\AppvVemgr.sys
Service Type : File System Driver
Description : AppvVemgr
State : Stopped

Name : AppvVfs
Path : C:\Windows\system32\drivers\AppvVfs.sys
Service Type : File System Driver
Description : AppvVfs
State : Stopped

Name : arcsas
Path : C:\Windows\system32\drivers\arcsas.sys
Service Type : Kernel Driver
Description : Adaptec SAS/SATA-II RAID Storport's Miniport Driver
State : Stopped

Name : AsyncMac
Path : C:\Windows\system32\drivers\asyncmac.sys
Service Type : Kernel Driver
Description : RAS Asynchronous Media Driver
State : Stopped

Name : atapi
Path : C:\Windows\system32\drivers\atapi.sys
Service Type : Kernel Driver
Description : IDE Channel
State : Running

Name : b06bdrv
Path : C:\Windows\system32\drivers\bxvbda.sys
Service Type : Kernel Driver
Description : QLogic Network Adapter VBD
State : Stopped

Name : b57nd60a
Path : C:\Windows\system32\drivers\b57nd60a.sys
Service Type : Kernel Driver
Description : Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
State : Stopped

Name : BasicDisplay
Path : C:\Windows\system32\drivers\BasicDisplay.sys
Service Type : Kernel Driver
Description : BasicDisplay
State : Running

Name : BasicRender
Path : C:\Windows\system32\drivers\BasicRender.sys
Service Type : Kernel Driver
Description : BasicRender
State : Running

Name : bcmfn
Path : C:\Windows\system32\drivers\bcmfn.sys
Service Type : Kernel Driver
Description : bcmfn Service
State : Stopped

Name : bcmfn2
Path : C:\Windows\system32\drivers\bcmfn2.sys
Service Type : Kernel Driver
Description : bcmfn2 Service
State : Stopped

Name : Beep
Path : C:\Windows\system32\drivers\Beep.sys
Service Type : Kernel Driver
Description : Beep
State : Stopped

Name : bfadfcoei
Path : C:\Windows\system32\drivers\bfadfcoei.sys
Service Type : Kernel Driver
Description : bfadfcoei
State : Stopped

Name : bfadi
Path : C:\Windows\system32\drivers\bfadi.sys
Service Type : Kernel Driver
Description : bfadi
State : Stopped

Name : bfcac038
Path : C:\Windows\system32\Drivers\bfcac038.sys
Service Type : Kernel Driver
Description : bfcac038
State : Stopped

Name : bowser
Path : C:\Windows\system32\DRIVERS\bowser.sys
Service Type : File System Driver
Description : Browser Support Driver
State : Running

Name : buttonconverter
Path : C:\Windows\system32\drivers\buttonconverter.sys
Service Type : Kernel Driver
Description : Service for Portable Device Control devices
State : Stopped

Name : bxfcoe
Path : C:\Windows\system32\drivers\bxfcoe.sys
Service Type : Kernel Driver
Description : QLogic FCoE Offload driver
State : Stopped

Name : bxois
Path : C:\Windows\system32\drivers\bxois.sys
Service Type : Kernel Driver
Description : QLogic Offload iSCSI Driver
State : Stopped

Name : CapImg
Path : C:\Windows\system32\drivers\capimg.sys
Service Type : Kernel Driver
Description : HID driver for CapImg touch screen
State : Stopped

Name : cdfs
Path : C:\Windows\system32\DRIVERS\cdfs.sys
Service Type : File System Driver
Description : CD/DVD File System Reader
State : Stopped

Name : cdrom
Path : C:\Windows\system32\drivers\cdrom.sys
Service Type : Kernel Driver
Description : CD-ROM Driver
State : Stopped

Name : cht4iscsi
Path : C:\Windows\system32\drivers\cht4sx64.sys
Service Type : Kernel Driver
Description : cht4iscsi
State : Stopped

Name : cht4vbd
Path : C:\Windows\system32\drivers\cht4vx64.sys
Service Type : Kernel Driver
Description : Chelsio Virtual Bus Driver
State : Stopped

Name : CLFS
Path : C:\Windows\system32\drivers\CLFS.sys
Service Type : Kernel Driver
Description : Common Log (CLFS)
State : Running

Name : clreg
Path : C:\Windows\system32\drivers\registry.sys
Service Type : Kernel Driver
Description : Virtual Registry for Containers
State : Running

Name : CmBatt
Path : C:\Windows\system32\drivers\CmBatt.sys
Service Type : Kernel Driver
Description : Microsoft ACPI Control Method Battery Driver
State : Running

Name : CNG
Path : C:\Windows\system32\Drivers\cng.sys
Service Type : Kernel Driver
Description : CNG
State : Running

Name : cnghwassist
Path : C:\Windows\system32\DRIVERS\cnghwassist.sys
Service Type : Kernel Driver
Description : CNG Hardware Assist algorithm provider
State : Stopped

Name : CompositeBus
Path : C:\Windows\system32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
Service Type : Kernel Driver
Description : Composite Bus Enumerator Driver
State : Running

Name : condrv
Path : C:\Windows\system32\drivers\condrv.sys
Service Type : Kernel Driver
Description : Console Driver
State : Running

Name : CSC
Path : C:\Windows\system32\drivers\csc.sys
Service Type : Kernel Driver
Description : Offline Files Driver
State : Stopped

Name : dam
Path : C:\Windows\system32\drivers\dam.sys
Service Type : Kernel Driver
Description : Desktop Activity Moderator Driver
State : Stopped

Name : Dfsc
Path : C:\Windows\system32\Drivers\dfsc.sys
Service Type : File System Driver
Description : DFS Namespace Client Driver
State : Running

Name : Disk
Path : C:\Windows\system32\drivers\disk.sys
Service Type : Kernel Driver
Description : Disk Driver
State : Running

Name : dmvsc
Path : C:\Windows\system32\drivers\dmvsc.sys
Service Type : Kernel Driver
Description : dmvsc
State : Stopped

Name : DXGKrnl
Path : C:\Windows\system32\drivers\dxgkrnl.sys
Service Type : Kernel Driver
Description : LDDM Graphics Subsystem
State : Running

Name : e1iexpress
Path : C:\Windows\system32\drivers\e1i63x64.sys
Service Type : Kernel Driver
Description : Intel(R) PRO/1000 PCI Express Network Connection Driver I
State : Running

Name : ebdrv
Path : C:\Windows\system32\drivers\evbda.sys
Service Type : Kernel Driver
Description : QLogic 10 Gigabit Ethernet Adapter VBD
State : Stopped

Name : EhStorClass
Path : C:\Windows\system32\drivers\EhStorClass.sys
Service Type : Kernel Driver
Description : Enhanced Storage Filter Driver
State : Running

Name : EhStorTcgDrv
Path : C:\Windows\system32\drivers\EhStorTcgDrv.sys
Service Type : Kernel Driver
Description : Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols
State : Stopped

Name : elxfcoe
Path : C:\Windows\system32\drivers\elxfcoe.sys
Service Type : Kernel Driver
Description : elxfcoe
State : Stopped

Name : elxstor
Path : C:\Windows\system32\drivers\elxstor.sys
Service Type : Kernel Driver
Description : elxstor
State : Stopped

Name : ErrDev
Path : C:\Windows\system32\drivers\errdev.sys
Service Type : Kernel Driver
Description : Microsoft Hardware Error Device Driver
State : Stopped

Name : exfat
Path : C:\Windows\system32\drivers\exfat.sys
Service Type : File System Driver
Description : exFAT File System Driver
State : Stopped

Name : fastfat
Path : C:\Windows\system32\drivers\fastfat.sys
Service Type : File System Driver
Description : FAT12/16/32 File System Driver
State : Stopped

Name : fcvsc
Path : C:\Windows\system32\drivers\fcvsc.sys
Service Type : Kernel Driver
Description : fcvsc
State : Stopped

Name : fdc
Path : C:\Windows\system32\drivers\fdc.sys
Service Type : Kernel Driver
Description : Floppy Disk Controller Driver
State : Stopped

Name : FileCrypt
Path : C:\Windows\system32\drivers\filecrypt.sys
Service Type : File System Driver
Description : FileCrypt
State : Running

Name : FileInfo
Path : C:\Windows\system32\drivers\fileinfo.sys
Service Type : File System Driver
Description : File Information FS MiniFilter
State : Stopped

Name : Filetrace
Path : C:\Windows\system32\drivers\filetrace.sys
Service Type : File System Driver
Description : Filetrace
State : Stopped

