PR1913 Jan Cooper

CISecurity · Mar 10, 2022 · 994cde0 · 994cde0
2 parents 2ece6ff + f337ca2
commit 994cde0
Show file tree

Hide file tree

Showing 1,493 changed files with 12,348 additions and 0 deletions.
diff --git a/repository/definitions/vulnerability/oval_org.cisecurity_def_9243.xml b/repository/definitions/vulnerability/oval_org.cisecurity_def_9243.xml
@@ -0,0 +1,106 @@
+<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:org.cisecurity:def:9243" version="1">
+  <metadata>
+    <title>Windows DWM Core Library Elevation of Privilege Vulnerability - CVE-2022-23291</title>
+    <affected family="windows">
+      <platform>Microsoft Windows 10</platform>
+      <platform>Microsoft Windows 11</platform>
+      <platform>Microsoft Windows Server 2019</platform>
+      <platform>Microsoft Windows Server 2022</platform>
+    </affected>
+    <reference ref_id="CVE-2022-23291" source="CVE" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23291" />
+    <reference ref_id="MSRC-CVE-2022-23291" source="Vendor Advisory" ref_url="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23291" />
+    <reference ref_id="KB5011503" source="Vendor Advisory" ref_url="https://support.microsoft.com/en-us/help/5011503" />
+    <reference ref_id="KB5011485" source="Vendor Advisory" ref_url="https://support.microsoft.com/en-us/help/5011485" />
+    <reference ref_id="KB5011487" source="Vendor Advisory" ref_url="https://support.microsoft.com/en-us/help/5011487" />
+    <reference ref_id="KB5011497" source="Vendor Advisory" ref_url="https://support.microsoft.com/en-us/help/5011497" />
+    <reference ref_id="KB5011493" source="Vendor Advisory" ref_url="https://support.microsoft.com/en-us/help/5011493" />
+    <description />
+    <oval_repository>
+      <dates>
+        <submitted date="2022-03-09T01:08:48">
+          <contributor organization="JovalCM.com">David Ries</contributor>
+        </submitted>
+      </dates>
+      <status>INITIAL SUBMISSION</status>
+      <min_schema_version>5.10</min_schema_version>
+    </oval_repository>
+  </metadata>
+  <criteria operator="OR">
+    <criteria comment="Windows 10 Version 1809 for 32-bit Systems is vulnerable" operator="AND">
+      <extend_definition comment="Windows 10 Version 1809 for 32-bit Systems is installed" definition_ref="oval:org.cisecurity:def:5824" />
+      <criterion test_ref="oval:org.cisecurity:tst:23036" comment="dwmcore.dll (10.x) version is less than 10.0.17763.2686" />
+    </criteria>
+    <criteria comment="Windows 10 Version 1809 for x64-based Systems is vulnerable" operator="AND">
+      <extend_definition comment="Windows 10 Version 1809 for x64-based Systems is installed" definition_ref="oval:org.cisecurity:def:5821" />
+      <criteria operator="OR">
+        <criterion test_ref="oval:org.cisecurity:tst:23206" comment="dwmcore.dll (32-bit) (10.x) version is less than 10.0.17763.2686" />
+        <criterion test_ref="oval:org.cisecurity:tst:23036" comment="dwmcore.dll (10.x) version is less than 10.0.17763.2686" />
+      </criteria>
+    </criteria>
+    <criteria comment="Windows Server 2019 is vulnerable" operator="AND">
+      <extend_definition comment="Windows Server 2019 is installed" definition_ref="oval:org.cisecurity:def:5761" />
+      <criteria operator="OR">
+        <criterion test_ref="oval:org.cisecurity:tst:23206" comment="dwmcore.dll (32-bit) (10.x) version is less than 10.0.17763.2686" />
+        <criterion test_ref="oval:org.cisecurity:tst:23036" comment="dwmcore.dll (10.x) version is less than 10.0.17763.2686" />
+      </criteria>
+    </criteria>
+    <criteria comment="Windows 10 Version 1909 for 32-bit Systems is vulnerable" operator="AND">
+      <extend_definition comment="Windows 10 Version 1909 for 32-bit Systems is installed" definition_ref="oval:org.cisecurity:def:7269" />
+      <criterion test_ref="oval:org.cisecurity:tst:23351" comment="dwmcore.dll (10.x) version is less than 10.0.18362.2158" />
+    </criteria>
+    <criteria comment="Windows 10 Version 1909 for x64-based Systems is vulnerable" operator="AND">
+      <extend_definition comment="Windows 10 Version 1909 for x64-based Systems is installed" definition_ref="oval:org.cisecurity:def:7268" />
+      <criteria operator="OR">
+        <criterion test_ref="oval:org.cisecurity:tst:23018" comment="dwmcore.dll (32-bit) (10.x) version is less than 10.0.18362.2158" />
+        <criterion test_ref="oval:org.cisecurity:tst:23351" comment="dwmcore.dll (10.x) version is less than 10.0.18362.2158" />
+      </criteria>
+    </criteria>
+    <criteria comment="Windows 10 Version 20H2 for x64-based Systems is vulnerable" operator="AND">
+      <extend_definition definition_ref="oval:org.cisecurity:def:9219" comment="Microsoft Windows 10 Version 20H2 (x64) is installed" />
+      <criteria operator="OR">
+        <criterion test_ref="oval:org.cisecurity:tst:23121" comment="dwmcore.dll (32-bit) (10.x) version is less than 10.0.19041.1586" />
+        <criterion test_ref="oval:org.cisecurity:tst:23385" comment="dwmcore.dll (10.x) version is less than 10.0.19041.1586" />
+      </criteria>
+    </criteria>
+    <criteria comment="Windows 10 Version 20H2 for 32-bit Systems is vulnerable" operator="AND">
+      <extend_definition definition_ref="oval:org.cisecurity:def:9217" comment="Microsoft Windows 10 Version 20H2 (x86) is installed" />
+      <criterion test_ref="oval:org.cisecurity:tst:23385" comment="dwmcore.dll (10.x) version is less than 10.0.19041.1586" />
+    </criteria>
+    <criteria comment="Windows 10 Version 21H1 for x64-based Systems is vulnerable" operator="AND">
+      <extend_definition definition_ref="oval:org.cisecurity:def:9242" comment="Microsoft Windows 10 Version 21H1 (x64) is installed" />
+      <criteria operator="OR">
+        <criterion test_ref="oval:org.cisecurity:tst:23121" comment="dwmcore.dll (32-bit) (10.x) version is less than 10.0.19041.1586" />
+        <criterion test_ref="oval:org.cisecurity:tst:23385" comment="dwmcore.dll (10.x) version is less than 10.0.19041.1586" />
+      </criteria>
+    </criteria>
+    <criteria comment="Windows 10 Version 21H1 for 32-bit Systems is vulnerable" operator="AND">
+      <extend_definition definition_ref="oval:org.cisecurity:def:9218" comment="Microsoft Windows 10 Version 21H1 (x86) is installed" />
+      <criterion test_ref="oval:org.cisecurity:tst:23385" comment="dwmcore.dll (10.x) version is less than 10.0.19041.1586" />
+    </criteria>
+    <criteria comment="Windows Server 2022 is vulnerable" operator="AND">
+      <extend_definition definition_ref="oval:org.cisecurity:def:9211" comment="Microsoft Windows Server 2022 (x64) is installed" />
+      <criteria operator="OR">
+        <criterion test_ref="oval:org.cisecurity:tst:23058" comment="dwmcore.dll (32-bit) (10.x) version is less than 10.0.20348.587" />
+        <criterion test_ref="oval:org.cisecurity:tst:23488" comment="dwmcore.dll (10.x) version is less than 10.0.20348.587" />
+      </criteria>
+    </criteria>
+    <criteria comment="Windows 11 for x64-based Systems is vulnerable" operator="AND">
+      <extend_definition definition_ref="oval:org.cisecurity:def:9224" comment="Microsoft Windows 11 Version 21H2 (x64) is installed" />
+      <criteria operator="OR">
+        <criterion test_ref="oval:org.cisecurity:tst:23313" comment="dwmcore.dll (32-bit) (10.x) version is less than 10.0.22000.556" />
+        <criterion test_ref="oval:org.cisecurity:tst:23047" comment="dwmcore.dll (10.x) version is less than 10.0.22000.556" />
+      </criteria>
+    </criteria>
+    <criteria comment="Windows 10 Version 21H2 for 32-bit Systems is vulnerable" operator="AND">
+      <extend_definition definition_ref="oval:org.cisecurity:def:9216" comment="Microsoft Windows 10 Version 21H2 (x86) is installed" />
+      <criterion test_ref="oval:org.cisecurity:tst:23385" comment="dwmcore.dll (10.x) version is less than 10.0.19041.1586" />
+    </criteria>
+    <criteria comment="Windows 10 Version 21H2 for x64-based Systems is vulnerable" operator="AND">