Name : flpydisk
Path : C:\Windows\system32\drivers\flpydisk.sys
Service Type : Kernel Driver
Description : Floppy Disk Driver
State : Stopped

Name : FltMgr
Path : C:\Windows\system32\drivers\fltmgr.sys
Service Type : File System Driver
Description : FltMgr
State : Running

Name : FsDepends
Path : C:\Windows\system32\drivers\FsDepends.sys
Service Type : File System Driver
Description : File System Dependency Minifilter
State : Stopped

Name : gencounter
Path : C:\Windows\system32\drivers\vmgencounter.sys
Service Type : Kernel Driver
Description : Microsoft Hyper-V Generation Counter
State : Running

Name : genericusbfn
Path : C:\Windows\system32\drivers\genericusbfn.sys
Service Type : Kernel Driver
Description : Generic USB Function Class
State : Stopped

Name : GPIOClx0101
Path : C:\Windows\system32\Drivers\msgpioclx.sys
Service Type : Kernel Driver
Description : Microsoft GPIO Class Extension Driver
State : Stopped

Name : GpuEnergyDrv
Path : C:\Windows\system32\drivers\gpuenergydrv.sys
Service Type : Kernel Driver
Description : GPU Energy Driver
State : Running

Name : HDAudBus
Path : C:\Windows\system32\drivers\HDAudBus.sys
Service Type : Kernel Driver
Description : Microsoft UAA Bus Driver for High Definition Audio
State : Stopped

Name : HidBatt
Path : C:\Windows\system32\drivers\HidBatt.sys
Service Type : Kernel Driver
Description : HID UPS Battery Driver
State : Stopped

Name : HidBth
Path : C:\Windows\system32\drivers\hidbth.sys
Service Type : Kernel Driver
Description : Microsoft Bluetooth HID Miniport
State : Stopped

Name : hidinterrupt
Path : C:\Windows\system32\drivers\hidinterrupt.sys
Service Type : Kernel Driver
Description : Common Driver for HID Buttons implemented with interrupts
State : Stopped

Name : HidUsb
Path : C:\Windows\system32\drivers\hidusb.sys
Service Type : Kernel Driver
Description : Microsoft HID Class Driver
State : Running

Name : HpSAMD
Path : C:\Windows\system32\drivers\HpSAMD.sys
Service Type : Kernel Driver
Description : HpSAMD
State : Stopped

Name : HTTP
Path : C:\Windows\system32\drivers\HTTP.sys
Service Type : Kernel Driver
Description : HTTP Service
State : Running

Name : hvservice
Path : C:\Windows\system32\drivers\hvservice.sys
Service Type : Kernel Driver
Description : Hypervisor/Virtual Machine Support Driver
State : Stopped

Name : hwpolicy
Path : C:\Windows\system32\drivers\hwpolicy.sys
Service Type : Kernel Driver
Description : Hardware Policy Driver
State : Stopped

Name : hyperkbd
Path : C:\Windows\system32\drivers\hyperkbd.sys
Service Type : Kernel Driver
Description : hyperkbd
State : Stopped

Name : HyperVideo
Path : C:\Windows\system32\drivers\HyperVideo.sys
Service Type : Kernel Driver
Description : HyperVideo
State : Stopped

Name : i8042prt
Path : C:\Windows\system32\drivers\i8042prt.sys
Service Type : Kernel Driver
Description : PS/2 Keyboard and Mouse Port Driver
State : Running

Name : iaLPSSi_GPIO
Path : C:\Windows\system32\drivers\iaLPSSi_GPIO.sys
Service Type : Kernel Driver
Description : Intel(R) Serial IO GPIO Controller Driver
State : Stopped

Name : iaLPSSi_I2C
Path : C:\Windows\system32\drivers\iaLPSSi_I2C.sys
Service Type : Kernel Driver
Description : Intel(R) Serial IO I2C Controller Driver
State : Stopped

Name : iaStorAV
Path : C:\Windows\system32\drivers\iaStorAV.sys
Service Type : Kernel Driver
Description : Intel(R) SATA RAID Controller Windows
State : Stopped

Name : iaStorV
Path : C:\Windows\system32\drivers\iaStorV.sys
Service Type : Kernel Driver
Description : Intel RAID Controller Windows 7
State : Stopped

Name : ibbus
Path : C:\Windows\system32\drivers\ibbus.sys
Service Type : Kernel Driver
Description : Mellanox InfiniBand Bus/AL (Filter Driver)
State : Stopped

Name : IndirectKmd
Path : C:\Windows\system32\drivers\IndirectKmd.sys
Service Type : Kernel Driver
Description : Indirect Displays Kernel-Mode Driver
State : Stopped

Name : intelide
Path : C:\Windows\system32\drivers\intelide.sys
Service Type : Kernel Driver
Description : intelide
State : Running

Name : intelpep
Path : C:\Windows\system32\drivers\intelpep.sys
Service Type : Kernel Driver
Description : Intel(R) Power Engine Plug-in Driver
State : Running

Name : intelppm
Path : C:\Windows\system32\drivers\intelppm.sys
Service Type : Kernel Driver
Description : Intel Processor Driver
State : Running

Name : iorate
Path : C:\Windows\system32\drivers\iorate.sys
Service Type : Kernel Driver
Description : iorate
State : Running

Name : IpFilterDriver
Path : C:\Windows\system32\DRIVERS\ipfltdrv.sys
Service Type : Kernel Driver
Description : IP Traffic Filter Driver
State : Stopped

Name : IPMIDRV
Path : C:\Windows\system32\drivers\IPMIDrv.sys
Service Type : Kernel Driver
Description : IPMIDRV
State : Stopped

Name : IPNAT
Path : C:\Windows\system32\drivers\ipnat.sys
Service Type : Kernel Driver
Description : IP Network Address Translator
State : Stopped

Name : IPsecGW
Path : C:\Windows\system32\drivers\ipsecgw.sys
Service Type : Kernel Driver
Description : Windows IPsec Gateway Driver
State : Stopped

Name : isapnp
Path : C:\Windows\system32\drivers\isapnp.sys
Service Type : Kernel Driver
Description : isapnp
State : Stopped

Name : iScsiPrt
Path : C:\Windows\system32\drivers\msiscsi.sys
Service Type : Kernel Driver
Description : iScsiPort Driver
State : Running

Name : kbdclass
Path : C:\Windows\system32\drivers\kbdclass.sys
Service Type : Kernel Driver
Description : Keyboard Class Driver
State : Running

Name : kbdhid
Path : C:\Windows\system32\drivers\kbdhid.sys
Service Type : Kernel Driver
Description : Keyboard HID Driver
State : Stopped

Name : kdnic
Path : C:\Windows\system32\drivers\kdnic.sys
Service Type : Kernel Driver
Description : Microsoft Kernel Debug Network Miniport (NDIS 6.20)
State : Running

Name : klbackupdisk.KES-21-15
Path : C:\Windows\system32\DRIVERS\KES-21-15\klbackupdisk.sys
Service Type : Kernel Driver
Description : Kaspersky Lab klbackupdisk.KES-21-15
State : Running

Name : klbackupflt.KES-21-15
Path : C:\Windows\system32\DRIVERS\KES-21-15\klbackupflt.sys
Service Type : File System Driver
Description : Kaspersky Lab klbackupflt.KES-21-15
State : Running

Name : klelam
Path : C:\Windows\system32\DRIVERS\klelam.sys
Service Type : Kernel Driver
Description : klelam
State : Stopped

Name : KLFLT.KES-21-15
Path : C:\Windows\system32\DRIVERS\KES-21-15\klflt.sys
Service Type : Kernel Driver
Description : Kaspersky Lab Kernel DLL.KES-21-15
State : Running

Name : klfltdev.KES-21-15
Path : C:\Windows\system32\DRIVERS\KES-21-15\klfltdev.sys
Service Type : Kernel Driver
Description : Kaspersky Lab KLFltDev.KES-21-15
State : Running

Name : klgse.KES-21-15
Path : C:\Windows\system32\DRIVERS\KES-21-15\klgse.sys
Service Type : File System Driver
Description : Kaspersky Lab Security Extender Driver.KES-21-15
State : Running

Name : KLHK.KES-21-15
Path : C:\Windows\system32\DRIVERS\KES-21-15\klhk.sys
Service Type : Kernel Driver
Description : Kaspersky Lab service driver.KES-21-15
State : Running

Name : KLIF.KES-21-15
Path : C:\Windows\system32\DRIVERS\KES-21-15\klif.sys
Service Type : File System Driver
Description : Kaspersky Lab Driver.KES-21-15
State : Running

Name : klim6
Path : C:\Windows\system32\DRIVERS\klim6.sys
Service Type : Kernel Driver
Description : Kaspersky Anti-Virus NDIS 6 Filter
State : Running

Name : klpd.KES-21-15
Path : C:\Windows\system32\DRIVERS\KES-21-15\klpd.sys
Service Type : File System Driver
Description : Kaspersky Lab format recognizer driver.KES-21-15
State : Running

Name : klpnpflt.KES-21-15
Path : C:\Windows\system32\DRIVERS\KES-21-15\klpnpflt.sys
Service Type : Kernel Driver
Description : Kaspersky Lab klpnpflt.KES-21-15
State : Running

Name : klupd_bfcac038a_arkmon_34105D16
Path : \??\C:\KVRT2020_Data\Temp\34105D1614A078122BA1CE2FB62AD56C\klupd_bfcac038a_arkmon.sys
Service Type : Kernel Driver
Description : klupd_bfcac038a_arkmon_34105D16
State : Stopped

Name : klupd_KES-21-15_arkmon
Path : C:\Windows\system32\Drivers\klupd_KES-21-15_arkmon.sys
Service Type : Kernel Driver
Description : klupd_KES-21-15_arkmon
State : Running

Name : klupd_KES-21-15_klark
Path : C:\Windows\system32\Drivers\klupd_KES-21-15_klark.sys
Service Type : Kernel Driver
Description : klupd_KES-21-15_klark
State : Running

Name : klupd_KES-21-15_klbg
Path : C:\Windows\system32\Drivers\klupd_KES-21-15_klbg.sys
Service Type : Kernel Driver
Description : klupd_KES-21-15_klbg
State : Running

Name : klupd_KES-21-15_mark
Path : C:\Windows\system32\Drivers\klupd_KES-21-15_mark.sys
Service Type : Kernel Driver
Description : klupd_KES-21-15_mark
State : Running

Name : klwfp
Path : C:\Windows\system32\DRIVERS\klwfp.sys
Service Type : Kernel Driver
Description : klwfp
State : Running

Name : klwtp.KES-21-15
Path : C:\Windows\system32\DRIVERS\KES-21-15\klwtp.sys
Service Type : Kernel Driver
Description : klwtp.KES-21-15
State : Running

Name : kneps.KES-21-15
Path : C:\Windows\system32\DRIVERS\KES-21-15\kneps.sys
Service Type : Kernel Driver
Description : kneps.KES-21-15
State : Running

Name : KSecDD
Path : C:\Windows\system32\Drivers\ksecdd.sys
Service Type : Kernel Driver
Description : KSecDD
State : Running

Name : KSecPkg
Path : C:\Windows\system32\Drivers\ksecpkg.sys
Service Type : Kernel Driver
Description : KSecPkg
State : Running

Name : ksthunk
Path : C:\Windows\system32\drivers\ksthunk.sys
Service Type : Kernel Driver
Description : Kernel Streaming Thunks
State : Stopped

Name : lltdio
Path : C:\Windows\system32\drivers\lltdio.sys
Service Type : Kernel Driver
Description : Link-Layer Topology Discovery Mapper I/O Driver
State : Running

Name : LSI_SAS
Path : C:\Windows\system32\drivers\lsi_sas.sys
Service Type : Kernel Driver
Description : LSI_SAS
State : Running

Name : LSI_SAS2i
Path : C:\Windows\system32\drivers\lsi_sas2i.sys
Service Type : Kernel Driver
Description : LSI_SAS2i
State : Stopped

Name : LSI_SAS3i
Path : C:\Windows\system32\drivers\lsi_sas3i.sys
Service Type : Kernel Driver
Description : LSI_SAS3i
State : Stopped

Name : LSI_SSS
Path : C:\Windows\system32\drivers\lsi_sss.sys
Service Type : Kernel Driver
Description : LSI_SSS
State : Stopped

Name : luafv
Path : C:\Windows\system32\drivers\luafv.sys
Service Type : File System Driver
Description : UAC File Virtualization
State : Running

Name : megasas
Path : C:\Windows\system32\drivers\megasas.sys
Service Type : Kernel Driver
Description : megasas
State : Stopped

Name : megasas2i
Path : C:\Windows\system32\drivers\MegaSas2i.sys
Service Type : Kernel Driver
Description : megasas2i
State : Stopped

Name : megasr
Path : C:\Windows\system32\drivers\megasr.sys
Service Type : Kernel Driver
Description : megasr
State : Stopped

Name : mlx4_bus
Path : C:\Windows\system32\drivers\mlx4_bus.sys
Service Type : Kernel Driver
Description : Mellanox ConnectX Bus Enumerator
State : Stopped

Name : MMCSS
Path : C:\Windows\system32\drivers\mmcss.sys
Service Type : Kernel Driver
Description : Multimedia Class Scheduler
State : Stopped

Name : Modem
Path : C:\Windows\system32\drivers\modem.sys
Service Type : Kernel Driver
Description : Modem
State : Stopped

Name : monitor
Path : C:\Windows\system32\drivers\monitor.sys
Service Type : Kernel Driver
Description : Microsoft Monitor Class Function Driver Service
State : Running

Name : mouclass
Path : C:\Windows\system32\drivers\mouclass.sys
Service Type : Kernel Driver
Description : Mouse Class Driver
State : Running

Name : mouhid
Path : C:\Windows\system32\drivers\mouhid.sys
Service Type : Kernel Driver
Description : Mouse HID Driver
State : Running

Name : mountmgr
Path : C:\Windows\system32\drivers\mountmgr.sys
Service Type : Kernel Driver
Description : Mount Point Manager
State : Running

Name : mpsdrv
Path : C:\Windows\system32\drivers\mpsdrv.sys
Service Type : Kernel Driver
Description : Windows Firewall Authorization Driver
State : Running

Name : mrxsmb
Path : C:\Windows\system32\DRIVERS\mrxsmb.sys
Service Type : File System Driver
Description : SMB MiniRedirector Wrapper and Engine
State : Running

Name : mrxsmb10
Path : C:\Windows\system32\DRIVERS\mrxsmb10.sys
Service Type : File System Driver
Description : SMB 1.x MiniRedirector
State : Running

Name : mrxsmb20
Path : C:\Windows\system32\DRIVERS\mrxsmb20.sys
Service Type : File System Driver
Description : SMB 2.0 MiniRedirector
State : Running

Name : MsBridge
Path : C:\Windows\system32\drivers\bridge.sys
Service Type : Kernel Driver
Description : Microsoft MAC Bridge
State : Stopped

Name : Msfs
Path : C:\Windows\system32\drivers\Msfs.sys
Service Type : File System Driver
Description : Msfs
State : Running

Name : msgpiowin32
Path : C:\Windows\system32\drivers\msgpiowin32.sys
Service Type : Kernel Driver
Description : Common Driver for Buttons, DockMode and Laptop/Slate Indicator
State : Stopped

Name : mshidkmdf
Path : C:\Windows\system32\drivers\mshidkmdf.sys
Service Type : Kernel Driver
Description : mshidkmdf
State : Stopped

Name : mshidumdf
Path : C:\Windows\system32\drivers\mshidumdf.sys
Service Type : Kernel Driver
Description : Pass-through HID to UMDF Driver
State : Stopped

Name : msisadrv
Path : C:\Windows\system32\drivers\msisadrv.sys
Service Type : Kernel Driver
Description : msisadrv
State : Running

Name : MSKSSRV
Path : C:\Windows\system32\DRIVERS\MSKSSRV.sys
Service Type : Kernel Driver
Description : Microsoft Streaming Service Proxy
State : Stopped

Name : MsLbfoProvider
Path : C:\Windows\system32\drivers\MsLbfoProvider.sys
Service Type : Kernel Driver
Description : Microsoft Load Balancing/Failover Provider
State : Stopped

Name : MsLldp
Path : C:\Windows\system32\drivers\mslldp.sys
Service Type : Kernel Driver
Description : Microsoft Link-Layer Discovery Protocol
State : Running

Name : MsRPC
Path : C:\Windows\system32\drivers\MsRPC.sys
Service Type : Kernel Driver
Description : MsRPC
State : Stopped