+      <extend_definition definition_ref="oval:org.cisecurity:def:9210" comment="Microsoft Windows 10 Version 21H2 (x64) is installed" />
+      <criteria operator="OR">
+        <criterion test_ref="oval:org.cisecurity:tst:23121" comment="dwmcore.dll (32-bit) (10.x) version is less than 10.0.19041.1586" />
+        <criterion test_ref="oval:org.cisecurity:tst:23385" comment="dwmcore.dll (10.x) version is less than 10.0.19041.1586" />
+      </criteria>
+    </criteria>
+  </criteria>
+</definition>
diff --git a/repository/definitions/vulnerability/oval_org.cisecurity_def_9244.xml b/repository/definitions/vulnerability/oval_org.cisecurity_def_9244.xml
@@ -0,0 +1,145 @@
+<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:org.cisecurity:def:9244" version="1">
+  <metadata>
+    <title>Windows ALPC Elevation of Privilege Vulnerability - CVE-2022-23287</title>
+    <affected family="windows">
+      <platform>Microsoft Windows 10</platform>
+      <platform>Microsoft Windows 11</platform>
+      <platform>Microsoft Windows Server 2016</platform>
+      <platform>Microsoft Windows Server 2019</platform>
+      <platform>Microsoft Windows Server 2022</platform>
+    </affected>
+    <reference ref_id="CVE-2022-23287" source="CVE" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23287" />
+    <reference ref_id="MSRC-CVE-2022-23287" source="Vendor Advisory" ref_url="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23287" />
+    <reference ref_id="KB5011491" source="Vendor Advisory" ref_url="https://support.microsoft.com/en-us/help/5011491" />
+    <reference ref_id="KB5011495" source="Vendor Advisory" ref_url="https://support.microsoft.com/en-us/help/5011495" />
+    <reference ref_id="KB5011503" source="Vendor Advisory" ref_url="https://support.microsoft.com/en-us/help/5011503" />
+    <reference ref_id="KB5011485" source="Vendor Advisory" ref_url="https://support.microsoft.com/en-us/help/5011485" />
+    <reference ref_id="KB5011487" source="Vendor Advisory" ref_url="https://support.microsoft.com/en-us/help/5011487" />
+    <reference ref_id="KB5011497" source="Vendor Advisory" ref_url="https://support.microsoft.com/en-us/help/5011497" />
+    <reference ref_id="KB5011493" source="Vendor Advisory" ref_url="https://support.microsoft.com/en-us/help/5011493" />
+    <description />
+    <oval_repository>
+      <dates>
+        <submitted date="2022-03-09T01:08:49">
+          <contributor organization="JovalCM.com">David Ries</contributor>
+        </submitted>
+      </dates>
+      <status>INITIAL SUBMISSION</status>
+      <min_schema_version>5.10</min_schema_version>
+    </oval_repository>
+  </metadata>
+  <criteria operator="OR">
+    <criteria comment="Windows 10 for 32-bit Systems is vulnerable" operator="AND">
+      <extend_definition comment="Windows 10 for 32-bit Systems is installed" definition_ref="oval:org.cisecurity:def:380" />
+      <criterion test_ref="oval:org.cisecurity:tst:23524" comment="ntoskrnl.exe (10.x) version is less than 10.0.10240.19235" />
+    </criteria>
+    <criteria comment="Windows 10 for x64-based Systems is vulnerable" operator="AND">
+      <extend_definition comment="Windows 10 for x64-based Systems is installed" definition_ref="oval:org.cisecurity:def:377" />
+      <criteria operator="OR">
+        <criterion test_ref="oval:org.cisecurity:tst:23355" comment="ntoskrnl.exe (32-bit) (10.x) version is less than 10.0.10240.19235" />
+        <criterion test_ref="oval:org.cisecurity:tst:23524" comment="ntoskrnl.exe (10.x) version is less than 10.0.10240.19235" />
+      </criteria>
+    </criteria>
+    <criteria comment="Windows Server 2016 is vulnerable" operator="AND">
+      <extend_definition comment="Windows Server 2016 is installed" definition_ref="oval:org.cisecurity:def:1269" />
+      <criteria operator="OR">
+        <criterion test_ref="oval:org.cisecurity:tst:23348" comment="ntoskrnl.exe (32-bit) (10.x) version is less than 10.0.14393.5006" />
+        <criterion test_ref="oval:org.cisecurity:tst:23212" comment="ntoskrnl.exe (10.x) version is less than 10.0.14393.5006" />