Name : mssmbios
Path : C:\Windows\system32\drivers\mssmbios.sys
Service Type : Kernel Driver
Description : Microsoft System Management BIOS Driver
State : Running

Name : MTConfig
Path : C:\Windows\system32\drivers\MTConfig.sys
Service Type : Kernel Driver
Description : Microsoft Input Configuration Driver
State : Stopped

Name : Mup
Path : C:\Windows\system32\Drivers\mup.sys
Service Type : File System Driver
Description : Mup
State : Running

Name : mvumis
Path : C:\Windows\system32\drivers\mvumis.sys
Service Type : Kernel Driver
Description : mvumis
State : Stopped

Name : ndfltr
Path : C:\Windows\system32\drivers\ndfltr.sys
Service Type : Kernel Driver
Description : NetworkDirect Service
State : Stopped

Name : NDIS
Path : C:\Windows\system32\drivers\ndis.sys
Service Type : Kernel Driver
Description : NDIS System Driver
State : Running

Name : NdisCap
Path : C:\Windows\system32\drivers\ndiscap.sys
Service Type : Kernel Driver
Description : Microsoft NDIS Capture
State : Stopped

Name : NdisImPlatform
Path : C:\Windows\system32\drivers\NdisImPlatform.sys
Service Type : Kernel Driver
Description : Microsoft Network Adapter Multiplexor Protocol
State : Stopped

Name : NdisTapi
Path : C:\Windows\system32\DRIVERS\ndistapi.sys
Service Type : Kernel Driver
Description : Remote Access NDIS TAPI Driver
State : Stopped

Name : Ndisuio
Path : C:\Windows\system32\drivers\ndisuio.sys
Service Type : Kernel Driver
Description : NDIS Usermode I/O Protocol
State : Stopped

Name : NdisVirtualBus
Path : C:\Windows\system32\drivers\NdisVirtualBus.sys
Service Type : Kernel Driver
Description : Microsoft Virtual Network Adapter Enumerator
State : Running

Name : NdisWan
Path : C:\Windows\system32\drivers\ndiswan.sys
Service Type : Kernel Driver
Description : Remote Access NDIS WAN Driver
State : Stopped

Name : ndiswanlegacy
Path : C:\Windows\system32\DRIVERS\ndiswan.sys
Service Type : Kernel Driver
Description : Remote Access LEGACY NDIS WAN Driver
State : Stopped

Name : ndproxy
Path : C:\Windows\system32\DRIVERS\NDProxy.sys
Service Type : Kernel Driver
Description : @%SystemRoot%\system32\drivers\todo.sys,-101;NDIS Proxy
State : Stopped

Name : NetBIOS
Path : C:\Windows\system32\drivers\netbios.sys
Service Type : File System Driver
Description : NetBIOS Interface
State : Running

Name : NetBT
Path : C:\Windows\system32\DRIVERS\netbt.sys
Service Type : Kernel Driver
Description : NetBT
State : Running

Name : netvsc
Path : C:\Windows\system32\drivers\netvsc.sys
Service Type : Kernel Driver
Description : netvsc
State : Stopped

Name : Npfs
Path : C:\Windows\system32\drivers\Npfs.sys
Service Type : File System Driver
Description : Npfs
State : Running

Name : npsvctrig
Path : C:\Windows\system32\drivers\npsvctrig.sys
Service Type : Kernel Driver
Description : Named pipe service trigger provider
State : Running

Name : nsiproxy
Path : C:\Windows\system32\drivers\nsiproxy.sys
Service Type : Kernel Driver
Description : NSI Proxy Service Driver
State : Running

Name : NTFS
Path : C:\Windows\system32\drivers\NTFS.sys
Service Type : File System Driver
Description : NTFS
State : Running

Name : Null
Path : C:\Windows\system32\drivers\Null.sys
Service Type : Kernel Driver
Description : Null
State : Running

Name : nvraid
Path : C:\Windows\system32\drivers\nvraid.sys
Service Type : Kernel Driver
Description : nvraid
State : Stopped

Name : nvstor
Path : C:\Windows\system32\drivers\nvstor.sys
Service Type : Kernel Driver
Description : nvstor
State : Stopped

Name : Parport
Path : C:\Windows\system32\drivers\parport.sys
Service Type : Kernel Driver
Description : Parallel port driver
State : Stopped

Name : partmgr
Path : C:\Windows\system32\drivers\partmgr.sys
Service Type : Kernel Driver
Description : Partition driver
State : Running

Name : pci
Path : C:\Windows\system32\drivers\pci.sys
Service Type : Kernel Driver
Description : PCI Bus Driver
State : Running

Name : pciide
Path : C:\Windows\system32\drivers\pciide.sys
Service Type : Kernel Driver
Description : pciide
State : Stopped

Name : pcmcia
Path : C:\Windows\system32\drivers\pcmcia.sys
Service Type : Kernel Driver
Description : pcmcia
State : Stopped

Name : pcw
Path : C:\Windows\system32\drivers\pcw.sys
Service Type : Kernel Driver
Description : Performance Counters for Windows Driver
State : Running

Name : pdc
Path : C:\Windows\system32\drivers\pdc.sys
Service Type : Kernel Driver
Description : pdc
State : Running

Name : PEAUTH
Path : C:\Windows\system32\drivers\peauth.sys
Service Type : Kernel Driver
Description : PEAUTH
State : Running

Name : percsas2i
Path : C:\Windows\system32\drivers\percsas2i.sys
Service Type : Kernel Driver
Description : percsas2i
State : Stopped

Name : percsas3i
Path : C:\Windows\system32\drivers\percsas3i.sys
Service Type : Kernel Driver
Description : percsas3i
State : Stopped

Name : PptpMiniport
Path : C:\Windows\system32\drivers\raspptp.sys
Service Type : Kernel Driver
Description : WAN Miniport (PPTP)
State : Stopped

Name : Processor
Path : C:\Windows\system32\drivers\processr.sys
Service Type : Kernel Driver
Description : Processor Driver
State : Stopped

Name : Psched
Path : C:\Windows\system32\drivers\pacer.sys
Service Type : Kernel Driver
Description : QoS Packet Scheduler
State : Running

Name : pvhdparser
Path : C:\Windows\system32\drivers\pvhdparser.sys
Service Type : Kernel Driver
Description : pvhdparser
State : Stopped

Name : ql2300i
Path : C:\Windows\system32\drivers\ql2300i.sys
Service Type : Kernel Driver
Description : QLogic Fibre Channel STOR Miniport Inbox Driver (wx64)
State : Stopped

Name : ql40xx2i
Path : C:\Windows\system32\drivers\ql40xx2i.sys
Service Type : Kernel Driver
Description : QLogic iSCSI Miniport Inbox Driver
State : Stopped

Name : qlfcoei
Path : C:\Windows\system32\drivers\qlfcoei.sys
Service Type : Kernel Driver
Description : QLogic [FCoE] STOR Miniport Inbox Driver (wx64)
State : Stopped

Name : QWAVEdrv
Path : C:\Windows\system32\drivers\qwavedrv.sys
Service Type : Kernel Driver
Description : QWAVE driver
State : Stopped

Name : RasAcd
Path : C:\Windows\system32\DRIVERS\rasacd.sys
Service Type : Kernel Driver
Description : Remote Access Auto Connection Driver
State : Stopped

Name : RasAgileVpn
Path : C:\Windows\system32\drivers\AgileVpn.sys
Service Type : Kernel Driver
Description : WAN Miniport (IKEv2)
State : Stopped

Name : RasGre
Path : C:\Windows\system32\drivers\rasgre.sys
Service Type : Kernel Driver
Description : WAN Miniport (GRE)
State : Stopped

Name : Rasl2tp
Path : C:\Windows\system32\drivers\rasl2tp.sys
Service Type : Kernel Driver
Description : WAN Miniport (L2TP)
State : Stopped

Name : RasPppoe
Path : C:\Windows\system32\drivers\raspppoe.sys
Service Type : Kernel Driver
Description : Remote Access PPPOE Driver
State : Stopped

Name : RasSstp
Path : C:\Windows\system32\drivers\rassstp.sys
Service Type : Kernel Driver
Description : WAN Miniport (SSTP)
State : Stopped

Name : rdbss
Path : C:\Windows\system32\DRIVERS\rdbss.sys
Service Type : File System Driver
Description : Redirected Buffering Sub System
State : Running

Name : rdpbus
Path : C:\Windows\system32\drivers\rdpbus.sys
Service Type : Kernel Driver
Description : Remote Desktop Device Redirector Bus Driver
State : Running

Name : RDPDR
Path : C:\Windows\system32\drivers\rdpdr.sys
Service Type : Kernel Driver
Description : Remote Desktop Device Redirector Driver
State : Running

Name : RdpVideoMiniport
Path : C:\Windows\system32\drivers\rdpvideominiport.sys
Service Type : Kernel Driver
Description : Remote Desktop Video Miniport Driver
State : Running

Name : ReFS
Path : C:\Windows\system32\drivers\ReFS.sys
Service Type : File System Driver
Description : ReFS
State : Stopped

Name : ReFSv1
Path : C:\Windows\system32\drivers\ReFSv1.sys
Service Type : File System Driver
Description : ReFSv1
State : Stopped

Name : RsFx0103
Path : C:\Windows\system32\DRIVERS\RsFx0103.sys
Service Type : File System Driver
Description : RsFx0103 Driver
State : Stopped

Name : RsFx0603
Path : C:\Windows\system32\DRIVERS\RsFx0603.sys
Service Type : File System Driver
Description : RsFx0603 Driver
State : Stopped

Name : rspndr
Path : C:\Windows\system32\drivers\rspndr.sys
Service Type : Kernel Driver
Description : Link-Layer Topology Discovery Responder
State : Running

Name : s3cap
Path : C:\Windows\system32\drivers\vms3cap.sys
Service Type : Kernel Driver
Description : s3cap
State : Stopped

Name : sacdrv
Path : C:\Windows\system32\DRIVERS\sacdrv.sys
Service Type : Kernel Driver
Description : sacdrv
State : Stopped

Name : sbp2port
Path : C:\Windows\system32\drivers\sbp2port.sys
Service Type : Kernel Driver
Description : SBP-2 Transport/Protocol Bus Driver
State : Stopped

Name : scfilter
Path : C:\Windows\system32\DRIVERS\scfilter.sys
Service Type : Kernel Driver
Description : Smart card PnP Class Filter Driver
State : Stopped

Name : scmbus
Path : C:\Windows\system32\drivers\scmbus.sys
Service Type : Kernel Driver
Description : Microsoft Storage Class Memory Bus Driver
State : Stopped

Name : scmdisk0101
Path : C:\Windows\system32\drivers\scmdisk0101.sys
Service Type : Kernel Driver
Description : Microsoft NVDIMM-N disk driver
State : Stopped

Name : sdbus
Path : C:\Windows\system32\drivers\sdbus.sys
Service Type : Kernel Driver
Description : sdbus
State : Stopped

Name : sdstor
Path : C:\Windows\system32\drivers\sdstor.sys
Service Type : Kernel Driver
Description : SD Storage Port Driver
State : Stopped

Name : SerCx
Path : C:\Windows\system32\drivers\SerCx.sys
Service Type : Kernel Driver
Description : Serial UART Support Library
State : Stopped

Name : SerCx2
Path : C:\Windows\system32\drivers\SerCx2.sys
Service Type : Kernel Driver
Description : Serial UART Support Library
State : Stopped

Name : Serenum
Path : C:\Windows\system32\drivers\serenum.sys
Service Type : Kernel Driver
Description : Serenum Filter Driver
State : Stopped

Name : Serial
Path : C:\Windows\system32\drivers\serial.sys
Service Type : Kernel Driver
Description : Serial port driver
State : Stopped

Name : sermouse
Path : C:\Windows\system32\drivers\sermouse.sys
Service Type : Kernel Driver
Description : Serial Mouse Driver
State : Stopped

Name : sfloppy
Path : C:\Windows\system32\drivers\sfloppy.sys
Service Type : Kernel Driver
Description : High-Capacity Floppy Disk Drive
State : Stopped

Name : SiSRaid2
Path : C:\Windows\system32\drivers\SiSRaid2.sys
Service Type : Kernel Driver
Description : SiSRaid2
State : Stopped

Name : SiSRaid4
Path : C:\Windows\system32\drivers\sisraid4.sys
Service Type : Kernel Driver
Description : SiSRaid4
State : Stopped

Name : smbdirect
Path : C:\Windows\system32\DRIVERS\smbdirect.sys
Service Type : File System Driver
Description : smbdirect
State : Stopped

Name : spaceport
Path : C:\Windows\system32\drivers\spaceport.sys
Service Type : Kernel Driver
Description : Storage Spaces Driver
State : Running

Name : SpbCx
Path : C:\Windows\system32\drivers\SpbCx.sys
Service Type : Kernel Driver
Description : Simple Peripheral Bus Support Library
State : Stopped

Name : srv
Path : C:\Windows\system32\DRIVERS\srv.sys
Service Type : File System Driver
Description : Server SMB 1.xxx Driver
State : Running

Name : srv2
Path : C:\Windows\system32\DRIVERS\srv2.sys
Service Type : File System Driver
Description : Server SMB 2.xxx Driver
State : Running

Name : srvnet
Path : C:\Windows\system32\DRIVERS\srvnet.sys
Service Type : File System Driver
Description : srvnet
State : Running

Name : stexstor
Path : C:\Windows\system32\drivers\stexstor.sys
Service Type : Kernel Driver
Description : stexstor
State : Stopped

Name : storahci
Path : C:\Windows\system32\drivers\storahci.sys
Service Type : Kernel Driver
Description : Microsoft Standard SATA AHCI Driver
State : Stopped

Name : storflt
Path : C:\Windows\system32\drivers\vmstorfl.sys
Service Type : Kernel Driver
Description : Microsoft Hyper-V Storage Accelerator
State : Stopped

Name : stornvme
Path : C:\Windows\system32\drivers\stornvme.sys
Service Type : Kernel Driver
Description : Microsoft Standard NVM Express Driver
State : Stopped

Name : storqosflt
Path : C:\Windows\system32\drivers\storqosflt.sys
Service Type : File System Driver
Description : Storage QoS Filter Driver
State : Running

Name : storufs
Path : C:\Windows\system32\drivers\storufs.sys
Service Type : Kernel Driver
Description : Microsoft Universal Flash Storage (UFS) Driver
State : Stopped

Name : storvsc
Path : C:\Windows\system32\drivers\storvsc.sys
Service Type : Kernel Driver
Description : storvsc
State : Stopped

Name : storvsp
Path : C:\Windows\system32\drivers\storvsp.sys
Service Type : Kernel Driver
Description : storvsp
State : Running

Name : swenum
Path : C:\Windows\system32\drivers\swenum.sys
Service Type : Kernel Driver
Description : Software Bus Driver
State : Running

Name : Synth3dVsc
Path : C:\Windows\system32\drivers\Synth3dVsc.sys
Service Type : Kernel Driver
Description : Synth3dVsc
State : Stopped

Name : Tcpip
Path : C:\Windows\system32\drivers\tcpip.sys
Service Type : Kernel Driver
Description : TCP/IP Protocol Driver
State : Running

Name : Tcpip6
Path : C:\Windows\system32\drivers\tcpip.sys
Service Type : Kernel Driver
Description : @todo.dll,-100;Microsoft IPv6 Protocol Driver
State : Stopped

Name : tcpipreg
Path : C:\Windows\system32\drivers\tcpipreg.sys
Service Type : Kernel Driver
Description : TCP/IP Registry Compatibility
State : Running

Name : tdx
Path : C:\Windows\system32\DRIVERS\tdx.sys
Service Type : Kernel Driver
Description : NetIO Legacy TDI Support Driver
State : Running

Name : terminpt
Path : C:\Windows\system32\drivers\terminpt.sys
Service Type : Kernel Driver
Description : Microsoft Remote Desktop Input Driver
State : Running

Name : TPM
Path : C:\Windows\system32\drivers\tpm.sys
Service Type : Kernel Driver
Description : TPM
State : Stopped

Name : TsUsbFlt
Path : C:\Windows\system32\drivers\tsusbflt.sys
Service Type : Kernel Driver
Description : TsUsbFlt
State : Stopped

Name : TsUsbGD
Path : C:\Windows\system32\drivers\TsUsbGD.sys
Service Type : Kernel Driver
Description : Remote Desktop Generic USB Device
State : Stopped

Name : tsusbhub
Path : C:\Windows\system32\drivers\tsusbhub.sys
Service Type : Kernel Driver
Description : Remote Desktop USB Hub
State : Stopped

Name : tunnel
Path : C:\Windows\system32\drivers\tunnel.sys
Service Type : Kernel Driver
Description : Microsoft Tunnel Miniport Adapter Driver
State : Running