+      </criteria>
+    </criteria>
+    <criteria comment="Windows 10 Version 1607 for 32-bit Systems is vulnerable" operator="AND">
+      <extend_definition comment="Windows 10 Version 1607 for 32-bit Systems is installed" definition_ref="oval:org.cisecurity:def:1377" />
+      <criterion test_ref="oval:org.cisecurity:tst:23212" comment="ntoskrnl.exe (10.x) version is less than 10.0.14393.5006" />
+    </criteria>
+    <criteria comment="Windows 10 Version 1607 for x64-based Systems is vulnerable" operator="AND">
+      <extend_definition comment="Windows 10 Version 1607 for x64-based Systems is installed" definition_ref="oval:org.cisecurity:def:1379" />
+      <criteria operator="OR">
+        <criterion test_ref="oval:org.cisecurity:tst:23348" comment="ntoskrnl.exe (32-bit) (10.x) version is less than 10.0.14393.5006" />
+        <criterion test_ref="oval:org.cisecurity:tst:23212" comment="ntoskrnl.exe (10.x) version is less than 10.0.14393.5006" />
+      </criteria>
+    </criteria>
+    <criteria comment="Windows Server 2016 (Server Core installation) is vulnerable" operator="AND">
+      <extend_definition comment="Windows Server 2016 (Server Core installation) is installed" definition_ref="oval:org.cisecurity:def:3529" />
+      <criteria operator="OR">
+        <criterion test_ref="oval:org.cisecurity:tst:23348" comment="ntoskrnl.exe (32-bit) (10.x) version is less than 10.0.14393.5006" />
+        <criterion test_ref="oval:org.cisecurity:tst:23212" comment="ntoskrnl.exe (10.x) version is less than 10.0.14393.5006" />
+      </criteria>
+    </criteria>
+    <criteria comment="Windows 10 Version 1809 for 32-bit Systems is vulnerable" operator="AND">
+      <extend_definition comment="Windows 10 Version 1809 for 32-bit Systems is installed" definition_ref="oval:org.cisecurity:def:5824" />
+      <criterion test_ref="oval:org.cisecurity:tst:23399" comment="win32kfull.sys (10.x) version is less than 10.0.17763.2686" />
+    </criteria>
+    <criteria comment="Windows 10 Version 1809 for x64-based Systems is vulnerable" operator="AND">
+      <extend_definition comment="Windows 10 Version 1809 for x64-based Systems is installed" definition_ref="oval:org.cisecurity:def:5821" />
+      <criteria operator="OR">
+        <criterion test_ref="oval:org.cisecurity:tst:23323" comment="win32kfull.sys (32-bit) (10.x) version is less than 10.0.17763.2686" />
+        <criterion test_ref="oval:org.cisecurity:tst:23399" comment="win32kfull.sys (10.x) version is less than 10.0.17763.2686" />
+      </criteria>
+    </criteria>
+    <criteria comment="Windows Server 2019 is vulnerable" operator="AND">
+      <extend_definition comment="Windows Server 2019 is installed" definition_ref="oval:org.cisecurity:def:5761" />
+      <criteria operator="OR">
+        <criterion test_ref="oval:org.cisecurity:tst:23323" comment="win32kfull.sys (32-bit) (10.x) version is less than 10.0.17763.2686" />
+        <criterion test_ref="oval:org.cisecurity:tst:23399" comment="win32kfull.sys (10.x) version is less than 10.0.17763.2686" />
+      </criteria>
+    </criteria>
+    <criteria comment="Windows 10 Version 1909 for 32-bit Systems is vulnerable" operator="AND">
+      <extend_definition comment="Windows 10 Version 1909 for 32-bit Systems is installed" definition_ref="oval:org.cisecurity:def:7269" />
+      <criterion test_ref="oval:org.cisecurity:tst:23174" comment="ntoskrnl.exe (10.x) version is less than 10.0.18362.2158" />
+    </criteria>
+    <criteria comment="Windows 10 Version 1909 for x64-based Systems is vulnerable" operator="AND">
+      <extend_definition comment="Windows 10 Version 1909 for x64-based Systems is installed" definition_ref="oval:org.cisecurity:def:7268" />
+      <criteria operator="OR">
+        <criterion test_ref="oval:org.cisecurity:tst:23396" comment="ntoskrnl.exe (32-bit) (10.x) version is less than 10.0.18362.2158" />
+        <criterion test_ref="oval:org.cisecurity:tst:23174" comment="ntoskrnl.exe (10.x) version is less than 10.0.18362.2158" />