Name : UASPStor
Path : C:\Windows\system32\drivers\uaspstor.sys
Service Type : Kernel Driver
Description : USB Attached SCSI (UAS) Driver
State : Stopped

Name : UcmCx0101
Path : C:\Windows\system32\Drivers\UcmCx.sys
Service Type : Kernel Driver
Description : USB Connector Manager KMDF Class Extension
State : Stopped

Name : UcmTcpciCx0101
Path : C:\Windows\system32\Drivers\UcmTcpciCx.sys
Service Type : Kernel Driver
Description : UCM-TCPCI KMDF Class Extension
State : Stopped

Name : UcmUcsi
Path : C:\Windows\system32\drivers\UcmUcsi.sys
Service Type : Kernel Driver
Description : USB Connector Manager UCSI Client
State : Stopped

Name : Ucx01000
Path : C:\Windows\system32\drivers\ucx01000.sys
Service Type : Kernel Driver
Description : USB Host Support Library
State : Running

Name : UdeCx
Path : C:\Windows\system32\drivers\udecx.sys
Service Type : Kernel Driver
Description : USB Device Emulation Support Library
State : Stopped

Name : udfs
Path : C:\Windows\system32\DRIVERS\udfs.sys
Service Type : File System Driver
Description : udfs
State : Stopped

Name : UEFI
Path : C:\Windows\system32\drivers\UEFI.sys
Service Type : Kernel Driver
Description : Microsoft UEFI Driver
State : Stopped

Name : UevAgentDriver
Path : C:\Windows\system32\drivers\UevAgentDriver.sys
Service Type : File System Driver
Description : UevAgentDriver
State : Stopped

Name : Ufx01000
Path : C:\Windows\system32\drivers\ufx01000.sys
Service Type : Kernel Driver
Description : USB Function Class Extension
State : Stopped

Name : UfxChipidea
Path : C:\Windows\system32\drivers\UfxChipidea.sys
Service Type : Kernel Driver
Description : USB Chipidea Controller
State : Stopped

Name : ufxsynopsys
Path : C:\Windows\system32\drivers\ufxsynopsys.sys
Service Type : Kernel Driver
Description : USB Synopsys Controller
State : Stopped

Name : umbus
Path : C:\Windows\system32\drivers\umbus.sys
Service Type : Kernel Driver
Description : UMBus Enumerator Driver
State : Running

Name : UmPass
Path : C:\Windows\system32\drivers\umpass.sys
Service Type : Kernel Driver
Description : Microsoft UMPass Driver
State : Stopped

Name : UrsChipidea
Path : C:\Windows\system32\drivers\urschipidea.sys
Service Type : Kernel Driver
Description : Chipidea USB Role-Switch Driver
State : Stopped

Name : UrsCx01000
Path : C:\Windows\system32\drivers\urscx01000.sys
Service Type : Kernel Driver
Description : USB Role-Switch Support Library
State : Stopped

Name : UrsSynopsys
Path : C:\Windows\system32\drivers\urssynopsys.sys
Service Type : Kernel Driver
Description : Synopsys USB Role-Switch Driver
State : Stopped

Name : usbccgp
Path : C:\Windows\system32\drivers\usbccgp.sys
Service Type : Kernel Driver
Description : Microsoft USB Generic Parent Driver
State : Running

Name : usbehci
Path : C:\Windows\system32\drivers\usbehci.sys
Service Type : Kernel Driver
Description : Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
State : Stopped

Name : usbhub
Path : C:\Windows\system32\drivers\usbhub.sys
Service Type : Kernel Driver
Description : Microsoft USB Standard Hub Driver
State : Stopped

Name : USBHUB3
Path : C:\Windows\system32\drivers\UsbHub3.sys
Service Type : Kernel Driver
Description : SuperSpeed Hub
State : Running

Name : usbohci
Path : C:\Windows\system32\drivers\usbohci.sys
Service Type : Kernel Driver
Description : Microsoft USB Open Host Controller Miniport Driver
State : Stopped

Name : usbprint
Path : C:\Windows\system32\drivers\usbprint.sys
Service Type : Kernel Driver
Description : Microsoft USB PRINTER Class
State : Stopped

Name : usbser
Path : C:\Windows\system32\drivers\usbser.sys
Service Type : Kernel Driver
Description : Microsoft USB Serial Driver
State : Stopped

Name : USBSTOR
Path : C:\Windows\system32\drivers\USBSTOR.SYS
Service Type : Kernel Driver
Description : USB Mass Storage Driver
State : Stopped

Name : usbuhci
Path : C:\Windows\system32\drivers\usbuhci.sys
Service Type : Kernel Driver
Description : Microsoft USB Universal Host Controller Miniport Driver
State : Stopped

Name : USBXHCI
Path : C:\Windows\system32\drivers\USBXHCI.SYS
Service Type : Kernel Driver
Description : USB xHCI Compliant Host Controller
State : Running

Name : vdrvroot
Path : C:\Windows\system32\drivers\vdrvroot.sys
Service Type : Kernel Driver
Description : Microsoft Virtual Drive Enumerator
State : Running

Name : VerifierExt
Path : C:\Windows\system32\drivers\VerifierExt.sys
Service Type : Kernel Driver
Description : VerifierExt
State : Stopped

Name : VfpExt
Path : C:\Windows\system32\drivers\vfpext.sys
Service Type : Kernel Driver
Description : Microsoft Azure VFP Switch Extension
State : Running

Name : vhdmp
Path : C:\Windows\system32\drivers\vhdmp.sys
Service Type : Kernel Driver
Description : vhdmp
State : Stopped

Name : vhdparser
Path : C:\Windows\system32\drivers\vhdparser.sys
Service Type : Kernel Driver
Description : vhdparser
State : Stopped

Name : vhf
Path : C:\Windows\system32\drivers\vhf.sys
Service Type : Kernel Driver
Description : Virtual HID Framework (VHF) Driver
State : Stopped

Name : Vid
Path : C:\Windows\system32\drivers\Vid.sys
Service Type : Kernel Driver
Description : Vid
State : Running

Name : vm3dmp
Path : C:\Windows\system32\DRIVERS\vm3dmp.sys
Service Type : Kernel Driver
Description : vm3dmp
State : Running

Name : vm3dmp-debug
Path : C:\Windows\system32\DRIVERS\vm3dmp-debug.sys
Service Type : Kernel Driver
Description : vm3dmp-debug
State : Stopped

Name : vm3dmp-stats
Path : C:\Windows\system32\DRIVERS\vm3dmp-stats.sys
Service Type : Kernel Driver
Description : vm3dmp-stats
State : Stopped

Name : vm3dmp_loader
Path : C:\Windows\system32\DRIVERS\vm3dmp_loader.sys
Service Type : Kernel Driver
Description : vm3dmp_loader
State : Running

Name : vmbus
Path : C:\Windows\system32\drivers\vmbus.sys
Service Type : Kernel Driver
Description : Virtual Machine Bus
State : Stopped

Name : VMBusHID
Path : C:\Windows\system32\drivers\VMBusHID.sys
Service Type : Kernel Driver
Description : VMBusHID
State : Stopped

Name : vmci
Path : C:\Windows\system32\drivers\vmci.sys
Service Type : Kernel Driver
Description : VMware VMCI Bus Driver
State : Running

Name : vmgid
Path : C:\Windows\system32\drivers\vmgid.sys
Service Type : Kernel Driver
Description : Microsoft Hyper-V Guest Infrastructure Driver
State : Stopped

Name : VMMemCtl
Path : C:\Windows\system32\DRIVERS\vmmemctl.sys
Service Type : Kernel Driver
Description : Memory Control Driver
State : Running

Name : vmmouse
Path : C:\Windows\system32\drivers\vmmouse.sys
Service Type : Kernel Driver
Description : VMware Pointing Device
State : Running

Name : VMSP
Path : C:\Windows\system32\drivers\vmswitch.sys
Service Type : Kernel Driver
Description : VmSwitch Protocol Driver
State : Running

Name : vmsproxy
Path : C:\Windows\system32\drivers\vmsproxy.sys
Service Type : Kernel Driver
Description : VmSwitch Proxy Driver
State : Running

Name : VMSVSF
Path : C:\Windows\system32\drivers\vmswitch.sys
Service Type : Kernel Driver
Description : VmSwitch Extensibility Filter
State : Stopped

Name : VMSVSP
Path : C:\Windows\system32\drivers\vmswitch.sys
Service Type : Kernel Driver
Description : VmSwitch Extensibility Protocol
State : Stopped

Name : vmusbmouse
Path : C:\Windows\system32\drivers\vmusbmouse.sys
Service Type : Kernel Driver
Description : VMware USB Pointing Device
State : Running

Name : volmgr
Path : C:\Windows\system32\drivers\volmgr.sys
Service Type : Kernel Driver
Description : Volume Manager Driver
State : Running

Name : volmgrx
Path : C:\Windows\system32\drivers\volmgrx.sys
Service Type : Kernel Driver
Description : Dynamic Volume Manager
State : Running

Name : volsnap
Path : C:\Windows\system32\drivers\volsnap.sys
Service Type : Kernel Driver
Description : Volume Shadow Copy driver
State : Running

Name : volume
Path : C:\Windows\system32\drivers\volume.sys
Service Type : Kernel Driver
Description : Volume driver
State : Running

Name : vpci
Path : C:\Windows\system32\drivers\vpci.sys
Service Type : Kernel Driver
Description : Microsoft Hyper-V Virtual PCI Bus
State : Stopped

Name : vsmraid
Path : C:\Windows\system32\drivers\vsmraid.sys
Service Type : Kernel Driver
Description : vsmraid
State : Stopped

Name : vsock
Path : C:\Windows\system32\DRIVERS\vsock.sys
Service Type : Kernel Driver
Description : vSockets Virtual Machine Communication Interface Sockets driver
State : Running

Name : VSTXRAID
Path : C:\Windows\system32\drivers\vstxraid.sys
Service Type : Kernel Driver
Description : VIA StorX Storage RAID Controller Windows Driver
State : Stopped

Name : WacomPen
Path : C:\Windows\system32\drivers\wacompen.sys
Service Type : Kernel Driver
Description : Wacom Serial Pen HID Driver
State : Stopped

Name : wanarp
Path : C:\Windows\system32\DRIVERS\wanarp.sys
Service Type : Kernel Driver
Description : Remote Access IP ARP Driver
State : Running

Name : wanarpv6
Path : C:\Windows\system32\DRIVERS\wanarp.sys
Service Type : Kernel Driver
Description : Remote Access IPv6 ARP Driver
State : Stopped

Name : wcifs
Path : C:\Windows\system32\drivers\wcifs.sys
Service Type : File System Driver
Description : Windows Container Isolation
State : Running

Name : wcnfs
Path : C:\Windows\system32\drivers\wcnfs.sys
Service Type : File System Driver
Description : Windows Container Name Virtualization
State : Stopped

Name : Wdf01000
Path : C:\Windows\system32\drivers\Wdf01000.sys
Service Type : Kernel Driver
Description : Kernel Mode Driver Frameworks service
State : Running

Name : WFPLWFS
Path : C:\Windows\system32\drivers\wfplwfs.sys
Service Type : Kernel Driver
Description : Microsoft Windows Filtering Platform
State : Running

Name : WIMMount
Path : C:\Windows\system32\drivers\wimmount.sys
Service Type : File System Driver
Description : WIMMount
State : Stopped

Name : WindowsTrustedRT
Path : C:\Windows\system32\drivers\WindowsTrustedRT.sys
Service Type : Kernel Driver
Description : Windows Trusted Execution Environment Class Extension
State : Running

Name : WindowsTrustedRTProxy
Path : C:\Windows\system32\drivers\WindowsTrustedRTProxy.sys
Service Type : Kernel Driver
Description : Microsoft Windows Trusted Runtime Secure Service
State : Running

Name : WinMad
Path : C:\Windows\system32\drivers\winmad.sys
Service Type : Kernel Driver
Description : WinMad Service
State : Stopped

Name : WinNat
Path : C:\Windows\system32\drivers\winnat.sys
Service Type : Kernel Driver
Description : Windows NAT Driver
State : Stopped

Name : WINUSB
Path : C:\Windows\system32\drivers\WinUSB.SYS
Service Type : Kernel Driver
Description : WinUsb Driver
State : Stopped

Name : WinVerbs
Path : C:\Windows\system32\drivers\winverbs.sys
Service Type : Kernel Driver
Description : WinVerbs Service
State : Stopped

Name : WmiAcpi
Path : C:\Windows\system32\drivers\wmiacpi.sys
Service Type : Kernel Driver
Description : Microsoft Windows Management Interface for ACPI
State : Stopped

Name : Wof
Path : C:\Windows\system32\drivers\Wof.sys
Service Type : File System Driver
Description : Windows Overlay File System Filter Driver
State : Running

Name : WpdUpFltr
Path : C:\Windows\system32\drivers\WpdUpFltr.sys
Service Type : Kernel Driver
Description : WPD Upper Class Filter Driver
State : Running

Name : ws2ifsl
Path : C:\Windows\system32\drivers\ws2ifsl.sys
Service Type : Kernel Driver
Description : Windows Socket 2.0 Non-IFS Service Provider Support Environment
State : Running

Name : WudfPf
Path : C:\Windows\system32\drivers\WudfPf.sys
Service Type : Kernel Driver
Description : User Mode Driver Frameworks Platform Driver
State : Running

Name : WUDFRd
Path : C:\Windows\system32\drivers\WUDFRd.sys
Service Type : Kernel Driver
Description : WUDFRd
State : Running

Name : WUDFWpdFs
Path : C:\Windows\system32\drivers\WUDFRd.sys
Service Type : Kernel Driver
Description : WUDFWpdFs
State : Running

Name : xboxgip
Path : C:\Windows\system32\drivers\xboxgip.sys
Service Type : Kernel Driver
Description : Xbox Game Input Protocol Driver
State : Stopped

Name : xinputhid
Path : C:\Windows\system32\drivers\xinputhid.sys
Service Type : Kernel Driver
Description : XINPUT HID Filter Driver
State : Stopped
92438 - WordPad History
-
Synopsis
Nessus was able to gather WordPad opened file history on the remote host.
Description
Nessus was able to generate a report of files opened in WordPad on the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output

tcp/0

G:\60 Server E Drive\SQL Restore\DataBaseMail\Database Mail.docx
G:\60 Server D Drive\IIS BackUp\To back up and restore IIS 7 or IIS 8.docx
D:\WebPortal\Web portal Server Dependency.docx
G:\60 Server C Drive\Install Software.docx
G:\60 Server Jobs\Mail.docx