+      </criteria>
+    </criteria>
+    <criteria comment="Windows 10 Version 20H2 for x64-based Systems is vulnerable" operator="AND">
+      <extend_definition definition_ref="oval:org.cisecurity:def:9219" comment="Microsoft Windows 10 Version 20H2 (x64) is installed" />
+      <criteria operator="OR">
+        <criterion test_ref="oval:org.cisecurity:tst:23549" comment="ntoskrnl.exe (32-bit) (10.x) version is less than 10.0.19041.1586" />
+        <criterion test_ref="oval:org.cisecurity:tst:23523" comment="ntoskrnl.exe (10.x) version is less than 10.0.19041.1586" />
+      </criteria>
+    </criteria>
+    <criteria comment="Windows 10 Version 20H2 for 32-bit Systems is vulnerable" operator="AND">
+      <extend_definition definition_ref="oval:org.cisecurity:def:9217" comment="Microsoft Windows 10 Version 20H2 (x86) is installed" />
+      <criterion test_ref="oval:org.cisecurity:tst:23523" comment="ntoskrnl.exe (10.x) version is less than 10.0.19041.1586" />
+    </criteria>
+    <criteria comment="Windows 10 Version 21H1 for x64-based Systems is vulnerable" operator="AND">
+      <extend_definition definition_ref="oval:org.cisecurity:def:9242" comment="Microsoft Windows 10 Version 21H1 (x64) is installed" />
+      <criteria operator="OR">
+        <criterion test_ref="oval:org.cisecurity:tst:23549" comment="ntoskrnl.exe (32-bit) (10.x) version is less than 10.0.19041.1586" />
+        <criterion test_ref="oval:org.cisecurity:tst:23523" comment="ntoskrnl.exe (10.x) version is less than 10.0.19041.1586" />
+      </criteria>
+    </criteria>
+    <criteria comment="Windows 10 Version 21H1 for 32-bit Systems is vulnerable" operator="AND">
+      <extend_definition definition_ref="oval:org.cisecurity:def:9218" comment="Microsoft Windows 10 Version 21H1 (x86) is installed" />
+      <criterion test_ref="oval:org.cisecurity:tst:23523" comment="ntoskrnl.exe (10.x) version is less than 10.0.19041.1586" />
+    </criteria>
+    <criteria comment="Windows Server 2022 is vulnerable" operator="AND">
+      <extend_definition definition_ref="oval:org.cisecurity:def:9211" comment="Microsoft Windows Server 2022 (x64) is installed" />
+      <criteria operator="OR">
+        <criterion test_ref="oval:org.cisecurity:tst:23365" comment="ntoskrnl.exe (32-bit) (10.x) version is less than 10.0.20348.587" />
+        <criterion test_ref="oval:org.cisecurity:tst:23406" comment="ntoskrnl.exe (10.x) version is less than 10.0.20348.587" />
+      </criteria>
+    </criteria>
+    <criteria comment="Windows 11 for x64-based Systems is vulnerable" operator="AND">
+      <extend_definition definition_ref="oval:org.cisecurity:def:9224" comment="Microsoft Windows 11 Version 21H2 (x64) is installed" />
+      <criteria operator="OR">
+        <criterion test_ref="oval:org.cisecurity:tst:23282" comment="ntoskrnl.exe (32-bit) (10.x) version is less than 10.0.22000.556" />
+        <criterion test_ref="oval:org.cisecurity:tst:23128" comment="ntoskrnl.exe (10.x) version is less than 10.0.22000.556" />
+      </criteria>
+    </criteria>
+    <criteria comment="Windows 10 Version 21H2 for 32-bit Systems is vulnerable" operator="AND">
+      <extend_definition definition_ref="oval:org.cisecurity:def:9216" comment="Microsoft Windows 10 Version 21H2 (x86) is installed" />
+      <criterion test_ref="oval:org.cisecurity:tst:23523" comment="ntoskrnl.exe (10.x) version is less than 10.0.19041.1586" />
+    </criteria>
+    <criteria comment="Windows 10 Version 21H2 for x64-based Systems is vulnerable" operator="AND">
+      <extend_definition definition_ref="oval:org.cisecurity:def:9210" comment="Microsoft Windows 10 Version 21H2 (x64) is installed" />
+      <criteria operator="OR">
+        <criterion test_ref="oval:org.cisecurity:tst:23549" comment="ntoskrnl.exe (32-bit) (10.x) version is less than 10.0.19041.1586" />
+        <criterion test_ref="oval:org.cisecurity:tst:23523" comment="ntoskrnl.exe (10.x) version is less than 10.0.19041.1586" />
+      </criteria>
+    </criteria>
+  </criteria>
+</definition>