WordPad report attached.
Compliance 'FAILED'
Compliance 'SKIPPED'
Compliance 'PASSED'
Compliance 'INFO', 'WARNING', 'ERROR'
Remediations
Suggested Remediations
Taking the following actions across 10 hosts would resolve 28% of the vulnerabilities on the network.
Action to take Vulns Hosts
KB4577015: Windows 10 Version 1607 and Windows Server 2016 September 2020 Security Update: Apply Cumulative Update KB4577015. 1130 1
Security Updates for Microsoft SQL Server (November 2025): Microsoft has released security updates for Microsoft SQL Server. 714 7
Security Updates for Microsoft Office Products (December 2025): Microsoft has released the following updates to address these issues: - KB5002812 - KB5002818 - KB5002819 545 1
Security Updates for Microsoft Office Products (April 2021): Microsoft has released the following security updates to address this issue: -KB2553491 -KB2589361 -KB3178639 -KB3178643 -KB4504738 -KB4504722 -KB4504726 -KB4504724 -KB4504739 -KB4504727 322 1
Install KB5071544 259 7
Oracle Database Multiple Vulnerabilities (April 2012 CPU): Apply the appropriate patch according to the April 2012 Oracle Critical Patch Update advisory. 174 1
Security Updates for Microsoft .NET Framework (January 2025): Microsoft has released security updates for Microsoft .NET Framework. 168 6
Security Updates for Microsoft SQL Server OLE DB Driver (July 2024): Microsoft has released security updates for the Microsoft SQL OLE DB Driver. 168 6
Oracle Java SE Multiple Vulnerabilities (October 2025 CPU): Apply the appropriate patch according to the October 2025 Oracle Critical Patch Update advisory. 148 2
Mozilla Firefox < 146.0.1: Upgrade to Mozilla Firefox version 146.0.1 or later. 126 1
Install KB5071543 118 2
Security Update for Microsoft .NET Core (October 2025): Update .NET Core, remove vulnerable packages and refer to vendor advisory. 102 2
Security Updates for Microsoft Excel Products (April 2021): Microsoft has released the following security updates to address this issue: -KB3017810 -KB4504721 -KB4504735 For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update. 96 1
Security Updates for Microsoft Word Products (December 2025): Microsoft has released KB5002806 to address this issue. 81 1
RARLAB WinRAR < 7.13 Directory Traversal (CVE-2025-8088): Upgrade to RARLAB WinRAR version 7.13 or later. 63 9
Security Updates for Microsoft Office Products (March 2021): Microsoft has released the following security updates to address this issue: -KB4493228 -KB4493203 -KB4504703 -KB4493225 -KB4493200 -KB4493214 59 1
Security Updates for Outlook (July 2025): Microsoft has released KB5002747 to address this issue. 48 1
Install KB5002406 45 1
Install KB4484243 43 1
Security Updates for Microsoft Word Products (April 2021): Microsoft has released the following security updates to address this issue: -KB4493208 -KB4493218 -KB4493198 For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update. 41 1
7-Zip < 25.01: Upgrade to 7-Zip version 25.01 or later. 33 3
Security Updates for Microsoft .NET Framework (October 2020): Microsoft has released security updates for Microsoft .NET Framework. 30 1
Microsoft ASP.NET Core Security Feature Bypass (October 2025): Update .NET Core to version 8.0.21, 9.0.10, 10.0.0-rc.2.25502.107 or later. 30 2
Install KB4484217 29 1
Security Updates for Outlook (April 2021): Microsoft has released the following security updates to address this issue: -KB4504712 -KB4504733 -KB4493185 For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update. 26 1
Install KB5002253 25 1
Install KB5002427 23 1
Node.js Multiple Vulnerabilities (November 2018 Security Releases): Upgrade Node.js to 6.15 / 8.14.0 / 10.14.0 / 11.3.0 or later. 20 1
Install KB5002820 20 1
Apache Tomcat 9.0.0.M1 < 9.0.110: Upgrade to Apache Tomcat version 9.0.110 or later. 20 1
Install KB4493185 19 1
Install KB4504739 18 1
MS13-085: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080): Microsoft has released a set of patches for Excel 2007, Excel 2010, Excel 2013, Office 2007, Office 2010, Office 2013, Excel Viewer, and Office Compatibility Pack. 18 1
Notepad++ < 8.8.2 Privilege Escalation (CVE-2025-49144): Upgrade to Notepad++ 8.8.2 or later. 18 3
Security Updates for Microsoft PowerPoint Products (October 2025): Microsoft has released KB5002790 to address this issue. 15 1
VMware Tools 11.x < 12.5.4 / 13.x < 13.0.5 Multiple Vulnerabilities (VMSA-2025-0015): Upgrade to VMware Tools version 12.5.4, 13.0.5 or later. 15 5
Install KB5002790 14 1
Security Updates for Outlook (January 2019): Microsoft has released the following security updates to address this issue: -KB4461595 -KB4461601 -KB4461623 For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update. 14 1
Install KB5044280 12 1
MS17-013: Security Update for Microsoft Graphics Component (4013075): Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016. Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2010 Attendee, Lync 2013, Lync Basic 2013, Live Meeting 2007 Console, and Silverlight 5. 12 1
Install KB5002806 12 1
Security Updates for Microsoft .NET Framework (October 2024): Microsoft has released security updates for Microsoft .NET Framework. 11 1
Install KB4504707 11 1
Install KB4493218 11 1
Install KB4461625 11 1
Install KB4504702 9 1
Security Updates for Microsoft PowerPoint Products (March 2021): Microsoft has released the following security updates to address this issue: -KB4493227 -KB4504702 -KB4493224 9 1
MS09-035: Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706): Microsoft has released a set of patches for Visual Studio .NET 2003, Visual Studio 2005 and 2008, as well as Visual C++ 2005 and 2008. 9 3
Install KB3178687 8 1
Install KB3115197 8 1
Install KB5002683 8 1
Install KB3178702 8 1
Security Updates for Microsoft Excel Products (December 2025): Microsoft has released KB5002820 to address this issue. 6 1
Security Updates for Microsoft Publisher Products (September 2024): Microsoft has released KB5002566 to address this issue. 6 1
Visual Studio Tools for Applications Elevation of Privilege (CVE-2025-29803): Upgrade to VSTA 16.0.35907.0, 17.0.35906.0 or later. 6 6
Install KB4032216 5 1
Oracle MySQL Connectors (October 2024 CPU): Apply the appropriate patch according to the October 2024 Oracle Critical Patch Update advisory. 5 1
Apache Log4j 1.2 JMSAppender Remote Code Execution (CVE-2021-4104): Upgrade to Apache Log4j version 2.16.0 or later since 1.x is end of life. Upgrading to the latest versions for Apache Log4j is highly recommended as intermediate versions / patches have known high severity vulnerabilities and the vendor is updating their advisories often as new research and knowledge about the impact of Log4j is discovered. Refer to https://logging.apache.org/log4j/2.x/security.html for the latest versions. 5 5
Install KB5002426 4 1
MS13-094: Vulnerability in Microsoft Outlook Could Allow Information Disclosure (2894514): Microsoft has released a set of patches for Office 2007, 2010, 2013 and 2013 RT. 4 2
Install MS18-01 3 1
Install KB3203467 3 1
Security Updates for Microsoft Publisher Products (April 2020): Microsoft has released the following security updates to address this issue: -KB3162033 -KB4011097 -KB4032216 3 1
Install MS18-01 3 1
Install KB5002221 3 1
JQuery 1.2 < 3.5.0 Multiple XSS: Upgrade to JQuery version 3.5.0 or later. 2 1
VMware Tools 10.x / 11.x / 12.x < 12.1.5 DoS (VMSA-2022-0029): Upgrade to VMware Tools version 12.1.5 or later. 2 1
Install KB4484455 2 1
Install KB3213626 2 1
Install KB3115246 2 1
Install KB3054834 2 1
Install KB2881029 2 1
Install KB5002566 2 1
Install KB3213551 2 1
Install KB3191932 2 1
Curl Use-After-Free < 7.87 (CVE-2022-43552): Upgrade Curl to version 7.87.0 or later 2 2
MS12-021: Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019): Microsoft has released a set of patches for Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1. 2 2
Curl 7.84 <= 8.2.1 Header DoS (CVE-2023-38039): Upgrade Curl to version 8.3.0 or later 2 2
Security Update for Microsoft Visual Studio Code Python Extension (July 2025): Update the Microsoft Visual Studio Code Python Extension to version 2025.8.1 or later. 1 1
Install KB4504738 1 1
Install KB3213636 1 1
Install KB3191908 1 1
Install KB3115248 1 1
Install KB3114885 1 1
Install KB3114565 1 1
Install KB3114400 1 1
Install KB2965313 1 1
Install KB2920812 1 1
Install KB2889841 1 1
Install KB2579115 1 1
MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893): Microsoft has released a set of patches for InfoPath 2007 and 2010, SQL Server 2005, 2008, and 2008 R2, SQL Server Management Studio Express 2005, Visual Studio 2005, 2008, and 2010. 1 1
MS11-067: Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230): Microsoft has released a set of patches for Microsoft Visual Studio 2005 SP1 and the Microsoft Report Viewer 2005 SP1 Redistributable Package. 1 1
Security Updates for Windows Malicious Software Removal Tool (January 2023): Microsoft has released version 5.109 to address this issue. 1 1
Node.js Module node-tar < 6.2.1 DoS: Upgrade to node-tar version 6.2.1 or later. 1 1
Install KB5002622 1 1
Install KB3115419 1 1
Install KB3115279 1 1
Security Updates for Microsoft OneNote Products (April 2025): Microsoft has released KB5002622 to address this issue. 1 1
KB4483229: Windows 10 Version 1607 and Windows Server 2016 December 2018 OOB Security Update: Apply Cumulative Update KB4483229. 1 1
Security Updates for SQL Server Management Studio (April 2025): Microsoft has released SSMS version 20.2.1 to address this issue. 1 1
Veeam Agent for Microsoft Windows 6.x < 6.3.2.1205 Privilege Escalation (CVE-2025-24287): Upgrade to Veeam Agent for Microsoft Windows version 6.3.2.1205 or later. 0 1
Microsoft Azure Data Studio < 1.48.0 Elevation of Privilege Vulnerability (CVE-2024-26203): Upgrade to Microsoft Azure Data Studio version 1.48.0 or later. 0 5
© 2026 Tenable™, Inc. All rights reserved.